/mandos/trunk : revision 742

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

Committer: Teddy Hogeborn
Date: 2015-03-10 18:03:38 UTC
Revision ID: teddy@recompile.se-20150310180338-pcxw6r2qmw9k6br9

Add ":!RSA" to GnuTLS priority string, to disallow non-DHE kx.

If Mandos was somehow made to use a non-ephemeral Diffie-Hellman key
exchange algorithm in the TLS handshake, any saved network traffic
could then be decrypted later if the Mandos client key was obtained.
By default, Mandos uses ephemeral DH key exchanges which does not have
this problem, but a non-ephemeral key exchange algorithm was still
enabled by default. The simplest solution is to simply turn that off,
which ensures that Mandos will always use ephemeral DH key exchanges.

There is a "PFS" priority string specifier, but we can't use it because:

1. Security-wise, it is a mix between "NORMAL" and "SECURE128" - it
enables a lot more algorithms than "SECURE256".

2. It is only available since GnuTLS 3.2.4.

Thanks to Andreas Fischer <af@bantuX.org> for reporting this issue.

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

DBUS-API

INSTALL

NEWS

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

debian/watch

default-mandos

init.d-mandos

initramfs-unpack

intro.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos.lsm

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files removed:
plugins.d/usplash

files renamed:
plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
.bzrignore

Makefile

README

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

Makefile

WARN=-O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs \

-Wswitch-default -Wswitch-enum -Wunused-parameter \

-Wstrict-aliasing=2 -Wextra -Wfloat-equal -Wundef -Wshadow \

WARN=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \

-Wmissing-include-dirs -Wswitch-default -Wswitch-enum \

-Wunused -Wuninitialized -Wstrict-overflow=5 \

-Wsuggest-attribute=pure -Wsuggest-attribute=const \

-Wsuggest-attribute=noreturn -Wfloat-equal -Wundef -Wshadow \

-Wunsafe-loop-optimizations -Wpointer-arith \

-Wbad-function-cast -Wcast-qual -Wcast-align -Wwrite-strings \

-Wconversion -Wstrict-prototypes -Wold-style-definition \

-Wpacked -Wnested-externs -Wunreachable-code -Winline \

-Wvolatile-register-var

DEBUG=-ggdb3

# For info about _FORTIFY_SOURCE, see

# <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>

FORTIFY=-D_FORTIFY_SOURCE=2 # -fstack-protector-all

-Wconversion -Wlogical-op -Waggregate-return \

-Wstrict-prototypes -Wold-style-definition \

-Wmissing-format-attribute -Wnormalized=nfc -Wpacked \

-Wredundant-decls -Wnested-externs -Winline -Wvla \

-Wvolatile-register-var -Woverlength-strings

#DEBUG=-ggdb3

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC

LINK_FORTIFY_LD=-z relro -z now

LINK_FORTIFY=

# If BROKEN_PIE is set, do not build with -pie

ifndef BROKEN_PIE

FORTIFY += -fPIE

LINK_FORTIFY += -pie

endif

#COVERAGE=--coverage

OPTIMIZE=-Os

OPTIMIZE=-Os -fno-strict-aliasing

LANGUAGE=-std=gnu99

# PREFIX=/usr/local

htmldir=man

version=1.6.9

SED=sed

USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))

GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nobody || echo 65534)))

## Use these settings for a traditional /usr/local install

# PREFIX=$(DESTDIR)/usr/local

# CONFDIR=$(DESTDIR)/etc/mandos

# KEYDIR=$(DESTDIR)/etc/mandos/keys

# MANDIR=$(PREFIX)/man

# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools

# STATEDIR=$(DESTDIR)/var/lib/mandos

# LIBDIR=$(PREFIX)/lib

## These settings are for a package-type install

PREFIX=$(DESTDIR)/usr

# CONFDIR=/usr/local/lib/mandos

CONFDIR=$(DESTDIR)/etc/mandos

# KEYDIR=/usr/local/lib/mandos/keys

KEYDIR=$(DESTDIR)/etc/keys/mandos

# MANDIR=/usr/local/man

MANDIR=$(DESTDIR)/usr/share/man

GNUTLS_CFLAGS=$(shell libgnutls-config --cflags)

