/mandos/trunk : revision 777

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to Makefile

Committer: Teddy Hogeborn
Date: 2015-07-20 03:03:33 UTC
Revision ID: teddy@recompile.se-20150720030333-203m2aeblypcsfte

Bug fix for GnuTLS 3: be compatible with old 2048-bit DSA keys.

The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string.  This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:

SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256

* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
  (/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
                                      instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.

files added:
initramfs-tools-hook-conf

files removed:
bugs.xml

debian/mandos-client.templates

debian/mandos.templates

debian/po/POTFILES.in

debian/po/de.po

debian/po/en_US.po

debian/po/es.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/pt_BR.po

debian/po/sv.po

debian/po/templates.pot

debian/source/lintian-overrides

debian/tests

debian/tests/control

debian/upstream/metadata

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-script-stop

mandos-to-cryptroot-unlock

sysusers.d-mandos.conf

tmpfiles.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

overview.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

Makefile

WARN:=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \

WARN=-O -Wall -Wextra -Wdouble-promotion -Wformat=2 -Winit-self \

-Wmissing-include-dirs -Wswitch-default -Wswitch-enum \

-Wunused -Wuninitialized -Wstrict-overflow=5 \

-Wsuggest-attribute=pure -Wsuggest-attribute=const \

-Wmissing-format-attribute -Wnormalized=nfc -Wpacked \

-Wredundant-decls -Wnested-externs -Winline -Wvla \

-Wvolatile-register-var -Woverlength-strings

#DEBUG:=-ggdb3 -fsanitize=address $(SANITIZE)

## Check which sanitizing options can be used

#SANITIZE:=$(foreach option,$(ALL_SANITIZE_OPTIONS),$(shell \

# echo 'int main(){}' | $(CC) --language=c $(option) \

# /dev/stdin -o /dev/null >/dev/null 2>&1 && echo $(option)))

# <https://developerblog.redhat.com/2014/10/16/gcc-undefined-behavior-sanitizer-ubsan/>

ALL_SANITIZE_OPTIONS:=-fsanitize=leak -fsanitize=undefined \

-fsanitize=shift -fsanitize=integer-divide-by-zero \

-fsanitize=unreachable -fsanitize=vla-bound -fsanitize=null \

-fsanitize=return -fsanitize=signed-integer-overflow \

-fsanitize=bounds -fsanitize=alignment \

-fsanitize=object-size -fsanitize=float-divide-by-zero \

-fsanitize=float-cast-overflow -fsanitize=nonnull-attribute \

-fsanitize=returns-nonnull-attribute -fsanitize=bool \

-fsanitize=enum -fsanitize-address-use-after-scope

#DEBUG=-ggdb3

# For info about _FORTIFY_SOURCE, see feature_test_macros(7)

# and <https://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY:=-fstack-protector-all -fPIC

CPPFLAGS+=-D_FORTIFY_SOURCE=3

LINK_FORTIFY_LD:=-z relro -z now

LINK_FORTIFY:=

# and <http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html>.

FORTIFY=-D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC

LINK_FORTIFY_LD=-z relro -z now

LINK_FORTIFY=

# If BROKEN_PIE is set, do not build with -pie

ifndef BROKEN_PIE

LINK_FORTIFY += -pie

endif

#COVERAGE=--coverage

OPTIMIZE:=-Os -fno-strict-aliasing

LANGUAGE:=-std=gnu11

CPPFLAGS+=-D_FILE_OFFSET_BITS=64

htmldir:=man

version:=1.8.16

SED:=sed

PKG_CONFIG?=pkg-config

USER:=$(firstword $(subst :, ,$(shell getent passwd _mandos \

|| getent passwd nobody || echo 65534)))

GROUP:=$(firstword $(subst :, ,$(shell getent group _mandos \

|| getent group nogroup || echo 65534)))

LINUXVERSION:=$(shell uname --kernel-release)

OPTIMIZE=-Os -fno-strict-aliasing

LANGUAGE=-std=gnu11

htmldir=man

version=1.6.9

SED=sed

USER=$(firstword $(subst :, ,$(shell getent passwd _mandos || getent passwd nobody || echo 65534)))

GROUP=$(firstword $(subst :, ,$(shell getent group _mandos || getent group nobody || echo 65534)))

