/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2015-03-10 18:03:38 UTC
  • Revision ID: teddy@recompile.se-20150310180338-pcxw6r2qmw9k6br9
Add ":!RSA" to GnuTLS priority string, to disallow non-DHE kx.

If Mandos was somehow made to use a non-ephemeral Diffie-Hellman key
exchange algorithm in the TLS handshake, any saved network traffic
could then be decrypted later if the Mandos client key was obtained.
By default, Mandos uses ephemeral DH key exchanges which does not have
this problem, but a non-ephemeral key exchange algorithm was still
enabled by default.  The simplest solution is to simply turn that off,
which ensures that Mandos will always use ephemeral DH key exchanges.

There is a "PFS" priority string specifier, but we can't use it because:

1. Security-wise, it is a mix between "NORMAL" and "SECURE128" - it
   enables a lot more algorithms than "SECURE256".

2. It is only available since GnuTLS 3.2.4.

Thanks to Andreas Fischer <af@bantuX.org> for reporting this issue.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
WARN=-O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs \
2
 
        -Wswitch-default -Wswitch-enum -Wunused-parameter \
3
 
        -Wstrict-aliasing=1 -Wextra -Wfloat-equal -Wundef -Wshadow \
 
1
WARN=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
 
2
        -Wmissing-include-dirs -Wswitch-default -Wswitch-enum \
 
3
        -Wunused -Wuninitialized -Wstrict-overflow=5 \
 
4
        -Wsuggest-attribute=pure -Wsuggest-attribute=const \
 
5
        -Wsuggest-attribute=noreturn -Wfloat-equal -Wundef -Wshadow \
4
6
        -Wunsafe-loop-optimizations -Wpointer-arith \
5
7
        -Wbad-function-cast -Wcast-qual -Wcast-align -Wwrite-strings \
6
 
        -Wconversion -Wstrict-prototypes -Wold-style-definition \
7
 
        -Wpacked -Wnested-externs -Winline -Wvolatile-register-var
8
 
#       -Wunreachable-code 
 
8
        -Wconversion -Wlogical-op -Waggregate-return \
 
9
        -Wstrict-prototypes -Wold-style-definition \
 
10
        -Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
 
11
        -Wredundant-decls -Wnested-externs -Winline -Wvla \
 
12
        -Wvolatile-register-var -Woverlength-strings
9
13
#DEBUG=-ggdb3
10
 
# For info about _FORTIFY_SOURCE, see
11
 
# <http://www.kernel.org/doc/man-pages/online/pages/man7/feature_test_macros.7.html>
 
14
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
12
15
# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
13
16
FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
14
17
LINK_FORTIFY_LD=-z relro -z now
17
20
# If BROKEN_PIE is set, do not build with -pie
18
21
ifndef BROKEN_PIE
19
22
FORTIFY += -fPIE
20
 
LINK_FORTIFY_LD += -fPIE
21
23
LINK_FORTIFY += -pie
22
24
endif
23
25
#COVERAGE=--coverage
24
 
OPTIMIZE=-Os
 
26
OPTIMIZE=-Os -fno-strict-aliasing
25
27
LANGUAGE=-std=gnu99
26
28
htmldir=man
27
 
version=1.0.14
 
29
version=1.6.9
28
30
SED=sed
29
31
 
 
32
USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
 
33
GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nobody || echo 65534)))
 
34
 
30
35
## Use these settings for a traditional /usr/local install
31
36
# PREFIX=$(DESTDIR)/usr/local
32
37
# CONFDIR=$(DESTDIR)/etc/mandos
33
38
# KEYDIR=$(DESTDIR)/etc/mandos/keys
34
39
# MANDIR=$(PREFIX)/man
35
40
# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools
 
41
# STATEDIR=$(DESTDIR)/var/lib/mandos
 
42
# LIBDIR=$(PREFIX)/lib
36
43
##
37
44
 
38
45
## These settings are for a package-type install
41
48
KEYDIR=$(DESTDIR)/etc/keys/mandos
42
49
MANDIR=$(PREFIX)/share/man
43
50
INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools
 
51
STATEDIR=$(DESTDIR)/var/lib/mandos
 
52
LIBDIR=$(shell \
 
53
        for d in \
 
54
        "/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
 
55
        "`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
 
56
                if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
 
57
                        echo "$(DESTDIR)$$d"; \
 
58
                        break; \
 
59
                fi; \
 
60
        done)
44
61
##
45
62
 
 
63
SYSTEMD=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
 
64
 
46
65
GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)
47
66
GNUTLS_LIBS=$(shell pkg-config --libs gnutls)
48
67
AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)
52
71
        getconf LFS_LDFLAGS)
53
72
 
