/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2008-12-10 01:26:02 UTC
  • mfrom: (237.1.2 mandos)
  • Revision ID: teddy@fukt.bsnet.se-20081210012602-vhz3h75xkj24t340
First version of a somewhat complete D-Bus server interface.  Also
change user/group name to "_mandos".

* debian/mandos.postinst: Rename old "mandos" user and group to
                          "_mandos"; create "_mandos" user and group
                          if none exist.
* debian/mandos-client.postinst: - '' -

* initramfs-tools-hook: Try "_mandos" before "mandos" as user and
                        group name.

* mandos (_datetime_to_dbus_struct): New; was previously local.
  (Client.started): Renamed to "last_started".  All users changed.
  (Client.started): New; boolean.
  (Client.dbus_object_path): New.
  (Client.check_command): Renamed to "checker_command".  All users
                          changed.
  (Client.__init__): Set and use "self.dbus_object_path".  Set
                     "self.started".
  (Client.start): Update "self.started".  Emit "self.PropertyChanged"
                  signals for both "started" and "last_started".
  (Client.stop): Update "self.started".  Emit "self.PropertyChanged"
                 signal for "started".
  (Client.checker_callback): Take additional "command" argument.  All
                             callers changed. Emit
                             "self.PropertyChanged" signal.
  (Client.bump_timeout): Emit "self.PropertyChanged" signal for
                         "last_checked_ok".
  (Client.start_checker): Emit "self.PropertyChanged" signal for
                          "checker_running".
  (Client.stop_checker): Emit "self.PropertyChanged" signal for
                         "checker_running".
  (Client.still_valid): Bug fix: use "getattr(self, started, False)"
                        instead of "self.started" in case this client
                        object is so new that the "started" attribute
                        has not been created yet.
  (Client.IntervalChanged, Client.CheckerIsRunning, Client.GetChecker,
  Client.GetCreated, Client.GetFingerprint, Client.GetHost,
  Client.GetInterval, Client.GetName, Client.GetStarted,
  Client.GetTimeout, Client.StateChanged, Client.TimeoutChanged):
  Removed; all callers changed.
  (Client.CheckerCompleted): Add "condition" and "command" arguments.
                             All callers changed.
  (Client.GetAllProperties, Client.PropertyChanged): New.
  (Client.StillValid): Renamed to "IsStillValid".
  (Client.StartChecker): Changed to its own function to avoid the
                         return value from "Client.start_checker()".
  (Client.Stop): Changed to its own function to avoid the return value
                 from "Client.stop()".
  (main): Try "_mandos" before "mandos" as user and group name.
          Removed inner function "remove_from_clients".  New inner
          class "MandosServer".

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
2
 
        -Wmissing-include-dirs -Wswitch-default -Wswitch-enum \
3
 
        -Wunused -Wuninitialized -Wstrict-overflow=5 \
4
 
        -Wsuggest-attribute=pure -Wsuggest-attribute=const \
5
 
        -Wsuggest-attribute=noreturn -Wfloat-equal -Wundef -Wshadow \
 
1
WARN=-O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs \
 
2
        -Wswitch-default -Wswitch-enum -Wunused-parameter \
 
3
        -Wstrict-aliasing=2 -Wextra -Wfloat-equal -Wundef -Wshadow \
6
4
        -Wunsafe-loop-optimizations -Wpointer-arith \
7
5
        -Wbad-function-cast -Wcast-qual -Wcast-align -Wwrite-strings \
8
 
