To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to Makefile
- browse files at revision 777
- compare with another revision
- download diff
- download tarball
- view history from revision 777
- Committer: Teddy Hogeborn
- Date: 2015-07-20 03:03:33 UTC
- Revision ID: teddy@recompile.se-20150720030333-203m2aeblypcsfte
Bug fix for GnuTLS 3: be compatible with old 2048-bit DSA keys.
The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string. This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:
SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256
* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
(/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.
The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string. This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:
SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256
* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
(/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.
- files added:
- initramfs-tools-hook-conf
- files removed:
- bugs.xml
- debian/tests
- dracut-module
- files modified:
- .bzrignore
added
removed
Makefile
1
WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
1
WARN=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
2
2
-Wmissing-include-dirs -Wswitch-default -Wswitch-enum \
3
3
-Wunused -Wuninitialized -Wstrict-overflow=5 \
4
4
-Wsuggest-attribute=pure -Wsuggest-attribute=const \
10
10
-Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
11
11
-Wredundant-decls -Wnested-externs -Winline -Wvla \
12
12
-Wvolatile-register-var -Woverlength-strings
13
14
#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)
15
## Check which sanitizing options can be used
16
#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
17
# echo 'int main(){}' | $(CC) --language=c $(option) \
18
# /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))
19
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
20
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
21
-fsanitize=shift -fsanitize=integer-divide-by-zero \
22
-fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
23
-fsanitize=return -fsanitize=signed-integer-overflow \
24
-fsanitize=bounds -fsanitize=alignment \
25
-fsanitize=object-size -fsanitize=float-divide-by-zero \
26
-fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
-fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
-fsanitize=enum -fsanitize-address-use-after-scope
29
13
#DEBUG=-ggdb3
30
14
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
FORTIFY:=-fstack-protector-all -fPIC
33
CPPFLAGS+=-D_FORTIFY_SOURCE=3
34
LINK_FORTIFY_LD:=-z relro -z now
35
LINK_FORTIFY:=
15
# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
16
FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
17
LINK_FORTIFY_LD=-z relro -z now
18
LINK_FORTIFY=
36
19
37
20
# If BROKEN_PIE is set, do not build with -pie
38
21
ifndef BROKEN_PIE
40
23
LINK_FORTIFY += -pie
41
24
endif
42
25
#COVERAGE=--coverage
43
OPTIMIZE:=-Os -fno-strict-aliasing
44
LANGUAGE:=-std=gnu11
45
CPPFLAGS+=-D_FILE_OFFSET_BITS=64 -D_TIME_BITS=64
46
htmldir:=man
47
version:=1.8.16
48
SED:=sed
49
PKG_CONFIG?=pkg-config
50
51
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
52
|| getent passwd nobody || echo 65534)))
53
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
54
|| getent group nogroup || echo 65534)))
55
56
LINUXVERSION:=$(shell uname --kernel-release)
26
OPTIMIZE=-Os -fno-strict-aliasing
27
LANGUAGE=-std=gnu11
28
htmldir=man
29
version=1.6.9
30
SED=sed
31
32
USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
33
GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nobody || echo 65534)))
57
34
58
35
## Use these settings for a traditional /usr/local install
59
# PREFIX:=$(DESTDIR)/usr/local
60
# CONFDIR:=$(DESTDIR)/etc/mandos
61
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
62
# MANDIR:=$(PREFIX)/man
63
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
64
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
65
# STATEDIR:=$(DESTDIR)/var/lib/mandos
66
# LIBDIR:=$(PREFIX)/lib
67
# DBUSPOLICYDIR:=$(DESTDIR)/etc/dbus-1/system.d
36
# PREFIX=$(DESTDIR)/usr/local
37
# CONFDIR=$(DESTDIR)/etc/mandos
38
# KEYDIR=$(DESTDIR)/etc/mandos/keys
39
