To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to Makefile
- browse files at revision 833
- compare with another revision
- download diff
- download tarball
- view history from revision 833
- Committer: Teddy Hogeborn
- Date: 2016-03-17 20:40:55 UTC
- Revision ID: teddy@recompile.se-20160317204055-bhsh5xsidq7w5cxu
Client: Fix plymouth agent; broken since 1.7.2.
Fix an very old memory bug in the plymouth agent (which has been
present since its apperance in version 1.2), but which was only
recently detected at run time due to the new -fsanitize=address
compile- time flag, which has been used since version 1.7.2. This
detection of a memory access violation causes the program to abort,
making the Plymouth graphical boot system unable to accept interactive
input of passwords when using the Mandos client.
* plugins.d/plymouth.c (exec_and_wait): Fix memory allocation bug when
allocating new_argv. Also tolerate a zero-length argv.
Fix an very old memory bug in the plymouth agent (which has been
present since its apperance in version 1.2), but which was only
recently detected at run time due to the new -fsanitize=address
compile- time flag, which has been used since version 1.7.2. This
detection of a memory access violation causes the program to abort,
making the Plymouth graphical boot system unable to accept interactive
input of passwords when using the Mandos client.
* plugins.d/plymouth.c (exec_and_wait): Fix memory allocation bug when
allocating new_argv. Also tolerate a zero-length argv.
- files added:
- initramfs-tools-hook-conf
- files removed:
- debian/mandos-client.templates
- debian/tests
- dracut-module
- files modified:
- .bzrignore
added
removed
Makefile
1
WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
1
WARN=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \
2
2
-Wmissing-include-dirs -Wswitch-default -Wswitch-enum \
3
3
-Wunused -Wuninitialized -Wstrict-overflow=5 \
4
4
-Wsuggest-attribute=pure -Wsuggest-attribute=const \
10
10
-Wmissing-format-attribute -Wnormalized=nfc -Wpacked \
11
11
-Wredundant-decls -Wnested-externs -Winline -Wvla \
12
12
-Wvolatile-register-var -Woverlength-strings
13
14
#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)
15
## Check which sanitizing options can be used
16
#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
17
# echo 'int main(){}' | $(CC) --language=c $(option) \
18
# /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))
13
#DEBUG=-ggdb3
14
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
15
# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
16
FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
19
17
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
20
ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \
18
ALL_SANITIZE_OPTIONS:=-fsanitize=address -fsanitize=undefined \
21
19
-fsanitize=shift -fsanitize=integer-divide-by-zero \
22
20
-fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
23
21
-fsanitize=return -fsanitize=signed-integer-overflow \
25
23
-fsanitize=object-size -fsanitize=float-divide-by-zero \
26
24
-fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
27
25
-fsanitize=returns-nonnull-attribute -fsanitize=bool \
28
-fsanitize=enum -fsanitize-address-use-after-scope
29
30
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
31
# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
32
FORTIFY:=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
33
LINK_FORTIFY_LD:=-z relro -z now
34
LINK_FORTIFY:=
26
-fsanitize=enum
27
# Check which sanitizing options can be used
28
SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
29
echo 'int main(){}' | $(CC) --language=c $(option) /dev/stdin \
30
-o /dev/null >/dev/null 2>&1 && echo $(option)))
31
LINK_FORTIFY_LD=-z relro -z now
32
LINK_FORTIFY=
35
33
36
34
# If BROKEN_PIE is set, do not build with -pie
37
35
ifndef BROKEN_PIE
39
37
LINK_FORTIFY += -pie
40
38
endif
41
39
#COVERAGE=--coverage
42
OPTIMIZE:=-Os -fno-strict-aliasing
43
LANGUAGE:=-std=gnu11
44
htmldir:=man
45
version:=1.8.5
46
SED:=sed
47
PKG_CONFIG?=pkg-config
48
49
USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \
50
|| getent passwd nobody || echo 65534)))