GNUTLS_LIBS=$(shell libgnutls-config --libs)

MANDIR=$(PREFIX)/share/man

INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools

STATEDIR=$(DESTDIR)/var/lib/mandos

LIBDIR=$(shell \

for d in \

"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \

"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \

if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \

echo "$(DESTDIR)$$d"; \

break; \

fi; \

done)

SYSTEMD=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)

GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)

GNUTLS_LIBS=$(shell pkg-config --libs gnutls)

AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)

AVAHI_LIBS=$(shell pkg-config --libs avahi-core)

GPGME_CFLAGS=$(shell gpgme-config --cflags)

GPGME_LIBS=$(shell gpgme-config --libs)

GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)

GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \

getconf LFS_LDFLAGS)

# Do not change these two

CFLAGS=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

$(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)

LDFLAGS=$(COVERAGE)

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

$(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) \

-DVERSION='"$(version)"'

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

# Commands to format a DocBook refentry document into a manual page

DOCBOOKTOMAN=cd $(dir $<); xsltproc --nonet --xinclude \

# Commands to format a DocBook <refentry> document into a manual page

DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \

--param man.charmap.use.subset 0 \

--param make.year.ranges 1 \

--param make.single.year.ranges 1 \

--param man.output.quietly 1 \

--param man.authors.section.enabled 0 \

/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \

$(notdir $<); \

$(MANPOST) $(notdir $@)

# DocBook-to-man post-processing to fix a \n escape bug

MANPOST=sed --in-place --expression='s,\\\\en,\\en,g;s,\\n,\\en,g'

PLUGINS=plugins.d/password-prompt plugins.d/password-request

PROGS=plugin-runner $(PLUGINS)

DOCS=mandos.8 plugin-runner.8mandos mandos-keygen.8 \

plugins.d/password-request.8mandos \

plugins.d/password-prompt.8mandos mandos.conf.5 \

mandos-clients.conf.5

objects=$(addsuffix .o,$(PROGS))

all: $(PROGS)

if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \

&& type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \

man --warnings --encoding=UTF-8 --local-file $(notdir $@); \

fi >/dev/null)

DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \

--param make.year.ranges 1 \

--param make.single.year.ranges 1 \

--param man.output.quietly 1 \

--param man.authors.section.enabled 0 \

--param citerefentry.link 1 \

--output $@ \

100

/usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \

101

$<; $(HTMLPOST) $@)

102

# Fix citerefentry links

103

HTMLPOST=$(SED) --in-place \

104

--expression='s/$<a class="citerefentry" href="$$"><span class="citerefentry"><span class="refentrytitle">$$[^<]*$$<\/span>($$[^)]*$$)<\/span><\/a>$/\1\3.\5\2\3\4\5\6/g'

105

106

PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \

107

plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \

108

plugins.d/plymouth

109

CPROGS=plugin-runner $(PLUGINS)

110

PROGS=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)

111

DOCS=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \

112

mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \

113

plugins.d/mandos-client.8mandos \

114

plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \

115

plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \

116

plugins.d/plymouth.8mandos intro.8mandos

117

118

htmldocs=$(addsuffix .xhtml,$(DOCS))

119

120

objects=$(addsuffix .o,$(CPROGS))

121

122

all: $(PROGS) mandos.lsm

123

124

doc: $(DOCS)

125

%.5: %.xml legalnotice.xml

$(DOCBOOKTOMAN)

%.8: %.xml legalnotice.xml

$(DOCBOOKTOMAN)