## Use these settings for a traditional /usr/local install

# PREFIX:=$(DESTDIR)/usr/local

# CONFDIR:=$(DESTDIR)/etc/mandos

# KEYDIR:=$(DESTDIR)/etc/mandos/keys

# MANDIR:=$(PREFIX)/man

# INITRAMFSTOOLS:=$(DESTDIR)/etc/initramfs-tools

# DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos

# STATEDIR:=$(DESTDIR)/var/lib/mandos

# LIBDIR:=$(PREFIX)/lib

# PREFIX=$(DESTDIR)/usr/local

# CONFDIR=$(DESTDIR)/etc/mandos

# KEYDIR=$(DESTDIR)/etc/mandos/keys

# MANDIR=$(PREFIX)/man

# INITRAMFSTOOLS=$(DESTDIR)/etc/initramfs-tools

# STATEDIR=$(DESTDIR)/var/lib/mandos

# LIBDIR=$(PREFIX)/lib

## These settings are for a package-type install

PREFIX:=$(DESTDIR)/usr

CONFDIR:=$(DESTDIR)/etc/mandos

KEYDIR:=$(DESTDIR)/etc/keys/mandos

MANDIR:=$(PREFIX)/share/man

INITRAMFSTOOLS:=$(DESTDIR)/usr/share/initramfs-tools

DRACUTMODULE:=$(DESTDIR)/usr/lib/dracut/modules.d/90mandos

STATEDIR:=$(DESTDIR)/var/lib/mandos

LIBDIR:=$(shell \

PREFIX=$(DESTDIR)/usr

CONFDIR=$(DESTDIR)/etc/mandos

KEYDIR=$(DESTDIR)/etc/keys/mandos

MANDIR=$(PREFIX)/share/man

INITRAMFSTOOLS=$(DESTDIR)/usr/share/initramfs-tools

STATEDIR=$(DESTDIR)/var/lib/mandos

LIBDIR=$(shell \

for d in \

"/usr/lib/`dpkg-architecture \

-qDEB_HOST_MULTIARCH 2>/dev/null`" \

"/usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH 2>/dev/null`" \

"`rpm --eval='%{_libdir}' 2>/dev/null`" /usr/lib; do \

if [ -d "$$d" -a "$$d" = "$${d%/}" ]; then \

echo "$(DESTDIR)$$d"; \

done)

SYSTEMD:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=systemdsystemunitdir)

TMPFILES:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=tmpfilesdir)

SYSUSERS:=$(DESTDIR)$(shell $(PKG_CONFIG) systemd \

--variable=sysusersdir)

SYSTEMD=$(DESTDIR)$(shell pkg-config systemd --variable=systemdsystemunitdir)

GNUTLS_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gnutls)

GNUTLS_LIBS:=$(shell $(PKG_CONFIG) --libs gnutls)

AVAHI_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I avahi-core)

AVAHI_LIBS:=$(shell $(PKG_CONFIG) --libs avahi-core)

100

GPGME_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I gpgme 2>/dev/null \

101

|| gpgme-config --cflags; getconf LFS_CFLAGS)

102

GPGME_LIBS:=$(shell $(PKG_CONFIG) --libs gpgme 2>/dev/null \

103

|| gpgme-config --libs; getconf LFS_LIBS; \

GNUTLS_CFLAGS=$(shell pkg-config --cflags-only-I gnutls)

GNUTLS_LIBS=$(shell pkg-config --libs gnutls)

AVAHI_CFLAGS=$(shell pkg-config --cflags-only-I avahi-core)

AVAHI_LIBS=$(shell pkg-config --libs avahi-core)

GPGME_CFLAGS=$(shell gpgme-config --cflags; getconf LFS_CFLAGS)

GPGME_LIBS=$(shell gpgme-config --libs; getconf LFS_LIBS; \

104

getconf LFS_LDFLAGS)

105

LIBNL3_CFLAGS:=$(shell $(PKG_CONFIG) --cflags-only-I libnl-route-3.0)

106

LIBNL3_LIBS:=$(shell $(PKG_CONFIG) --libs libnl-route-3.0)

107

GLIB_CFLAGS:=$(shell $(PKG_CONFIG) --cflags glib-2.0)