51
GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \
52
|| getent group nogroup || echo 65534)))
53
54
LINUXVERSION:=$(shell uname --kernel-release)
40
OPTIMIZE=-Os -fno-strict-aliasing
41
LANGUAGE=-std=gnu11
42
htmldir=man
43
version=1.7.6
44
SED=sed
45
46
USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
47
GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nogroup || echo 65534)))
55
48
56
49
## Use these settings for a traditional /usr/local install
57
# PREFIX:=$(DESTDIR)/usr/local
58
# CONFDIR:=$(DESTDIR)/etc/mandos
59
# KEYDIR:=$(DESTDIR)/etc/mandos/keys
60
# MANDIR:=$(PREFIX)/man
61
# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools
62
# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
63
# STATEDIR:=$(DESTDIR)/var/lib/mandos
64
# LIBDIR:=$(PREFIX)/lib
50
# PREFIX=$(DESTDIR)/usr/local
51
# CONFDIR=$(DESTDIR)/etc/mandos
52
# KEYDIR=$(DESTDIR)/etc/mandos/keys
53
# MANDIR=$(PREFIX)/man
54
# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools
55
# STATEDIR=$(DESTDIR)/var/lib/mandos
56
# LIBDIR=$(PREFIX)/lib
65
57
##
66
58
67
59
## These settings are for a package-type install
68
PREFIX:=$(DESTDIR)/usr
69
CONFDIR:=$(DESTDIR)/etc/mandos
70
KEYDIR:=$(DESTDIR)/etc/keys/mandos
71
MANDIR:=$(PREFIX)/share/man
72
INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools
73
DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos
74
STATEDIR:=$(DESTDIR)/var/lib/mandos
75
LIBDIR:=$(shell \
60
PREFIX=$(DESTDIR)/usr
61
CONFDIR=$(DESTDIR)/etc/mandos
62
KEYDIR=$(DESTDIR)/etc/keys/mandos
63
MANDIR=$(PREFIX)/share/man
64
INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools
65
STATEDIR=$(DESTDIR)/var/lib/mandos
66
LIBDIR=$(shell \
76
67
for d in \
77
"/usr/lib/`dpkg-architecture \
78
-qDEB_HOST_MULTIARCH 2>/dev/null`" \
68
"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \
79
69
"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \
80
70
if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \
81
71
echo "$(DESTDIR)$$d"; \
84
74
done)
85
75
##
86
76
87
SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
88
--variable=systemdsystemunitdir)
89
TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \
90
--variable=tmpfilesdir)
77
SYSTEMD=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
91
78
92
GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)
93
GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)
94
AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)
95
AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)
96
GPGME_CFLAGS:=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
97
GPGME_LIBS:=$(shell gpgme-config --libs; getconf LFS_LIBS; \
79
GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)
80
GNUTLS_LIBS=$(shell pkg-config --libs gnutls)
81
AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)
82
AVAHI_LIBS=$(shell pkg-config --libs avahi-core)
83
GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
84
GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \
98
85
getconf LFS_LDFLAGS)
99
LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)
100
LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)
101
GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)
102
GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)
86
LIBNL3_CFLAGS=$(shell pkg-config --cflags-only-I libnl-route-3.0)
87
LIBNL3_LIBS=$(shell pkg-config --libs libnl-route-3.0)
103
88
104
89
# Do not change these two
105
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) \
106
$(OPTIMIZE) $(LANGUAGE) -DVERSION='"$(version)"'
107
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \
108
) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
90
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(SANITIZE) $(COVERAGE) \
91
$(OPTIMIZE) $(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) \
92
$(GPGME_CFLAGS) -DVERSION='"$(version)"'
93
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
109
94
110
95
# Commands to format a DocBook <refentry> document into a manual page
111
96
DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \
117
102
/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \
118
103
$(notdir $<); \
