[firewall] / Makefile

### -*-makefile-*-
###
### Makefile for firewall scripts
###
### (c) 2008 Mark Wooding
###

###----- Licensing notice ---------------------------------------------------
###
### This program is free software; you can redistribute it and/or modify
### it under the terms of the GNU General Public License as published by
### the Free Software Foundation; either version 2 of the License, or
### (at your option) any later version.
###
### This program is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
### GNU General Public License for more details.
###
### You should have received a copy of the GNU General Public License
### along with this program; if not, write to the Free Software Foundation,
### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
### Makefile for firewall scripts

###--------------------------------------------------------------------------
### Preamble.

## Extend these variables in `local.mk' to match your site.
MAIN_M4_SOURCES		 =
HOSTS			 =

## Where to install the scripts.
FIREWALL		 = /etc/init.d/firewall

## How to achieve root privileges.
ROOT			 = sudo

## Throw additional scripts in here to have them installed.
SCRIPTS			 =
sbindir			 = /usr/local/sbin

## Establish the default target early, so that targets in `local.mk' don't
## override it.
default: all
.PHONY: default

###--------------------------------------------------------------------------
### Clever silent-rules stuff.

## Verbosity switch.
V			 = 0

## Suppressing command output.
V_AT			 = $(V_AT_$V)
V_AT_0			 = @
V_AT_1			 =

## Replacing them with messages.
v_echo			 = $(call v_echo_$V,$1)
v_echo_0		 = @printf "  %-6s %s\n" "$1" "$@";
v_echo_1		 =

## Hacking.
empty			 =
space			 = $(empty) $(empty)

## Specific commands.
V_M4			 = $(call v_echo,M4)m4 -P$(space)
V_GEN			 = $(call v_echo,GEN)

###--------------------------------------------------------------------------
### Local configuration.

## Should set up HOSTS and add stuff to MAIN_M4_SOURCES if necessary.  Feel
## free to define additional targets here.
include	local.mk

###--------------------------------------------------------------------------
### Configuration.

## The main m4 inputs which construct the firewall.  These are read in last
## to allow local configuration to change their environments.
MAIN_M4_SOURCES		+= config.m4
MAIN_M4_SOURCES		+= prologue.m4
MAIN_M4_SOURCES		+= functions.m4
MAIN_M4_SOURCES		+= numbers.m4
MAIN_M4_SOURCES		+= bookends.m4
MAIN_M4_SOURCES		+= classify.m4
MAIN_M4_SOURCES		+= icmp.m4

## All of our m4 inputs.  The base gets read first to set things up.
M4_SOURCES		 = base.m4
M4_SOURCES		+= $(MAIN_M4_SOURCES)

###--------------------------------------------------------------------------
### Hosts.

TARGETS			 = $(addsuffix .sh,$(HOSTS))

###--------------------------------------------------------------------------
### Prologue testing.

TARGETS			+= dummy.sh
dummy.sh: base.m4 prologue.m4 dummy-payload.m4
	$(V_M4)-DFWHOST=testing $^ >$@.new
	$(V_AT)chmod +x $@.new && mv $@.new $@

TARGETS			+= dummy-inst.sh
dummy-inst.sh: dummy.sh
	$(V_GEN)sed '/dummy_action=/s/lose/win/' $< >$@.new
	$(V_AT)chmod +x $@.new && mv $@.new $@

###--------------------------------------------------------------------------
### Other utilities.

## A list of diversions in ascending numerical order.
CLEANFILES		+= divs
divs: $(M4_SOURCES) $(addsuffix .m4,$(HOSTS))
	$(V_GEN)grep -n m4_divert $^ | \
		grep -v 'm4_divert(-1)' | \
		sort -t\( -k2n >$@

###--------------------------------------------------------------------------
### Building.

all: $(TARGETS)
.PHONY: all

%.sh: %.m4 $(M4_SOURCES)
	$(V_M4)-DFWHOST=$* base.m4 $*.m4 $(MAIN_M4_SOURCES) >$@.new
	$(V_AT)chmod +x $@.new && mv $@.new $@

clean:; rm -f $(TARGETS) *.new $(CLEANFILES)
.PHONY: clean

###--------------------------------------------------------------------------
### Installation.