54
73
# Do not change these two
55
 
CFLAGS=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
 
74
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
56
75
        $(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) \
57
76
        -DVERSION='"$(version)"'
58
 
LDFLAGS=$(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
 
77
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
59
78
 
60
79
# Commands to format a DocBook <refentry> document into a manual page
61
80
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
64
83
        --param make.single.year.ranges         1 \
65
84
        --param man.output.quietly              1 \
66
85
        --param man.authors.section.enabled     0 \
67
 
         /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
 
86
        /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
68
87
        $(notdir $<); \
69
 
        $(MANPOST) $(notdir $@))
70
 
# DocBook-to-man post-processing to fix a '\n' escape bug
71
 
MANPOST=$(SED) --in-place --expression='s,\\\\en,\\en,g;s,\\n,\\en,g'
 
88
        if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
 
89
        && type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \
 
90
        man --warnings --encoding=UTF-8 --local-file $(notdir $@); \
 
91
        fi >/dev/null)
72
92
 
73
93
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
74
94
        --param make.year.ranges                1 \
84
104
        --expression='s/\(<a class="citerefentry" href="\)\("><span class="citerefentry"><span class="refentrytitle">\)\([^<]*\)\(<\/span>(\)\([^)]*\)\()<\/span><\/a>\)/\1\3.\5\2\3\4\5\6/g'
85
105
 
86
106
PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \
87
 
        plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo
 
107
        plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
 
108
        plugins.d/plymouth
88
109
CPROGS=plugin-runner $(PLUGINS)
89
 
PROGS=mandos mandos-keygen mandos-ctl $(CPROGS)
90
 
DOCS=mandos.8 plugin-runner.8mandos mandos-keygen.8 \
 
110
PROGS=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
 
111
DOCS=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
 
112
        mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
91
113
        plugins.d/mandos-client.8mandos \
92
 
        plugins.d/password-prompt.8mandos mandos.conf.5 \
93
 
        plugins.d/usplash.8mandos plugins.d/splashy.8mandos \
94
 
        plugins.d/askpass-fifo.8mandos mandos-clients.conf.5
 
114
        plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
 
115
        plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
 
116
        plugins.d/plymouth.8mandos intro.8mandos
95
117
 
96
118
htmldocs=$(addsuffix .xhtml,$(DOCS))
97
119
 
118
140
%.8mandos.xhtml: %.xml common.ent legalnotice.xml
119
141
        $(DOCBOOKTOHTML)
120
142
 
 
143
intro.8mandos: intro.xml common.ent legalnotice.xml
 
144
        $(DOCBOOKTOMAN)
 
145
intro.8mandos.xhtml: intro.xml common.ent legalnotice.xml
 
146
        $(DOCBOOKTOHTML)
 
147
 
121
148
mandos.8: mandos.xml common.ent mandos-options.xml overview.xml \
122
149
                legalnotice.xml
123
150
        $(DOCBOOKTOMAN)
132
159
                 legalnotice.xml
133
160
        $(DOCBOOKTOHTML)
134
161
 
 
162
mandos-monitor.8: mandos-monitor.xml common.ent overview.xml \
 
163
                legalnotice.xml
 
164
        $(DOCBOOKTOMAN)
 
165
mandos-monitor.8.xhtml: mandos-monitor.xml common.ent overview.xml \
 
166
                 legalnotice.xml
 
167
        $(DOCBOOKTOHTML)
 
168
 
 
169
mandos-ctl.8: mandos-ctl.xml common.ent overview.xml \
 
170
                legalnotice.xml
 
171
        $(DOCBOOKTOMAN)
 
172
mandos-ctl.8.xhtml: mandos-ctl.xml common.ent overview.xml \
 
173
                 legalnotice.xml
 
174
        $(DOCBOOKTOHTML)
 
175
 
135
176
mandos.conf.5: mandos.conf.xml common.ent mandos-options.xml \
136
177
                legalnotice.xml
137
178
        $(DOCBOOKTOMAN)
178
219
                --expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
179
220
                $@)
180
221
 
 
222
mandos-monitor: Makefile
 
223
        $(strip $(SED) --in-place \
 
224
                --expression='s/^\(version = "\)[^"]*"$$/\1$(version)"/' \
 
225
                $@)
 
