/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2014-07-25 22:44:20 UTC
  • mto: This revision was merged to the branch mainline in revision 724.
  • Revision ID: teddy@recompile.se-20140725224420-4a5ct2ptt0hsc92z
Require Python 2.7.

This is in preparation for the eventual move to Python 3, which will
happen as soon as all Python modules required by Mandos are available.
The mandos-ctl and mandos-monitor programs are already portable
between Python 2.6 and Python 3 without changes; this change will
bring the requirement up to Python 2.7.

* INSTALL (Prerequisites/Libraries/Mandos Server): Document
                                                   requirement of
                                                   Python 2.7; remove
                                                   Python-argparse
                                                   which is in the
                                                   Python 2.7 standard
                                                   library.
* debian/control (Source: mandos/Build-Depends-Indep): Depend on
                                                       exactly the
                                                       python2.7
                                                       package and all
                                                       the Python 2.7
                                                       versions of the
                                                       python modules.
  (Package: mandos/Depends): - '' - but still depend on python (<=2.7)
                            and the generic versions of the Python
                            modules; this is for mandos-ctl and
                            mandos-monitor, both of which are
                            compatible with Python 3, and use
                            #!/usr/bin/python.
* mandos: Use #!/usr/bin/python2.7 instead of #!/usr/bin/python.

Show diffs side-by-side

added added

removed removed

Lines of Context:
Makefile
1
 
WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
 
1
WARN=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
2
2
        -Wmissing-include-dirs -Wswitch-default -Wswitch-enum \
3
3
        -Wunused -Wuninitialized -Wstrict-overflow=5 \
4
4
        -Wsuggest-attribute=pure -Wsuggest-attribute=const \
10
10
        -Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
11
11
        -Wredundant-decls -Wnested-externs -Winline -Wvla \
12
12
        -Wvolatile-register-var -Woverlength-strings
13
 
 
14
 
#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)
15
 
## Check which sanitizing options can be used
16
 
#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
17
 
#       echo 'int main(){}' | $(CC) --language=c $(option) \
18
 
#       /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))
19
 
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
20
 
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
21
 
        -fsanitize=shift -fsanitize=integer-divide-by-zero \
22
 
        -fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
23
 
        -fsanitize=return -fsanitize=signed-integer-overflow \
24
 
        -fsanitize=bounds -fsanitize=alignment \
25
 
        -fsanitize=object-size -fsanitize=float-divide-by-zero \
26
 
        -fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
 
        -fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
 
        -fsanitize=enum
29
 
 
 
13
#DEBUG=-ggdb3
30
14
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
 
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
 
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
33
 
LINK_FORTIFY_LD:=-z relro -z now
34
 
LINK_FORTIFY:=
 
15
# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
 
16
FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
 
17
LINK_FORTIFY_LD=-z relro -z now
 
18
LINK_FORTIFY=
35
19
 
36
20
# If BROKEN_PIE is set, do not build with -pie
37
21
ifndef BROKEN_PIE
39
23
LINK_FORTIFY += -pie
40
24
endif
41
25
#COVERAGE=--coverage
42
 
OPTIMIZE:=-Os -fno-strict-aliasing
43
 
LANGUAGE:=-std=gnu11
44
 
htmldir:=man
45
 
version:=1.8.4
46
 
SED:=sed
 
26
OPTIMIZE=-Os -fno-strict-aliasing
 
27
LANGUAGE=-std=gnu99
 
28
htmldir=man
 
29
version=1.6.7
 
30
SED=sed
47
31
 
48
 
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
49
 
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nogroup || echo 65534)))
 