## The local machine doesn't want the complicated SSH stuff.
THISHOST		 = $(shell hostname)
OTHERHOSTS		 = $(filter-out $(THISHOST), $(HOSTS))

## Testing.
check: $(THISHOST).sh
	$(ROOT) ./$(THISHOST).sh test

## Installation on a local host,
install/$(THISHOST): $(THISHOST).sh
	[ "x$(SCRIPTS)" = x ] || $(ROOT) install -m755 $(SCRIPTS) $(sbindir)
	$(ROOT) ./$(THISHOST).sh replace </dev/tty

## Installation on a remote host.
$(addprefix install/, $(OTHERHOSTS)): install/%: %.sh
	if [ "x$(SCRIPTS)" != x ]; then \
	  for i in $(SCRIPTS); do \
	    $(ROOT) scp $$i root@$*:$(sbindir)/$$i.new && \
	    $(ROOT) ssh root@$* \
		'cd $(sbindir) && chmod 755 $$i.new && mv $$i.new $i' || \
	    exit 1; \
	  done; \
	fi
	$(ROOT) scp $*.sh root@$*:$(FIREWALL).new
	$(ROOT) ssh root@$* $(FIREWALL).new remote-prepare
	$(ROOT) ssh root@$* $(FIREWALL).new remote-commit
	$(ROOT) ssh root@$* rm -f $(FIREWALL).new

## General installation target.
install: all $(addprefix install/,$(HOSTS))
.PHONY: install $(addprefix install/,$(HOSTS))