226
 
181
227
mandos.lsm: Makefile
182
228
        $(strip $(SED) --in-place \
183
229
                --expression='s/^\(Version:\).*/\1\t$(version)/' \
190
236
                $@)
191
237
 
192
238
plugins.d/mandos-client: plugins.d/mandos-client.c
193
 
        $(LINK.c) $(GNUTLS_LIBS) $(AVAHI_LIBS) $(GPGME_LIBS) $(strip\
194
 
                ) $(COMMON) $^ $(LOADLIBES) $(LDLIBS) -o $@
 
239
        $(LINK.c) $^ -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\
 
240
                ) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@
195
241
 
196
 
.PHONY : all doc html clean distclean run-client run-server install \
197
 
        install-server install-client uninstall uninstall-server \
198
 
        uninstall-client purge purge-server purge-client
 
242
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
 
243
        check run-client run-server install install-html \
 
244
        install-server install-client-nokey install-client uninstall \
 
245
        uninstall-server uninstall-client purge purge-server \
 
246
        purge-client
199
247
 
200
248
clean:
201
249
        -rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
203
251
distclean: clean
204
252
mostlyclean: clean
205
253
maintainer-clean: clean
206
 
        -rm --force --recursive keydir confdir
 
254
        -rm --force --recursive keydir confdir statedir
207
255
 
208
256
check:  all
209
257
        ./mandos --check
 
258
        ./mandos-ctl --check
210
259
 
211
260
# Run the client with a local config and key
212
261
run-client: all keydir/seckey.txt keydir/pubkey.txt
 
262
        @echo "###################################################################"
 
263
        @echo "# The following error messages are harmless and can be safely     #"
 
264
        @echo "# ignored.  The messages are caused by not running as root, but   #"
 
265
        @echo "# you should NOT run \"make run-client\" as root unless you also    #"
 
266
        @echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"
 
267
        @echo "# From plugin-runner: setgid: Operation not permitted             #"
 
268
        @echo "#                     setuid: Operation not permitted             #"
 
269
        @echo "# From askpass-fifo:  mkfifo: Permission denied                   #"
 
270
        @echo "# From mandos-client:                                             #"
 
271
        @echo "#             Failed to raise privileges: Operation not permitted #"
 
272
        @echo "#             Warning: network hook \"*\" exited with status *      #"
 
273
        @echo "###################################################################"
 
274
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
213
275
        ./plugin-runner --plugin-dir=plugins.d \
214
276
                --config-file=plugin-runner.conf \
215
 
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt \
 
277
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \
 
278
                --env-for=mandos-client:GNOME_KEYRING_CONTROL= \
216
279
                $(CLIENTARGS)
217
280
 
218
281
# Used by run-client
221
284
        ./mandos-keygen --dir keydir --force
222
285
 
223
286
# Run the server with a local config
224
 
run-server: confdir/mandos.conf confdir/clients.conf
225
 
        ./mandos --debug --no-dbus --configdir=confdir $(SERVERARGS)
 
287
run-server: confdir/mandos.conf confdir/clients.conf statedir
 
288
        ./mandos --debug --no-dbus --configdir=confdir \
 
289
                --statedir=statedir $(SERVERARGS)
226
290
 
227
291
# Used by run-server
228
292
confdir/mandos.conf: mandos.conf
232
296
        install --directory confdir
233
297
        install --mode=u=rw $< $@
234
298
# Add a client password
235
 
        ./mandos-keygen --dir keydir --password >> $@
 
299
        ./mandos-keygen --dir keydir --password --no-ssh >> $@
 
300
statedir:
 
301
        install --directory statedir
236
302
 
237
303
install: install-server install-client-nokey
238
304
 
243
309
 
244
310
install-server: doc
245
311
        install --directory $(CONFDIR)
 
312
        if install --directory --mode=u=rwx --owner=$(USER) \
 
313
                --group=$(GROUP) $(STATEDIR); then \
 
314
                :; \
 
315
        elif install --directory --mode=u=rwx $(STATEDIR); then \
 
316
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
 
317
        fi
246
318
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
 
319
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
 
320
                mandos-ctl
 
321
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
 
322
                mandos-monitor
247
323
        install --mode=u=rw,go=r --target-directory=$(CONFDIR) \
248
324
                mandos.conf
249
325
        install --mode=u=rw --target-directory=$(CONFDIR) \
250
326
                clients.conf
 
327
        install --mode=u=rw,go=r dbus-mandos.conf \
 
328
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
251
329
        install --mode=u=rwx,go=rx init.d-mandos \
252
330
                $(DESTDIR)/etc/init.d/mandos
 