%.8mandos: %.xml legalnotice.xml

$(DOCBOOKTOMAN)

mandos.8: mandos.xml mandos-options.xml overview.xml legalnotice.xml

$(DOCBOOKTOMAN)

mandos-keygen.8: mandos-keygen.xml overview.xml legalnotice.xml

$(DOCBOOKTOMAN)

mandos.conf.5: mandos.conf.xml mandos-options.xml legalnotice.xml

$(DOCBOOKTOMAN)

plugin-runner.8mandos: plugin-runner.xml overview.xml legalnotice.xml

$(DOCBOOKTOMAN)

plugins.d/password-request.8mandos: plugins.d/password-request.xml \

mandos-options.xml \

overview.xml legalnotice.xml

$(DOCBOOKTOMAN)

plugins.d/password-request: plugins.d/password-request.o

$(LINK.o) $(GNUTLS_LIBS) $(AVAHI_LIBS) $(GPGME_LIBS) \

$(COMMON) $^ $(LOADLIBES) $(LDLIBS) -o $@

.PHONY : all doc clean distclean run-client run-server install \

install-server install-client uninstall uninstall-server \

uninstall-client purge purge-server purge-client

126

html: $(htmldocs)

127

128

%.5: %.xml common.ent legalnotice.xml

129

$(DOCBOOKTOMAN)

130

%.5.xhtml: %.xml common.ent legalnotice.xml

131

$(DOCBOOKTOHTML)

132

133

%.8: %.xml common.ent legalnotice.xml

134

$(DOCBOOKTOMAN)

135

%.8.xhtml: %.xml common.ent legalnotice.xml

136

$(DOCBOOKTOHTML)

137

138

%.8mandos: %.xml common.ent legalnotice.xml

139

$(DOCBOOKTOMAN)

140

%.8mandos.xhtml: %.xml common.ent legalnotice.xml

141

$(DOCBOOKTOHTML)

142

143

intro.8mandos: intro.xml common.ent legalnotice.xml

144

$(DOCBOOKTOMAN)

145

intro.8mandos.xhtml: intro.xml common.ent legalnotice.xml

146

$(DOCBOOKTOHTML)

147

148

mandos.8: mandos.xml common.ent mandos-options.xml overview.xml \

149

legalnotice.xml

150

$(DOCBOOKTOMAN)

151

mandos.8.xhtml: mandos.xml common.ent mandos-options.xml \

152

overview.xml legalnotice.xml

153

$(DOCBOOKTOHTML)

154

155

mandos-keygen.8: mandos-keygen.xml common.ent overview.xml \

156

legalnotice.xml

157

$(DOCBOOKTOMAN)

158

mandos-keygen.8.xhtml: mandos-keygen.xml common.ent overview.xml \

159

legalnotice.xml

160

$(DOCBOOKTOHTML)

161

162

mandos-monitor.8: mandos-monitor.xml common.ent overview.xml \

163

legalnotice.xml

164

$(DOCBOOKTOMAN)

165

mandos-monitor.8.xhtml: mandos-monitor.xml common.ent overview.xml \

166

legalnotice.xml

167

$(DOCBOOKTOHTML)

168

169

mandos-ctl.8: mandos-ctl.xml common.ent overview.xml \

170

legalnotice.xml

171

$(DOCBOOKTOMAN)

172

mandos-ctl.8.xhtml: mandos-ctl.xml common.ent overview.xml \

173

legalnotice.xml

174

$(DOCBOOKTOHTML)

175

176

mandos.conf.5: mandos.conf.xml common.ent mandos-options.xml \

177

legalnotice.xml

178

$(DOCBOOKTOMAN)

179

mandos.conf.5.xhtml: mandos.conf.xml common.ent mandos-options.xml \

180

legalnotice.xml

181

$(DOCBOOKTOHTML)

182

183

plugin-runner.8mandos: plugin-runner.xml common.ent overview.xml \

184

legalnotice.xml

185

$(DOCBOOKTOMAN)

186

plugin-runner.8mandos.xhtml: plugin-runner.xml common.ent \

187

overview.xml legalnotice.xml

188

$(DOCBOOKTOHTML)