# MANDIR=$(PREFIX)/man
40
# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools
41
# STATEDIR=$(DESTDIR)/var/lib/mandos
42
# LIBDIR=$(PREFIX)/lib
68
43
##
69
44
70
45
## These settings are for a package-type install
71
PREFIX:=$(DESTDIR)/usr
72
CONFDIR:=$(DESTDIR)/etc/mandos
73
KEYDIR:=$(DESTDIR)/etc/keys/mandos
74
MANDIR:=$(PREFIX)/share/man
75
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
76
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
77
STATEDIR:=$(DESTDIR)/var/lib/mandos
78
LIBDIR:=$(shell \
46
PREFIX=$(DESTDIR)/usr
47
CONFDIR=$(DESTDIR)/etc/mandos
48
KEYDIR=$(DESTDIR)/etc/keys/mandos
49
MANDIR=$(PREFIX)/share/man
50
INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools
51
STATEDIR=$(DESTDIR)/var/lib/mandos
52
LIBDIR=$(shell \
79
53
for d in \
80
"/usr/lib/`dpkg-architecture \
81
-qDEB_HOST_MULTIARCH 2>/dev/null`" \
54
"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
82
55
"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
83
56
if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
84
57
echo "$(DESTDIR)$$d"; \
85
58
break; \
86
59
fi; \
87
60
done)
88
DBUSPOLICYDIR:=$(DESTDIR)/usr/share/dbus-1/system.d
89
61
##
90
62
91
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
92
--variable=systemdsystemunitdir)
93
TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
94
--variable=tmpfilesdir)
95
SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
96
--variable=sysusersdir)
63
SYSTEMD=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
97
64
98
GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)
99
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
100
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
101
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
102
GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \
103
|| gpgme-config --cflags; getconf LFS_CFLAGS)
104
GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \
105
|| gpgme-config --libs; getconf LFS_LIBS; \
65
GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)
66
GNUTLS_LIBS=$(shell pkg-config --libs gnutls)
67
AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)
68
AVAHI_LIBS=$(shell pkg-config --libs avahi-core)
69
GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
70
GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \
106
71
getconf LFS_LDFLAGS)
107
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
108
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
109
GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)
110
GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)
72
LIBNL3_CFLAGS=$(shell pkg-config --cflags-only-I libnl-route-3.0)
73
LIBNL3_LIBS=$(shell pkg-config --libs libnl-route-3.0)
111
74
112
75
# Do not change these two
113
76
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
114
$(LANGUAGE) -DVERSION='"$(version)"'
115
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
116
) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
77
$(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) \
78
-DVERSION='"$(version)"'
79
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
117
80
118
81
# Commands to format a DocBook <refentry> document into a manual page
119
82
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
125
88
/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
126
89
$(notdir $<); \
127
90
if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
128
&& command -v man >/dev/null; then LANG=en_US.UTF-8 \
129
MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
130
$(notdir $@); fi >/dev/null)
91
&& type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \
92
man --warnings --encoding=UTF-8 --local-file $(notdir $@); \
93
fi >/dev/null)
131
94
132
95
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
133
96
--param make.year.ranges 1 \
139
102
/usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \
140
103
$<; $(HTMLPOST) $@)
141
104
# Fix citerefentry links
142
HTMLPOST:=$(SED) --in-place \
105
HTMLPOST=$(SED) --in-place \
143
106
--expression='s/\(<a class="citerefentry" href="\)\("><span class="citerefentry"><span class="refentrytitle">\)\([^<]*\)\(<\/span>(\)\([^)]*\)\()<\/span><\/a>\)/\1\3.\5\2\3\4\5\6/g'
144
107
145
PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \
108
PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \
146
109
plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
147
110
plugins.d/plymouth
148
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
149
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
150
$(PLUGIN_HELPERS)
151
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
152
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
111
PLUGIN_HELPERS=plugin-helpers/mandos-client-iprouteadddel
112
CPROGS=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)
113
PROGS=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
114
DOCS=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
153
115
mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
154
dracut-module/password-agent.8mandos \
155
116
plugins.d/mandos-client.8mandos \
156
117
plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
157
118
plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
158
119
plugins.d/plymouth.8mandos intro.8mandos
159
120
160
htmldocs:=$(addsuffix .xhtml,$(DOCS))
161
162
objects:=$(addsuffix .o,$(CPROGS))
163
164
.PHONY: all
121
htmldocs=$(addsuffix .xhtml,$(DOCS))
122
123
objects=$(addsuffix .o,$(CPROGS))
124
165
125
all: $(PROGS) mandos.lsm
166
126
167
.PHONY: doc
168
127
doc: $(DOCS)
169
128
170
.PHONY: html
171
129
html: $(htmldocs)
172
130
173
131
%.5: %.xml common.ent legalnotice.xml
232
190
overview.xml legalnotice.xml
233
191
$(DOCBOOKTOHTML)
234
192
235
dracut-module/password-agent.8mandos: \
236
dracut-module/password-agent.xml common.ent \
237
overview.xml legalnotice.xml
238
$(DOCBOOKTOMAN)
239
dracut-module/password-agent.8mandos.xhtml: \
240
dracut-module/password-agent.xml common.ent \
241
overview.xml legalnotice.xml
242
$(DOCBOOKTOHTML)
243
244
193
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
245
194
common.ent \
246
195
mandos-options.xml \
289
238
--expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
290
239
$@)
291
240
292
# Uses nested functions
293
plugin-runner: LDFLAGS += -Xlinker --no-warn-execstack
294
dracut-module/password-agent: LDFLAGS += -Xlinker --no-warn-execstack
295
plugins.d/password-prompt: LDFLAGS += -Xlinker --no-warn-execstack
296
plugins.d/mandos-client: LDFLAGS += -Xlinker --no-warn-execstack
297
plugins.d/plymouth: LDFLAGS += -Xlinker --no-warn-execstack
298
299
# Need to add the GnuTLS, Avahi and GPGME libraries
300
plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \
301
) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)
302
plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \
303
) $(AVAHI_LIBS) $(GPGME_LIBS)
304
305
# Need to add the libnl-route library
306
plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)
307
plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)
308
309
# Need to add the GLib and pthread libraries
310
dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)
311
# Note: -lpthread is unnecessary with the GNU C library 2.34 or later
312
dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread
313
314
.PHONY: clean
241
plugins.d/mandos-client: plugins.d/mandos-client.c
242
$(LINK.c) $^ -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\
243
) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@
244
245
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
246
$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
247
) $(LOADLIBES) $(LDLIBS) -o $@
248
249
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
250
check run-client run-server install install-html \
251
install-server install-client-nokey install-client uninstall \
252
uninstall-server uninstall-client purge purge-server \
253
purge-client
254
315
255
clean:
316
256
-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core
317
257
318
.PHONY: distclean
319
258
distclean: clean
320
.PHONY: mostlyclean
321
259
mostlyclean: clean
322
.PHONY: maintainer-clean
323
260
maintainer-clean: clean
324
261
-rm --force --recursive keydir confdir statedir
325
262
326
.PHONY: check
327
check: all
263
check: all
328
264
./mandos --check
329
265
./mandos-ctl --check
330
./mandos-keygen --version
331
./plugin-runner --version
332
./plugin-helpers/mandos-client-iprouteadddel --version
333
./dracut-module/password-agent --test