32
USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
 
33
GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nobody || echo 65534)))
50
34
 
51
35
## Use these settings for a traditional /usr/local install
52
 
# PREFIX:=$(DESTDIR)/usr/local
53
 
# CONFDIR:=$(DESTDIR)/etc/mandos
54
 
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
55
 
# MANDIR:=$(PREFIX)/man
56
 
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
57
 
# STATEDIR:=$(DESTDIR)/var/lib/mandos
58
 
# LIBDIR:=$(PREFIX)/lib
 
36
# PREFIX=$(DESTDIR)/usr/local
 
37
# CONFDIR=$(DESTDIR)/etc/mandos
 
38
# KEYDIR=$(DESTDIR)/etc/mandos/keys
 
39
# MANDIR=$(PREFIX)/man
 
40
# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools
 
41
# STATEDIR=$(DESTDIR)/var/lib/mandos
 
42
# LIBDIR=$(PREFIX)/lib
59
43
##
60
44
 
61
45
## These settings are for a package-type install
62
 
PREFIX:=$(DESTDIR)/usr
63
 
CONFDIR:=$(DESTDIR)/etc/mandos
64
 
KEYDIR:=$(DESTDIR)/etc/keys/mandos
65
 
MANDIR:=$(PREFIX)/share/man
66
 
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
67
 
STATEDIR:=$(DESTDIR)/var/lib/mandos
68
 
LIBDIR:=$(shell \
 
46
PREFIX=$(DESTDIR)/usr
 
47
CONFDIR=$(DESTDIR)/etc/mandos
 
48
KEYDIR=$(DESTDIR)/etc/keys/mandos
 
49
MANDIR=$(PREFIX)/share/man
 
50
INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools
 
51
STATEDIR=$(DESTDIR)/var/lib/mandos
 
52
LIBDIR=$(shell \
69
53
        for d in \
70
54
        "/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
71
55
        "`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
76
60
        done)
77
61
##
78
62
 
79
 
SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
80
 
TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
 
63
SYSTEMD=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
81
64
 
82
 
GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)
83
 
GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)
84
 
AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)
85
 
AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)
86
 
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
87
 
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
 
65
GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)
 
66
GNUTLS_LIBS=$(shell pkg-config --libs gnutls)
 
67
AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)
 
68
AVAHI_LIBS=$(shell pkg-config --libs avahi-core)
 
69
GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
 
70
GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \
88
71
        getconf LFS_LDFLAGS)
89
 
LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)
90
 
LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)
91
72
 
92
73
# Do not change these two
93
 
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
94
 
        $(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
 
74
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
 
75
        $(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) \
 
76
        -DVERSION='"$(version)"'
95
77
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
96
78
 
97
79
# Commands to format a DocBook <refentry> document into a manual page
118
100
        /usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \
119
101
        $<; $(HTMLPOST) $@)
120
102
# Fix citerefentry links
121
 
HTMLPOST:=$(SED) --in-place \
 
103
HTMLPOST=$(SED) --in-place \
122
104
        --expression='s/\(<a class="citerefentry" href="\)\("><span class="citerefentry"><span class="refentrytitle">\)\([^<]*\)\(<\/span>(\)\([^)]*\)\()<\/span><\/a>\)/\1\3.\5\2\3\4\5\6/g'
123
105
 
124
 
PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \
 
106
PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \
125
107
        plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
126
108
        plugins.d/plymouth
127
 
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
128
 
CPROGS:=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)
129
 
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
130
 
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
 
109
CPROGS=plugin-runner $(PLUGINS)
 
110
PROGS=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
 
111
DOCS=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
131
112
        mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
132
113
        plugins.d/mandos-client.8mandos \
133
114
        plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
134
115
        plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
135
116
        plugins.d/plymouth.8mandos intro.8mandos
136
117
 
137
 
htmldocs:=$(addsuffix .xhtml,$(DOCS))
 
118
htmldocs=$(addsuffix .xhtml,$(DOCS))
138
119
 
139
 
objects:=$(addsuffix .o,$(CPROGS))
 
120
objects=$(addsuffix .o,$(CPROGS))
140
121
 
141
122
all: $(PROGS) mandos.lsm
142
123
 
254
235
                --expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
255
236
                $@)
256
237
 
257
 
# Need to add the GnuTLS, Avahi and GPGME libraries
258
238
plugins.d/mandos-client: plugins.d/mandos-client.c
259
 
        $(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
260
 
                ) $(GPGME_CFLAGS) -lrt $(GNUTLS_LIBS) $(strip\
261
 
                ) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
262
 
                ) $(LDLIBS) -o $@
263
 
 
264
 
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
265
 
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
266
 
                ) $(LOADLIBES) $(LDLIBS) -o $@
 
239
        $(LINK.c) $^ -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\
 
240
                ) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@
267
241
 
268
242
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
269
243
        check run-client run-server install install-html \
284
258
        ./mandos-ctl --check
285
259
 
286
260
# Run the client with a local config and key
287
 
run-client: all keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem
 
261
run-client: all keydir/seckey.txt keydir/pubkey.txt
288
262
        @echo "###################################################################"
289
263
        @echo "# The following error messages are harmless and can be safely     #"
290
 
        @echo "# ignored:                                                        #"
 
264
        @echo "# ignored.  The messages are caused by not running as root, but   #"
 
265
        @echo "# you should NOT run \"make run-client\" as root unless you also    #"
 
266
        @echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"
291
267
        @echo "# From plugin-runner: setgid: Operation not permitted             #"
292
268
        @echo "#                     setuid: Operation not permitted             #"
293
269
        @echo "# From askpass-fifo:  mkfifo: Permission denied                   #"
294
270
        @echo "# From mandos-client:                                             #"
295
271
        @echo "#             Failed to raise privileges: Operation not permitted #"
296
272
        @echo "#             Warning: network hook \"*\" exited with status *      #"
297
 