189

190

plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \

191

common.ent \

192

mandos-options.xml \

193

overview.xml legalnotice.xml

194

$(DOCBOOKTOMAN)

195

plugins.d/mandos-client.8mandos.xhtml: plugins.d/mandos-client.xml \

196

common.ent \

197

mandos-options.xml \

198

overview.xml legalnotice.xml

199

$(DOCBOOKTOHTML)

200

201

# Update all these files with version number $(version)

202

common.ent: Makefile

203

$(strip $(SED) --in-place \

204

--expression='s/^$<!ENTITY version "$[^"]*">$$/\1$(version)">/' \

205

$@)

206

207

mandos: Makefile

208

$(strip $(SED) --in-place \

209

--expression='s/^$version = "$[^"]*"$$/\1$(version)"/' \

210

$@)

211

212

mandos-keygen: Makefile

213

$(strip $(SED) --in-place \

214

--expression='s/^$VERSION="$[^"]*"$$/\1$(version)"/' \

215

$@)

216

217

mandos-ctl: Makefile

218

$(strip $(SED) --in-place \

219

--expression='s/^$version = "$[^"]*"$$/\1$(version)"/' \

220

$@)

221

222

mandos-monitor: Makefile

223

$(strip $(SED) --in-place \

224

--expression='s/^$version = "$[^"]*"$$/\1$(version)"/' \

225

$@)

226

227

mandos.lsm: Makefile

228

$(strip $(SED) --in-place \

229

--expression='s/^$Version:$.*/\1\t$(version)/' \

230

$@)

231

$(strip $(SED) --in-place \

232

--expression='s/^$Entered-date:$.*/\1\t$(shell date --rfc-3339=date --reference=Makefile)/' \

233

$@)

234

$(strip $(SED) --in-place \

235

--expression='s/$mandos_$[0-9.]\+$\.orig\.tar\.gz$/\1$(version)\2/' \

236

$@)

237

238

plugins.d/mandos-client: plugins.d/mandos-client.c

239

$(LINK.c) $^ -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\

240

) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@

241

242

.PHONY : all doc html clean distclean mostlyclean maintainer-clean \

243

check run-client run-server install install-html \

244

install-server install-client-nokey install-client uninstall \

245

uninstall-server uninstall-client purge purge-server \

246

purge-client

247

248

clean:

-rm --force $(PROGS) $(objects) $(DOCS) core

249

-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core

250

100

251

distclean: clean

101

252

mostlyclean: clean

102

253

maintainer-clean: clean

103

-rm --force --recursive keydir confdir

254

-rm --force --recursive keydir confdir statedir

104

255

105

check:

256

check: all

106

257

./mandos --check

258

./mandos-ctl --check

107

259

108

260

# Run the client with a local config and key

109

261

run-client: all keydir/seckey.txt keydir/pubkey.txt

262

@echo "###################################################################"

263

@echo "# The following error messages are harmless and can be safely #"

264

@echo "# ignored. The messages are caused by not running as root, but #"

265

@echo "# you should NOT run \"make run-client\" as root unless you also #"

266

@echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"

267

@echo "# From plugin-runner: setgid: Operation not permitted #"

268

@echo "# setuid: Operation not permitted #"

269

@echo "# From askpass-fifo: mkfifo: Permission denied #"

270

@echo "# From mandos-client: #"

271

@echo "# Failed to raise privileges: Operation not permitted #"

272

@echo "# Warning: network hook \"*\" exited with status * #"

273

@echo "###################################################################"

274

# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring

110

275

./plugin-runner --plugin-dir=plugins.d \

111

276

--config-file=plugin-runner.conf \

112

--options-for=password-request:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt

277

--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \

278

--env-for=mandos-client:GNOME_KEYRING_CONTROL= \

279

$(CLIENTARGS)

