/mandos/trunk : revision 1312

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

Committer: Teddy Hogeborn
Date: 2024-11-17 18:43:11 UTC
Revision ID: teddy@recompile.se-20241117184311-ox25kvngy62h209g

Debian package: Avoid suggesting a C compiler unnecessarily

The list of suggested packages, meant to enable the "mandos" program
to find the correct value of SO_BINDTODEVICE by using a C compiler,
are not necessary when Python 3.3 or later is used, since it has the
SO_BINDTODEVICE constant defined in the "socket" module. Also, Python
2.6 or older has the same constant in the old "IN" module. Therefore,
we should suggest these Python versions as alternatives to a C
compiler, so that a C compiler is not installed unnecessarily.

debian/control (Package: mandos/Suggests): Add "python3 (>= 3.3)" and
"python (<= 2.6)" as alternatives to "libc6-dev | libc-dev" and
"c-compiler".

files added:
debian/mandos.maintscript

debian/po/es.po

debian/po/pt_BR.po

files modified:
.bzrignore

Makefile

NEWS

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/po/fr.po

debian/rules

dracut-module/ask-password-mandos.service

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-hook

initramfs-unpack

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-monitor

mandos.conf.xml

mandos.lsm

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/plymouth.c

plugins.d/splashy.c

plugins.d/usplash.c

Show diffs side-by-side

added added

removed removed

Makefile

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY:=-D_FORTIFY_SOURCE=3 -fstack-protector-all -fPIC

FORTIFY:=-fstack-protector-all -fPIC

CPPFLAGS+=-D_FORTIFY_SOURCE=3

LINK_FORTIFY_LD:=-z relro -z now

LINK_FORTIFY:=

#COVERAGE=--coverage

OPTIMIZE:=-Os -fno-strict-aliasing

LANGUAGE:=-std=gnu11

FEATURES:=-D_FILE_OFFSET_BITS=64

CPPFLAGS+=-D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64

htmldir:=man

version:=1.8.14

version:=1.8.17

SED:=sed

PKG_CONFIG?=pkg-config

## Use these settings for a traditional /usr/local install

# PREFIX:=$(DESTDIR)/usr/local

# BINDIR:=$(PREFIX)/sbin

# CONFDIR:=$(DESTDIR)/etc/mandos

# KEYDIR:=$(DESTDIR)/etc/mandos/keys

# MANDIR:=$(PREFIX)/man

# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos

# STATEDIR:=$(DESTDIR)/var/lib/mandos

# LIBDIR:=$(PREFIX)/lib

# DBUSPOLICYDIR:=$(DESTDIR)/etc/dbus-1/system.d

## These settings are for a package-type install

PREFIX:=$(DESTDIR)/usr

BINDIR:=$(PREFIX)/sbin

CONFDIR:=$(DESTDIR)/etc/mandos

KEYDIR:=$(DESTDIR)/etc/keys/mandos

MANDIR:=$(PREFIX)/share/man

break; \

fi; \

done)

DBUSPOLICYDIR:=$(DESTDIR)/usr/share/dbus-1/system.d

SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

101

GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)

102

AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)

103

AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)

GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)

100

GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \

104

GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \

105

|| gpgme-config --cflags; getconf LFS_CFLAGS)

106

GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \

107

|| gpgme-config --libs; getconf LFS_LIBS; \

101

108

getconf LFS_LDFLAGS)

102

109

LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)

103

110

LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)

106

113

107

114

# Do not change these two

108

115

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

109

$(LANGUAGE) $(FEATURES) -DVERSION='"$(version)"'

116

$(LANGUAGE) -DVERSION='"$(version)"'

110

117

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \

111

118

) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

112

119

284

291

--expression='s/$mandos_$[0-9.]\+$\.orig\.tar\.gz$/\1$(version)\2/' \

285

292

$@)

286

293

294

# Does the linker support the --no-warn-execstack option?

295

ifeq ($(shell echo 'int main(){}'|$(CC) --language=c /dev/stdin -o /dev/null -Xlinker --no-warn-execstack >/dev/null 2>&1 && echo yes),yes)

296

# These programs use nested functions, which uses an executable stack

297

plugin-runner: LDFLAGS += -Xlinker --no-warn-execstack

298

dracut-module/password-agent: LDFLAGS += -Xlinker --no-warn-execstack

299

plugins.d/password-prompt: LDFLAGS += -Xlinker --no-warn-execstack

300

plugins.d/mandos-client: LDFLAGS += -Xlinker --no-warn-execstack

301

plugins.d/plymouth: LDFLAGS += -Xlinker --no-warn-execstack

302

endif

303

287

304

# Need to add the GnuTLS, Avahi and GPGME libraries

288

305

plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \

289

306

) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)

