/mandos/trunk : revision 742

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

Committer: Teddy Hogeborn
Date: 2015-03-10 18:03:38 UTC
Revision ID: teddy@recompile.se-20150310180338-pcxw6r2qmw9k6br9

Add ":!RSA" to GnuTLS priority string, to disallow non-DHE kx.

If Mandos was somehow made to use a non-ephemeral Diffie-Hellman key
exchange algorithm in the TLS handshake, any saved network traffic
could then be decrypted later if the Mandos client key was obtained.
By default, Mandos uses ephemeral DH key exchanges which does not have
this problem, but a non-ephemeral key exchange algorithm was still
enabled by default. The simplest solution is to simply turn that off,
which ensures that Mandos will always use ephemeral DH key exchanges.

There is a "PFS" priority string specifier, but we can't use it because:

1. Security-wise, it is a mix between "NORMAL" and "SECURE128" - it
enables a lot more algorithms than "SECURE256".

2. It is only available since GnuTLS 3.2.4.

Thanks to Andreas Fischer <af@bantuX.org> for reporting this issue.

files added:
initramfs-tools-hook-conf

files removed:
bugs.xml

debian/mandos-client.templates

debian/mandos.templates

debian/po/POTFILES.in

debian/po/templates.pot

debian/source/lintian-overrides

debian/tests

debian/tests/control

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-script-stop

mandos-to-cryptroot-unlock

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

tmpfiles.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

Makefile

WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \

WARN=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \

-Wmissing-include-dirs -Wswitch-default -Wswitch-enum \

-Wunused -Wuninitialized -Wstrict-overflow=5 \

-Wsuggest-attribute=pure -Wsuggest-attribute=const \

-Wmissing-format-attribute -Wnormalized=nfc -Wpacked \

-Wredundant-decls -Wnested-externs -Winline -Wvla \

-Wvolatile-register-var -Woverlength-strings

#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)

## Check which sanitizing options can be used

#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \

# echo 'int main(){}' | $(CC) --language=c $(option) \

# /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))

# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>

ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \

-fsanitize=shift -fsanitize=integer-divide-by-zero \

-fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \

-fsanitize=return -fsanitize=signed-integer-overflow \

-fsanitize=bounds -fsanitize=alignment \

-fsanitize=object-size -fsanitize=float-divide-by-zero \

-fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \

-fsanitize=returns-nonnull-attribute -fsanitize=bool \

-fsanitize=enum -fsanitize-address-use-after-scope

#DEBUG=-ggdb3

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC

LINK_FORTIFY_LD:=-z relro -z now

LINK_FORTIFY:=

# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC

LINK_FORTIFY_LD=-z relro -z now

LINK_FORTIFY=

# If BROKEN_PIE is set, do not build with -pie

ifndef BROKEN_PIE

LINK_FORTIFY += -pie

endif

#COVERAGE=--coverage

OPTIMIZE:=-Os -fno-strict-aliasing

LANGUAGE:=-std=gnu11

htmldir:=man

version:=1.8.5

SED:=sed

USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \

|| getent passwd nobody || echo 65534)))

GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \

|| getent group nogroup || echo 65534)))

LINUXVERSION:=$(shell uname --kernel-release)

OPTIMIZE=-Os -fno-strict-aliasing

LANGUAGE=-std=gnu99

htmldir=man

version=1.6.9

SED=sed

USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))

GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nobody || echo 65534)))

## Use these settings for a traditional /usr/local install

# PREFIX:=$(DESTDIR)/usr/local

# CONFDIR:=$(DESTDIR)/etc/mandos

# KEYDIR:=$(DESTDIR)/etc/mandos/keys

# MANDIR:=$(PREFIX)/man

# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools

# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos

# STATEDIR:=$(DESTDIR)/var/lib/mandos

# LIBDIR:=$(PREFIX)/lib

# PREFIX=$(DESTDIR)/usr/local

# CONFDIR=$(DESTDIR)/etc/mandos

# KEYDIR=$(DESTDIR)/etc/mandos/keys

# MANDIR=$(PREFIX)/man

# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools

# STATEDIR=$(DESTDIR)/var/lib/mandos

# LIBDIR=$(PREFIX)/lib

## These settings are for a package-type install

PREFIX:=$(DESTDIR)/usr

CONFDIR:=$(DESTDIR)/etc/mandos

KEYDIR:=$(DESTDIR)/etc/keys/mandos

MANDIR:=$(PREFIX)/share/man

INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools

DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos

STATEDIR:=$(DESTDIR)/var/lib/mandos

LIBDIR:=$(shell \

PREFIX=$(DESTDIR)/usr

CONFDIR=$(DESTDIR)/etc/mandos

KEYDIR=$(DESTDIR)/etc/keys/mandos

MANDIR=$(PREFIX)/share/man

INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools

STATEDIR=$(DESTDIR)/var/lib/mandos

LIBDIR=$(shell \

for d in \

"/usr/lib/`dpkg-architecture \

-qDEB_HOST_MULTIARCH 2>/dev/null`" \

"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \

"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \

if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \

echo "$(DESTDIR)$$d"; \

done)

