/mandos/trunk : revision 15

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

Committer: Teddy Hogeborn
Date: 2008-07-20 06:33:48 UTC
Revision ID: teddy@fukt.bsnet.se-20080720063348-jscgy5p0itrgvlo8

* mandos-clients.conf ([foo]): Uncommented.
  ([foo]/secret): New.
  ([foo]/secfile): Commented out.
  ([foo]/checker): Changed to "fping -q -- %%(fqdn)s".
  ([foo]/timeout): New.

* server.py: New modeline for Python and Emacs.  Set a logging format.
  (Client.__init__): Bug fix: Choose either the value from the options
                     object or pass the argument through string_to_delta
                     for both "timeout" and "interval".
  (Client.checker_callback): Bug fix: Do not log spurious "Checker for
                             <foo> failed" messages.
  (Client.start_checker): Moved "Starting checker" log message down to
                          just before actually starting the subprocess.
                          Do not redirect the subprocesses' stdout to a
                          pipe.
  (peer_certificate, fingerprint): Added docstrings.
  (entry_group_state_changed): Call "killme()" instead of
                               "main_loop.quit()".
  (daemon, killme): New functions.
  (exitstatus, main_loop_started): New global variables.
  (__main__): Removed the "--cert", "--key", "--ca", and "--crl"
              options.  Removed the sleep command from the default
              checker.  Add a console logger in debug mode.  Call
              "killme()" instead of "main_loop.quit()" when there are no
              more clients.  Call "daemon()" if not in debug mode.
              Register "cleanup()" to run at exit.  Ignore some
              signals.  Catch DBusException to detect another running
              server and exit cleanly.  Exit with "exitstatus".
  (cleanup): New function.

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

plugins.d/Makefile

files removed:
.bzrignore

COPYING

README

default-mandos

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.conf

plugin-runner.xml

plugins.d/password-prompt.xml

plugins.d/password-request.xml

plugins.d/usplash

files renamed:
clients.conf => mandos-clients.conf

plugin-runner.c => plugbasedclient.c

plugins.d/password-request.c => plugins.d/mandosclient.c

plugins.d/password-prompt.c => plugins.d/passprompt.c

mandos => server.py

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

Makefile

WARN=-O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs \

-Wswitch-default -Wswitch-enum -Wunused-parameter \

-Wstrict-aliasing=2 -Wextra -Wfloat-equal -Wundef -Wshadow \

-Wunsafe-loop-optimizations -Wpointer-arith \

-Wbad-function-cast -Wcast-qual -Wcast-align -Wwrite-strings \

-Wconversion -Wstrict-prototypes -Wold-style-definition \

-Wpacked -Wnested-externs -Wunreachable-code -Winline \

-Wvolatile-register-var

DEBUG=-ggdb3

# For info about _FORTIFY_SOURCE, see

# <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>

FORTIFY=-D_FORTIFY_SOURCE=2 # -fstack-protector-all

#COVERAGE=--coverage

OPTIMIZE=-Os

LANGUAGE=-std=gnu99

# PREFIX=/usr/local

PREFIX=$(DESTDIR)/usr

# CONFDIR=/usr/local/lib/mandos

CONFDIR=$(DESTDIR)/etc/mandos

# KEYDIR=/usr/local/lib/mandos/keys

KEYDIR=$(DESTDIR)/etc/keys/mandos

# MANDIR=/usr/local/man

MANDIR=$(DESTDIR)/usr/share/man

PIDDIR=/var/run/mandos

USER=nobody

GROUP=nogroup

GNUTLS_CFLAGS=$(shell libgnutls-config --cflags)

GNUTLS_LIBS=$(shell libgnutls-config --libs)

AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)

AVAHI_LIBS=$(shell pkg-config --libs avahi-core)

GPGME_CFLAGS=$(shell gpgme-config --cflags)

GPGME_LIBS=$(shell gpgme-config --libs)

# Do not change these two

CFLAGS=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

$(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)

LDFLAGS=$(COVERAGE)

# Commands to format a DocBook refentry document into a manual page

DOCBOOKTOMAN=cd $(dir $<); xsltproc --nonet --xinclude \

--param man.charmap.use.subset 0 \

--param make.year.ranges 1 \

--param make.single.year.ranges 1 \

--param man.output.quietly 1 \

--param man.authors.section.enabled 0 \

/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \

$(notdir $<); \

$(MANPOST) $(notdir $@)