108

GLIB_LIBS:=$(shell $(PKG_CONFIG) --libs glib-2.0)

LIBNL3_CFLAGS=$(shell pkg-config --cflags-only-I libnl-route-3.0)

LIBNL3_LIBS=$(shell pkg-config --libs libnl-route-3.0)

109

110

# Do not change these two

111

CFLAGS+=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) \

112

$(LANGUAGE) -DVERSION='"$(version)"'

113

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(strip \

114

) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

$(LANGUAGE) $(GNUTLS_CFLAGS) $(AVAHI_CFLAGS) $(GPGME_CFLAGS) \

-DVERSION='"$(version)"'

LDFLAGS+=-Xlinker --as-needed $(COVERAGE) $(LINK_FORTIFY) $(foreach flag,$(LINK_FORTIFY_LD),-Xlinker $(flag))

115

116

# Commands to format a DocBook <refentry> document into a manual page

117

DOCBOOKTOMAN=$(strip cd $(dir $<); xsltproc --nonet --xinclude \

123

/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl \

124

$(notdir $<); \

125

if locale --all 2>/dev/null | grep --regexp='^en_US\.utf8$$' \

126

&& command -v man >/dev/null; then LANG=en_US.UTF-8 \

127

MANWIDTH=80 man --warnings --encoding=UTF-8 --local-file \

128

$(notdir $@); fi >/dev/null)

&& type man 2>/dev/null; then LANG=en_US.UTF-8 MANWIDTH=80 \

man --warnings --encoding=UTF-8 --local-file $(notdir $@); \

fi >/dev/null)

129

130

DOCBOOKTOHTML=$(strip xsltproc --nonet --xinclude \

131

--param make.year.ranges 1 \

137

102

/usr/share/xml/docbook/stylesheet/nwalsh/xhtml/docbook.xsl \

138

103

$<; $(HTMLPOST) $@)

139

104

# Fix citerefentry links

140

HTMLPOST:=$(SED) --in-place \

105

HTMLPOST=$(SED) --in-place \

141

106

--expression='s/$<a class="citerefentry" href="$$"><span class="citerefentry"><span class="refentrytitle">$$[^<]*$$<\/span>($$[^)]*$$)<\/span><\/a>$/\1\3.\5\2\3\4\5\6/g'

142

107

143

PLUGINS:=plugins.d/password-prompt plugins.d/mandos-client \

108

PLUGINS=plugins.d/password-prompt plugins.d/mandos-client \

144

109

plugins.d/usplash plugins.d/splashy plugins.d/askpass-fifo \

145

110

plugins.d/plymouth

146

PLUGIN_HELPERS:=plugin-helpers/mandos-client-iprouteadddel

147

CPROGS:=plugin-runner dracut-module/password-agent $(PLUGINS) \

148

$(PLUGIN_HELPERS)

149

PROGS:=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)

150

DOCS:=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \

111

PLUGIN_HELPERS=plugin-helpers/mandos-client-iprouteadddel

112

CPROGS=plugin-runner $(PLUGINS) $(PLUGIN_HELPERS)

113

PROGS=mandos mandos-keygen mandos-ctl mandos-monitor $(CPROGS)

114

DOCS=mandos.8 mandos-keygen.8 mandos-monitor.8 mandos-ctl.8 \

151

115

mandos.conf.5 mandos-clients.conf.5 plugin-runner.8mandos \

152

dracut-module/password-agent.8mandos \

153

116

plugins.d/mandos-client.8mandos \

154

117

plugins.d/password-prompt.8mandos plugins.d/usplash.8mandos \

155

118

plugins.d/splashy.8mandos plugins.d/askpass-fifo.8mandos \

156

119

plugins.d/plymouth.8mandos intro.8mandos

157

120

158

htmldocs:=$(addsuffix .xhtml,$(DOCS))

159

160

objects:=$(addsuffix .o,$(CPROGS))

161

162

.PHONY: all

121

htmldocs=$(addsuffix .xhtml,$(DOCS))

122

123

objects=$(addsuffix .o,$(CPROGS))

124

163

125

all: $(PROGS) mandos.lsm

164

126

165

.PHONY: doc

166

127

doc: $(DOCS)

167

128

168

.PHONY: html

169

129

html: $(htmldocs)