        -Wconversion -Wlogical-op -Waggregate-return \
9
 
        -Wstrict-prototypes -Wold-style-definition \
10
 
        -Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
11
 
        -Wredundant-decls -Wnested-externs -Winline -Wvla \
12
 
        -Wvolatile-register-var -Woverlength-strings
13
 
 
14
 
#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)
15
 
## Check which sanitizing options can be used
16
 
#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
17
 
#       echo 'int main(){}' | $(CC) --language=c $(option) \
18
 
#       /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))
19
 
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
20
 
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
21
 
        -fsanitize=shift -fsanitize=integer-divide-by-zero \
22
 
        -fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
23
 
        -fsanitize=return -fsanitize=signed-integer-overflow \
24
 
        -fsanitize=bounds -fsanitize=alignment \
25
 
        -fsanitize=object-size -fsanitize=float-divide-by-zero \
26
 
        -fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
 
        -fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
 
        -fsanitize=enum -fsanitize-address-use-after-scope
29
 
 
30
 
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
 
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
 
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
33
 
LINK_FORTIFY_LD:=-z relro -z now
34
 
LINK_FORTIFY:=
35
 
 
36
 
# If BROKEN_PIE is set, do not build with -pie
37
 
ifndef BROKEN_PIE
38
 
FORTIFY += -fPIE
39
 
LINK_FORTIFY += -pie
40
 
endif
 
6
        -Wconversion -Wstrict-prototypes -Wold-style-definition \
 
7
        -Wpacked -Wnested-externs -Winline -Wvolatile-register-var
 
8
#       -Wunreachable-code 
 
9
#DEBUG=-ggdb3
 
10
# For info about _FORTIFY_SOURCE, see
 
11
# <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>
 
12
FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIE -pie
 
13
LINK_FORTIFY=-z relro -pie
41
14
#COVERAGE=--coverage
42
 
OPTIMIZE:=-Os -fno-strict-aliasing
43
 
LANGUAGE:=-std=gnu11
44
 
htmldir:=man
45
 
version:=1.8.4
46
 
SED:=sed
47
 
 
48
 
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
49
 
        || getent passwd nobody || echo 65534)))
50
 
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
51
 
        || getent group nogroup || echo 65534)))
 
15
OPTIMIZE=-Os
 
16
LANGUAGE=-std=gnu99
 
17
htmldir=man
 
18
version=1.0.2
 
19
SED=sed
52
20
 
53
21
## Use these settings for a traditional /usr/local install
54
 
# PREFIX:=$(DESTDIR)/usr/local
55
 
# CONFDIR:=$(DESTDIR)/etc/mandos
56
 
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
57
 
# MANDIR:=$(PREFIX)/man
58
 
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
59
 
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
60
 
# STATEDIR:=$(DESTDIR)/var/lib/mandos
61
 
# LIBDIR:=$(PREFIX)/lib
 
22
# PREFIX=$(DESTDIR)/usr/local
 
23
# CONFDIR=$(DESTDIR)/etc/mandos
 
24
# KEYDIR=$(DESTDIR)/etc/mandos/keys
 
25
# MANDIR=$(PREFIX)/man
 
26
# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools
62
27
##
63
28
 
64
29
## These settings are for a package-type install
65
 
PREFIX:=$(DESTDIR)/usr
66
 
CONFDIR:=$(DESTDIR)/etc/mandos
67
 
KEYDIR:=$(DESTDIR)/etc/keys/mandos
68
 
MANDIR:=$(PREFIX)/share/man
69
 
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
70
 
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
71
 
STATEDIR:=$(DESTDIR)/var/lib/mandos
72
 
LIBDIR:=$(shell \
73
 
        for d in \
74
 
        "/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
75
 
        "`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
76
 
                if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
77
 
                        echo "$(DESTDIR)$$d"; \
78
 
                        break; \
79
 
                fi; \
80
 
        done)
 
30
PREFIX=$(DESTDIR)/usr
 
31
CONFDIR=$(DESTDIR)/etc/mandos
 
32
KEYDIR=$(DESTDIR)/etc/keys/mandos
 
33
MANDIR=$(PREFIX)/share/man
 
34
INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools
81
35
##
82
36
 
83
 
SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
84
 
TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
85
 
 
86
 
GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)
87
 
GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)
88
 
AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)
89
 
AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)
90
 
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
91
 
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
92
 
        getconf LFS_LDFLAGS)
93
 
LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)
94
 
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
95
 
GLIB_CFLAGS:=$(shell pkg-config --cflags glib-2.0)
96
 
GLIB_LIBS:=$(shell pkg-config --libs glib-2.0)
 
37
GNUTLS_CFLAGS=$(shell libgnutls-config --cflags)
 
38
GNUTLS_LIBS=$(shell libgnutls-config --libs)
 
39
AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)
 
40
AVAHI_LIBS=$(shell pkg-config --libs avahi-core)
 
41
GPGME_CFLAGS=$(shell gpgme-config --cflags)
 
42
GPGME_LIBS=$(shell gpgme-config --libs)
97
43
 
98
44
# Do not change these two
99
 
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
100
 
        $(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
101
 
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
102
 
        ) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
 
45
CFLAGS=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
 
46
        $(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) \
 
47
        -DVERSION='"$(version)"'
 