334
266
335
267
# Run the client with a local config and key
336
.PHONY: run-client
337
run-client: all keydir/seckey.txt keydir/pubkey.txt \
338
keydir/tls-privkey.pem keydir/tls-pubkey.pem
339
@echo '######################################################'
340
@echo '# The following error messages are harmless and can #'
341
@echo '# be safely ignored: #'
342
@echo '## From plugin-runner: #'
343
@echo '# setgid: Operation not permitted #'
344
@echo '# setuid: Operation not permitted #'
345
@echo '## From askpass-fifo: #'
346
@echo '# mkfifo: Permission denied #'
347
@echo '## From mandos-client: #'
348
@echo '# Failed to raise privileges: Operation not permi... #'
349
@echo '# Warning: network hook "*" exited with status * #'
350
@echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'
351
@echo '# Failed to bring up interface "*": Operation not... #'
352
@echo '# #'
353
@echo '# (The messages are caused by not running as root, #'
354
@echo '# but you should NOT run "make run-client" as root #'
355
@echo '# unless you also unpacked and compiled Mandos as #'
356
@echo '# root, which is also NOT recommended.) #'
357
@echo '######################################################'
268
run-client: all keydir/seckey.txt keydir/pubkey.txt
269
@echo "###################################################################"
270
@echo "# The following error messages are harmless and can be safely #"
271
@echo "# ignored. The messages are caused by not running as root, but #"
272
@echo "# you should NOT run \"make run-client\" as root unless you also #"
273
@echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"
274
@echo "# From plugin-runner: setgid: Operation not permitted #"
275
@echo "# setuid: Operation not permitted #"
276
@echo "# From askpass-fifo: mkfifo: Permission denied #"
277
@echo "# From mandos-client: #"
278
@echo "# Failed to raise privileges: Operation not permitted #"
279
@echo "# Warning: network hook \"*\" exited with status * #"
280
@echo "###################################################################"
358
281
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
359
282
./plugin-runner --plugin-dir=plugins.d \
360
283
--plugin-helper-dir=plugin-helpers \
361
284
--config-file=plugin-runner.conf \
362
--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \
285
--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \
363
286
--env-for=mandos-client:GNOME_KEYRING_CONTROL= \
364
287
$(CLIENTARGS)
365
288
366
289
# Used by run-client
367
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
290
keydir/seckey.txt keydir/pubkey.txt: mandos-keygen
368
291
install --directory keydir
369
292
./mandos-keygen --dir keydir --force
370
if ! [ -e keydir/tls-privkey.pem ]; then \
371
install --mode=u=rw /dev/null keydir/tls-privkey.pem; \
372
fi
373
if ! [ -e keydir/tls-pubkey.pem ]; then \
374
install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \
375
fi
376
293
377
294
# Run the server with a local config
378
.PHONY: run-server
379
295
run-server: confdir/mandos.conf confdir/clients.conf statedir
380
296
./mandos --debug --no-dbus --configdir=confdir \
381
297
--statedir=statedir $(SERVERARGS)
382
298
383
299
# Used by run-server
384
300
confdir/mandos.conf: mandos.conf
385
install -D --mode=u=rw,go=r $^ $@
386
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
387
install -D --mode=u=rw $< $@
301
install --directory confdir
302
install --mode=u=rw,go=r $^ $@
303
confdir/clients.conf: clients.conf keydir/seckey.txt
304
install --directory confdir
305
install --mode=u=rw $< $@
388
306
# Add a client password
389
307
./mandos-keygen --dir keydir --password --no-ssh >> $@
390
308
statedir:
391
309
install --directory statedir
392
310
393
.PHONY: install
394
311
install: install-server install-client-nokey
395
312
396
.PHONY: install-html
397
313
install-html: html
398
install -D --mode=u=rw,go=r --target-directory=$(htmldir) \
314
install --directory $(htmldir)
315
install --mode=u=rw,go=r --target-directory=$(htmldir) \
399
316
$(htmldocs)
400
317
401
.PHONY: install-server
402
318
install-server: doc
319
install --directory $(CONFDIR)
403
320
if install --directory --mode=u=rwx --owner=$(USER) \
404
321