170

130

171

131

%.5: %.xml common.ent legalnotice.xml

230

190

overview.xml legalnotice.xml

231

191

$(DOCBOOKTOHTML)

232

192

233

dracut-module/password-agent.8mandos: \

234

dracut-module/password-agent.xml common.ent \

235

overview.xml legalnotice.xml

236

$(DOCBOOKTOMAN)

237

dracut-module/password-agent.8mandos.xhtml: \

238

dracut-module/password-agent.xml common.ent \

239

overview.xml legalnotice.xml

240

$(DOCBOOKTOHTML)

241

242

193

plugins.d/mandos-client.8mandos: plugins.d/mandos-client.xml \

243

194

common.ent \

244

195

mandos-options.xml \

287

238

--expression='s/$mandos_$[0-9.]\+$\.orig\.tar\.gz$/\1$(version)\2/' \

288

239

$@)

289

240

290

# Need to add the GnuTLS, Avahi and GPGME libraries

291

plugins.d/mandos-client: CFLAGS += $(GNUTLS_CFLAGS) $(strip \

292

) $(AVAHI_CFLAGS) $(GPGME_CFLAGS)

293

plugins.d/mandos-client: LDLIBS += $(GNUTLS_LIBS) $(strip \

294

) $(AVAHI_LIBS) $(GPGME_LIBS)

295

296

# Need to add the libnl-route library

297

plugin-helpers/mandos-client-iprouteadddel: CFLAGS += $(LIBNL3_CFLAGS)

298

plugin-helpers/mandos-client-iprouteadddel: LDLIBS += $(LIBNL3_LIBS)

299

300

# Need to add the GLib and pthread libraries

301

dracut-module/password-agent: CFLAGS += $(GLIB_CFLAGS)

302

# Note: -lpthread is unnecessary with the GNU C library 2.34 or later

303

dracut-module/password-agent: LDLIBS += $(GLIB_LIBS) -lpthread

304

305

.PHONY: clean

241

plugins.d/mandos-client: plugins.d/mandos-client.c

242

$(LINK.c) $^ -lrt $(GNUTLS_LIBS) $(AVAHI_LIBS) $(strip\

243

) $(GPGME_LIBS) $(LOADLIBES) $(LDLIBS) -o $@

244

245

plugin-helpers/mandos-client-iprouteadddel: plugin-helpers/mandos-client-iprouteadddel.c

246

$(LINK.c) $(LIBNL3_CFLAGS) $^ $(LIBNL3_LIBS) $(strip\

247

) $(LOADLIBES) $(LDLIBS) -o $@

248

249

.PHONY : all doc html clean distclean mostlyclean maintainer-clean \

250

check run-client run-server install install-html \

251

install-server install-client-nokey install-client uninstall \

252

uninstall-server uninstall-client purge purge-server \

253

purge-client

254

306

255

clean:

307

256

-rm --force $(CPROGS) $(objects) $(htmldocs) $(DOCS) core

308

257

309

.PHONY: distclean

310

258

distclean: clean

311

.PHONY: mostlyclean

312

259

mostlyclean: clean

313

.PHONY: maintainer-clean

314

260

maintainer-clean: clean

315

261

-rm --force --recursive keydir confdir statedir

316

262

317

.PHONY: check

318

check: all

263

check: all

319

264

./mandos --check

320

265

./mandos-ctl --check

321

./mandos-keygen --version

322

./plugin-runner --version

323

./plugin-helpers/mandos-client-iprouteadddel --version

324

./dracut-module/password-agent --test

325

266

326

267

# Run the client with a local config and key

327

.PHONY: run-client

328

run-client: all keydir/seckey.txt keydir/pubkey.txt \

329

keydir/tls-privkey.pem keydir/tls-pubkey.pem

330

@echo '######################################################'

331

@echo '# The following error messages are harmless and can #'

332

@echo '# be safely ignored: #'

333

@echo '## From plugin-runner: #'

334

@echo '# setgid: Operation not permitted #'

335

@echo '# setuid: Operation not permitted #'

336

@echo '## From askpass-fifo: #'

337

@echo '# mkfifo: Permission denied #'

338

@echo '## From mandos-client: #'

339

@echo '# Failed to raise privileges: Operation not permi... #'

