/mandos/trunk : revision 541

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

Committer: Teddy Hogeborn
Date: 2011-12-31 20:07:11 UTC
mfrom: (535.1.9 wireless-network-hook)
Revision ID: teddy@recompile.se-20111231200711-6dli3r8drftem57r

Merge new wireless network hook. Fix bridge network hook to use
hardware addresses instead of interface names. Implement and document
new "CONNECT" environment variable for network hooks.

files removed:
debian/mandos-client.examples

debian/upstream

debian/upstream/signing-key.asc

initramfs-unpack

mandos.service

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.docs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

Makefile

WARN=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \

-Wmissing-include-dirs -Wswitch-default -Wswitch-enum \

-Wunused -Wuninitialized -Wstrict-overflow=5 \

-Wsuggest-attribute=pure -Wsuggest-attribute=const \

-Wsuggest-attribute=noreturn -Wfloat-equal -Wundef -Wshadow \

WARN=-O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs \

-Wswitch-default -Wswitch-enum -Wunused-parameter \

-Wstrict-aliasing=1 -Wextra -Wfloat-equal -Wundef -Wshadow \

-Wunsafe-loop-optimizations -Wpointer-arith \

-Wbad-function-cast -Wcast-qual -Wcast-align -Wwrite-strings \

-Wconversion -Wlogical-op -Waggregate-return \

-Wstrict-prototypes -Wold-style-definition \

-Wmissing-format-attribute -Wnormalized=nfc -Wpacked \

-Wredundant-decls -Wnested-externs -Winline -Wvla \

-Wvolatile-register-var -Woverlength-strings

-Wconversion -Wstrict-prototypes -Wold-style-definition \

-Wpacked -Wnested-externs -Winline -Wvolatile-register-var

# -Wunreachable-code

#DEBUG=-ggdb3

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# For info about _FORTIFY_SOURCE, see

# <http://www.kernel.org/doc/man-pages/online/pages/man7/feature_test_macros.7.html>

# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC

# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>

# The sanitizing options are available in GCC 4.9 and above.

ifeq ($(shell test $(shell $(CC) -dumpversion) \> 4.9-; echo $$?),0)

SANITIZE:=-fsanitize=address -fsanitize=undefined -fsanitize=shift \

-fsanitize=integer-divide-by-zero -fsanitize=unreachable \

-fsanitize=vla-bound -fsanitize=null -fsanitize=return \

-fsanitize=signed-integer-overflow

# GCC 5.3 has some more sanitizing options

ifeq ($(shell test $(shell $(CC) -dumpversion) \> 5.3-; echo $$?),0)

SANITIZE+=-fsanitize=bounds -fsanitize=alignment \

-fsanitize=object-size -fsanitize=float-divide-by-zero \

-fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \

-fsanitize=returns-nonnull-attribute -fsanitize=bool \

-fsanitize=enum

endif

else

SANITIZE:=

endif

LINK_FORTIFY_LD=-z relro -z now

LINK_FORTIFY=

LINK_FORTIFY += -pie

endif

#COVERAGE=--coverage

OPTIMIZE=-Os -fno-strict-aliasing

LANGUAGE=-std=gnu11

OPTIMIZE=-Os

LANGUAGE=-std=gnu99

htmldir=man

version=1.7.3

version=1.4.1

SED=sed

USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))

# MANDIR=$(PREFIX)/man

# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools

# STATEDIR=$(DESTDIR)/var/lib/mandos

# LIBDIR=$(PREFIX)/lib

## These settings are for a package-type install

MANDIR=$(PREFIX)/share/man

INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools

STATEDIR=$(DESTDIR)/var/lib/mandos

LIBDIR=$(shell \

for d in \

"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \

"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \

if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \

echo "$(DESTDIR)$$d"; \

break; \

fi; \

done)

SYSTEMD=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)

GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)

GNUTLS_LIBS=$(shell pkg-config --libs gnutls)

AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)

GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)

GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \

getconf LFS_LDFLAGS)

LIBNL3_CFLAGS=$(shell pkg-config --cflags-only-I libnl-route-3.0)

LIBNL3_LIBS=$(shell pkg-config --libs libnl-route-3.0)

# Do not change these two

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(SANITIZE) $(COVERAGE) \

$(OPTIMIZE) $(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) \

$(GPGME_CFLAGS) -DVERSION='"$(version)"'

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

CFLAGS=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

$(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) \

-DVERSION='"$(version)"'

LDFLAGS=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

# Commands to format a DocBook <refentry> document into a manual page

100

DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \

103

--param make.single.year.ranges 1 \

104

--param man.output.quietly 1 \

105

--param man.authors.section.enabled 0 \

106

/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \

107

$(notdir $<); \

108

if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \

109

&& type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \

110

man --warnings --encoding=UTF-8 --local-file $(notdir $@); \

111

fi >/dev/null)

$(MANPOST) $(notdir $@);\

LANG=en_US.UTF-8 MANWIDTH=80 man --warnings --encoding=UTF-8 \

--local-file $(notdir $@) >/dev/null)