119
104
if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \
120
&& command -v man >/dev/null; then LANG=en_US.UTF-8 \
121
MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \
122
$(notdir $@); fi >/dev/null)
105
&& type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \
106
man --warnings --encoding=UTF-8 --local-file $(notdir $@); \
107
fi >/dev/null)
123
108
124
109
DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \
125
110
--param make.year.ranges 1 \
131
116
/usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \
132
117
$<; $(HTMLPOST) $@)
133
118
# Fix citerefentry links
134
HTMLPOST:=$(SED) --in-place \
119
HTMLPOST=$(SED) --in-place \
135
120
--expression='s/\(<a class="citerefentry" href="\)\("><span class="citerefentry"><span class="refentrytitle">\)\([^<]*\)\(<\/span>(\)\([^)]*\)\()<\/span><\/a>\)/\1\3.\5\2\3\4\5\6/g'
136
121
137
PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \
122
PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \
138
123
plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
139
124
plugins.d/plymouth
140
PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel
141
CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \
142
$(PLUGIN_HELPERS)
143
PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
144
DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
125
PLUGIN_HELPERS=plugin-helpers/mandos-client-iprouteadddel
126
CPROGS=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)
127
PROGS=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
128
DOCS=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
145
129
mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
146
dracut-module/password-agent.8mandos \
147
130
plugins.d/mandos-client.8mandos \
148
131
plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \
149
132
plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \
150
133
plugins.d/plymouth.8mandos intro.8mandos
151
134
152
htmldocs:=$(addsuffix .xhtml,$(DOCS))
135
htmldocs=$(addsuffix .xhtml,$(DOCS))
153
136
154
objects:=$(addsuffix .o,$(CPROGS))
137
objects=$(addsuffix .o,$(CPROGS))
155
138
156
139
all: $(PROGS) mandos.lsm
157
140
221
204
overview.xml legalnotice.xml
222
205
$(DOCBOOKTOHTML)
223
206
224
dracut-module/password-agent.8mandos: \
225
dracut-module/password-agent.xml common.ent \
226
overview.xml legalnotice.xml
227
$(DOCBOOKTOMAN)
228
dracut-module/password-agent.8mandos.xhtml: \
229
dracut-module/password-agent.xml common.ent \
230
overview.xml legalnotice.xml
231
$(DOCBOOKTOHTML)
232
233
207
plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \
234
208
common.ent \
235
209
mandos-options.xml \
278
252
--expression='s/\(mandos_\)[0-9.]\+\(\.orig\.tar\.gz\)/\1$(version)\2/' \
279
253
$@)
280
254
281
# Need to add the GnuTLS, Avahi and GPGME libraries
282
255
plugins.d/mandos-client: plugins.d/mandos-client.c
283
$(LINK.c) $^ $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(strip\
284
) $(GPGME_CFLAGS) $(GNUTLS_LIBS) $(strip\
285
) $(AVAHI_LIBS) $(GPGME_LIBS) $(LOADLIBES) $(strip\
286
) $(LDLIBS) -o $@
256
$(LINK.c) $^ -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\
257
) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@
287
258
288
# Need to add the libnl-route library
289
259
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
290
260
$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
291
261
) $(LOADLIBES) $(LDLIBS) -o $@
292
262
293
# Need to add the GLib and pthread libraries
294
dracut-module/password-agent: dracut-module/password-agent.c
295
$(LINK.c) $(GLIB_CFLAGS) $^ $(GLIB_LIBS) -lpthread $(strip\
296
) $(LOADLIBES) $(LDLIBS) -o $@
297
298
263
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
299
264
check run-client run-server install install-html \
300
265
install-server install-client-nokey install-client uninstall \
309
274
maintainer-clean: clean
310
275
-rm --force --recursive keydir confdir statedir
311
276
312
check: all
277
check: all
313
278
./mandos --check
314
279
./mandos-ctl --check
315
./mandos-keygen --version
316
./plugin-runner --version
317
./plugin-helpers/mandos-client-iprouteadddel --version
318
./dracut-module/password-agent --test