SYSTEMD:=$(DESTDIR)$(shell pkg-config systemd \

--variable=systemdsystemunitdir)

TMPFILES:=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)

SYSTEMD=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)

GNUTLS_CFLAGS:=$(shell pkg-config --cflags-only-I gnutls)

GNUTLS_LIBS:=$(shell pkg-config --libs gnutls)

AVAHI_CFLAGS:=$(shell pkg-config --cflags-only-I avahi-core)

AVAHI_LIBS:=$(shell pkg-config --libs avahi-core)

GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)

GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \

GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)

GNUTLS_LIBS=$(shell pkg-config --libs gnutls)

AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)

AVAHI_LIBS=$(shell pkg-config --libs avahi-core)

GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)

GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \

getconf LFS_LDFLAGS)

LIBNL3_CFLAGS:=$(shell pkg-config --cflags-only-I libnl-route-3.0)

LIBNL3_LIBS:=$(shell pkg-config --libs libnl-route-3.0)

GLIB_CFLAGS:=$(shell pkg-config --cflags glib-2.0)

100

GLIB_LIBS:=$(shell pkg-config --libs glib-2.0)

101

102

# Do not change these two

103

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \

104

$(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'

105

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \

106

) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

$(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) \

-DVERSION='"$(version)"'

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

107

108

# Commands to format a DocBook <refentry> document into a manual page

109

DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \

115

/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \

116

$(notdir $<); \

117

if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \

118

&& command -v man >/dev/null; then LANG=en_US.UTF-8 \

119

MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \

120

$(notdir $@); fi >/dev/null)

&& type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \

man --warnings --encoding=UTF-8 --local-file $(notdir $@); \

fi >/dev/null)

121

122

DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \

123

--param make.year.ranges 1 \

129

100

/usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \

130

101

$<; $(HTMLPOST) $@)

131

102

# Fix citerefentry links

132

HTMLPOST:=$(SED) --in-place \

103

HTMLPOST=$(SED) --in-place \

133

104

--expression='s/$<a class="citerefentry" href="$$"><span class="citerefentry"><span class="refentrytitle">$$[^<]*$$<\/span>($$[^)]*$$)<\/span><\/a>$/\1\3.\5\2\3\4\5\6/g'

134

105

135

PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \

106

PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \

136

107

plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \

137

108

plugins.d/plymouth

138

PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel

139

CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \

140

$(PLUGIN_HELPERS)

141

PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)

142

DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \

109

CPROGS=plugin-runner $(PLUGINS)

110

PROGS=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)

111

DOCS=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \

143

112

mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \

144

dracut-module/password-agent.8mandos \

145

113

plugins.d/mandos-client.8mandos \

146

114

plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \

147

115

plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \

148

116

plugins.d/plymouth.8mandos intro.8mandos

149

117

150

htmldocs:=$(addsuffix .xhtml,$(DOCS))

118

htmldocs=$(addsuffix .xhtml,$(DOCS))

151

119

152

objects:=$(addsuffix .o,$(CPROGS))

120

objects=$(addsuffix .o,$(CPROGS))

153

121

154

122

all: $(PROGS) mandos.lsm

155

123

219

187

overview.xml legalnotice.xml

220

188

$(DOCBOOKTOHTML)

221

189

222

dracut-module/password-agent.8mandos: \

223

dracut-module/password-agent.xml common.ent \

224

overview.xml legalnotice.xml

225

$(DOCBOOKTOMAN)

226

dracut-module/password-agent.8mandos.xhtml: \

227

dracut-module/password-agent.xml common.ent \

228

overview.xml legalnotice.xml

229

$(DOCBOOKTOHTML)

230

231

190

plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \

232

191

common.ent \

233

192

mandos-options.xml \

276

235

--expression='s/$mandos_$[0-9.]\+$\.orig\.tar\.gz$/\1$(version)\2/' \

277

236

$@)