--group=$(GROUP) $(STATEDIR); then \
405
322
:; \
406
323
elif install --directory --mode=u=rwx $(STATEDIR); then \
407
324
chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
408
325
fi
409
if [ "$(TMPFILES)" != "$(DESTDIR)" ]; then \
410
install -D --mode=u=rw,go=r tmpfiles.d-mandos.conf \
411
$(TMPFILES)/mandos.conf; \
412
fi
413
if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \
414
install -D --mode=u=rw,go=r sysusers.d-mandos.conf \
415
$(SYSUSERS)/mandos.conf; \
416
fi
417
install --directory $(PREFIX)/sbin
418
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
419
mandos
326
install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
420
327
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
421
328
mandos-ctl
422
329
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
423
330
mandos-monitor
424
install --directory $(CONFDIR)
425
331
install --mode=u=rw,go=r --target-directory=$(CONFDIR) \
426
332
mandos.conf
427
333
install --mode=u=rw --target-directory=$(CONFDIR) \
428
334
clients.conf
429
install -D --mode=u=rw,go=r dbus-mandos.conf \
430
$(DBUSPOLICYDIR)/mandos.conf
431
install -D --mode=u=rwx,go=rx init.d-mandos \
335
install --mode=u=rw,go=r dbus-mandos.conf \
336
$(DESTDIR)/etc/dbus-1/system.d/mandos.conf
337
install --mode=u=rwx,go=rx init.d-mandos \
432
338
$(DESTDIR)/etc/init.d/mandos
433
if [ "$(SYSTEMD)" != "$(DESTDIR)" ]; then \
434
install -D --mode=u=rw,go=r mandos.service \
435
$(SYSTEMD); \
339
if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
340
install --mode=u=rw,go=r mandos.service $(SYSTEMD); \
436
341
fi
437
install -D --mode=u=rw,go=r default-mandos \
342
install --mode=u=rw,go=r default-mandos \
438
343
$(DESTDIR)/etc/default/mandos
439
344
if [ -z $(DESTDIR) ]; then \
440
345
update-rc.d mandos defaults 25 15;\
441
346
fi
442
install --directory $(MANDIR)/man8 $(MANDIR)/man5
443
347
gzip --best --to-stdout mandos.8 \
444
348
> $(MANDIR)/man8/mandos.8.gz
445
349
gzip --best --to-stdout mandos-monitor.8 \
453
357
gzip --best --to-stdout intro.8mandos \
454
358
> $(MANDIR)/man8/intro.8mandos.gz
455
359
456
.PHONY: install-client-nokey
457
360
install-client-nokey: all doc
361
install --directory $(LIBDIR)/mandos $(CONFDIR)
458
362
install --directory --mode=u=rwx $(KEYDIR) \
459
363
$(LIBDIR)/mandos/plugins.d \
460
364
$(LIBDIR)/mandos/plugin-helpers
461
if [ "$(SYSUSERS)" != "$(DESTDIR)" ]; then \
462
install -D --mode=u=rw,go=r sysusers.d-mandos.conf \
463
$(SYSUSERS)/mandos-client.conf; \
464
fi
465
365
if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
466
install --directory \
467
--mode=u=rwx "$(CONFDIR)/plugins.d" \
468
"$(CONFDIR)/plugin-helpers"; \
366
install --mode=u=rwx \
367
--directory "$(CONFDIR)/plugins.d"; \
368
install --directory "$(CONFDIR)/plugin-helpers"; \
469
369
fi
470
install --directory --mode=u=rwx,go=rx \
370
install --mode=u=rwx,go=rx --directory \
471
371
"$(CONFDIR)/network-hooks.d"
472
372
install --mode=u=rwx,go=rx \
473
373
--target-directory=$(LIBDIR)/mandos plugin-runner
474
install --mode=u=rwx,go=rx \
475
--target-directory=$(LIBDIR)/mandos \
476
mandos-to-cryptroot-unlock
477
install --directory $(PREFIX)/sbin
478
374
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
479
375
mandos-keygen
480
376
install --mode=u=rwx,go=rx \
495
391
install --mode=u=rwxs,go=rx \
496
392
--target-directory=$(LIBDIR)/mandos/plugins.d \
497
393
plugins.d/plymouth
498
install --mode=u=rwx,go=rx \
394
install --mode=u=rwxs,go=rx \
499
395
--target-directory=$(LIBDIR)/mandos/plugin-helpers \
500
396
plugin-helpers/mandos-client-iprouteadddel
501
install -D initramfs-tools-hook \
397
install initramfs-tools-hook \
502
398
$(INITRAMFSTOOLS)/hooks/mandos
503
install -D --mode=u=rw,go=r initramfs-tools-conf \
504
$(INITRAMFSTOOLS)/conf.d/mandos-conf
505
install -D --mode=u=rw,go=r initramfs-tools-conf-hook \
506
$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
507
install -D initramfs-tools-script \
399
install --mode=u=rw,go=r initramfs-tools-hook-conf \
400
$(INITRAMFSTOOLS)/conf-hooks.d/mandos
401
install initramfs-tools-script \
508
402
$(INITRAMFSTOOLS)/scripts/init-premount/mandos
509
install -D initramfs-tools-script-stop \
510
$(INITRAMFSTOOLS)/scripts/local-premount/mandos