113

280

114

281

# Used by run-client

115

282

keydir/seckey.txt keydir/pubkey.txt: mandos-keygen

117

284

./mandos-keygen --dir keydir --force

118

285

119

286

# Run the server with a local config

120

run-server: confdir/mandos.conf confdir/clients.conf

121

./mandos --debug --configdir=confdir

287

run-server: confdir/mandos.conf confdir/clients.conf statedir

288

./mandos --debug --no-dbus --configdir=confdir \

289

--statedir=statedir $(SERVERARGS)

122

290

123

291

# Used by run-server

124

292

confdir/mandos.conf: mandos.conf

126

294

install --mode=u=rw,go=r $^ $@

127

295

confdir/clients.conf: clients.conf keydir/seckey.txt

128

296

install --directory confdir

129

install --mode=u=rw,g=r $< $@

297

install --mode=u=rw $< $@

130

298

# Add a client password

131

./mandos-keygen --dir keydir --password >> $@

132

133

install: install-server install-client

299

./mandos-keygen --dir keydir --password --no-ssh >> $@

300

statedir:

301

install --directory statedir

302

303

install: install-server install-client-nokey

304

305

install-html: html

306

install --directory $(htmldir)

307

install --mode=u=rw,go=r --target-directory=$(htmldir) \

308

$(htmldocs)

134

309

135

310

install-server: doc

136

install --directory $(CONFDIR) $(MANDIR)/man5 \

137

$(MANDIR)/man8

311

install --directory $(CONFDIR)

312

if install --directory --mode=u=rwx --owner=$(USER) \

313

--group=$(GROUP) $(STATEDIR); then \

314

:; \

315

elif install --directory --mode=u=rwx $(STATEDIR); then \

316

chown -- $(USER):$(GROUP) $(STATEDIR) || :; \

317

138

318

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

139

install --mode=u=rw,go=r --target-directory=$(CONFDIR) mandos.conf

140

install --mode=u=rw,g=r --target-directory=$(CONFDIR) \

319

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

320

mandos-ctl

321

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

322

mandos-monitor

323

install --mode=u=rw,go=r --target-directory=$(CONFDIR) \

324

mandos.conf

325

install --mode=u=rw --target-directory=$(CONFDIR) \

141

326

clients.conf

327

install --mode=u=rw,go=r dbus-mandos.conf \

328

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

329

install --mode=u=rwx,go=rx init.d-mandos \

330

$(DESTDIR)/etc/init.d/mandos

331

if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \

332

install --mode=u=rw,go=r mandos.service $(SYSTEMD); \

333

334

install --mode=u=rw,go=r default-mandos \

335

$(DESTDIR)/etc/default/mandos

336

if [ -z $(DESTDIR) ]; then \

337

update-rc.d mandos defaults 25 15;\

338

142

339

gzip --best --to-stdout mandos.8 \

143

340

> $(MANDIR)/man8/mandos.8.gz

341

gzip --best --to-stdout mandos-monitor.8 \

342

> $(MANDIR)/man8/mandos-monitor.8.gz

343

gzip --best --to-stdout mandos-ctl.8 \

344

> $(MANDIR)/man8/mandos-ctl.8.gz

144

345

gzip --best --to-stdout mandos.conf.5 \

145

346

> $(MANDIR)/man5/mandos.conf.5.gz

146

347

gzip --best --to-stdout mandos-clients.conf.5 \

147

348

> $(MANDIR)/man5/mandos-clients.conf.5.gz

349

gzip --best --to-stdout intro.8mandos \

350

> $(MANDIR)/man8/intro.8mandos.gz

148

351

149

install-client: all doc /usr/share/initramfs-tools/hooks/.