278

237

279

# Need to add the GnuTLS, Avahi and GPGME libraries

280

238

plugins.d/mandos-client: plugins.d/mandos-client.c

281

$(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\

282

) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\

283

) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\

284

) $(LDLIBS) -o $@

285

286

# Need to add the libnl-route library

287

plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c

288

$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\

289

) $(LOADLIBES) $(LDLIBS) -o $@

290

291

# Need to add the GLib and pthread libraries

292

dracut-module/password-agent: dracut-module/password-agent.c

293

$(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\

294

) $(LOADLIBES) $(LDLIBS) -o $@

239

$(LINK.c) $^ -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\

240

) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@

295

241

296

242

.PHONY : all doc html clean distclean mostlyclean maintainer-clean \

297

243

check run-client run-server install install-html \

307

253

maintainer-clean: clean

308

254

-rm --force --recursive keydir confdir statedir

309

255

310

check: all

256

check: all

311

257

./mandos --check

312

258

./mandos-ctl --check

313

./mandos-keygen --version

314

./plugin-runner --version

315

./plugin-helpers/mandos-client-iprouteadddel --version

316

./dracut-module/password-agent --test

317

259

318

260

# Run the client with a local config and key

319

run-client: all keydir/seckey.txt keydir/pubkey.txt \

320

keydir/tls-privkey.pem keydir/tls-pubkey.pem

321

@echo '######################################################'

322

@echo '# The following error messages are harmless and can #'

323

@echo '# be safely ignored: #'

324

@echo '## From plugin-runner: #'

325

@echo '# setgid: Operation not permitted #'

326

@echo '# setuid: Operation not permitted #'

327

@echo '## From askpass-fifo: #'

328

@echo '# mkfifo: Permission denied #'

329

@echo '## From mandos-client: #'

330

@echo '# Failed to raise privileges: Operation not permi... #'

331

@echo '# Warning: network hook "*" exited with status * #'

332

@echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'

333

@echo '# Failed to bring up interface "*": Operation not... #'

334

@echo '# #'

335

@echo '# (The messages are caused by not running as root, #'

336

@echo '# but you should NOT run "make run-client" as root #'

337

@echo '# unless you also unpacked and compiled Mandos as #'

338

@echo '# root, which is also NOT recommended.) #'

339

@echo '######################################################'

261

run-client: all keydir/seckey.txt keydir/pubkey.txt

262

@echo "###################################################################"

263

@echo "# The following error messages are harmless and can be safely #"

264

@echo "# ignored. The messages are caused by not running as root, but #"

265

@echo "# you should NOT run \"make run-client\" as root unless you also #"

266

@echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"

267

@echo "# From plugin-runner: setgid: Operation not permitted #"

268

@echo "# setuid: Operation not permitted #"

269

@echo "# From askpass-fifo: mkfifo: Permission denied #"

270

@echo "# From mandos-client: #"

271

@echo "# Failed to raise privileges: Operation not permitted #"

272

@echo "# Warning: network hook \"*\" exited with status * #"

273

@echo "###################################################################"

340

274

# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring

341

275

./plugin-runner --plugin-dir=plugins.d \

342

--plugin-helper-dir=plugin-helpers \

343

276

--config-file=plugin-runner.conf \

344

--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \

277

--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \

345

278

--env-for=mandos-client:GNOME_KEYRING_CONTROL= \

346

279

$(CLIENTARGS)

347

280

348

281

# Used by run-client

349

keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen

282

keydir/seckey.txt keydir/pubkey.txt: mandos-keygen

350

283

install --directory keydir

351

284

./mandos-keygen --dir keydir --force

352

285

359

292

confdir/mandos.conf: mandos.conf

360

293

install --directory confdir

361

294

install --mode=u=rw,go=r $^ $@

362

confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem

295

confdir/clients.conf: clients.conf keydir/seckey.txt

363

296

install --directory confdir

364

297

install --mode=u=rw $< $@

365

298

# Add a client password

382

315

elif install --directory --mode=u=rwx $(STATEDIR); then \

383

316

chown -- $(USER):$(GROUP) $(STATEDIR) || :; \

384

317

385

if [ "$(TMPFILES)" != "$(DESTDIR)" \

386

-a -d "$(TMPFILES)" ]; then \

387

install --mode=u=rw,go=r tmpfiles.d-mandos.conf \

388

$(TMPFILES)/mandos.conf; \

389

390

318

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

391

319

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

392

320

mandos-ctl

424

352

install-client-nokey: all doc

425

353

install --directory $(LIBDIR)/mandos $(CONFDIR)

426

354

install --directory --mode=u=rwx $(KEYDIR) \

427

$(LIBDIR)/mandos/plugins.d \

428

$(LIBDIR)/mandos/plugin-helpers

355

$(LIBDIR)/mandos/plugins.d

429

356

if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \

430

357

install --mode=u=rwx \

431

--directory "$(CONFDIR)/plugins.d" \

432

"$(CONFDIR)/plugin-helpers"; \

358

--directory "$(CONFDIR)/plugins.d"; \

433

359

434

360

install --mode=u=rwx,go=rx --directory \

435

361

"$(CONFDIR)/network-hooks.d"

