To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to Makefile
- browse files at revision 1312
- compare with another revision
- download diff
- download tarball
- view history from revision 1312
- Committer: Teddy Hogeborn
- Date: 2024-11-17 18:43:11 UTC
- Revision ID: teddy@recompile.se-20241117184311-ox25kvngy62h209g
Debian package: Avoid suggesting a C compiler unnecessarily
The list of suggested packages, meant to enable the "mandos" program
to find the correct value of SO_BINDTODEVICE by using a C compiler,
are not necessary when Python 3.3 or later is used, since it has the
SO_BINDTODEVICE constant defined in the "socket" module. Also, Python
2.6 or older has the same constant in the old "IN" module. Therefore,
we should suggest these Python versions as alternatives to a C
compiler, so that a C compiler is not installed unnecessarily.
debian/control (Package: mandos/Suggests): Add "python3 (>= 3.3)" and
"python (<= 2.6)" as alternatives to "libc6-dev | libc-dev" and
"c-compiler".
The list of suggested packages, meant to enable the "mandos" program
to find the correct value of SO_BINDTODEVICE by using a C compiler,
are not necessary when Python 3.3 or later is used, since it has the
SO_BINDTODEVICE constant defined in the "socket" module. Also, Python
2.6 or older has the same constant in the old "IN" module. Therefore,
we should suggest these Python versions as alternatives to a C
compiler, so that a C compiler is not installed unnecessarily.
debian/control (Package: mandos/Suggests): Add "python3 (>= 3.3)" and
"python (<= 2.6)" as alternatives to "libc6-dev | libc-dev" and
"c-compiler".
- files added:
- debian/mandos.maintscript
- files modified:
- .bzrignore
added
removed
Makefile
29
29
30
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
32
FORTIFY:=-fstack-protector-all -fPIC
33
CPPFLAGS+=-D_FORTIFY_SOURCE=3
33
34
LINK_FORTIFY_LD:=-z relro -z now
34
35
LINK_FORTIFY:=
35
36
41
42
#COVERAGE=--coverage
42
43
OPTIMIZE:=-Os -fno-strict-aliasing
43
44
LANGUAGE:=-std=gnu11
44
FEATURES:=-D_FILE_OFFSET_BITS=64
45
CPPFLAGS+=-D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64
45
46
htmldir:=man
46
version:=1.8.9
47
version:=1.8.17
47
48
SED:=sed
48
49
PKG_CONFIG?=pkg-config
49
50
56
57
57
58
## Use these settings for a traditional /usr/local install
58
59
# PREFIX:=$(DESTDIR)/usr/local
60
# BINDIR:=$(PREFIX)/sbin
59
61
# CONFDIR:=$(DESTDIR)/etc/mandos
60
62
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
61
63
# MANDIR:=$(PREFIX)/man
63
65
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
64
66
# STATEDIR:=$(DESTDIR)/var/lib/mandos
65
67
# LIBDIR:=$(PREFIX)/lib
68
# DBUSPOLICYDIR:=$(DESTDIR)/etc/dbus-1/system.d
66
69
##
67
70
68
71
## These settings are for a package-type install
69
72
PREFIX:=$(DESTDIR)/usr
73
BINDIR:=$(PREFIX)/sbin
70
74
CONFDIR:=$(DESTDIR)/etc/mandos
71
75
KEYDIR:=$(DESTDIR)/etc/keys/mandos
72
76
MANDIR:=$(PREFIX)/share/man
83
87
break; \
84
88
fi; \
85
89
done)
90
DBUSPOLICYDIR:=$(DESTDIR)/usr/share/dbus-1/system.d
86
91
##
87
92
88
93
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
96
101
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
97
102
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
98
103
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
99
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
100
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
104
GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \
105
|| gpgme-config --cflags; getconf LFS_CFLAGS)
106
GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \
107
|| gpgme-config --libs; getconf LFS_LIBS; \
101
108
getconf LFS_LDFLAGS)
102
109
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
103
110
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
106
113
107
114
# Do not change these two
108
115
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
109
$(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'
116
$(LANGUAGE) -DVERSION='"$(version)"'
110
117
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
111
118
) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
112
119
284
291
--expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
285
292
$@)