48
LDFLAGS=$(COVERAGE) $(LINK_FORTIFY)
103
49
 
104
50
# Commands to format a DocBook <refentry> document into a manual page
105
 
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
 
51
DOCBOOKTOMAN=cd $(dir $<); xsltproc --nonet --xinclude \
106
52
        --param man.charmap.use.subset          0 \
107
53
        --param make.year.ranges                1 \
108
54
        --param make.single.year.ranges         1 \
109
55
        --param man.output.quietly              1 \
110
56
        --param man.authors.section.enabled     0 \
111
 
        /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
 
57
         /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
112
58
        $(notdir $<); \
113
 
        if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
114
 
        && command -v man >/dev/null; then LANG=en_US.UTF-8 \
115
 
        MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
116
 
        $(notdir $@); fi >/dev/null)
 
59
        $(MANPOST) $(notdir $@)
 
60
# DocBook-to-man post-processing to fix a '\n' escape bug
 
61
MANPOST=$(SED) --in-place --expression='s,\\\\en,\\en,g;s,\\n,\\en,g'
117
62
 
118
 
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
 
63
DOCBOOKTOHTML=xsltproc --nonet --xinclude \
119
64
        --param make.year.ranges                1 \
120
65
        --param make.single.year.ranges         1 \
121
66
        --param man.output.quietly              1 \
123
68
        --param citerefentry.link               1 \
124
69
        --output $@ \
125
70
        /usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \
126
 
        $<; $(HTMLPOST) $@)
 
71
        $<; $(HTMLPOST) $@
127
72
# Fix citerefentry links
128
 
HTMLPOST:=$(SED) --in-place \
 
73
HTMLPOST=$(SED) --in-place \
129
74
        --expression='s/\(<a class="citerefentry" href="\)\("><span class="citerefentry"><span class="refentrytitle">\)\([^<]*\)\(<\/span>(\)\([^)]*\)\()<\/span><\/a>\)/\1\3.\5\2\3\4\5\6/g'
130
75
 
131
 
PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \
132
 
        plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
133
 
        plugins.d/plymouth
134
 
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
135
 
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
136
 
        $(PLUGIN_HELPERS)
137
 
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
138
 
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
139
 
        mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
140
 
        dracut-module/password-agent.8mandos \
 
76
PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \
 
77
        plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo
 
78
CPROGS=plugin-runner $(PLUGINS)
 
79
PROGS=mandos mandos-keygen $(CPROGS)
 
80
DOCS=mandos.8 plugin-runner.8mandos mandos-keygen.8 \
141
81
        plugins.d/mandos-client.8mandos \
142
 
        plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
143
 
        plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
144
 
        plugins.d/plymouth.8mandos intro.8mandos
145
 
 
146
 
htmldocs:=$(addsuffix .xhtml,$(DOCS))
147
 
 
148
 
objects:=$(addsuffix .o,$(CPROGS))
 
82
        plugins.d/password-prompt.8mandos mandos.conf.5 \
 
83
        plugins.d/usplash.8mandos plugins.d/splashy.8mandos \
 
84
        plugins.d/askpass-fifo.8mandos mandos-clients.conf.5
 
85
 
 
86
htmldocs=$(addsuffix .xhtml,$(DOCS))
 
87
 
 
88
objects=$(addsuffix .o,$(CPROGS))
149
89
 
150
90
all: $(PROGS) mandos.lsm
151
91
 
168
108
%.8mandos.xhtml: %.xml common.ent legalnotice.xml
169
109
        $(DOCBOOKTOHTML)
170
110
 
171
 
intro.8mandos: intro.xml common.ent legalnotice.xml
172
 
        $(DOCBOOKTOMAN)
173
 
intro.8mandos.xhtml: intro.xml common.ent legalnotice.xml
174
 
        $(DOCBOOKTOHTML)
175
 
 
176
111
mandos.8: mandos.xml common.ent mandos-options.xml overview.xml \
177
112
                legalnotice.xml
178
113
        $(DOCBOOKTOMAN)
187
122
                 legalnotice.xml
188
123
        $(DOCBOOKTOHTML)
189
124
 