150

install --directory $(PREFIX)/lib/mandos $(CONFDIR) \

151

$(MANDIR)/man8

152

install --directory --mode=u=rwx $(KEYDIR)

153

install --directory --mode=u=rwx $(PREFIX)/lib/mandos/plugins.d

154

if [ "$(CONFDIR)/plugins.d" \

155

!= "$(PREFIX)/lib/mandos/plugins.d" ]; then \

156

install --directory "$(CONFDIR)/plugins.d"; \

157

158

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/lib/mandos \

159

plugin-runner

352

install-client-nokey: all doc

353

install --directory $(LIBDIR)/mandos $(CONFDIR)

354

install --directory --mode=u=rwx $(KEYDIR) \

355

$(LIBDIR)/mandos/plugins.d

356

if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \

357

install --mode=u=rwx \

358

--directory "$(CONFDIR)/plugins.d"; \

359

360

install --mode=u=rwx,go=rx --directory \

361

"$(CONFDIR)/network-hooks.d"

362

install --mode=u=rwx,go=rx \

363

--target-directory=$(LIBDIR)/mandos plugin-runner

160

364

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

161

365

mandos-keygen

162

366

install --mode=u=rwx,go=rx \

163

--target-directory=$(PREFIX)/lib/mandos/plugins.d \

367

--target-directory=$(LIBDIR)/mandos/plugins.d \

164

368

plugins.d/password-prompt

165

369

install --mode=u=rwxs,go=rx \

166

--target-directory=$(PREFIX)/lib/mandos/plugins.d \

167

plugins.d/password-request

168

install --mode=u=rwx,go=rx \

169

--target-directory=$(PREFIX)/lib/mandos/plugins.d \

370

--target-directory=$(LIBDIR)/mandos/plugins.d \

371

plugins.d/mandos-client

372

install --mode=u=rwxs,go=rx \

373

--target-directory=$(LIBDIR)/mandos/plugins.d \

170

374

plugins.d/usplash

375

install --mode=u=rwxs,go=rx \

376

--target-directory=$(LIBDIR)/mandos/plugins.d \

377

plugins.d/splashy

378

install --mode=u=rwxs,go=rx \

379

--target-directory=$(LIBDIR)/mandos/plugins.d \

380

plugins.d/askpass-fifo

381

install --mode=u=rwxs,go=rx \

382

--target-directory=$(LIBDIR)/mandos/plugins.d \

383

plugins.d/plymouth

171

384

install initramfs-tools-hook \

172

/usr/share/initramfs-tools/hooks/mandos

173

install initramfs-tools-hook-conf \

174

/usr/share/initramfs-tools/conf-hooks.d/mandos

385

$(INITRAMFSTOOLS)/hooks/mandos

386

install --mode=u=rw,go=r initramfs-tools-hook-conf \

387

$(INITRAMFSTOOLS)/conf-hooks.d/mandos

175

388

install initramfs-tools-script \

176

/usr/share/initramfs-tools/scripts/local-top/mandos

389

$(INITRAMFSTOOLS)/scripts/init-premount/mandos

177

390

install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)

178

391

gzip --best --to-stdout mandos-keygen.8 \

179

392

> $(MANDIR)/man8/mandos-keygen.8.gz

180

393

gzip --best --to-stdout plugin-runner.8mandos \

181

394

> $(MANDIR)/man8/plugin-runner.8mandos.gz

395

gzip --best --to-stdout plugins.d/mandos-client.8mandos \

396

> $(MANDIR)/man8/mandos-client.8mandos.gz

182

397

gzip --best --to-stdout plugins.d/password-prompt.8mandos \

183

398

> $(MANDIR)/man8/password-prompt.8mandos.gz

184

gzip --best --to-stdout plugins.d/password-request.8mandos \

185

> $(MANDIR)/man8/password-request.8mandos.gz

399

gzip --best --to-stdout plugins.d/usplash.8mandos \

400

> $(MANDIR)/man8/usplash.8mandos.gz

401

gzip --best --to-stdout plugins.d/splashy.8mandos \

402

> $(MANDIR)/man8/splashy.8mandos.gz

403

gzip --best --to-stdout plugins.d/askpass-fifo.8mandos \

404

> $(MANDIR)/man8/askpass-fifo.8mandos.gz

405

gzip --best --to-stdout plugins.d/plymouth.8mandos \

406

> $(MANDIR)/man8/plymouth.8mandos.gz

407

408

install-client: install-client-nokey

409

# Post-installation stuff

186

410

-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"

