/mandos/trunk : revision 833

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

Committer: Teddy Hogeborn
Date: 2016-03-17 20:40:55 UTC
Revision ID: teddy@recompile.se-20160317204055-bhsh5xsidq7w5cxu

Client: Fix plymouth agent; broken since 1.7.2.

Fix an very old memory bug in the plymouth agent (which has been
present since its apperance in version 1.2), but which was only
recently detected at run time due to the new -fsanitize=address
compile- time flag, which has been used since version 1.7.2. This
detection of a memory access violation causes the program to abort,
making the Plymouth graphical boot system unable to accept interactive
input of passwords when using the Mandos client.

* plugins.d/plymouth.c (exec_and_wait): Fix memory allocation bug when
allocating new_argv. Also tolerate a zero-length argv.

files added:
initramfs-tools-hook-conf

files removed:
debian/mandos-client.templates

debian/mandos.templates

debian/po/POTFILES.in

debian/po/de.po

debian/po/en_US.po

debian/po/es.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/pt_BR.po

debian/po/sv.po

debian/po/templates.pot

debian/source/lintian-overrides

debian/tests

debian/tests/control

debian/upstream/metadata

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-script-stop

mandos-to-cryptroot-unlock

sysusers.d-mandos.conf

tmpfiles.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

overview.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

Makefile

WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \

WARN=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \

-Wmissing-include-dirs -Wswitch-default -Wswitch-enum \

-Wunused -Wuninitialized -Wstrict-overflow=5 \

-Wsuggest-attribute=pure -Wsuggest-attribute=const \

-Wmissing-format-attribute -Wnormalized=nfc -Wpacked \

-Wredundant-decls -Wnested-externs -Winline -Wvla \

-Wvolatile-register-var -Woverlength-strings

#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)

## Check which sanitizing options can be used

#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \

# echo 'int main(){}' | $(CC) --language=c $(option) \

# /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))

#DEBUG=-ggdb3

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC

# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>

ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \

ALL_SANITIZE_OPTIONS:=-fsanitize=address -fsanitize=undefined \

-fsanitize=shift -fsanitize=integer-divide-by-zero \

-fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \

-fsanitize=return -fsanitize=signed-integer-overflow \

-fsanitize=object-size -fsanitize=float-divide-by-zero \

-fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \

-fsanitize=returns-nonnull-attribute -fsanitize=bool \

-fsanitize=enum -fsanitize-address-use-after-scope

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY:=-fstack-protector-all -fPIC

CPPFLAGS+=-D_FORTIFY_SOURCE=3

LINK_FORTIFY_LD:=-z relro -z now

LINK_FORTIFY:=

-fsanitize=enum

# Check which sanitizing options can be used

SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \

echo 'int main(){}' | $(CC) --language=c $(option) /dev/stdin \

-o /dev/null >/dev/null 2>&1 && echo $(option)))

LINK_FORTIFY_LD=-z relro -z now

LINK_FORTIFY=

# If BROKEN_PIE is set, do not build with -pie

ifndef BROKEN_PIE

LINK_FORTIFY += -pie

endif

#COVERAGE=--coverage

OPTIMIZE:=-Os -fno-strict-aliasing

LANGUAGE:=-std=gnu11

CPPFLAGS+=-D_FILE_OFFSET_BITS=64

htmldir:=man

version:=1.8.16

SED:=sed

PKG_CONFIG?=pkg-config

USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \

|| getent passwd nobody || echo 65534)))

GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \

|| getent group nogroup || echo 65534)))

LINUXVERSION:=$(shell uname --kernel-release)

OPTIMIZE=-Os -fno-strict-aliasing

LANGUAGE=-std=gnu11

htmldir=man

version=1.7.6

SED=sed

USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))

GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nogroup || echo 65534)))