190
 
mandos-monitor.8: mandos-monitor.xml common.ent overview.xml \
191
 
                legalnotice.xml
192
 
        $(DOCBOOKTOMAN)
193
 
mandos-monitor.8.xhtml: mandos-monitor.xml common.ent overview.xml \
194
 
                 legalnotice.xml
195
 
        $(DOCBOOKTOHTML)
196
 
 
197
 
mandos-ctl.8: mandos-ctl.xml common.ent overview.xml \
198
 
                legalnotice.xml
199
 
        $(DOCBOOKTOMAN)
200
 
mandos-ctl.8.xhtml: mandos-ctl.xml common.ent overview.xml \
201
 
                 legalnotice.xml
202
 
        $(DOCBOOKTOHTML)
203
 
 
204
125
mandos.conf.5: mandos.conf.xml common.ent mandos-options.xml \
205
126
                legalnotice.xml
206
127
        $(DOCBOOKTOMAN)
215
136
                overview.xml legalnotice.xml
216
137
        $(DOCBOOKTOHTML)
217
138
 
218
 
dracut-module/password-agent.8mandos: \
219
 
                dracut-module/password-agent.xml common.ent \
220
 
                overview.xml legalnotice.xml
221
 
        $(DOCBOOKTOMAN)
222
 
dracut-module/password-agent.8mandos.xhtml: \
223
 
                dracut-module/password-agent.xml common.ent \
224
 
                overview.xml legalnotice.xml
225
 
        $(DOCBOOKTOHTML)
226
 
 
227
139
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
228
140
                                        common.ent \
229
141
                                        mandos-options.xml \
237
149
 
238
150
# Update all these files with version number $(version)
239
151
common.ent: Makefile
240
 
        $(strip $(SED) --in-place \
241
 
                --expression='s/^\(<!ENTITY version "\)[^"]*">$$/\1$(version)">/' \
242
 
                $@)
 
152
        $(SED) --in-place \
 
153
                --expression='s/^\(<ENTITY VERSION "\)[^"]*">$$/\1$(version)"/' \
 
154
                $@
243
155
 
244
156
mandos: Makefile
245
 
        $(strip $(SED) --in-place \
 
157
        $(SED) --in-place \
246
158
                --expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
247
 
                $@)
 
159
                $@
248
160
 
249
161
mandos-keygen: Makefile
250
 
        $(strip $(SED) --in-place \
 
162
        $(SED) --in-place \
251
163
                --expression='s/^\(VERSION="\)[^"]*"$$/\1$(version)"/' \
252
 
                $@)
253
 
 
254
 
mandos-ctl: Makefile
255
 
        $(strip $(SED) --in-place \
256
 
                --expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
257
 
                $@)
258
 
 
259
 
mandos-monitor: Makefile
260
 
        $(strip $(SED) --in-place \
261
 
                --expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
262
 
                $@)
 
164
                $@
263
165
 
264
166
mandos.lsm: Makefile
265
 
        $(strip $(SED) --in-place \
 
167
        $(SED) --in-place \
266
168
                --expression='s/^\(Version:\).*/\1\t$(version)/' \
267
 
                $@)
268
 
        $(strip $(SED) --in-place \
 
169
                $@
 
170
        $(SED) --in-place \
269
171
                --expression='s/^\(Entered-date:\).*/\1\t$(shell date --rfc-3339=date --reference=Makefile)/' \
270
 