187

411

update-initramfs -k all -u

188

412

echo "Now run mandos-keygen --password --dir $(KEYDIR)"

191

415

192

416

uninstall-server:

193

417

-rm --force $(PREFIX)/sbin/mandos \

418

$(PREFIX)/sbin/mandos-ctl \

419

$(PREFIX)/sbin/mandos-monitor \

194

420

$(MANDIR)/man8/mandos.8.gz \

421

$(MANDIR)/man8/mandos-monitor.8.gz \

422

$(MANDIR)/man8/mandos-ctl.8.gz \

195

423

$(MANDIR)/man5/mandos.conf.5.gz \

196

424

$(MANDIR)/man5/mandos-clients.conf.5.gz

425

update-rc.d -f mandos remove

197

426

-rmdir $(CONFDIR)

198

427

199

428

uninstall-client:

200

429

# Refuse to uninstall client if /etc/crypttab is explicitly configured

201

430

# to use it.

202

431

! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \

203

/etc/crypttab

432

$(DESTDIR)/etc/crypttab

204

433

-rm --force $(PREFIX)/sbin/mandos-keygen \

205

$(PREFIX)/lib/mandos/plugin-runner \

206

$(PREFIX)/lib/mandos/plugins.d/password-prompt \

207

$(PREFIX)/lib/mandos/plugins.d/password-request \

208

/usr/share/initramfs-tools/hooks/mandos \

209

/usr/share/initramfs-tools/conf-hooks.d/mandos \

434

$(LIBDIR)/mandos/plugin-runner \

435

$(LIBDIR)/mandos/plugins.d/password-prompt \

436

$(LIBDIR)/mandos/plugins.d/mandos-client \

437

$(LIBDIR)/mandos/plugins.d/usplash \

438

$(LIBDIR)/mandos/plugins.d/splashy \

439

$(LIBDIR)/mandos/plugins.d/askpass-fifo \

440

$(LIBDIR)/mandos/plugins.d/plymouth \

441

$(INITRAMFSTOOLS)/hooks/mandos \

442

$(INITRAMFSTOOLS)/conf-hooks.d/mandos \

443

$(INITRAMFSTOOLS)/scripts/init-premount/mandos \

444

$(MANDIR)/man8/mandos-keygen.8.gz \

210

445

$(MANDIR)/man8/plugin-runner.8mandos.gz \

211

$(MANDIR)/man8/mandos-keygen.8.gz \

446

$(MANDIR)/man8/mandos-client.8mandos.gz

212

447

$(MANDIR)/man8/password-prompt.8mandos.gz \

213

$(MANDIR)/man8/password-request.8mandos.gz

214

-rmdir $(PREFIX)/lib/mandos/plugins.d $(CONFDIR)/plugins.d \

215

$(PREFIX)/lib/mandos $(CONFDIR)

448

$(MANDIR)/man8/usplash.8mandos.gz \

449

$(MANDIR)/man8/splashy.8mandos.gz \

450

$(MANDIR)/man8/askpass-fifo.8mandos.gz \

451

$(MANDIR)/man8/plymouth.8mandos.gz \

452

-rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \

453

$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)

216

454

update-initramfs -k all -u

217

455

218

456

purge: purge-server purge-client

219

457

220

458

purge-server: uninstall-server

221

-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf

459

-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \

460

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

461

$(DESTDIR)/etc/default/mandos \

462

$(DESTDIR)/etc/init.d/mandos \

463

$(SYSTEMD)/mandos.service \

464

$(DESTDIR)/run/mandos.pid \

465

$(DESTDIR)/var/run/mandos.pid

222

466

-rmdir $(CONFDIR)

223

467

224

468

purge-client: uninstall-client

225

469

-shred --remove $(KEYDIR)/seckey.txt

226

-rm --force $(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt

470

-rm --force $(CONFDIR)/plugin-runner.conf \

471

$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt

227

472

-rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)

Older »