        @echo "#                                                                 #"
298
 
        @echo "# (The messages are caused by not running as root, but you should #"
299
 
        @echo "# NOT run \"make run-client\" as root unless you also unpacked and  #"
300
 
        @echo "# compiled Mandos as root, which is also NOT recommended.)        #"
301
273
        @echo "###################################################################"
302
274
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
303
275
        ./plugin-runner --plugin-dir=plugins.d \
304
 
                --plugin-helper-dir=plugin-helpers \
305
276
                --config-file=plugin-runner.conf \
306
 
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \
 
277
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \
307
278
                --env-for=mandos-client:GNOME_KEYRING_CONTROL= \
308
279
                $(CLIENTARGS)
309
280
 
310
281
# Used by run-client
311
 
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
 
282
keydir/seckey.txt keydir/pubkey.txt: mandos-keygen
312
283
        install --directory keydir
313
284
        ./mandos-keygen --dir keydir --force
314
285
 
321
292
confdir/mandos.conf: mandos.conf
322
293
        install --directory confdir
323
294
        install --mode=u=rw,go=r $^ $@
324
 
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
 
295
confdir/clients.conf: clients.conf keydir/seckey.txt
325
296
        install --directory confdir
326
297
        install --mode=u=rw $< $@
327
298
# Add a client password
344
315
        elif install --directory --mode=u=rwx $(STATEDIR); then \
345
316
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
346
317
        fi
347
 
        if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
348
 
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
349
 
                        $(TMPFILES)/mandos.conf; \
350
 
        fi
351
318
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
352
319
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
353
320
                mandos-ctl
385
352
install-client-nokey: all doc
386
353
        install --directory $(LIBDIR)/mandos $(CONFDIR)
387
354
        install --directory --mode=u=rwx $(KEYDIR) \
388
 
                $(LIBDIR)/mandos/plugins.d \
389
 
                $(LIBDIR)/mandos/plugin-helpers
 
355
                $(LIBDIR)/mandos/plugins.d
390
356
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
391
357
                install --mode=u=rwx \
392
 
                        --directory "$(CONFDIR)/plugins.d" \
393
 
                        "$(CONFDIR)/plugin-helpers"; \
 
358
                        --directory "$(CONFDIR)/plugins.d"; \
394
359
        fi
395
360
        install --mode=u=rwx,go=rx --directory \
396
361
                "$(CONFDIR)/network-hooks.d"
397
362
        install --mode=u=rwx,go=rx \
398
363
                --target-directory=$(LIBDIR)/mandos plugin-runner
399
 
        install --mode=u=rwx,go=rx \
400
 
                --target-directory=$(LIBDIR)/mandos mandos-to-cryptroot-unlock
401
364
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
402
365
                mandos-keygen
403
366
        install --mode=u=rwx,go=rx \
418
381
        install --mode=u=rwxs,go=rx \
419
382
                --target-directory=$(LIBDIR)/mandos/plugins.d \
420
383
                plugins.d/plymouth
421
 
        install --mode=u=rwx,go=rx \
422
 
                --target-directory=$(LIBDIR)/mandos/plugin-helpers \
423
 
                plugin-helpers/mandos-client-iprouteadddel
424
384
        install initramfs-tools-hook \
425
385
                $(INITRAMFSTOOLS)/hooks/mandos
426
 
        install --mode=u=rw,go=r initramfs-tools-conf \
427
 
                $(INITRAMFSTOOLS)/conf.d/mandos-conf
428
 
        install --mode=u=rw,go=r initramfs-tools-conf-hook \
429
 
                $(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
 
386
        install --mode=u=rw,go=r initramfs-tools-hook-conf \
 
387
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos
430
388
        install initramfs-tools-script \
431
389
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos
432
 
        install initramfs-tools-script-stop \
433
 
                $(INITRAMFSTOOLS)/scripts/local-premount/mandos
434
390
        install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
435
391
        gzip --best --to-stdout mandos-keygen.8 \
436
392
                > $(MANDIR)/man8/mandos-keygen.8.gz
510
466
        -rmdir $(CONFDIR)
511
467
 
512
468
purge-client: uninstall-client
513
 
        -shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
 
469
        -shred --remove $(KEYDIR)/seckey.txt
514
470
        -rm --force $(CONFDIR)/plugin-runner.conf \
515
 
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \
516
 
                $(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt
 
471
                $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt
517
472
        -rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)