370

387

371

388

# Used by run-server

372

389

confdir/mandos.conf: mandos.conf

373

install --directory confdir

374

install --mode=u=rw,go=r $^ $@

390

install -D --mode=u=rw,go=r $^ $@

375

391

confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem

376

install --directory confdir

377

install --mode=u=rw $< $@

392

install -D --mode=u=rw $< $@

378

393

# Add a client password

379

394

./mandos-keygen --dir keydir --password --no-ssh >> $@

380

395

statedir:

385

400

386

401

.PHONY: install-html

387

402

install-html: html

388

install --directory $(htmldir)

389

install --mode=u=rw,go=r --target-directory=$(htmldir) \

403

install -D --mode=u=rw,go=r --target-directory=$(htmldir) \

390

404

$(htmldocs)

391

405

392

406

.PHONY: install-server

393

407

install-server: doc

394

install --directory $(CONFDIR)

395

408

if install --directory --mode=u=rwx --owner=$(USER) \

396

409

--group=$(GROUP) $(STATEDIR); then \

397

410

:; \

398

411

elif install --directory --mode=u=rwx $(STATEDIR); then \

399

412

chown -- $(USER):$(GROUP) $(STATEDIR) || :; \

400

413

401

if [ "$(TMPFILES)" != "$(DESTDIR)" \

402

-a -d "$(TMPFILES)" ]; then \

403

install --mode=u=rw,go=r tmpfiles.d-mandos.conf \

414

if [ "$(TMPFILES)" != "$(DESTDIR)" ]; then \

415

install -D --mode=u=rw,go=r tmpfiles.d-mandos.conf \

404

416

$(TMPFILES)/mandos.conf; \

405

417

406

if [ "$(SYSUSERS)" != "$(DESTDIR)" \

407

-a -d "$(SYSUSERS)" ]; then \

408

install --mode=u=rw,go=r sysusers.d-mandos.conf \

418

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

419

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

409

420

$(SYSUSERS)/mandos.conf; \

410

421

411

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

412

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

422

install --directory $(BINDIR)

423

install --mode=u=rwx,go=rx --target-directory=$(BINDIR) mandos

424

install --mode=u=rwx,go=rx --target-directory=$(BINDIR) \

413

425

mandos-ctl

414

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

426

install --mode=u=rwx,go=rx --target-directory=$(BINDIR) \

415

427

mandos-monitor

428

install --directory $(CONFDIR)

416

429

install --mode=u=rw,go=r --target-directory=$(CONFDIR) \

417

430

mandos.conf

418

431

install --mode=u=rw --target-directory=$(CONFDIR) \

419

432

clients.conf

420

install --mode=u=rw,go=r dbus-mandos.conf \

421

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

422

install --mode=u=rwx,go=rx init.d-mandos \

433

install -D --mode=u=rw,go=r dbus-mandos.conf \

434

$(DBUSPOLICYDIR)/mandos.conf

435

install -D --mode=u=rwx,go=rx init.d-mandos \

423

436

$(DESTDIR)/etc/init.d/mandos

424

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

425

install --mode=u=rw,go=r mandos.service $(SYSTEMD); \

437

if [ "$(SYSTEMD)" != "$(DESTDIR)" ]; then \

438

install -D --mode=u=rw,go=r mandos.service \

439

$(SYSTEMD); \

426

440

427

install --mode=u=rw,go=r default-mandos \

441

install -D --mode=u=rw,go=r default-mandos \

428

442

$(DESTDIR)/etc/default/mandos

429

443

if [ -z $(DESTDIR) ]; then \

430

444

update-rc.d mandos defaults 25 15;\

431

445

446

install --directory $(MANDIR)/man8 $(MANDIR)/man5

432

447

gzip --best --to-stdout mandos.8 \

433

448

> $(MANDIR)/man8/mandos.8.gz

434

449

gzip --best --to-stdout mandos-monitor.8 \

444

459

445

460

.PHONY: install-client-nokey

446

461

install-client-nokey: all doc

447

install --directory $(LIBDIR)/mandos $(CONFDIR)

448

462

install --directory --mode=u=rwx $(KEYDIR) \

449

463

$(LIBDIR)/mandos/plugins.d \

450

464

$(LIBDIR)/mandos/plugin-helpers

451

if [ "$(SYSUSERS)" != "$(DESTDIR)" \

452

-a -d "$(SYSUSERS)" ]; then \

453

install --mode=u=rw,go=r sysusers.d-mandos.conf \

465

if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \

466

install -D --mode=u=rw,go=r sysusers.d-mandos.conf \

454

467

$(SYSUSERS)/mandos-client.conf; \

455

468

456

469

if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \

457

install --mode=u=rwx \

458

--directory "$(CONFDIR)/plugins.d" \

470

install --directory \

471

--mode=u=rwx "$(CONFDIR)/plugins.d" \

459

472

"$(CONFDIR)/plugin-helpers"; \

460

473

461

install --mode=u=rwx,go=rx --directory \

474

install --directory --mode=u=rwx,go=rx \

462

475

"$(CONFDIR)/network-hooks.d"

