/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

  • Committer: Teddy Hogeborn
  • Date: 2016-06-03 17:27:03 UTC
  • Revision ID: teddy@recompile.se-20160603172703-mc6tjor6rhq4xy74
mandos: Bug fix: Do multiprocessing cleanup correctly on exit

* mandos (main): Save module "multiprocessing" and open file "wnull"
                 as scope variables accessible by function cleanup(),
                 since the module and global variable may not be
                 accessible when the cleanup() function is run as
                 scheduled by atexit().

Show diffs side-by-side

added added

removed removed

Lines of Context:
Makefile
14
14
# For info about _FORTIFY_SOURCE, see feature_test_macros(7)
15
15
# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.
16
16
FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC
 
17
# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>
 
18
ALL_SANITIZE_OPTIONS:=-fsanitize=address -fsanitize=undefined \
 
19
        -fsanitize=shift -fsanitize=integer-divide-by-zero \
 
20
        -fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \
 
21
        -fsanitize=return -fsanitize=signed-integer-overflow \
 
22
        -fsanitize=bounds -fsanitize=alignment \
 
23
        -fsanitize=object-size -fsanitize=float-divide-by-zero \
 
24
        -fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \
 
25
        -fsanitize=returns-nonnull-attribute -fsanitize=bool \
 
26
        -fsanitize=enum
 
27
# Check which sanitizing options can be used
 
28
SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \
 
29
        echo 'int main(){}' | $(CC) --language=c $(option) /dev/stdin \
 
30
        -o /dev/null >/dev/null 2>&1 && echo $(option)))
17
31
LINK_FORTIFY_LD=-z relro -z now
18
32
LINK_FORTIFY=
19
33
 
24
38
endif
25
39
#COVERAGE=--coverage
26
40
OPTIMIZE=-Os -fno-strict-aliasing
27
 
LANGUAGE=-std=gnu99
 
41
LANGUAGE=-std=gnu11
28
42
htmldir=man
29
 
version=1.6.5
 
43
version=1.7.7
30
44
SED=sed
31
45
 
32
46
USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))
33
 
GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nobody || echo 65534)))
 
47
GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nogroup || echo 65534)))
34
48
 
35
49
## Use these settings for a traditional /usr/local install
36
50
# PREFIX=$(DESTDIR)/usr/local
61
75
##
62
76
 
63
77
SYSTEMD=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)
 
78
TMPFILES=$(DESTDIR)$(shell pkg-config systemd --variable=tmpfilesdir)
64
79
 
65
80
GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)
66
81
GNUTLS_LIBS=$(shell pkg-config --libs gnutls)
69
84
GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)
70
85
GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \
71
86
        getconf LFS_LDFLAGS)
 
87
LIBNL3_CFLAGS=$(shell pkg-config --cflags-only-I libnl-route-3.0)
 
88
LIBNL3_LIBS=$(shell pkg-config --libs libnl-route-3.0)
72
89
 
73
90
# Do not change these two
74
 
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \
75
 
        $(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) \
76
 
        -DVERSION='"$(version)"'
 
91
CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(SANITIZE) $(COVERAGE) \
 
92
        $(OPTIMIZE) $(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) \
 
93
        $(GPGME_CFLAGS) -DVERSION='"$(version)"'
77
94
LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))
78
95
 
79
96
# Commands to format a DocBook <refentry> document into a manual page
106
123
PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \
107
124
        plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \
108
125
        plugins.d/plymouth
109
 
CPROGS=plugin-runner $(PLUGINS)
 
126
PLUGIN_HELPERS=plugin-helpers/mandos-client-iprouteadddel
 
127
CPROGS=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)
110
128
PROGS=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)
111
129
DOCS=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \
112
130
        mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \
239
257
        $(LINK.c) $^ -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\
240
258
                ) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@
241
259
 
 
260
plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c
 
261
        $(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\
 
262
                ) $(LOADLIBES) $(LDLIBS) -o $@
 
263
 
242
264
.PHONY : all doc html clean distclean mostlyclean maintainer-clean \
243
265
        check run-client run-server install install-html \
244
266
        install-server install-client-nokey install-client uninstall \
264
286
        @echo "# ignored.  The messages are caused by not running as root, but   #"
265
287
        @echo "# you should NOT run \"make run-client\" as root unless you also    #"
266
288
        @echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"
267
 