340

@echo '# Warning: network hook "*" exited with status * #'

341

@echo '# ioctl SIOCSIFFLAGS +IFF_UP: Operation not permi... #'

342

@echo '# Failed to bring up interface "*": Operation not... #'

343

@echo '# #'

344

@echo '# (The messages are caused by not running as root, #'

345

@echo '# but you should NOT run "make run-client" as root #'

346

@echo '# unless you also unpacked and compiled Mandos as #'

347

@echo '# root, which is also NOT recommended.) #'

348

@echo '######################################################'

268

run-client: all keydir/seckey.txt keydir/pubkey.txt

269

@echo "###################################################################"

270

@echo "# The following error messages are harmless and can be safely #"

271

@echo "# ignored. The messages are caused by not running as root, but #"

272

@echo "# you should NOT run \"make run-client\" as root unless you also #"

273

@echo "# unpacked and compiled Mandos as root, which is NOT recommended. #"

274

@echo "# From plugin-runner: setgid: Operation not permitted #"

275

@echo "# setuid: Operation not permitted #"

276

@echo "# From askpass-fifo: mkfifo: Permission denied #"

277

@echo "# From mandos-client: #"

278

@echo "# Failed to raise privileges: Operation not permitted #"

279

@echo "# Warning: network hook \"*\" exited with status * #"

280

@echo "###################################################################"

349

281

# We set GNOME_KEYRING_CONTROL to block pam_gnome_keyring

350

282

./plugin-runner --plugin-dir=plugins.d \

351

283

--plugin-helper-dir=plugin-helpers \

352

284

--config-file=plugin-runner.conf \

353

--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--tls-privkey=keydir/tls-privkey.pem,--tls-pubkey=keydir/tls-pubkey.pem,--network-hook-dir=network-hooks.d \

285

--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt,--network-hook-dir=network-hooks.d \

354

286

--env-for=mandos-client:GNOME_KEYRING_CONTROL= \

355

287

$(CLIENTARGS)

356

288

357

289

# Used by run-client

358

keydir/seckey.txt keydir/pubkey.txt keydir/tls-privkey.pem keydir/tls-pubkey.pem: mandos-keygen

290

keydir/seckey.txt keydir/pubkey.txt: mandos-keygen

359

291

install --directory keydir

360

292

./mandos-keygen --dir keydir --force

361

if ! [ -e keydir/tls-privkey.pem ]; then \

362

install --mode=u=rw /dev/null keydir/tls-privkey.pem; \

363

364

if ! [ -e keydir/tls-pubkey.pem ]; then \

365

install --mode=u=rw /dev/null keydir/tls-pubkey.pem; \

366

367

293

368

294

# Run the server with a local config

369

.PHONY: run-server

370

295

run-server: confdir/mandos.conf confdir/clients.conf statedir

371

296

./mandos --debug --no-dbus --configdir=confdir \

372

297

--statedir=statedir $(SERVERARGS)

375

300

confdir/mandos.conf: mandos.conf

376

301

install --directory confdir

377

302

install --mode=u=rw,go=r $^ $@

378

confdir/clients.conf: clients.conf keydir/seckey.txt keydir/tls-pubkey.pem

303

confdir/clients.conf: clients.conf keydir/seckey.txt

379

304

install --directory confdir

380

305

install --mode=u=rw $< $@

381

306

# Add a client password

383

308

statedir:

384

309

install --directory statedir

385

310

386

.PHONY: install

387

311

install: install-server install-client-nokey

388

312

389

.PHONY: install-html

390

313

install-html: html

391

314

install --directory $(htmldir)

392

315

install --mode=u=rw,go=r --target-directory=$(htmldir) \

393

316

$(htmldocs)

394

317

395

.PHONY: install-server

396

318

install-server: doc

397

319

install --directory $(CONFDIR)