463

476

install --mode=u=rwx,go=rx \

464

477

--target-directory=$(LIBDIR)/mandos plugin-runner

465

478

install --mode=u=rwx,go=rx \

466

479

--target-directory=$(LIBDIR)/mandos \

467

480

mandos-to-cryptroot-unlock

468

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

481

install --directory $(BINDIR)

482

install --mode=u=rwx,go=rx --target-directory=$(BINDIR) \

469

483

mandos-keygen

470

484

install --mode=u=rwx,go=rx \

471

485

--target-directory=$(LIBDIR)/mandos/plugins.d \

488

502

install --mode=u=rwx,go=rx \

489

503

--target-directory=$(LIBDIR)/mandos/plugin-helpers \

490

504

plugin-helpers/mandos-client-iprouteadddel

491

install initramfs-tools-hook \

505

install -D initramfs-tools-hook \

492

506

$(INITRAMFSTOOLS)/hooks/mandos

493

install --mode=u=rw,go=r initramfs-tools-conf \

507

install -D --mode=u=rw,go=r initramfs-tools-conf \

494

508

$(INITRAMFSTOOLS)/conf.d/mandos-conf

495

install --mode=u=rw,go=r initramfs-tools-conf-hook \

509

install -D --mode=u=rw,go=r initramfs-tools-conf-hook \

496

510

$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos

497

install initramfs-tools-script \

511

install -D initramfs-tools-script \

498

512

$(INITRAMFSTOOLS)/scripts/init-premount/mandos

499

install initramfs-tools-script-stop \

513

install -D initramfs-tools-script-stop \

500

514

$(INITRAMFSTOOLS)/scripts/local-premount/mandos

501

install --directory $(DRACUTMODULE)

502

install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \

515

install -D --mode=u=rw,go=r \

516

--target-directory=$(DRACUTMODULE) \

503

517

dracut-module/ask-password-mandos.path \

504

518

dracut-module/ask-password-mandos.service

505

519

install --mode=u=rwxs,go=rx \

508

522

dracut-module/cmdline-mandos.sh \

509

523

dracut-module/password-agent

510

524

install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)

525

install --directory $(MANDIR)/man8

511

526

gzip --best --to-stdout mandos-keygen.8 \

512

527

> $(MANDIR)/man8/mandos-keygen.8.gz

513

528

gzip --best --to-stdout plugin-runner.8mandos \

530

545

.PHONY: install-client

531

546

install-client: install-client-nokey

532

547

# Post-installation stuff

533

-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"

548

-$(BINDIR)/mandos-keygen --dir "$(KEYDIR)"

534

549

if command -v update-initramfs >/dev/null; then \

535

550

update-initramfs -k all -u; \

536

551

elif command -v dracut >/dev/null; then \

548

563

549

564

.PHONY: uninstall-server

550

565

uninstall-server:

551

-rm --force $(PREFIX)/sbin/mandos \

552

$(PREFIX)/sbin/mandos-ctl \

553

$(PREFIX)/sbin/mandos-monitor \

566

-rm --force $(BINDIR)/mandos \

567

$(BINDIR)/mandos-ctl \

568

$(BINDIR)/mandos-monitor \

554

569

$(MANDIR)/man8/mandos.8.gz \

555

570

$(MANDIR)/man8/mandos-monitor.8.gz \

556

571

$(MANDIR)/man8/mandos-ctl.8.gz \

565

580

# to use it.

566

581

! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \

567

582

$(DESTDIR)/etc/crypttab

568

-rm --force $(PREFIX)/sbin/mandos-keygen \

583

-rm --force $(BINDIR)/mandos-keygen \

569

584

$(LIBDIR)/mandos/plugin-runner \

570

585

$(LIBDIR)/mandos/plugins.d/password-prompt \

571

586

$(LIBDIR)/mandos/plugins.d/mandos-client \

610

625

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

611

626

$(DESTDIR)/etc/default/mandos \

612

627

$(DESTDIR)/etc/init.d/mandos \

613

$(SYSTEMD)/mandos.service \

614

628

$(DESTDIR)/run/mandos.pid \

615

629

$(DESTDIR)/var/run/mandos.pid

630

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

631

-rm --force -- $(SYSTEMD)/mandos.service; \

632

616

633

-rmdir $(CONFDIR)

617

634

618

635

.PHONY: purge-client

Older »