                $@)
271
 
        $(strip $(SED) --in-place \
272
 
                --expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
273
 
                $@)
274
 
 
275
 
# Need to add the GnuTLS, Avahi and GPGME libraries
276
 
plugins.d/mandos-client: plugins.d/mandos-client.c
277
 
        $(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
278
 
                ) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
279
 
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
280
 
                ) $(LDLIBS) -o $@
281
 
 
282
 
# Need to add the libnl-route library
283
 
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
284
 
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
285
 
                ) $(LOADLIBES) $(LDLIBS) -o $@
286
 
 
287
 
# Need to add the GLib and pthread libraries
288
 
dracut-module/password-agent: dracut-module/password-agent.c
289
 
        $(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
290
 
                ) $(LOADLIBES) $(LDLIBS) -o $@
291
 
 
292
 
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
293
 
        check run-client run-server install install-html \
294
 
        install-server install-client-nokey install-client uninstall \
295
 
        uninstall-server uninstall-client purge purge-server \
296
 
        purge-client
 
172
                $@
 
173
 
 
174
plugins.d/mandos-client: plugins.d/mandos-client.o
 
175
        $(LINK.o) $(GNUTLS_LIBS) $(AVAHI_LIBS) $(GPGME_LIBS) \
 
176
                $(COMMON) $^ $(LOADLIBES) $(LDLIBS) -o $@
 
177
 
 
178
.PHONY : all doc html clean distclean run-client run-server install \
 
179
        install-server install-client uninstall uninstall-server \
 
180
        uninstall-client purge purge-server purge-client
297
181
 
298
182
clean:
299
183
        -rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
301
185
distclean: clean
302
186
mostlyclean: clean
303
187
maintainer-clean: clean
304
 
        -rm --force --recursive keydir confdir statedir
 
188
        -rm --force --recursive keydir confdir
305
189
 
306
 
check: all
 
190
check:  all
307
191
        ./mandos --check
308
 
        ./mandos-ctl --check
309
 
        ./mandos-keygen --version
310
 
        ./plugin-runner --version
311
 
        ./plugin-helpers/mandos-client-iprouteadddel --version
312
 
        ./dracut-module/password-agent --test
313
192
 
314
193
# Run the client with a local config and key
315
 
run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem
316
 
        @echo "###################################################################"
317
 
        @echo "# The following error messages are harmless and can be safely     #"
318
 
        @echo "# ignored:                                                        #"
319
 
        @echo "# From plugin-runner: setgid: Operation not permitted             #"
320
 
        @echo "#                     setuid: Operation not permitted             #"
321
 
        @echo "# From askpass-fifo:  mkfifo: Permission denied                   #"
322
 
        @echo "# From mandos-client:                                             #"
323
 
        @echo "#             Failed to raise privileges: Operation not permitted #"
324
 
        @echo "#             Warning: network hook \"*\" exited with status *      #"
325
 
        @echo "#                                                                 #"
326
 
        @echo "# (The messages are caused by not running as root, but you should #"
327
 
        @echo "# NOT run \"make run-client\" as root unless you also unpacked and  #"
328
 
        @echo "# compiled Mandos as root, which is also NOT recommended.)        #"
329
 
        @echo "###################################################################"
330
 
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
 
194
run-client: all keydir/seckey.txt keydir/pubkey.txt
331
195
        ./plugin-runner --plugin-dir=plugins.d \
332
 
                --plugin-helper-dir=plugin-helpers \
333
196
                --config-file=plugin-runner.conf \
334
 
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \
335
 
                --env-for=mandos-client:GNOME_KEYRING_CONTROL= \
336
 
                $(CLIENTARGS)
 
197
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt
337
198
 
338
199
# Used by run-client
339
 
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
 
200
keydir/seckey.txt keydir/pubkey.txt: mandos-keygen
340
201
        install --directory keydir
341
202
        ./mandos-keygen --dir keydir --force
342
203
 
343
204
# Run the server with a local config
344
 
run-server: confdir/mandos.conf confdir/clients.conf statedir
345
 
        ./mandos --debug --no-dbus --configdir=confdir \
346
 
                --statedir=statedir $(SERVERARGS)
 
205
run-server: confdir/mandos.conf confdir/clients.conf
 
206
        ./mandos --debug --configdir=confdir
347
207
 
348
208
# Used by run-server
349
209
confdir/mandos.conf: mandos.conf
350
210
        install --directory confdir
351
211
        install --mode=u=rw,go=r $^ $@
352
 
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
 
212
confdir/clients.conf: clients.conf keydir/seckey.txt
353
213
        install --directory confdir
354
214
        install --mode=u=rw $< $@
355
215
# Add a client password
356
 