        @echo "# From plugin-runner: setuid: Operation not permitted             #"
 
289
        @echo "# From plugin-runner: setgid: Operation not permitted             #"
 
290
        @echo "#                     setuid: Operation not permitted             #"
268
291
        @echo "# From askpass-fifo:  mkfifo: Permission denied                   #"
269
 
        @echo "# From mandos-client: setuid: Operation not permitted             #"
270
 
        @echo "#                     seteuid: Operation not permitted            #"
271
 
        @echo "#                     klogctl: Operation not permitted            #"
 
292
        @echo "# From mandos-client:                                             #"
 
293
        @echo "#             Failed to raise privileges: Operation not permitted #"
 
294
        @echo "#             Warning: network hook \"*\" exited with status *      #"
272
295
        @echo "###################################################################"
 
296
# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring
273
297
        ./plugin-runner --plugin-dir=plugins.d \
 
298
                --plugin-helper-dir=plugin-helpers \
274
299
                --config-file=plugin-runner.conf \
275
300
                --options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \
 
301
                --env-for=mandos-client:GNOME_KEYRING_CONTROL= \
276
302
                $(CLIENTARGS)
277
303
 
278
304
# Used by run-client
293
319
        install --directory confdir
294
320
        install --mode=u=rw $< $@
295
321
# Add a client password
296
 
        ./mandos-keygen --dir keydir --password >> $@
 
322
        ./mandos-keygen --dir keydir --password --no-ssh >> $@
297
323
statedir:
298
324
        install --directory statedir
299
325
 
312
338
        elif install --directory --mode=u=rwx $(STATEDIR); then \
313
339
                chown -- $(USER):$(GROUP) $(STATEDIR) || :; \
314
340
        fi
 
341
        if [ "$(TMPFILES)" != "$(DESTDIR)" -a -d "$(TMPFILES)" ]; then \
 
342
                install --mode=u=rw,go=r tmpfiles.d-mandos.conf \
 
343
                        $(TMPFILES)/mandos.conf; \
 
344
        fi
315
345
        install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
316
346
        install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
317
347
                mandos-ctl
349
379
install-client-nokey: all doc
350
380
        install --directory $(LIBDIR)/mandos $(CONFDIR)
351
381
        install --directory --mode=u=rwx $(KEYDIR) \
352
 
                $(LIBDIR)/mandos/plugins.d
 
382
                $(LIBDIR)/mandos/plugins.d \
 
383
                $(LIBDIR)/mandos/plugin-helpers
353
384
        if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \
354
385
                install --mode=u=rwx \
355
 
                        --directory "$(CONFDIR)/plugins.d"; \
 
386
                        --directory "$(CONFDIR)/plugins.d" \
 
387
                        "$(CONFDIR)/plugin-helpers"; \
356
388
        fi
357
389
        install --mode=u=rwx,go=rx --directory \
358
390
                "$(CONFDIR)/network-hooks.d"
378
410
        install --mode=u=rwxs,go=rx \
379
411
                --target-directory=$(LIBDIR)/mandos/plugins.d \
380
412
                plugins.d/plymouth
 
413
        install --mode=u=rwx,go=rx \
 
414
                --target-directory=$(LIBDIR)/mandos/plugin-helpers \
 
415
                plugin-helpers/mandos-client-iprouteadddel
381
416
        install initramfs-tools-hook \
382
417
                $(INITRAMFSTOOLS)/hooks/mandos
383
418
        install --mode=u=rw,go=r initramfs-tools-hook-conf \
401
436
                > $(MANDIR)/man8/askpass-fifo.8mandos.gz
402
437
        gzip --best --to-stdout plugins.d/plymouth.8mandos \
403
438
                > $(MANDIR)/man8/plymouth.8mandos.gz
 
439
        gzip --best --to-stdout intro.8mandos \
 
440
                > $(MANDIR)/man8/intro.8mandos.gz
404
441
 
405
442
install-client: install-client-nokey
406
443
# Post-installation stuff