331
        if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
 
332
                install --mode=u=rw,go=r mandos.service $(SYSTEMD); \
 
333
        fi
253
334
        install --mode=u=rw,go=r default-mandos \
254
335
                $(DESTDIR)/etc/default/mandos
255
336
        if [ -z $(DESTDIR) ]; then \
257
338
        fi
258
339
        gzip --best --to-stdout mandos.8 \
259
340
                > $(MANDIR)/man8/mandos.8.gz
 
341
        gzip --best --to-stdout mandos-monitor.8 \
 
342
                > $(MANDIR)/man8/mandos-monitor.8.gz
 
343
        gzip --best --to-stdout mandos-ctl.8 \
 
344
                > $(MANDIR)/man8/mandos-ctl.8.gz
260
345
        gzip --best --to-stdout mandos.conf.5 \
261
346
                > $(MANDIR)/man5/mandos.conf.5.gz
262
347
        gzip --best --to-stdout mandos-clients.conf.5 \
263
348
                > $(MANDIR)/man5/mandos-clients.conf.5.gz
 
349
        gzip --best --to-stdout intro.8mandos \
 
350
                > $(MANDIR)/man8/intro.8mandos.gz
264
351
 
265
352
install-client-nokey: all doc
266
 
        install --directory $(PREFIX)/lib/mandos $(CONFDIR)
 
353
        install --directory $(LIBDIR)/mandos $(CONFDIR)
267
354
        install --directory --mode=u=rwx $(KEYDIR) \
268
 
                $(PREFIX)/lib/mandos/plugins.d
269
 
        if [ "$(CONFDIR)" != "$(PREFIX)/lib/mandos" ]; then \
 
355
                $(LIBDIR)/mandos/plugins.d
 
356
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
270
357
                install --mode=u=rwx \
271
358
                        --directory "$(CONFDIR)/plugins.d"; \
272
359
        fi
 
360
        install --mode=u=rwx,go=rx --directory \
 
361
                "$(CONFDIR)/network-hooks.d"
273
362
        install --mode=u=rwx,go=rx \
274
 
                --target-directory=$(PREFIX)/lib/mandos plugin-runner
 
363
                --target-directory=$(LIBDIR)/mandos plugin-runner
275
364
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
276
365
                mandos-keygen
277
366
        install --mode=u=rwx,go=rx \
278
 
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
 
367
                --target-directory=$(LIBDIR)/mandos/plugins.d \
279
368
                plugins.d/password-prompt
280
369
        install --mode=u=rwxs,go=rx \
281
 
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
 
370
                --target-directory=$(LIBDIR)/mandos/plugins.d \
282
371
                plugins.d/mandos-client
283
372
        install --mode=u=rwxs,go=rx \
284
 
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
 
373
                --target-directory=$(LIBDIR)/mandos/plugins.d \
285
374
                plugins.d/usplash
286
375
        install --mode=u=rwxs,go=rx \
287
 
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
 
376
                --target-directory=$(LIBDIR)/mandos/plugins.d \
288
377
                plugins.d/splashy
289
378
        install --mode=u=rwxs,go=rx \
290
 
                --target-directory=$(PREFIX)/lib/mandos/plugins.d \
 
379
                --target-directory=$(LIBDIR)/mandos/plugins.d \
291
380
                plugins.d/askpass-fifo
 
381
        install --mode=u=rwxs,go=rx \
 
382
                --target-directory=$(LIBDIR)/mandos/plugins.d \
 
383
                plugins.d/plymouth
292
384
        install initramfs-tools-hook \
293
385
                $(INITRAMFSTOOLS)/hooks/mandos
294
386
        install --mode=u=rw,go=r initramfs-tools-hook-conf \
300
392
                > $(MANDIR)/man8/mandos-keygen.8.gz
301
393
        gzip --best --to-stdout plugin-runner.8mandos \
302
394
                > $(MANDIR)/man8/plugin-runner.8mandos.gz
 
395
        gzip --best --to-stdout plugins.d/mandos-client.8mandos \
 
396
                > $(MANDIR)/man8/mandos-client.8mandos.gz
303
397
        gzip --best --to-stdout plugins.d/password-prompt.8mandos \
304
398
                > $(MANDIR)/man8/password-prompt.8mandos.gz
305
 
        gzip --best --to-stdout plugins.d/mandos-client.8mandos \
306
 
                > $(MANDIR)/man8/mandos-client.8mandos.gz
307
399
        gzip --best --to-stdout plugins.d/usplash.8mandos \
308
400
                > $(MANDIR)/man8/usplash.8mandos.gz
309
401
        gzip --best --to-stdout plugins.d/splashy.8mandos \
310
402
                > $(MANDIR)/man8/splashy.8mandos.gz
311
403
        gzip --best --to-stdout plugins.d/askpass-fifo.8mandos \
312
404
                > $(MANDIR)/man8/askpass-fifo.8mandos.gz
 