# DocBook-to-man post-processing to fix a \n escape bug

MANPOST=sed --in-place --expression='s,\\\\en,\\en,g;s,\\n,\\en,g'

PLUGINS=plugins.d/password-prompt plugins.d/password-request

PROGS=plugin-runner $(PLUGINS)

DOCS=mandos.8 plugin-runner.8mandos mandos-keygen.8 \

plugins.d/password-request.8mandos \

plugins.d/password-prompt.8mandos mandos.conf.5 \

mandos-clients.conf.5

objects=$(addsuffix .o,$(PROGS))

all: $(PROGS)

doc: $(DOCS)

%.5: %.xml legalnotice.xml

$(DOCBOOKTOMAN)

%.8: %.xml legalnotice.xml

$(DOCBOOKTOMAN)

%.8mandos: %.xml legalnotice.xml

$(DOCBOOKTOMAN)

mandos.8: mandos.xml mandos-options.xml overview.xml legalnotice.xml

$(DOCBOOKTOMAN)

mandos-keygen.8: mandos-keygen.xml overview.xml legalnotice.xml

$(DOCBOOKTOMAN)

mandos.conf.5: mandos.conf.xml mandos-options.xml legalnotice.xml

$(DOCBOOKTOMAN)

plugin-runner.8mandos: plugin-runner.xml overview.xml legalnotice.xml

$(DOCBOOKTOMAN)

plugins.d/password-request.8mandos: plugins.d/password-request.xml \

mandos-options.xml \

overview.xml legalnotice.xml

$(DOCBOOKTOMAN)

plugins.d/password-request: plugins.d/password-request.o

$(LINK.o) $(GNUTLS_LIBS) $(AVAHI_LIBS) $(GPGME_LIBS) \

$(COMMON) $^ $(LOADLIBES) $(LDLIBS) -o $@

.PHONY : all doc clean distclean run-client run-server install \

install-server install-client uninstall uninstall-server \

uninstall-client purge purge-server purge-client

CFLAGS=-Wall -g -std=gnu99

LDFLAGS=-lgnutls

all: plugbasedclient

100

clean:

101

-rm --force $(PROGS) $(objects) $(DOCS) core

102

103

distclean: clean

104

mostlyclean: clean

105

maintainer-clean: clean

106

-rm --force --recursive keydir confdir

107

108

check:

109

./mandos --check

110

111

# Run the client with a local config and key

112

run-client: all keydir/seckey.txt keydir/pubkey.txt

113

./plugin-runner --plugin-dir=plugins.d \

114

--config-file=plugin-runner.conf \

115

--options-for=password-request:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt

116

117

# Used by run-client

118

keydir/seckey.txt keydir/pubkey.txt: mandos-keygen

119

install --directory keydir

120

./mandos-keygen --dir keydir --force

121

122

# Run the server with a local config

123

run-server: confdir/mandos.conf confdir/clients.conf

124

./mandos --debug --configdir=confdir

125

126

# Used by run-server

127

confdir/mandos.conf: mandos.conf

128

install --directory confdir

129

install --mode=u=rw,go=r $^ $@

130

confdir/clients.conf: clients.conf keydir/seckey.txt

131

install --directory confdir

132

install --mode=u=rw,g=r $< $@

133

# Add a client password

134

./mandos-keygen --dir keydir --password >> $@

135

136

install: install-server install-client

137

138

install-server: doc

139

install --directory $(CONFDIR) $(MANDIR)/man5 \

140

$(MANDIR)/man8

141

install --mode=u=rwx,go=rx --owner=$(USER) --group=$(GROUP) \

142

--directory $(PIDDIR)

143

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

144

install --mode=u=rw,go=r --target-directory=$(CONFDIR) \

145

mandos.conf

146

install --mode=u=rw,g=r --target-directory=$(CONFDIR) \

147

clients.conf

148

install --mode=u=rwx,go=rx init.d-mandos /etc/init.d/mandos

149

install --mode=u=rw,go=r default-mandos /etc/default/mandos

150

update-rc.d mandos defaults

151

gzip --best --to-stdout mandos.8 \

152

> $(MANDIR)/man8/mandos.8.gz

153

gzip --best --to-stdout mandos.conf.5 \

154

> $(MANDIR)/man5/mandos.conf.5.gz

155

gzip --best --to-stdout mandos-clients.conf.5 \

156

> $(MANDIR)/man5/mandos-clients.conf.5.gz

157

158

install-client: all doc /usr/share/initramfs-tools/hooks/.