511
install -D --mode=u=rw,go=r \
512
--target-directory=$(DRACUTMODULE) \
513
dracut-module/ask-password-mandos.path \
514
dracut-module/ask-password-mandos.service
515
install --mode=u=rwxs,go=rx \
516
--target-directory=$(DRACUTMODULE) \
517
dracut-module/module-setup.sh \
518
dracut-module/cmdline-mandos.sh \
519
dracut-module/password-agent
520
403
install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
521
install --directory $(MANDIR)/man8
522
404
gzip --best --to-stdout mandos-keygen.8 \
523
405
> $(MANDIR)/man8/mandos-keygen.8.gz
524
406
gzip --best --to-stdout plugin-runner.8mandos \
535
417
> $(MANDIR)/man8/askpass-fifo.8mandos.gz
536
418
gzip --best --to-stdout plugins.d/plymouth.8mandos \
537
419
> $(MANDIR)/man8/plymouth.8mandos.gz
538
gzip --best --to-stdout dracut-module/password-agent.8mandos \
539
> $(MANDIR)/man8/password-agent.8mandos.gz
540
420
541
.PHONY: install-client
542
421
install-client: install-client-nokey
543
422
# Post-installation stuff
544
423
-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
545
if command -v update-initramfs >/dev/null; then \
546
update-initramfs -k all -u; \
547
elif command -v dracut >/dev/null; then \
548
for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
549
if [ -w "$$initrd" ]; then \
550
chmod go-r "$$initrd"; \
551
dracut --force "$$initrd"; \
552
fi; \
553
done; \
554
fi
424
update-initramfs -k all -u
555
425
echo "Now run mandos-keygen --password --dir $(KEYDIR)"
556
426
557
.PHONY: uninstall
558
427
uninstall: uninstall-server uninstall-client
559
428
560
.PHONY: uninstall-server
561
429
uninstall-server:
562
430
-rm --force $(PREFIX)/sbin/mandos \
563
431
$(PREFIX)/sbin/mandos-ctl \
570
438
update-rc.d -f mandos remove
571
439
-rmdir $(CONFDIR)
572
440
573
.PHONY: uninstall-client
574
441
uninstall-client:
575
442
# Refuse to uninstall client if /etc/crypttab is explicitly configured
576
443
# to use it.
587
454
$(INITRAMFSTOOLS)/hooks/mandos \
588
455
$(INITRAMFSTOOLS)/conf-hooks.d/mandos \
589
456
$(INITRAMFSTOOLS)/scripts/init-premount/mandos \
590
$(INITRAMFSTOOLS)/scripts/local-premount/mandos \
591
$(DRACUTMODULE)/ask-password-mandos.path \
592
$(DRACUTMODULE)/ask-password-mandos.service \
593
$(DRACUTMODULE)/module-setup.sh \
594
$(DRACUTMODULE)/cmdline-mandos.sh \
595
$(DRACUTMODULE)/password-agent \
596
457
$(MANDIR)/man8/mandos-keygen.8.gz \
597
458
$(MANDIR)/man8/plugin-runner.8mandos.gz \
598
459
$(MANDIR)/man8/mandos-client.8mandos.gz
601
462
$(MANDIR)/man8/splashy.8mandos.gz \
602
463
$(MANDIR)/man8/askpass-fifo.8mandos.gz \
603
464
$(MANDIR)/man8/plymouth.8mandos.gz \
604
$(MANDIR)/man8/password-agent.8mandos.gz \
605
465
-rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
606
$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
607
if command -v update-initramfs >/dev/null; then \
608
update-initramfs -k all -u; \
609
elif command -v dracut >/dev/null; then \
610
for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
611
test -w "$$initrd" && dracut --force "$$initrd"; \
612
done; \
613
fi
466
$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)
467
update-initramfs -k all -u
614
468
615
.PHONY: purge
616
469
purge: purge-server purge-client
617
470
618
.PHONY: purge-server
619
471
purge-server: uninstall-server
620
472
-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
621
473
$(DESTDIR)/etc/dbus-1/system.d/mandos.conf
622
474
$(DESTDIR)/etc/default/mandos \
623
475
$(DESTDIR)/etc/init.d/mandos \
476
$(SYSTEMD)/mandos.service \
624
477
$(DESTDIR)/run/mandos.pid \
625
478
$(DESTDIR)/var/run/mandos.pid
626
if [ "$(SYSTEMD)" != "$(DESTDIR)" -a -d "$(SYSTEMD)" ]; then \
627
-rm --force -- $(SYSTEMD)/mandos.service; \
628
fi
629
479
-rmdir $(CONFDIR)
630
480
631
.PHONY: purge-client
632
481
purge-client: uninstall-client
633
-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
482
-shred --remove $(KEYDIR)/seckey.txt
634
483
-rm --force $(CONFDIR)/plugin-runner.conf \
635
$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \
636
$(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt
484
$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt
637
485
-rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0