        ./mandos-keygen --dir keydir --password --no-ssh >> $@
357
 
statedir:
358
 
        install --directory statedir
 
216
        ./mandos-keygen --dir keydir --password >> $@
359
217
 
360
218
install: install-server install-client-nokey
361
219
 
366
224
 
367
225
install-server: doc
368
226
        install --directory $(CONFDIR)
369
 
        if install --directory --mode=u=rwx --owner=$(USER) \
370
 
                --group=$(GROUP) $(STATEDIR); then \
371
 
                :; \
372
 
        elif install --directory --mode=u=rwx $(STATEDIR); then \
373
 
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
374
 
        fi
375
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
376
 
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
377
 
                        $(TMPFILES)/mandos.conf; \
378
 
        fi
379
227
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
380
 
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
381
 
                mandos-ctl
382
 
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
383
 
                mandos-monitor
384
228
        install --mode=u=rw,go=r --target-directory=$(CONFDIR) \
385
229
                mandos.conf
386
230
        install --mode=u=rw --target-directory=$(CONFDIR) \
387
231
                clients.conf
388
 
        install --mode=u=rw,go=r dbus-mandos.conf \
389
 
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
390
232
        install --mode=u=rwx,go=rx init.d-mandos \
391
233
                $(DESTDIR)/etc/init.d/mandos
392
 
        if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
393
 
                install --mode=u=rw,go=r mandos.service $(SYSTEMD); \
394
 
        fi
395
234
        install --mode=u=rw,go=r default-mandos \
396
235
                $(DESTDIR)/etc/default/mandos
397
236
        if [ -z $(DESTDIR) ]; then \
399
238
        fi
400
239
        gzip --best --to-stdout mandos.8 \
401
240
                > $(MANDIR)/man8/mandos.8.gz
402
 
        gzip --best --to-stdout mandos-monitor.8 \
403
 
                > $(MANDIR)/man8/mandos-monitor.8.gz
404
 
        gzip --best --to-stdout mandos-ctl.8 \
405
 
                > $(MANDIR)/man8/mandos-ctl.8.gz
406
241
        gzip --best --to-stdout mandos.conf.5 \
407
242
                > $(MANDIR)/man5/mandos.conf.5.gz
408
243
        gzip --best --to-stdout mandos-clients.conf.5 \
409
244
                > $(MANDIR)/man5/mandos-clients.conf.5.gz
410
 
        gzip --best --to-stdout intro.8mandos \
411
 
                > $(MANDIR)/man8/intro.8mandos.gz
412
245
 
413
246
install-client-nokey: all doc
414
 
        install --directory $(LIBDIR)/mandos $(CONFDIR)
 
247
        install --directory $(PREFIX)/lib/mandos $(CONFDIR)
415
248
        install --directory --mode=u=rwx $(KEYDIR) \
416
 
                $(LIBDIR)/mandos/plugins.d \
417
 
                $(LIBDIR)/mandos/plugin-helpers
418
 
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
 
249
                $(PREFIX)/lib/mandos/plugins.d
 
250
        if [ "$(CONFDIR)" != "$(PREFIX)/lib/mandos" ]; then \
419
251
                install --mode=u=rwx \
420
 
                        --directory "$(CONFDIR)/plugins.d" \
421
 
                        "$(CONFDIR)/plugin-helpers"; \
 
252
                        --directory "$(CONFDIR)/plugins.d"; \
422
253
        fi
423
 
        install --mode=u=rwx,go=rx --directory \
424
 
                "$(CONFDIR)/network-hooks.d"
425
 
        install --mode=u=rwx,go=rx \
426
 
                --target-directory=$(LIBDIR)/mandos plugin-runner
427
 
        install --mode=u=rwx,go=rx \
428
 
                --target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock
 
254
        install --mode=u=rwx,go=rx \
 
255
                --target-directory=$(PREFIX)/lib/mandos plugin-runner
429
256
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
430
257
                mandos-keygen
431
258
        install --mode=u=rwx,go=rx \
432
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
259
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
433
260
                plugins.d/password-prompt
434
261
        install --mode=u=rwxs,go=rx \
435
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
262
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
436
263
                plugins.d/mandos-client
437
264
        install --mode=u=rwxs,go=rx \
438
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
265
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
439
266
                plugins.d/usplash
440
267
        install --mode=u=rwxs,go=rx \
441
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
268
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
442
269
                plugins.d/splashy
443
270
        install --mode=u=rwxs,go=rx \
444
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
271
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
445
272
                plugins.d/askpass-fifo
446
 