398

320

if install --directory --mode=u=rwx --owner=$(USER) \

401

323

elif install --directory --mode=u=rwx $(STATEDIR); then \

402

324

chown -- $(USER):$(GROUP) $(STATEDIR) || :; \

403

325

404

if [ "$(TMPFILES)" != "$(DESTDIR)" \

405

-a -d "$(TMPFILES)" ]; then \

406

install --mode=u=rw,go=r tmpfiles.d-mandos.conf \

407

$(TMPFILES)/mandos.conf; \

408

409

if [ "$(SYSUSERS)" != "$(DESTDIR)" \

410

-a -d "$(SYSUSERS)" ]; then \

411

install --mode=u=rw,go=r sysusers.d-mandos.conf \

412

$(SYSUSERS)/mandos.conf; \

413

414

326

install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos

415

327

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

416

328

mandos-ctl

445

357

gzip --best --to-stdout intro.8mandos \

446

358

> $(MANDIR)/man8/intro.8mandos.gz

447

359

448

.PHONY: install-client-nokey

449

360

install-client-nokey: all doc

450

361

install --directory $(LIBDIR)/mandos $(CONFDIR)

451

362

install --directory --mode=u=rwx $(KEYDIR) \

452

363

$(LIBDIR)/mandos/plugins.d \

453

364

$(LIBDIR)/mandos/plugin-helpers

454

if [ "$(SYSUSERS)" != "$(DESTDIR)" \

455

-a -d "$(SYSUSERS)" ]; then \

456

install --mode=u=rw,go=r sysusers.d-mandos.conf \

457

$(SYSUSERS)/mandos-client.conf; \

458

459

365

if [ "$(CONFDIR)" != "$(LIBDIR)/mandos" ]; then \

460

366

install --mode=u=rwx \

461

--directory "$(CONFDIR)/plugins.d" \

462

"$(CONFDIR)/plugin-helpers"; \

367

--directory "$(CONFDIR)/plugins.d"; \

368

install --directory "$(CONFDIR)/plugin-helpers"; \

463

369

464

370

install --mode=u=rwx,go=rx --directory \

465

371

"$(CONFDIR)/network-hooks.d"

466

372

install --mode=u=rwx,go=rx \

467

373

--target-directory=$(LIBDIR)/mandos plugin-runner

468

install --mode=u=rwx,go=rx \

469

--target-directory=$(LIBDIR)/mandos \

470

mandos-to-cryptroot-unlock

471

374

install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \

472

375

mandos-keygen

473

376

install --mode=u=rwx,go=rx \

488

391

install --mode=u=rwxs,go=rx \

489

392

--target-directory=$(LIBDIR)/mandos/plugins.d \

490

393

plugins.d/plymouth

491

install --mode=u=rwx,go=rx \

394

install --mode=u=rwxs,go=rx \

492

395

--target-directory=$(LIBDIR)/mandos/plugin-helpers \

493

396

plugin-helpers/mandos-client-iprouteadddel

494

397

install initramfs-tools-hook \

495

398

$(INITRAMFSTOOLS)/hooks/mandos

496

install --mode=u=rw,go=r initramfs-tools-conf \

497

$(INITRAMFSTOOLS)/conf.d/mandos-conf

498

install --mode=u=rw,go=r initramfs-tools-conf-hook \

499

$(INITRAMFSTOOLS)/conf-hooks.d/zz-mandos

399

install --mode=u=rw,go=r initramfs-tools-hook-conf \

400

$(INITRAMFSTOOLS)/conf-hooks.d/mandos

500

401

install initramfs-tools-script \

501

402

$(INITRAMFSTOOLS)/scripts/init-premount/mandos

502

install initramfs-tools-script-stop \

503

$(INITRAMFSTOOLS)/scripts/local-premount/mandos

504

install --directory $(DRACUTMODULE)

505

install --mode=u=rw,go=r --target-directory=$(DRACUTMODULE) \

506

dracut-module/ask-password-mandos.path \

507

dracut-module/ask-password-mandos.service

508

install --mode=u=rwxs,go=rx \

509

--target-directory=$(DRACUTMODULE) \

510

dracut-module/module-setup.sh \

511

dracut-module/cmdline-mandos.sh \

512

dracut-module/password-agent

513

403

install --mode=u=rw,go=r plugin-runner.conf $(CONFDIR)