286
293
294
# Does the linker support the --no-warn-execstack option?
295
ifeq ($(shell echo 'int main(){}'|$(CC) --language=c /dev/stdin -o /dev/null -Xlinker --no-warn-execstack >/dev/null 2>&1 && echo yes),yes)
296
# These programs use nested functions, which uses an executable stack
297
plugin-runner: LDFLAGS += -Xlinker --no-warn-execstack
298
dracut-module/password-agent: LDFLAGS += -Xlinker --no-warn-execstack
299
plugins.d/password-prompt: LDFLAGS += -Xlinker --no-warn-execstack
300
plugins.d/mandos-client: LDFLAGS += -Xlinker --no-warn-execstack
301
plugins.d/plymouth: LDFLAGS += -Xlinker --no-warn-execstack
302
endif
303
287
304
# Need to add the GnuTLS, Avahi and GPGME libraries
288
305
plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \
289
306
) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)
296
313
297
314
# Need to add the GLib and pthread libraries
298
315
dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)
316
# Note: -lpthread is unnecessary with the GNU C library 2.34 or later
299
317
dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread
300
318
301
319
.PHONY: clean
354
372
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
355
373
install --directory keydir
356
374
./mandos-keygen --dir keydir --force
375
if ! [ -e keydir/tls-privkey.pem ]; then \
376
install --mode=u=rw /dev/null keydir/tls-privkey.pem; \
377
fi
378
if ! [ -e keydir/tls-pubkey.pem ]; then \
379
install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \
380
fi
357
381
358
382
# Run the server with a local config
359
383
.PHONY: run-server
363
387
364
388
# Used by run-server
365
389
confdir/mandos.conf: mandos.conf
366
install --directory confdir
367
install --mode=u=rw,go=r $^ $@
390
install -D --mode=u=rw,go=r $^ $@
368
391
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
369
install --directory confdir
370
install --mode=u=rw $< $@
392
install -D --mode=u=rw $< $@
371
393
# Add a client password
372
394
./mandos-keygen --dir keydir --password --no-ssh >> $@
373
395
statedir:
378
400
379
401
.PHONY: install-html
380
402
install-html: html
381
install --directory $(htmldir)
382
install --mode=u=rw,go=r --target-directory=$(htmldir) \
403
install -D --mode=u=rw,go=r --target-directory=$(htmldir) \
383
404
$(htmldocs)
384
405
385
406
.PHONY: install-server
386
407
install-server: doc
387
install --directory $(CONFDIR)
388
408
if install --directory --mode=u=rwx --owner=$(USER) \
389
409
--group=$(GROUP) $(STATEDIR); then \
390
410
:; \
391
411
elif install --directory --mode=u=rwx $(STATEDIR); then \
392
412
chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
393
413
fi
394
if [ "$(TMPFILES)" != "$(DESTDIR)" \
395
-a -d "$(TMPFILES)" ]; then \
396
install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
414
if [ "$(TMPFILES)" != "$(DESTDIR)" ]; then \
415
install -D --mode=u=rw,go=r tmpfiles.d-mandos.conf \
397
416
$(TMPFILES)/mandos.conf; \
398
417
fi
399
if [ "$(SYSUSERS)" != "$(DESTDIR)" \
400
-a -d "$(SYSUSERS)" ]; then \
401
install --mode=u=rw,go=r sysusers.d-mandos.conf \
418
if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \
419
install -D --mode=u=rw,go=r sysusers.d-mandos.conf \
402
420
$(SYSUSERS)/mandos.conf; \
403
421
fi
404
install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
405
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
422
install --directory $(BINDIR)
423
install --mode=u=rwx,go=rx --target-directory=$(BINDIR) mandos
424
install --mode=u=rwx,go=rx --target-directory=$(BINDIR) \
406
425
mandos-ctl
407
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
426
install --mode=u=rwx,go=rx --target-directory=$(BINDIR) \
408
427
mandos-monitor
428
install --directory $(CONFDIR)
409
429
install --mode=u=rw,go=r --target-directory=$(CONFDIR) \
410
430
mandos.conf
411
431
install --mode=u=rw --target-directory=$(CONFDIR) \
412
432
clients.conf
413
install --mode=u=rw,go=r dbus-mandos.conf \
414
$(DESTDIR)/etc/dbus-1/system.d/mandos.conf
415
install --mode=u=rwx,go=rx init.d-mandos \
433
install -D --mode=u=rw,go=r dbus-mandos.conf \
434
$(DBUSPOLICYDIR)/mandos.conf
435
install -D --mode=u=rwx,go=rx init.d-mandos \
416
436
$(DESTDIR)/etc/init.d/mandos
417
if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
418
install --mode=u=rw,go=r mandos.service $(SYSTEMD); \
437
if [ "$(SYSTEMD)" != "$(DESTDIR)" ]; then \
438
install -D --mode=u=rw,go=r mandos.service \
439
$(SYSTEMD); \
419
440
fi
420
install --mode=u=rw,go=r default-mandos \
441
install -D --mode=u=rw,go=r default-mandos \
421
442
$(DESTDIR)/etc/default/mandos
422
443
if [ -z $(DESTDIR) ]; then \
423
444
update-rc.d mandos defaults 25 15;\
424
445
fi
446