        install --mode=u=rwxs,go=rx \
447
 
                --target-directory=$(LIBDIR)/mandos/plugins.d \
448
 
                plugins.d/plymouth
449
 
        install --mode=u=rwx,go=rx \
450
 
                --target-directory=$(LIBDIR)/mandos/plugin-helpers \
451
 
                plugin-helpers/mandos-client-iprouteadddel
452
273
        install initramfs-tools-hook \
453
274
                $(INITRAMFSTOOLS)/hooks/mandos
454
 
        install --mode=u=rw,go=r initramfs-tools-conf \
455
 
                $(INITRAMFSTOOLS)/conf.d/mandos-conf
456
 
        install --mode=u=rw,go=r initramfs-tools-conf-hook \
457
 
                $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
 
275
        install --mode=u=rw,go=r initramfs-tools-hook-conf \
 
276
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos
458
277
        install initramfs-tools-script \
459
 
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos
460
 
        install initramfs-tools-script-stop \
461
 
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos
462
 
        install --directory $(DRACUTMODULE)
463
 
        install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
464
 
                dracut-module/ask-password-mandos.path \
465
 
                dracut-module/ask-password-mandos.service
466
 
        install --mode=u=rwxs,go=rx \
467
 
                --target-directory=$(DRACUTMODULE) \
468
 
                dracut-module/module-setup.sh \
469
 
                dracut-module/cmdline-mandos.sh \
470
 
                dracut-module/password-agent
 
278
                $(INITRAMFSTOOLS)/scripts/local-top/mandos
471
279
        install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
472
280
        gzip --best --to-stdout mandos-keygen.8 \
473
281
                > $(MANDIR)/man8/mandos-keygen.8.gz
474
282
        gzip --best --to-stdout plugin-runner.8mandos \
475
283
                > $(MANDIR)/man8/plugin-runner.8mandos.gz
 
284
        gzip --best --to-stdout plugins.d/password-prompt.8mandos \
 
285
                > $(MANDIR)/man8/password-prompt.8mandos.gz
476
286
        gzip --best --to-stdout plugins.d/mandos-client.8mandos \
477
287
                > $(MANDIR)/man8/mandos-client.8mandos.gz
478
 
        gzip --best --to-stdout plugins.d/password-prompt.8mandos \
479
 
                > $(MANDIR)/man8/password-prompt.8mandos.gz
480
288
        gzip --best --to-stdout plugins.d/usplash.8mandos \
481
289
                > $(MANDIR)/man8/usplash.8mandos.gz
482
290
        gzip --best --to-stdout plugins.d/splashy.8mandos \
483
291
                > $(MANDIR)/man8/splashy.8mandos.gz
484
292
        gzip --best --to-stdout plugins.d/askpass-fifo.8mandos \
485
293
                > $(MANDIR)/man8/askpass-fifo.8mandos.gz
486
 
        gzip --best --to-stdout plugins.d/plymouth.8mandos \
487
 
                > $(MANDIR)/man8/plymouth.8mandos.gz
488
 
        gzip --best --to-stdout dracut-module/password-agent.8mandos \
489
 
                > $(MANDIR)/man8/password-agent.8mandos.gz
490
294
 
491
295
install-client: install-client-nokey
492
296
# Post-installation stuff
493
297
        -$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
494
 
        if command -v update-initramfs >/dev/null; then \
495
 
            update-initramfs -k all -u; \
496
 
        elif command -v dracut >/dev/null; then \
497
 
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
498
 
                if [ -w "$$initrd" ]; then \
499
 
                    chmod go-r "$$initrd"; \
500
 
                    dracut --force "$$initrd"; \
501
 
                fi; \
502
 
            done; \
503
 
        fi
 
298
        update-initramfs -k all -u
504
299
        echo "Now run mandos-keygen --password --dir $(KEYDIR)"
505
300
 
506
301
uninstall: uninstall-server uninstall-client
507
302
 
508
303
uninstall-server:
509
304
        -rm --force $(PREFIX)/sbin/mandos \
510
 
                $(PREFIX)/sbin/mandos-ctl \
511
 
                $(PREFIX)/sbin/mandos-monitor \
512
305
                $(MANDIR)/man8/mandos.8.gz \
513
 