436

362

install --mode=u=rwx,go=rx \

437

363

--target-directory=$(LIBDIR)/mandos plugin-runner

438

install --mode=u=rwx,go=rx \

439

--target-directory=$(LIBDIR)/mandos \

440

mandos-to-cryptroot-unlock

441

364

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

442

365

mandos-keygen

443

366

install --mode=u=rwx,go=rx \

458

381

install --mode=u=rwxs,go=rx \

459

382

--target-directory=$(LIBDIR)/mandos/plugins.d \

460

383

plugins.d/plymouth

461

install --mode=u=rwx,go=rx \

462

--target-directory=$(LIBDIR)/mandos/plugin-helpers \

463

plugin-helpers/mandos-client-iprouteadddel

464

384

install initramfs-tools-hook \

465

385

$(INITRAMFSTOOLS)/hooks/mandos

466

install --mode=u=rw,go=r initramfs-tools-conf \

467

$(INITRAMFSTOOLS)/conf.d/mandos-conf

468

install --mode=u=rw,go=r initramfs-tools-conf-hook \

469

$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos

386

install --mode=u=rw,go=r initramfs-tools-hook-conf \

387

$(INITRAMFSTOOLS)/conf-hooks.d/mandos

470

388

install initramfs-tools-script \

471

389

$(INITRAMFSTOOLS)/scripts/init-premount/mandos

472

install initramfs-tools-script-stop \

473

$(INITRAMFSTOOLS)/scripts/local-premount/mandos

474

install --directory $(DRACUTMODULE)

475

install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \

476

dracut-module/ask-password-mandos.path \

477

dracut-module/ask-password-mandos.service

478

install --mode=u=rwxs,go=rx \

479

--target-directory=$(DRACUTMODULE) \

480

dracut-module/module-setup.sh \

481

dracut-module/cmdline-mandos.sh \

482

dracut-module/password-agent

483

390

install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)

484

391

gzip --best --to-stdout mandos-keygen.8 \

485

392

> $(MANDIR)/man8/mandos-keygen.8.gz

497

404

> $(MANDIR)/man8/askpass-fifo.8mandos.gz

498

405

gzip --best --to-stdout plugins.d/plymouth.8mandos \

499

406

> $(MANDIR)/man8/plymouth.8mandos.gz

500

gzip --best --to-stdout dracut-module/password-agent.8mandos \

501

> $(MANDIR)/man8/password-agent.8mandos.gz

502

407

503

408

install-client: install-client-nokey

504

409

# Post-installation stuff

505

410

-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"

506

if command -v update-initramfs >/dev/null; then \

507

update-initramfs -k all -u; \

508

elif command -v dracut >/dev/null; then \

509

for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \

510

if [ -w "$$initrd" ]; then \

511

chmod go-r "$$initrd"; \

512

dracut --force "$$initrd"; \

513

fi; \

514

done; \

515

411

update-initramfs -k all -u

516

412

echo "Now run mandos-keygen --password --dir $(KEYDIR)"

517

413

518

414

uninstall: uninstall-server uninstall-client

545

441

$(INITRAMFSTOOLS)/hooks/mandos \

546

442

$(INITRAMFSTOOLS)/conf-hooks.d/mandos \

547

443

$(INITRAMFSTOOLS)/scripts/init-premount/mandos \

548

$(INITRAMFSTOOLS)/scripts/local-premount/mandos \

549

$(DRACUTMODULE)/ask-password-mandos.path \

550

$(DRACUTMODULE)/ask-password-mandos.service \

551

$(DRACUTMODULE)/module-setup.sh \

552

$(DRACUTMODULE)/cmdline-mandos.sh \

553

$(DRACUTMODULE)/password-agent \

554

444

$(MANDIR)/man8/mandos-keygen.8.gz \

555

445

$(MANDIR)/man8/plugin-runner.8mandos.gz \

556

446

$(MANDIR)/man8/mandos-client.8mandos.gz

559

449

$(MANDIR)/man8/splashy.8mandos.gz \

560

450

$(MANDIR)/man8/askpass-fifo.8mandos.gz \

561

451

$(MANDIR)/man8/plymouth.8mandos.gz \

562

$(MANDIR)/man8/password-agent.8mandos.gz \

563

452

-rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \

564

$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)

565

if command -v update-initramfs >/dev/null; then \

566

update-initramfs -k all -u; \

567

elif command -v dracut >/dev/null; then \

568

for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \

569

test -w "$$initrd" && dracut --force "$$initrd"; \

570

done; \

571

453

$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)

454

update-initramfs -k all -u

572

455

573

456

purge: purge-server purge-client

574

457

583

466

-rmdir $(CONFDIR)

584

467

585

468

purge-client: uninstall-client

586

-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem

469

-shred --remove $(KEYDIR)/seckey.txt

587

470

-rm --force $(CONFDIR)/plugin-runner.conf \

588

$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \

589

$(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt

471

$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt

590

472

-rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)

Older »