###----- That's all, folks --------------------------------------------------
Commit	Line	Data
21a8d6ed MW	1	### --makefile--
21a8d6ed MW	2	###
bfdc045d	3	### Makefile for firewall scripts
21a8d6ed MW	4	###
	5	### (c) 2008 Mark Wooding
	6	###
bfdc045d	7
21a8d6ed MW	8	###----- Licensing notice ---------------------------------------------------
	9	###
	10	### This program is free software; you can redistribute it and/or modify
	11	### it under the terms of the GNU General Public License as published by
	12	### the Free Software Foundation; either version 2 of the License, or
	13	### (at your option) any later version.
	14	###
	15	### This program is distributed in the hope that it will be useful,
	16	### but WITHOUT ANY WARRANTY; without even the implied warranty of
	17	### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	18	### GNU General Public License for more details.
	19	###
	20	### You should have received a copy of the GNU General Public License
	21	### along with this program; if not, write to the Free Software Foundation,
	22	### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	23	### Makefile for firewall scripts
	24
	25	###--------------------------------------------------------------------------
	26	### Preamble.
	27
	28	## Extend these variables in `local.mk' to match your site.
bfdc045d MW	29	MAIN_M4_SOURCES =
	30	HOSTS =
	31
d8eafff6 MW	32	## Where to install the scripts.
	33	FIREWALL = /etc/init.d/firewall
	34
	35	## How to achieve root privileges.
	36	ROOT = sudo
	37
	38	## Throw additional scripts in here to have them installed.
83610d8a	39	SCRIPTS =
d8eafff6	40	sbindir = /usr/local/sbin
83610d8a	41
d8eafff6 MW	42	## Establish the default target early, so that targets in `local.mk' don't
d8eafff6 MW	43	## override it.
0850e508 MW	44	default: all
	45	.PHONY: default
	46
bfdc045d	47	###--------------------------------------------------------------------------
5a4a2cde MW	48	### Clever silent-rules stuff.
	49
	50	## Verbosity switch.
	51	V = 0
	52
	53	## Suppressing command output.
	54	V_AT = $(V_AT_$V)
	55	V_AT_0 = @
	56	V_AT_1 =
	57
	58	## Replacing them with messages.
	59	v_echo = $(call v_echo_$V,$1)
	60	v_echo_0 = @printf " %-6s %s\n" "$1" "$@";
	61	v_echo_1 =
	62
	63	## Hacking.
	64	empty =
	65	space = $(empty) $(empty)
	66
	67	## Specific commands.
	68	V_M4 = $(call v_echo,M4)m4 -P$(space)
	69	V_GEN = $(call v_echo,GEN)
	70
	71	###--------------------------------------------------------------------------
bfdc045d MW	72	### Local configuration.
bfdc045d MW	73
21a8d6ed MW	74	## Should set up HOSTS and add stuff to MAIN_M4_SOURCES if necessary. Feel
21a8d6ed MW	75	## free to define additional targets here.
bfdc045d MW	76	include local.mk
	77
	78	###--------------------------------------------------------------------------
	79	### Configuration.
	80
	81	## The main m4 inputs which construct the firewall. These are read in last
	82	## to allow local configuration to change their environments.
	83	MAIN_M4_SOURCES += config.m4
	84	MAIN_M4_SOURCES += prologue.m4
	85	MAIN_M4_SOURCES += functions.m4
	86	MAIN_M4_SOURCES += numbers.m4
	87	MAIN_M4_SOURCES += bookends.m4
	88	MAIN_M4_SOURCES += classify.m4
	89	MAIN_M4_SOURCES += icmp.m4
	90
	91	## All of our m4 inputs. The base gets read first to set things up.
	92	M4_SOURCES = base.m4
	93	M4_SOURCES += $(MAIN_M4_SOURCES)
	94
	95	###--------------------------------------------------------------------------
	96	### Hosts.
	97
	98	TARGETS = $(addsuffix .sh,$(HOSTS))
	99
	100	###--------------------------------------------------------------------------
d8eafff6 MW	101	### Prologue testing.
	102
	103	TARGETS += dummy.sh
	104	dummy.sh: base.m4 prologue.m4 dummy-payload.m4
961148a5 MW	105	$(V_M4)-DFWHOST=testing $^ >$@.new
961148a5 MW	106	$(V_AT)chmod +x $@.new && mv $@.new $@
d8eafff6 MW	107
	108	TARGETS += dummy-inst.sh
	109	dummy-inst.sh: dummy.sh
	110	$(V_GEN)sed '/dummy_action=/s/lose/win/' $< >$@.new
	111	$(V_AT)chmod +x $@.new && mv $@.new $@
	112
	113	###--------------------------------------------------------------------------
3ec0574c MW	114	### Other utilities.
	115
	116	## A list of diversions in ascending numerical order.
	117	CLEANFILES += divs
	118	divs: $(M4_SOURCES) $(addsuffix .m4,$(HOSTS))
	119	$(V_GEN)grep -n m4_divert $^ \| \
	120	grep -v 'm4_divert(-1)' \| \
	121	sort -t\( -k2n >$@
	122
	123	###--------------------------------------------------------------------------
bfdc045d MW	124	### Building.
	125
	126	all: $(TARGETS)
0850e508	127	.PHONY: all
bfdc045d MW	128
bfdc045d MW	129	%.sh: %.m4 $(M4_SOURCES)
961148a5	130	$(V_M4)-DFWHOST=$* base.m4 $*.m4 $(MAIN_M4_SOURCES) >$@.new
5a4a2cde	131	$(V_AT)chmod +x $@.new && mv $@.new $@
bfdc045d	132
3ec0574c	133	clean:; rm -f $(TARGETS) *.new $(CLEANFILES)
0850e508	134	.PHONY: clean
bfdc045d	135
d8eafff6 MW	136	###--------------------------------------------------------------------------
	137	### Installation.
	138
	139	## The local machine doesn't want the complicated SSH stuff.
	140	THISHOST = $(shell hostname)
1a5559af	141	OTHERHOSTS = $(filter-out $(THISHOST), $(HOSTS))
d8eafff6 MW	142
	143	## Testing.
	144	check: $(THISHOST).sh
	145	$(ROOT) ./$(THISHOST).sh test
	146
	147	## Installation on a local host,
	148	install/$(THISHOST): $(THISHOST).sh
	149	[ "x$(SCRIPTS)" = x ] \|\| $(ROOT) install -m755 $(SCRIPTS) $(sbindir)
59e0c21b	150	$(ROOT) ./$(THISHOST).sh replace </dev/tty
d8eafff6 MW	151
d8eafff6 MW	152	## Installation on a remote host.
1a5559af	153	$(addprefix install/, $(OTHERHOSTS)): install/%: %.sh
d8eafff6 MW	154	if [ "x$(SCRIPTS)" != x ]; then \
	155	for i in $(SCRIPTS); do \
	156	$(ROOT) scp $$i root@$*:$(sbindir)/$$i.new && \
	157	$(ROOT) ssh root@$* \
	158	'cd $(sbindir) && chmod 755 $$i.new && mv $$i.new $i' \|\| \
	159	exit 1; \
	160	done; \
	161	fi
	162	$(ROOT) scp $.sh root@$:$(FIREWALL).new
1a5559af MW	163	$(ROOT) ssh root@$* $(FIREWALL).new remote-prepare
1a5559af MW	164	$(ROOT) ssh root@$* $(FIREWALL).new remote-commit
d8eafff6 MW	165	$(ROOT) ssh root@$* rm -f $(FIREWALL).new
	166
	167	## General installation target.
243e9e1b	168	install: all $(addprefix install/,$(HOSTS))
1a5559af	169	.PHONY: install $(addprefix install/,$(HOSTS))
d8eafff6	170
bfdc045d	171	###----- That's all, folks --------------------------------------------------