# DocBook-to-man post-processing to fix a '\n' escape bug

MANPOST=$(SED) --in-place --expression='s,\\\\en,\\en,g;s,\\n,\\en,g'

112

113

DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \

114

--param make.year.ranges 1 \

126

PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \

127

plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \

128

plugins.d/plymouth

129

PLUGIN_HELPERS=plugin-helpers/mandos-client-iprouteadddel

130

CPROGS=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)

CPROGS=plugin-runner $(PLUGINS)

131

PROGS=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)

132

DOCS=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \

133

mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \

260

225

$(LINK.c) $^ -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\

261

226

) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@

262

227

263

plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c

264

$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\

265

) $(LOADLIBES) $(LDLIBS) -o $@

266

267

.PHONY : all doc html clean distclean mostlyclean maintainer-clean \

268

check run-client run-server install install-html \

269

install-server install-client-nokey install-client uninstall \

270

uninstall-server uninstall-client purge purge-server \

271

purge-client

228

.PHONY : all doc html clean distclean run-client run-server install \

229

install-server install-client uninstall uninstall-server \

230

uninstall-client purge purge-server purge-client

272

231

273

232

clean:

274

233

-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core

280

239

281

240

check: all

282

241

./mandos --check

283

./mandos-ctl --check

284

242

285

243

# Run the client with a local config and key

286

244

run-client: all keydir/seckey.txt keydir/pubkey.txt

289

247

@echo "# ignored. The messages are caused by not running as root, but #"

290

248

@echo "# you should NOT run \"make run-client\" as root unless you also #"

291

249

@echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"

292

@echo "# From plugin-runner: setgid: Operation not permitted #"

293

@echo "# setuid: Operation not permitted #"

250

@echo "# From plugin-runner: setuid: Operation not permitted #"

294

251

@echo "# From askpass-fifo: mkfifo: Permission denied #"

295

@echo "# From mandos-client: #"

296

@echo "# Failed to raise privileges: Operation not permitted #"

297

@echo "# Warning: network hook \"*\" exited with status * #"

252

@echo "# From mandos-client: setuid: Operation not permitted #"

253

@echo "# seteuid: Operation not permitted #"

254

@echo "# klogctl: Operation not permitted #"

298

255

@echo "###################################################################"

299

# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring

300

256

./plugin-runner --plugin-dir=plugins.d \

301

--plugin-helper-dir=plugin-helpers \

302

257

--config-file=plugin-runner.conf \

303

258

--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \

304

--env-for=mandos-client:GNOME_KEYRING_CONTROL= \

305

259

$(CLIENTARGS)

306

260

307

261

# Used by run-client

310

264

./mandos-keygen --dir keydir --force

311

265

312

266

# Run the server with a local config

313

run-server: confdir/mandos.conf confdir/clients.conf statedir

267

run-server: confdir/mandos.conf confdir/clients.conf

314

268

./mandos --debug --no-dbus --configdir=confdir \

315

269

--statedir=statedir $(SERVERARGS)

316

270

322

276

install --directory confdir

323

277

install --mode=u=rw $< $@

324

278

# Add a client password

325

./mandos-keygen --dir keydir --password --no-ssh >> $@

279

./mandos-keygen --dir keydir --password >> $@

326

280

statedir:

327

281

install --directory statedir

328

282

335

289

336

290

install-server: doc

337

291

install --directory $(CONFDIR)

338

if install --directory --mode=u=rwx --owner=$(USER) \

339

--group=$(GROUP) $(STATEDIR); then \

340

:; \

341

elif install --directory --mode=u=rwx $(STATEDIR); then \

342

chown -- $(USER):$(GROUP) $(STATEDIR) || :; \

343

292

install --directory --mode=u=rwx --owner=$(USER) \

293

--group=$(GROUP) $(STATEDIR)

344

294

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

345

295

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

346

296

mandos-ctl

354

304

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

355

305

install --mode=u=rwx,go=rx init.d-mandos \

356

306

$(DESTDIR)/etc/init.d/mandos

357

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

358

install --mode=u=rw,go=r mandos.service $(SYSTEMD); \

359

360

307

install --mode=u=rw,go=r default-mandos \

361

308

$(DESTDIR)/etc/default/mandos

362

309

if [ -z $(DESTDIR) ]; then \

372

319

> $(MANDIR)/man5/mandos.conf.5.gz

373

320

gzip --best --to-stdout mandos-clients.conf.5 \

374

321

> $(MANDIR)/man5/mandos-clients.conf.5.gz

375

gzip --best --to-stdout intro.8mandos \

376

> $(MANDIR)/man8/intro.8mandos.gz

377

322

378

323

install-client-nokey: all doc

379

install --directory $(LIBDIR)/mandos $(CONFDIR)

324

install --directory $(PREFIX)/lib/mandos $(CONFDIR)