install --directory $(MANDIR)/man8 $(MANDIR)/man5
425
447
gzip --best --to-stdout mandos.8 \
426
448
> $(MANDIR)/man8/mandos.8.gz
427
449
gzip --best --to-stdout mandos-monitor.8 \
437
459
438
460
.PHONY: install-client-nokey
439
461
install-client-nokey: all doc
440
install --directory $(LIBDIR)/mandos $(CONFDIR)
441
462
install --directory --mode=u=rwx $(KEYDIR) \
442
463
$(LIBDIR)/mandos/plugins.d \
443
464
$(LIBDIR)/mandos/plugin-helpers
444
if [ "$(SYSUSERS)" != "$(DESTDIR)" \
445
-a -d "$(SYSUSERS)" ]; then \
446
install --mode=u=rw,go=r sysusers.d-mandos.conf \
465
if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \
466
install -D --mode=u=rw,go=r sysusers.d-mandos.conf \
447
467
$(SYSUSERS)/mandos-client.conf; \
448
468
fi
449
469
if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
450
install --mode=u=rwx \
451
--directory "$(CONFDIR)/plugins.d" \
470
install --directory \
471
--mode=u=rwx "$(CONFDIR)/plugins.d" \
452
472
"$(CONFDIR)/plugin-helpers"; \
453
473
fi
454
install --mode=u=rwx,go=rx --directory \
474
install --directory --mode=u=rwx,go=rx \
455
475
"$(CONFDIR)/network-hooks.d"
456
476
install --mode=u=rwx,go=rx \
457
477
--target-directory=$(LIBDIR)/mandos plugin-runner
458
478
install --mode=u=rwx,go=rx \
459
479
--target-directory=$(LIBDIR)/mandos \
460
480
mandos-to-cryptroot-unlock
461
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
481
install --directory $(BINDIR)
482
install --mode=u=rwx,go=rx --target-directory=$(BINDIR) \
462
483
mandos-keygen
463
484
install --mode=u=rwx,go=rx \
464
485
--target-directory=$(LIBDIR)/mandos/plugins.d \
481
502
install --mode=u=rwx,go=rx \
482
503
--target-directory=$(LIBDIR)/mandos/plugin-helpers \
483
504
plugin-helpers/mandos-client-iprouteadddel
484
install initramfs-tools-hook \
505
install -D initramfs-tools-hook \
485
506
$(INITRAMFSTOOLS)/hooks/mandos
486
install --mode=u=rw,go=r initramfs-tools-conf \
507
install -D --mode=u=rw,go=r initramfs-tools-conf \
487
508
$(INITRAMFSTOOLS)/conf.d/mandos-conf
488
install --mode=u=rw,go=r initramfs-tools-conf-hook \
509
install -D --mode=u=rw,go=r initramfs-tools-conf-hook \
489
510
$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
490
install initramfs-tools-script \
511
install -D initramfs-tools-script \
491
512
$(INITRAMFSTOOLS)/scripts/init-premount/mandos
492
install initramfs-tools-script-stop \
513
install -D initramfs-tools-script-stop \
493
514
$(INITRAMFSTOOLS)/scripts/local-premount/mandos
494
install --directory $(DRACUTMODULE)
495
install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
515
install -D --mode=u=rw,go=r \
516
--target-directory=$(DRACUTMODULE) \
496
517
dracut-module/ask-password-mandos.path \
497
518
dracut-module/ask-password-mandos.service
498
519
install --mode=u=rwxs,go=rx \
501
522
dracut-module/cmdline-mandos.sh \
502
523
dracut-module/password-agent
503
524
install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
525
install --directory $(MANDIR)/man8
504
526
gzip --best --to-stdout mandos-keygen.8 \
505
527
> $(MANDIR)/man8/mandos-keygen.8.gz
506
528
gzip --best --to-stdout plugin-runner.8mandos \
523
545
.PHONY: install-client
524
546
install-client: install-client-nokey
525
547
# Post-installation stuff
526
-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
548
-$(BINDIR)/mandos-keygen --dir "$(KEYDIR)"
527
549
if command -v update-initramfs >/dev/null; then \
528
550
update-initramfs -k all -u; \
529
551
elif command -v dracut >/dev/null; then \
541
563
542
564
.PHONY: uninstall-server
543
565
uninstall-server:
544
-rm --force $(PREFIX)/sbin/mandos \
545
$(PREFIX)/sbin/mandos-ctl \
546
$(PREFIX)/sbin/mandos-monitor \
566
-rm --force $(BINDIR)/mandos \
567
$(BINDIR)/mandos-ctl \
568
$(BINDIR)/mandos-monitor \
547
569
$(MANDIR)/man8/mandos.8.gz \
548
570
$(MANDIR)/man8/mandos-monitor.8.gz \
549
571
$(MANDIR)/man8/mandos-ctl.8.gz \
558
580
# to use it.
559
581
! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \
560
582
$(DESTDIR)/etc/crypttab
561
-rm --force $(PREFIX)/sbin/mandos-keygen \
583
-rm --force $(BINDIR)/mandos-keygen \
562
584
$(LIBDIR)/mandos/plugin-runner \
563
585
$(LIBDIR)/mandos/plugins.d/password-prompt \
564
586
$(LIBDIR)/mandos/plugins.d/mandos-client \
603
625
$(DESTDIR)/etc/dbus-1/system.d/mandos.conf
604
626
$(DESTDIR)/etc/default/mandos \
605
627
$(DESTDIR)/etc/init.d/mandos \
606
$(SYSTEMD)/mandos.service \
607
628
$(DESTDIR)/run/mandos.pid \
608
629
$(DESTDIR)/var/run/mandos.pid
630
if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
631
-rm --force -- $(SYSTEMD)/mandos.service; \
632
fi
609
633
-rmdir $(CONFDIR)
610
634
611
635
.PHONY: purge-client
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0