## Use these settings for a traditional /usr/local install

# PREFIX:=$(DESTDIR)/usr/local

# CONFDIR:=$(DESTDIR)/etc/mandos

# KEYDIR:=$(DESTDIR)/etc/mandos/keys

# MANDIR:=$(PREFIX)/man

# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools

# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos

# STATEDIR:=$(DESTDIR)/var/lib/mandos

# LIBDIR:=$(PREFIX)/lib

# PREFIX=$(DESTDIR)/usr/local

# CONFDIR=$(DESTDIR)/etc/mandos

# KEYDIR=$(DESTDIR)/etc/mandos/keys

# MANDIR=$(PREFIX)/man

# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools

# STATEDIR=$(DESTDIR)/var/lib/mandos

# LIBDIR=$(PREFIX)/lib

## These settings are for a package-type install

PREFIX:=$(DESTDIR)/usr

CONFDIR:=$(DESTDIR)/etc/mandos

KEYDIR:=$(DESTDIR)/etc/keys/mandos

MANDIR:=$(PREFIX)/share/man

INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools

DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos

STATEDIR:=$(DESTDIR)/var/lib/mandos

LIBDIR:=$(shell \

PREFIX=$(DESTDIR)/usr

CONFDIR=$(DESTDIR)/etc/mandos

KEYDIR=$(DESTDIR)/etc/keys/mandos

MANDIR=$(PREFIX)/share/man

INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools

STATEDIR=$(DESTDIR)/var/lib/mandos

LIBDIR=$(shell \

for d in \

"/usr/lib/`dpkg-architecture \

-qDEB_HOST_MULTIARCH 2>/dev/null`" \

"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \

"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \

if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \

echo "$(DESTDIR)$$d"; \

done)

SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=systemdsystemunitdir)

TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=tmpfilesdir)

SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=sysusersdir)

SYSTEMD=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)

GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)

GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)

AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)

AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)

100

GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \

101

|| gpgme-config --cflags; getconf LFS_CFLAGS)

102

GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \

103

|| gpgme-config --libs; getconf LFS_LIBS; \

GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)

GNUTLS_LIBS=$(shell pkg-config --libs gnutls)

AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)

AVAHI_LIBS=$(shell pkg-config --libs avahi-core)

GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)

GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \

104

getconf LFS_LDFLAGS)

105

LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)

106

LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)

107

GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)

108

GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)

LIBNL3_CFLAGS=$(shell pkg-config --cflags-only-I libnl-route-3.0)

LIBNL3_LIBS=$(shell pkg-config --libs libnl-route-3.0)

109

110

# Do not change these two

111

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

112

$(LANGUAGE) -DVERSION='"$(version)"'

113

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \

114

) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(SANITIZE) $(COVERAGE) \

$(OPTIMIZE) $(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) \

$(GPGME_CFLAGS) -DVERSION='"$(version)"'

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

115

116

# Commands to format a DocBook <refentry> document into a manual page

117

DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \

123

102

/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \

124

103

$(notdir $<); \

125

104

if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \

126

&& command -v man >/dev/null; then LANG=en_US.UTF-8 \

127

MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \

128

$(notdir $@); fi >/dev/null)

105

&& type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \

106

man --warnings --encoding=UTF-8 --local-file $(notdir $@); \

107

fi >/dev/null)

129

108

130

109

DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \

131

110

--param make.year.ranges 1 \

137

116

/usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \

138

117

$<; $(HTMLPOST) $@)

139

118

# Fix citerefentry links

140

HTMLPOST:=$(SED) --in-place \

119

HTMLPOST=$(SED) --in-place \

141

120

--expression='s/$<a class="citerefentry" href="$$"><span class="citerefentry"><span class="refentrytitle">$$[^<]*$$<\/span>($$[^)]*$$)<\/span><\/a>$/\1\3.\5\2\3\4\5\6/g'

142

121

143

PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \

122

PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \

144

123

plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \

145

124

plugins.d/plymouth

146

PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel

147

CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \

148

$(PLUGIN_HELPERS)

149

PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)

150

DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \

125

PLUGIN_HELPERS=plugin-helpers/mandos-client-iprouteadddel

126

CPROGS=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)

127

PROGS=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)

128

DOCS=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \

151

129

mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \

152

dracut-module/password-agent.8mandos \

153

130

plugins.d/mandos-client.8mandos \

154

131

plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \

155

132

plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \

156

133

plugins.d/plymouth.8mandos intro.8mandos

157

134

158

htmldocs:=$(addsuffix .xhtml,$(DOCS))

159

160

objects:=$(addsuffix .o,$(CPROGS))

161

162

.PHONY: all

135

htmldocs=$(addsuffix .xhtml,$(DOCS))

136

137

objects=$(addsuffix .o,$(CPROGS))

138

163

139

all: $(PROGS) mandos.lsm

164

140

165

.PHONY: doc

166

141

doc: $(DOCS)

167

142

168

.PHONY: html

169

143

html: $(htmldocs)

170

144

171

145

%.5: %.xml common.ent legalnotice.xml

230

204

overview.xml legalnotice.xml

231

205

$(DOCBOOKTOHTML)

232

206

233

dracut-module/password-agent.8mandos: \

234

dracut-module/password-agent.xml common.ent \

235

overview.xml legalnotice.xml

236

$(DOCBOOKTOMAN)