                $(MANDIR)/man8/mandos-monitor.8.gz \
514
 
                $(MANDIR)/man8/mandos-ctl.8.gz \
515
306
                $(MANDIR)/man5/mandos.conf.5.gz \
516
307
                $(MANDIR)/man5/mandos-clients.conf.5.gz
517
308
        update-rc.d -f mandos remove
523
314
        ! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \
524
315
                $(DESTDIR)/etc/crypttab
525
316
        -rm --force $(PREFIX)/sbin/mandos-keygen \
526
 
                $(LIBDIR)/mandos/plugin-runner \
527
 
                $(LIBDIR)/mandos/plugins.d/password-prompt \
528
 
                $(LIBDIR)/mandos/plugins.d/mandos-client \
529
 
                $(LIBDIR)/mandos/plugins.d/usplash \
530
 
                $(LIBDIR)/mandos/plugins.d/splashy \
531
 
                $(LIBDIR)/mandos/plugins.d/askpass-fifo \
532
 
                $(LIBDIR)/mandos/plugins.d/plymouth \
 
317
                $(PREFIX)/lib/mandos/plugin-runner \
 
318
                $(PREFIX)/lib/mandos/plugins.d/password-prompt \
 
319
                $(PREFIX)/lib/mandos/plugins.d/mandos-client \
 
320
                $(PREFIX)/lib/mandos/plugins.d/usplash \
 
321
                $(PREFIX)/lib/mandos/plugins.d/splashy \
 
322
                $(PREFIX)/lib/mandos/plugins.d/askpass-fifo \
533
323
                $(INITRAMFSTOOLS)/hooks/mandos \
534
324
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos \
535
 
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos \
536
 
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos \
537
 
                $(DRACUTMODULE)/ask-password-mandos.path \
538
 
                $(DRACUTMODULE)/ask-password-mandos.service \
539
 
                $(DRACUTMODULE)/module-setup.sh \
540
 
                $(DRACUTMODULE)/cmdline-mandos.sh \
541
 
                $(DRACUTMODULE)/password-agent \
 
325
                $(INITRAMFSTOOLS)/scripts/local-top/mandos \
 
326
                $(MANDIR)/man8/plugin-runner.8mandos.gz \
542
327
                $(MANDIR)/man8/mandos-keygen.8.gz \
543
 
                $(MANDIR)/man8/plugin-runner.8mandos.gz \
544
 
                $(MANDIR)/man8/mandos-client.8mandos.gz
545
328
                $(MANDIR)/man8/password-prompt.8mandos.gz \
546
329
                $(MANDIR)/man8/usplash.8mandos.gz \
547
330
                $(MANDIR)/man8/splashy.8mandos.gz \
548
331
                $(MANDIR)/man8/askpass-fifo.8mandos.gz \
549
 
                $(MANDIR)/man8/plymouth.8mandos.gz \
550
 
                $(MANDIR)/man8/password-agent.8mandos.gz \
551
 
        -rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
552
 
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
553
 
        if command -v update-initramfs >/dev/null; then \
554
 
            update-initramfs -k all -u; \
555
 
        elif command -v dracut >/dev/null; then \
556
 
            for initrd in $(DESTDIR)/boot/initr*-$(shell uname --kernel-release); do \
557
 
                test -w "$$initrd" && dracut --force "$$initrd"; \
558
 
            done; \
559
 
        fi
 
332
                $(MANDIR)/man8/mandos-client.8mandos.gz
 
333
        -rmdir $(PREFIX)/lib/mandos/plugins.d $(CONFDIR)/plugins.d \
 
334
                 $(PREFIX)/lib/mandos $(CONFDIR) $(KEYDIR)
 
335
        update-initramfs -k all -u
560
336
 
561
337
purge: purge-server purge-client
562
338
 
563
339
purge-server: uninstall-server
564
340
        -rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
565
 
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
566
341
                $(DESTDIR)/etc/default/mandos \
567
342
                $(DESTDIR)/etc/init.d/mandos \
568
 
                $(SYSTEMD)/mandos.service \
569
 
                $(DESTDIR)/run/mandos.pid \
570
343
                $(DESTDIR)/var/run/mandos.pid
571
344
        -rmdir $(CONFDIR)
572
345
 
573
346
purge-client: uninstall-client
574
 
        -shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
 
347
        -shred --remove $(KEYDIR)/seckey.txt
575
348
        -rm --force $(CONFDIR)/plugin-runner.conf \
576
 
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \
577
 
                $(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt
 
349
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt
578
350
        -rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)