159

install --directory $(PREFIX)/lib/mandos $(CONFDIR) \

160

$(MANDIR)/man8

161

install --directory --mode=u=rwx $(KEYDIR)

162

install --directory --mode=u=rwx \

163

$(PREFIX)/lib/mandos/plugins.d

164

if [ "$(CONFDIR)/plugins.d" \

165

!= "$(PREFIX)/lib/mandos/plugins.d" ]; then \

166

install --directory "$(CONFDIR)/plugins.d"; \

167

168

install --mode=u=rwx,go=rx \

169

--target-directory=$(PREFIX)/lib/mandos plugin-runner

170

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

171

mandos-keygen

172

install --mode=u=rwx,go=rx \

173

--target-directory=$(PREFIX)/lib/mandos/plugins.d \

174

plugins.d/password-prompt

175

install --mode=u=rwxs,go=rx \

176

--target-directory=$(PREFIX)/lib/mandos/plugins.d \

177

plugins.d/password-request

178

install --mode=u=rwx,go=rx \

179

--target-directory=$(PREFIX)/lib/mandos/plugins.d \

180

plugins.d/usplash

181

install initramfs-tools-hook \

182

/usr/share/initramfs-tools/hooks/mandos

183

install initramfs-tools-hook-conf \

184

/usr/share/initramfs-tools/conf-hooks.d/mandos

185

install initramfs-tools-script \

186

/usr/share/initramfs-tools/scripts/local-top/mandos

187

install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)

188

gzip --best --to-stdout mandos-keygen.8 \

189

> $(MANDIR)/man8/mandos-keygen.8.gz

190

gzip --best --to-stdout plugin-runner.8mandos \

191

> $(MANDIR)/man8/plugin-runner.8mandos.gz

192

gzip --best --to-stdout plugins.d/password-prompt.8mandos \

193

> $(MANDIR)/man8/password-prompt.8mandos.gz

194

gzip --best --to-stdout plugins.d/password-request.8mandos \

195

> $(MANDIR)/man8/password-request.8mandos.gz

196

-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"

197

update-initramfs -k all -u

198

echo "Now run mandos-keygen --password --dir $(KEYDIR)"

199

200

uninstall: uninstall-server uninstall-client

201

202

uninstall-server:

203

-rm --force $(PREFIX)/sbin/mandos \

204

$(MANDIR)/man8/mandos.8.gz \

205

$(MANDIR)/man5/mandos.conf.5.gz \

206

$(MANDIR)/man5/mandos-clients.conf.5.gz

207

update-rc.d -f mandos remove

208

-rmdir $(CONFDIR) $(PIDDIR)

209

210

uninstall-client:

211

# Refuse to uninstall client if /etc/crypttab is explicitly configured

212

# to use it.

213

! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \

214

/etc/crypttab

215

-rm --force $(PREFIX)/sbin/mandos-keygen \

216

$(PREFIX)/lib/mandos/plugin-runner \

217

$(PREFIX)/lib/mandos/plugins.d/password-prompt \

218

$(PREFIX)/lib/mandos/plugins.d/password-request \

219

/usr/share/initramfs-tools/hooks/mandos \

220

/usr/share/initramfs-tools/conf-hooks.d/mandos \

221

$(MANDIR)/man8/plugin-runner.8mandos.gz \

222

$(MANDIR)/man8/mandos-keygen.8.gz \

223

$(MANDIR)/man8/password-prompt.8mandos.gz \

224

$(MANDIR)/man8/password-request.8mandos.gz

225

-rmdir $(PREFIX)/lib/mandos/plugins.d $(CONFDIR)/plugins.d \

226

$(PREFIX)/lib/mandos $(CONFDIR)

227

update-initramfs -k all -u

228

229

purge: purge-server purge-client

230

231

purge-server: uninstall-server

232

-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \

233

/etc/default/mandos /etc/init.d/mandos

234

-rmdir $(CONFDIR)

235

236

purge-client: uninstall-client

237

-shred --remove $(KEYDIR)/seckey.txt

238

-rm --force $(CONFDIR)/plugin-runner.conf \

239

$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt

240

-rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)

rm -f plugbasedclient

Older »