237

dracut-module/password-agent.8mandos.xhtml: \

238

dracut-module/password-agent.xml common.ent \

239

overview.xml legalnotice.xml

240

$(DOCBOOKTOHTML)

241

242

207

plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \

243

208

common.ent \

244

209

mandos-options.xml \

287

252

--expression='s/$mandos_$[0-9.]\+$\.orig\.tar\.gz$/\1$(version)\2/' \

288

253

$@)

289

254

290

# Need to add the GnuTLS, Avahi and GPGME libraries

291

plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \

292

) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)

293

plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \

294

) $(AVAHI_LIBS) $(GPGME_LIBS)

295

296

# Need to add the libnl-route library

297

plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)

298

plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)

299

300

# Need to add the GLib and pthread libraries

301

dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)

302

# Note: -lpthread is unnecessary with the GNU C library 2.34 or later

303

dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread

304

305

.PHONY: clean

255

plugins.d/mandos-client: plugins.d/mandos-client.c

256

$(LINK.c) $^ -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\

257

) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@

258

259

plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c

260

$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\

261

) $(LOADLIBES) $(LDLIBS) -o $@

262

263

.PHONY : all doc html clean distclean mostlyclean maintainer-clean \

264

check run-client run-server install install-html \

265

install-server install-client-nokey install-client uninstall \

266

uninstall-server uninstall-client purge purge-server \

267

purge-client

268

306

269

clean:

307

270

-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core

308

271

309

.PHONY: distclean

310

272

distclean: clean

311

.PHONY: mostlyclean

312

273

mostlyclean: clean

313

.PHONY: maintainer-clean

314

274

maintainer-clean: clean

315

275

-rm --force --recursive keydir confdir statedir

316

276

317

.PHONY: check

318

check: all

277

check: all

319

278

./mandos --check

320

279

./mandos-ctl --check

321

./mandos-keygen --version

322

./plugin-runner --version

323

./plugin-helpers/mandos-client-iprouteadddel --version

324

./dracut-module/password-agent --test

325

280

326

281

# Run the client with a local config and key

327

.PHONY: run-client

328

run-client: all keydir/seckey.txt keydir/pubkey.txt \

329

keydir/tls-privkey.pem keydir/tls-pubkey.pem

330

@echo '######################################################'

331

@echo '# The following error messages are harmless and can #'

332

@echo '# be safely ignored: #'

333

@echo '## From plugin-runner: #'

334

@echo '# setgid: Operation not permitted #'

335

@echo '# setuid: Operation not permitted #'

336

@echo '## From askpass-fifo: #'

337

@echo '# mkfifo: Permission denied #'

338

@echo '## From mandos-client: #'

339

@echo '# Failed to raise privileges: Operation not permi... #'

340

@echo '# Warning: network hook "*" exited with status * #'

341

@echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'

342

@echo '# Failed to bring up interface "*": Operation not... #'

343

@echo '# #'

344

@echo '# (The messages are caused by not running as root, #'

345

@echo '# but you should NOT run "make run-client" as root #'

346

@echo '# unless you also unpacked and compiled Mandos as #'

347

@echo '# root, which is also NOT recommended.) #'

348

@echo '######################################################'

282

run-client: all keydir/seckey.txt keydir/pubkey.txt

283

@echo "###################################################################"

284

@echo "# The following error messages are harmless and can be safely #"

285

@echo "# ignored. The messages are caused by not running as root, but #"

286

@echo "# you should NOT run \"make run-client\" as root unless you also #"

287

@echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"

288

@echo "# From plugin-runner: setgid: Operation not permitted #"

289

@echo "# setuid: Operation not permitted #"

290

@echo "# From askpass-fifo: mkfifo: Permission denied #"

291

@echo "# From mandos-client: #"

292

@echo "# Failed to raise privileges: Operation not permitted #"

293

@echo "# Warning: network hook \"*\" exited with status * #"

294

@echo "###################################################################"

349

295

# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring

350

296

./plugin-runner --plugin-dir=plugins.d \

351

297

--plugin-helper-dir=plugin-helpers \

352

298

--config-file=plugin-runner.conf \

353

--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \

299

--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \

354

300

--env-for=mandos-client:GNOME_KEYRING_CONTROL= \

355

301

$(CLIENTARGS)