405
        gzip --best --to-stdout plugins.d/plymouth.8mandos \
 
406
                > $(MANDIR)/man8/plymouth.8mandos.gz
313
407
 
314
408
install-client: install-client-nokey
315
409
# Post-installation stuff
321
415
 
322
416
uninstall-server:
323
417
        -rm --force $(PREFIX)/sbin/mandos \
 
418
                $(PREFIX)/sbin/mandos-ctl \
 
419
                $(PREFIX)/sbin/mandos-monitor \
324
420
                $(MANDIR)/man8/mandos.8.gz \
 
421
                $(MANDIR)/man8/mandos-monitor.8.gz \
 
422
                $(MANDIR)/man8/mandos-ctl.8.gz \
325
423
                $(MANDIR)/man5/mandos.conf.5.gz \
326
424
                $(MANDIR)/man5/mandos-clients.conf.5.gz
327
425
        update-rc.d -f mandos remove
333
431
        ! grep --regexp='^ *[^ #].*keyscript=[^,=]*/mandos/' \
334
432
                $(DESTDIR)/etc/crypttab
335
433
        -rm --force $(PREFIX)/sbin/mandos-keygen \
336
 
                $(PREFIX)/lib/mandos/plugin-runner \
337
 
                $(PREFIX)/lib/mandos/plugins.d/password-prompt \
338
 
                $(PREFIX)/lib/mandos/plugins.d/mandos-client \
339
 
                $(PREFIX)/lib/mandos/plugins.d/usplash \
340
 
                $(PREFIX)/lib/mandos/plugins.d/splashy \
341
 
                $(PREFIX)/lib/mandos/plugins.d/askpass-fifo \
 
434
                $(LIBDIR)/mandos/plugin-runner \
 
435
                $(LIBDIR)/mandos/plugins.d/password-prompt \
 
436
                $(LIBDIR)/mandos/plugins.d/mandos-client \
 
437
                $(LIBDIR)/mandos/plugins.d/usplash \
 
438
                $(LIBDIR)/mandos/plugins.d/splashy \
 
439
                $(LIBDIR)/mandos/plugins.d/askpass-fifo \
 
440
                $(LIBDIR)/mandos/plugins.d/plymouth \
342
441
                $(INITRAMFSTOOLS)/hooks/mandos \
343
442
                $(INITRAMFSTOOLS)/conf-hooks.d/mandos \
344
443
                $(INITRAMFSTOOLS)/scripts/init-premount/mandos \
 
444
                $(MANDIR)/man8/mandos-keygen.8.gz \
345
445
                $(MANDIR)/man8/plugin-runner.8mandos.gz \
346
 
                $(MANDIR)/man8/mandos-keygen.8.gz \
 
446
                $(MANDIR)/man8/mandos-client.8mandos.gz
347
447
                $(MANDIR)/man8/password-prompt.8mandos.gz \
348
448
                $(MANDIR)/man8/usplash.8mandos.gz \
349
449
                $(MANDIR)/man8/splashy.8mandos.gz \
350
450
                $(MANDIR)/man8/askpass-fifo.8mandos.gz \
351
 
                $(MANDIR)/man8/mandos-client.8mandos.gz
352
 
        -rmdir $(PREFIX)/lib/mandos/plugins.d $(CONFDIR)/plugins.d \
353
 
                 $(PREFIX)/lib/mandos $(CONFDIR) $(KEYDIR)
 
451
                $(MANDIR)/man8/plymouth.8mandos.gz \
 
452
        -rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
 
453
                 $(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)
354
454
        update-initramfs -k all -u
355
455
 
356
456
purge: purge-server purge-client
357
457
 
358
458
purge-server: uninstall-server
359
459
        -rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
 
460
                $(DESTDIR)/etc/dbus-1/system.d/mandos.conf
360
461
                $(DESTDIR)/etc/default/mandos \
361
462
                $(DESTDIR)/etc/init.d/mandos \
 
463
                $(SYSTEMD)/mandos.service \
 
464
                $(DESTDIR)/run/mandos.pid \
362
465
                $(DESTDIR)/var/run/mandos.pid
363
466
        -rmdir $(CONFDIR)
364
467