380

325

install --directory --mode=u=rwx $(KEYDIR) \

381

$(LIBDIR)/mandos/plugins.d \

382

$(LIBDIR)/mandos/plugin-helpers

383

if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \

326

$(PREFIX)/lib/mandos/plugins.d

327

if [ "$(CONFDIR)" != "$(PREFIX)/lib/mandos" ]; then \

384

328

install --mode=u=rwx \

385

329

--directory "$(CONFDIR)/plugins.d"; \

386

install --directory "$(CONFDIR)/plugin-helpers"; \

387

330

388

331

install --mode=u=rwx,go=rx --directory \

389

332

"$(CONFDIR)/network-hooks.d"

390

333

install --mode=u=rwx,go=rx \

391

--target-directory=$(LIBDIR)/mandos plugin-runner

334

--target-directory=$(PREFIX)/lib/mandos plugin-runner

392

335

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

393

336

mandos-keygen

394

337

install --mode=u=rwx,go=rx \

395

--target-directory=$(LIBDIR)/mandos/plugins.d \

338

--target-directory=$(PREFIX)/lib/mandos/plugins.d \

396

339

plugins.d/password-prompt

397

340

install --mode=u=rwxs,go=rx \

398

--target-directory=$(LIBDIR)/mandos/plugins.d \

341

--target-directory=$(PREFIX)/lib/mandos/plugins.d \

399

342

plugins.d/mandos-client

400

343

install --mode=u=rwxs,go=rx \

401

--target-directory=$(LIBDIR)/mandos/plugins.d \

344

--target-directory=$(PREFIX)/lib/mandos/plugins.d \

402

345

plugins.d/usplash

403

346

install --mode=u=rwxs,go=rx \

404

--target-directory=$(LIBDIR)/mandos/plugins.d \

347

--target-directory=$(PREFIX)/lib/mandos/plugins.d \

405

348

plugins.d/splashy

406

349

install --mode=u=rwxs,go=rx \

407

--target-directory=$(LIBDIR)/mandos/plugins.d \

350

--target-directory=$(PREFIX)/lib/mandos/plugins.d \

408

351

plugins.d/askpass-fifo

409

352

install --mode=u=rwxs,go=rx \

410

--target-directory=$(LIBDIR)/mandos/plugins.d \

353

--target-directory=$(PREFIX)/lib/mandos/plugins.d \

411

354

plugins.d/plymouth

412

install --mode=u=rwxs,go=rx \

413

--target-directory=$(LIBDIR)/mandos/plugin-helpers \

414

plugin-helpers/mandos-client-iprouteadddel

415

355

install initramfs-tools-hook \

416

356

$(INITRAMFSTOOLS)/hooks/mandos

417

357

install --mode=u=rw,go=r initramfs-tools-hook-conf \

462

402

! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \

463

403

$(DESTDIR)/etc/crypttab

464

404

-rm --force $(PREFIX)/sbin/mandos-keygen \

465

$(LIBDIR)/mandos/plugin-runner \

466

$(LIBDIR)/mandos/plugins.d/password-prompt \

467

$(LIBDIR)/mandos/plugins.d/mandos-client \

468

$(LIBDIR)/mandos/plugins.d/usplash \

469

$(LIBDIR)/mandos/plugins.d/splashy \

470

$(LIBDIR)/mandos/plugins.d/askpass-fifo \

471

$(LIBDIR)/mandos/plugins.d/plymouth \

405

$(PREFIX)/lib/mandos/plugin-runner \

406

$(PREFIX)/lib/mandos/plugins.d/password-prompt \

407

$(PREFIX)/lib/mandos/plugins.d/mandos-client \

408

$(PREFIX)/lib/mandos/plugins.d/usplash \

409

$(PREFIX)/lib/mandos/plugins.d/splashy \

410

$(PREFIX)/lib/mandos/plugins.d/askpass-fifo \

411

$(PREFIX)/lib/mandos/plugins.d/plymouth \

472

412

$(INITRAMFSTOOLS)/hooks/mandos \

473

413

$(INITRAMFSTOOLS)/conf-hooks.d/mandos \

474

414

$(INITRAMFSTOOLS)/scripts/init-premount/mandos \

480

420

$(MANDIR)/man8/splashy.8mandos.gz \

481

421

$(MANDIR)/man8/askpass-fifo.8mandos.gz \

482

422

$(MANDIR)/man8/plymouth.8mandos.gz \

483

-rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \

484

$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)

423

-rmdir $(PREFIX)/lib/mandos/plugins.d $(CONFDIR)/plugins.d \

424

$(PREFIX)/lib/mandos $(CONFDIR) $(KEYDIR)

485

425

update-initramfs -k all -u

486

426

487

427

purge: purge-server purge-client

491

431

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

492

432

$(DESTDIR)/etc/default/mandos \

493

433

$(DESTDIR)/etc/init.d/mandos \

494

$(SYSTEMD)/mandos.service \

495

$(DESTDIR)/run/mandos.pid \

496

434

$(DESTDIR)/var/run/mandos.pid

497

435

-rmdir $(CONFDIR)

498

436

Older »