356

302

357

303

# Used by run-client

358

keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen

304

keydir/seckey.txt keydir/pubkey.txt: mandos-keygen

359

305

install --directory keydir

360

306

./mandos-keygen --dir keydir --force

361

if ! [ -e keydir/tls-privkey.pem ]; then \

362

install --mode=u=rw /dev/null keydir/tls-privkey.pem; \

363

364

if ! [ -e keydir/tls-pubkey.pem ]; then \

365

install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \

366

367

307

368

308

# Run the server with a local config

369

.PHONY: run-server

370

309

run-server: confdir/mandos.conf confdir/clients.conf statedir

371

310

./mandos --debug --no-dbus --configdir=confdir \

372

311

--statedir=statedir $(SERVERARGS)

375

314

confdir/mandos.conf: mandos.conf

376

315

install --directory confdir

377

316

install --mode=u=rw,go=r $^ $@

378

confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem

317

confdir/clients.conf: clients.conf keydir/seckey.txt

379

318

install --directory confdir

380

319

install --mode=u=rw $< $@

381

320

# Add a client password

383

322

statedir:

384

323

install --directory statedir

385

324

386

.PHONY: install

387

325

install: install-server install-client-nokey

388

326

389

.PHONY: install-html

390

327

install-html: html

391

328

install --directory $(htmldir)

392

329

install --mode=u=rw,go=r --target-directory=$(htmldir) \

393

330

$(htmldocs)

394

331

395

.PHONY: install-server

396

332

install-server: doc

397

333

install --directory $(CONFDIR)

398

334

if install --directory --mode=u=rwx --owner=$(USER) \

401

337

elif install --directory --mode=u=rwx $(STATEDIR); then \

402

338

chown -- $(USER):$(GROUP) $(STATEDIR) || :; \

403

339

404

if [ "$(TMPFILES)" != "$(DESTDIR)" \

405

-a -d "$(TMPFILES)" ]; then \

406

install --mode=u=rw,go=r tmpfiles.d-mandos.conf \

407

$(TMPFILES)/mandos.conf; \

408

409

if [ "$(SYSUSERS)" != "$(DESTDIR)" \

410

-a -d "$(SYSUSERS)" ]; then \

411

install --mode=u=rw,go=r sysusers.d-mandos.conf \

412

$(SYSUSERS)/mandos.conf; \

413

414

340

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

415

341

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

416

342

mandos-ctl

445

371

gzip --best --to-stdout intro.8mandos \

446

372

> $(MANDIR)/man8/intro.8mandos.gz

447

373

448

.PHONY: install-client-nokey

449

374

install-client-nokey: all doc

450

375

install --directory $(LIBDIR)/mandos $(CONFDIR)

451

376

install --directory --mode=u=rwx $(KEYDIR) \

452

377

$(LIBDIR)/mandos/plugins.d \

453

378

$(LIBDIR)/mandos/plugin-helpers

454

if [ "$(SYSUSERS)" != "$(DESTDIR)" \

455

-a -d "$(SYSUSERS)" ]; then \

456

install --mode=u=rw,go=r sysusers.d-mandos.conf \

457

$(SYSUSERS)/mandos-client.conf; \

458

459

379

if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \

460

380

install --mode=u=rwx \

461

--directory "$(CONFDIR)/plugins.d" \

462

"$(CONFDIR)/plugin-helpers"; \

381

--directory "$(CONFDIR)/plugins.d"; \

382

install --directory "$(CONFDIR)/plugin-helpers"; \

463

383

464

384

install --mode=u=rwx,go=rx --directory \

465

385

"$(CONFDIR)/network-hooks.d"

466

386

install --mode=u=rwx,go=rx \

467

387

--target-directory=$(LIBDIR)/mandos plugin-runner

468

install --mode=u=rwx,go=rx \

469

--target-directory=$(LIBDIR)/mandos \

470

mandos-to-cryptroot-unlock

471

388

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

472

389

mandos-keygen

473

390

install --mode=u=rwx,go=rx \

488

405

install --mode=u=rwxs,go=rx \

489

406

--target-directory=$(LIBDIR)/mandos/plugins.d \

490

407

plugins.d/plymouth

491

install --mode=u=rwx,go=rx \

408

install --mode=u=rwxs,go=rx \

492

409

--target-directory=$(LIBDIR)/mandos/plugin-helpers \

493

410

plugin-helpers/mandos-client-iprouteadddel

494

411

install initramfs-tools-hook \

495

412

$(INITRAMFSTOOLS)/hooks/mandos

496

install --mode=u=rw,go=r initramfs-tools-conf \

497

$(INITRAMFSTOOLS)/conf.d/mandos-conf

498

install --mode=u=rw,go=r initramfs-tools-conf-hook \

499

$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos

413

install --mode=u=rw,go=r initramfs-tools-hook-conf \

414

$(INITRAMFSTOOLS)/conf-hooks.d/mandos

500

415

install initramfs-tools-script \

501

416

$(INITRAMFSTOOLS)/scripts/init-premount/mandos

502

install initramfs-tools-script-stop \

503

$(INITRAMFSTOOLS)/scripts/local-premount/mandos

504

install --directory $(DRACUTMODULE)