319
280
320
281
# Run the client with a local config and key
321
run-client: all keydir/seckey.txt keydir/pubkey.txt \
322
keydir/tls-privkey.pem keydir/tls-pubkey.pem
323
@echo '######################################################'
324
@echo '# The following error messages are harmless and can #'
325
@echo '# be safely ignored: #'
326
@echo '## From plugin-runner: #'
327
@echo '# setgid: Operation not permitted #'
328
@echo '# setuid: Operation not permitted #'
329
@echo '## From askpass-fifo: #'
330
@echo '# mkfifo: Permission denied #'
331
@echo '## From mandos-client: #'
332
@echo '# Failed to raise privileges: Operation not permi... #'
333
@echo '# Warning: network hook "*" exited with status * #'
334
@echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'
335
@echo '# Failed to bring up interface "*": Operation not... #'
336
@echo '# #'
337
@echo '# (The messages are caused by not running as root, #'
338
@echo '# but you should NOT run "make run-client" as root #'
339
@echo '# unless you also unpacked and compiled Mandos as #'
340
@echo '# root, which is also NOT recommended.) #'
341
@echo '######################################################'
282
run-client: all keydir/seckey.txt keydir/pubkey.txt
283
@echo "###################################################################"
284
@echo "# The following error messages are harmless and can be safely #"
285
@echo "# ignored. The messages are caused by not running as root, but #"
286
@echo "# you should NOT run \"make run-client\" as root unless you also #"
287
@echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"
288
@echo "# From plugin-runner: setgid: Operation not permitted #"
289
@echo "# setuid: Operation not permitted #"
290
@echo "# From askpass-fifo: mkfifo: Permission denied #"
291
@echo "# From mandos-client: #"
292
@echo "# Failed to raise privileges: Operation not permitted #"
293
@echo "# Warning: network hook \"*\" exited with status * #"
294
@echo "###################################################################"
342
295
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
343
296
./plugin-runner --plugin-dir=plugins.d \
344
297
--plugin-helper-dir=plugin-helpers \
345
298
--config-file=plugin-runner.conf \
346
--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \
299
--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \
347
300
--env-for=mandos-client:GNOME_KEYRING_CONTROL= \
348
301
$(CLIENTARGS)
349
302
350
303
# Used by run-client
351
keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen
304
keydir/seckey.txt keydir/pubkey.txt: mandos-keygen
352
305
install --directory keydir
353
306
./mandos-keygen --dir keydir --force
354
307
361
314
confdir/mandos.conf: mandos.conf
362
315
install --directory confdir
363
316
install --mode=u=rw,go=r $^ $@
364
confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem
317
confdir/clients.conf: clients.conf keydir/seckey.txt
365
318
install --directory confdir
366
319
install --mode=u=rw $< $@
367
320
# Add a client password
384
337
elif install --directory --mode=u=rwx $(STATEDIR); then \
385
338
chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
386
339
fi
387
if [ "$(TMPFILES)" != "$(DESTDIR)" \
388
-a -d "$(TMPFILES)" ]; then \
389
install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
390
$(TMPFILES)/mandos.conf; \
391
fi
392
340
install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
393
341
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
394
342
mandos-ctl
430
378
$(LIBDIR)/mandos/plugin-helpers
431
379
if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
432
380
install --mode=u=rwx \
433
--directory "$(CONFDIR)/plugins.d" \
434
"$(CONFDIR)/plugin-helpers"; \
381
--directory "$(CONFDIR)/plugins.d"; \
382
install --directory "$(CONFDIR)/plugin-helpers"; \
435
383
fi
436
384
install --mode=u=rwx,go=rx --directory \
437
385
"$(CONFDIR)/network-hooks.d"
438
386
install --mode=u=rwx,go=rx \
439
387
--target-directory=$(LIBDIR)/mandos plugin-runner
440
install --mode=u=rwx,go=rx \
441
--target-directory=$(LIBDIR)/mandos \
442
mandos-to-cryptroot-unlock
443
388
install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