514

404

gzip --best --to-stdout mandos-keygen.8 \

515

405

> $(MANDIR)/man8/mandos-keygen.8.gz

527

417

> $(MANDIR)/man8/askpass-fifo.8mandos.gz

528

418

gzip --best --to-stdout plugins.d/plymouth.8mandos \

529

419

> $(MANDIR)/man8/plymouth.8mandos.gz

530

gzip --best --to-stdout dracut-module/password-agent.8mandos \

531

> $(MANDIR)/man8/password-agent.8mandos.gz

532

420

533

.PHONY: install-client

534

421

install-client: install-client-nokey

535

422

# Post-installation stuff

536

423

-$(PREFIX)/sbin/mandos-keygen --dir "$(KEYDIR)"

537

if command -v update-initramfs >/dev/null; then \

538

update-initramfs -k all -u; \

539

elif command -v dracut >/dev/null; then \

540

for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \

541

if [ -w "$$initrd" ]; then \

542

chmod go-r "$$initrd"; \

543

dracut --force "$$initrd"; \

544

fi; \

545

done; \

546

424

update-initramfs -k all -u

547

425

echo "Now run mandos-keygen --password --dir $(KEYDIR)"

548

426

549

.PHONY: uninstall

550

427

uninstall: uninstall-server uninstall-client

551

428

552

.PHONY: uninstall-server

553

429

uninstall-server:

554

430

-rm --force $(PREFIX)/sbin/mandos \

555

431

$(PREFIX)/sbin/mandos-ctl \

562

438

update-rc.d -f mandos remove

563

439

-rmdir $(CONFDIR)

564

440

565

.PHONY: uninstall-client

566

441

uninstall-client:

567

442

# Refuse to uninstall client if /etc/crypttab is explicitly configured

568

443

# to use it.

579

454

$(INITRAMFSTOOLS)/hooks/mandos \

580

455

$(INITRAMFSTOOLS)/conf-hooks.d/mandos \

581

456

$(INITRAMFSTOOLS)/scripts/init-premount/mandos \

582

$(INITRAMFSTOOLS)/scripts/local-premount/mandos \

583

$(DRACUTMODULE)/ask-password-mandos.path \

584

$(DRACUTMODULE)/ask-password-mandos.service \

585

$(DRACUTMODULE)/module-setup.sh \

586

$(DRACUTMODULE)/cmdline-mandos.sh \

587

$(DRACUTMODULE)/password-agent \

588

457

$(MANDIR)/man8/mandos-keygen.8.gz \

589

458

$(MANDIR)/man8/plugin-runner.8mandos.gz \

590

459

$(MANDIR)/man8/mandos-client.8mandos.gz

593

462

$(MANDIR)/man8/splashy.8mandos.gz \

594

463

$(MANDIR)/man8/askpass-fifo.8mandos.gz \

595

464

$(MANDIR)/man8/plymouth.8mandos.gz \

596

$(MANDIR)/man8/password-agent.8mandos.gz \

597

465

-rmdir $(LIBDIR)/mandos/plugins.d $(CONFDIR)/plugins.d \

598

$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR) $(DRACUTMODULE)

599

if command -v update-initramfs >/dev/null; then \

600

update-initramfs -k all -u; \

601

elif command -v dracut >/dev/null; then \

602

for initrd in $(DESTDIR)/boot/initr*-$(LINUXVERSION); do \

603

test -w "$$initrd" && dracut --force "$$initrd"; \

604

done; \

605

466

$(LIBDIR)/mandos $(CONFDIR) $(KEYDIR)

467

update-initramfs -k all -u

606

468

607

.PHONY: purge

608

469

purge: purge-server purge-client

609

470

610

.PHONY: purge-server

611

471

purge-server: uninstall-server

612

472

-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \

613

473

$(DESTDIR)/etc/dbus-1/system.d/mandos.conf

618

478

$(DESTDIR)/var/run/mandos.pid

619

479

-rmdir $(CONFDIR)

620

480

621

.PHONY: purge-client

622

481

purge-client: uninstall-client

623

-shred --remove $(KEYDIR)/seckey.txt $(KEYDIR)/tls-privkey.pem

482

-shred --remove $(KEYDIR)/seckey.txt

624

483

-rm --force $(CONFDIR)/plugin-runner.conf \

625

$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt \

626

$(KEYDIR)/tls-pubkey.txt $(KEYDIR)/tls-privkey.txt

484

$(KEYDIR)/pubkey.txt $(KEYDIR)/seckey.txt

627

485

-rmdir $(KEYDIR) $(CONFDIR)/plugins.d $(CONFDIR)

Older »