505

install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \

506

dracut-module/ask-password-mandos.path \

507

dracut-module/ask-password-mandos.service

508

install --mode=u=rwxs,go=rx \

509

--target-directory=$(DRACUTMODULE) \

510

dracut-module/module-setup.sh \

511

dracut-module/cmdline-mandos.sh \

512

dracut-module/password-agent

513

417

install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)

514

418

gzip --best --to-stdout mandos-keygen.8 \

515

419

> $(MANDIR)/man8/mandos-keygen.8.gz

527

431

> $(MANDIR)/man8/askpass-fifo.8mandos.gz

528

432

gzip --best --to-stdout plugins.d/plymouth.8mandos \

529

433

> $(MANDIR)/man8/plymouth.8mandos.gz

530

gzip --best --to-stdout dracut-module/password-agent.8mandos \

531

> $(MANDIR)/man8/password-agent.8mandos.gz

532

434

533

.PHONY: install-client

534

435

install-client: install-client-nokey

535

436

# Post-installation stuff

536

437

-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"

537

if command -v update-initramfs >/dev/null; then \

538

update-initramfs -k all -u; \

539

elif command -v dracut >/dev/null; then \

540

for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \

541

if [ -w "$$initrd" ]; then \

542

chmod go-r "$$initrd"; \

543

dracut --force "$$initrd"; \

544

fi; \

545

done; \

546

438

update-initramfs -k all -u

547

439

echo "Now run mandos-keygen --password --dir $(KEYDIR)"

548

440

549

.PHONY: uninstall

550

441

uninstall: uninstall-server uninstall-client

551

442

552

.PHONY: uninstall-server

553

443

uninstall-server:

554

444

-rm --force $(PREFIX)/sbin/mandos \

555

445

$(PREFIX)/sbin/mandos-ctl \

562

452

update-rc.d -f mandos remove

563

453

-rmdir $(CONFDIR)

564

454

565

.PHONY: uninstall-client

566

455

uninstall-client:

567

456

# Refuse to uninstall client if /etc/crypttab is explicitly configured

568

457

# to use it.

579

468

$(INITRAMFSTOOLS)/hooks/mandos \

580

469

$(INITRAMFSTOOLS)/conf-hooks.d/mandos \

581

470

$(INITRAMFSTOOLS)/scripts/init-premount/mandos \

582

$(INITRAMFSTOOLS)/scripts/local-premount/mandos \

583

$(DRACUTMODULE)/ask-password-mandos.path \

584

$(DRACUTMODULE)/ask-password-mandos.service \

585

$(DRACUTMODULE)/module-setup.sh \

586

$(DRACUTMODULE)/cmdline-mandos.sh \

587

$(DRACUTMODULE)/password-agent \

588

471

$(MANDIR)/man8/mandos-keygen.8.gz \

589

472

$(MANDIR)/man8/plugin-runner.8mandos.gz \

590

473

$(MANDIR)/man8/mandos-client.8mandos.gz

593

476

$(MANDIR)/man8/splashy.8mandos.gz \

594

477

$(MANDIR)/man8/askpass-fifo.8mandos.gz \

595

478

$(MANDIR)/man8/plymouth.8mandos.gz \

596

$(MANDIR)/man8/password-agent.8mandos.gz \

597

479

-rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \

598

$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)

599

if command -v update-initramfs >/dev/null; then \

600

update-initramfs -k all -u; \

601

elif command -v dracut >/dev/null; then \

602

for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \

603

test -w "$$initrd" && dracut --force "$$initrd"; \

604

done; \

605

480

$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)

481

update-initramfs -k all -u

606

482

607

.PHONY: purge

608

483

purge: purge-server purge-client

609

484

610

.PHONY: purge-server

611

485

purge-server: uninstall-server

612

486

-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \

613

487

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

618

492

$(DESTDIR)/var/run/mandos.pid

619

493

-rmdir $(CONFDIR)

620

494

621

.PHONY: purge-client

622

495

purge-client: uninstall-client

623

-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem

496

-shred --remove $(KEYDIR)/seckey.txt

624

497

-rm --force $(CONFDIR)/plugin-runner.conf \

625

$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \

626

$(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt

498

$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt

627

499

-rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)

Older »