444
389
mandos-keygen
445
390
install --mode=u=rwx,go=rx \
460
405
install --mode=u=rwxs,go=rx \
461
406
--target-directory=$(LIBDIR)/mandos/plugins.d \
462
407
plugins.d/plymouth
463
install --mode=u=rwx,go=rx \
408
install --mode=u=rwxs,go=rx \
464
409
--target-directory=$(LIBDIR)/mandos/plugin-helpers \
465
410
plugin-helpers/mandos-client-iprouteadddel
466
411
install initramfs-tools-hook \
467
412
$(INITRAMFSTOOLS)/hooks/mandos
468
install --mode=u=rw,go=r initramfs-tools-conf \
469
$(INITRAMFSTOOLS)/conf.d/mandos-conf
470
install --mode=u=rw,go=r initramfs-tools-conf-hook \
471
$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos
413
install --mode=u=rw,go=r initramfs-tools-hook-conf \
414
$(INITRAMFSTOOLS)/conf-hooks.d/mandos
472
415
install initramfs-tools-script \
473
416
$(INITRAMFSTOOLS)/scripts/init-premount/mandos
474
install initramfs-tools-script-stop \
475
$(INITRAMFSTOOLS)/scripts/local-premount/mandos
476
install --directory $(DRACUTMODULE)
477
install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \
478
dracut-module/ask-password-mandos.path \
479
dracut-module/ask-password-mandos.service
480
install --mode=u=rwxs,go=rx \
481
--target-directory=$(DRACUTMODULE) \
482
dracut-module/module-setup.sh \
483
dracut-module/cmdline-mandos.sh \
484
dracut-module/password-agent
485
417
install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)
486
418
gzip --best --to-stdout mandos-keygen.8 \
487
419
> $(MANDIR)/man8/mandos-keygen.8.gz
499
431
> $(MANDIR)/man8/askpass-fifo.8mandos.gz
500
432
gzip --best --to-stdout plugins.d/plymouth.8mandos \
501
433
> $(MANDIR)/man8/plymouth.8mandos.gz
502
gzip --best --to-stdout dracut-module/password-agent.8mandos \
503
> $(MANDIR)/man8/password-agent.8mandos.gz
504
434
505
435
install-client: install-client-nokey
506
436
# Post-installation stuff
507
437
-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"
508
if command -v update-initramfs >/dev/null; then \
509
update-initramfs -k all -u; \
510
elif command -v dracut >/dev/null; then \
511
for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
512
if [ -w "$$initrd" ]; then \
513
chmod go-r "$$initrd"; \
514
dracut --force "$$initrd"; \
515
fi; \
516
done; \
517
fi
438
update-initramfs -k all -u
518
439
echo "Now run mandos-keygen --password --dir $(KEYDIR)"
519
440
520
441
uninstall: uninstall-server uninstall-client
547
468
$(INITRAMFSTOOLS)/hooks/mandos \
548
469
$(INITRAMFSTOOLS)/conf-hooks.d/mandos \
549
470
$(INITRAMFSTOOLS)/scripts/init-premount/mandos \
550
$(INITRAMFSTOOLS)/scripts/local-premount/mandos \
551
$(DRACUTMODULE)/ask-password-mandos.path \
552
$(DRACUTMODULE)/ask-password-mandos.service \
553
$(DRACUTMODULE)/module-setup.sh \
554
$(DRACUTMODULE)/cmdline-mandos.sh \
555
$(DRACUTMODULE)/password-agent \
556
471
$(MANDIR)/man8/mandos-keygen.8.gz \
557
472
$(MANDIR)/man8/plugin-runner.8mandos.gz \
558
473
$(MANDIR)/man8/mandos-client.8mandos.gz
561
476
$(MANDIR)/man8/splashy.8mandos.gz \
562
477
$(MANDIR)/man8/askpass-fifo.8mandos.gz \
563
478
$(MANDIR)/man8/plymouth.8mandos.gz \
564
$(MANDIR)/man8/password-agent.8mandos.gz \
565
479
-rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \
566
$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)
567
if command -v update-initramfs >/dev/null; then \
568
update-initramfs -k all -u; \
569
elif command -v dracut >/dev/null; then \
570
for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \
571
test -w "$$initrd" && dracut --force "$$initrd"; \
572
done; \
573
fi
480
$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)
481
update-initramfs -k all -u
574
482
575
483
purge: purge-server purge-client
576
484
585
493
-rmdir $(CONFDIR)
586
494
587
495
purge-client: uninstall-client
588
-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem
496
-shred --remove $(KEYDIR)/seckey.txt
589
497
-rm --force $(CONFDIR)/plugin-runner.conf \
590
$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \
591
$(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt
498
$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt
592
499
-rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0