Commit | Line | Data |
---|---|---|
21a8d6ed MW |
1 | ### -*-makefile-*- |
2 | ### | |
bfdc045d | 3 | ### Makefile for firewall scripts |
21a8d6ed MW |
4 | ### |
5 | ### (c) 2008 Mark Wooding | |
6 | ### | |
bfdc045d | 7 | |
21a8d6ed MW |
8 | ###----- Licensing notice --------------------------------------------------- |
9 | ### | |
10 | ### This program is free software; you can redistribute it and/or modify | |
11 | ### it under the terms of the GNU General Public License as published by | |
12 | ### the Free Software Foundation; either version 2 of the License, or | |
13 | ### (at your option) any later version. | |
14 | ### | |
15 | ### This program is distributed in the hope that it will be useful, | |
16 | ### but WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
18 | ### GNU General Public License for more details. | |
19 | ### | |
20 | ### You should have received a copy of the GNU General Public License | |
21 | ### along with this program; if not, write to the Free Software Foundation, | |
22 | ### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
23 | ### Makefile for firewall scripts | |
24 | ||
25 | ###-------------------------------------------------------------------------- | |
26 | ### Preamble. | |
27 | ||
28 | ## Extend these variables in `local.mk' to match your site. | |
bfdc045d MW |
29 | MAIN_M4_SOURCES = |
30 | HOSTS = | |
31 | ||
d8eafff6 MW |
32 | ## Where to install the scripts. |
33 | FIREWALL = /etc/init.d/firewall | |
34 | ||
35 | ## How to achieve root privileges. | |
36 | ROOT = sudo | |
37 | ||
38 | ## Throw additional scripts in here to have them installed. | |
83610d8a | 39 | SCRIPTS = |
d8eafff6 | 40 | sbindir = /usr/local/sbin |
83610d8a | 41 | |
d8eafff6 MW |
42 | ## Establish the default target early, so that targets in `local.mk' don't |
43 | ## override it. | |
0850e508 MW |
44 | default: all |
45 | .PHONY: default | |
46 | ||
bfdc045d | 47 | ###-------------------------------------------------------------------------- |
5a4a2cde MW |
48 | ### Clever silent-rules stuff. |
49 | ||
50 | ## Verbosity switch. | |
51 | V = 0 | |
52 | ||
53 | ## Suppressing command output. | |
54 | V_AT = $(V_AT_$V) | |
55 | V_AT_0 = @ | |
56 | V_AT_1 = | |
57 | ||
58 | ## Replacing them with messages. | |
59 | v_echo = $(call v_echo_$V,$1) | |
60 | v_echo_0 = @printf " %-6s %s\n" "$1" "$@"; | |
61 | v_echo_1 = | |
62 | ||
63 | ## Hacking. | |
64 | empty = | |
65 | space = $(empty) $(empty) | |
66 | ||
67 | ## Specific commands. | |
68 | V_M4 = $(call v_echo,M4)m4 -P$(space) | |
69 | V_GEN = $(call v_echo,GEN) | |
70 | ||
71 | ###-------------------------------------------------------------------------- | |
bfdc045d MW |
72 | ### Local configuration. |
73 | ||
21a8d6ed MW |
74 | ## Should set up HOSTS and add stuff to MAIN_M4_SOURCES if necessary. Feel |
75 | ## free to define additional targets here. | |
bfdc045d MW |
76 | include local.mk |
77 | ||
78 | ###-------------------------------------------------------------------------- | |
79 | ### Configuration. | |
80 | ||
81 | ## The main m4 inputs which construct the firewall. These are read in last | |
82 | ## to allow local configuration to change their environments. | |
83 | MAIN_M4_SOURCES += config.m4 | |
84 | MAIN_M4_SOURCES += prologue.m4 | |
85 | MAIN_M4_SOURCES += functions.m4 | |
86 | MAIN_M4_SOURCES += numbers.m4 | |
87 | MAIN_M4_SOURCES += bookends.m4 | |
88 | MAIN_M4_SOURCES += classify.m4 | |
89 | MAIN_M4_SOURCES += icmp.m4 | |
90 | ||
91 | ## All of our m4 inputs. The base gets read first to set things up. | |
92 | M4_SOURCES = base.m4 | |
93 | M4_SOURCES += $(MAIN_M4_SOURCES) | |
94 | ||
95 | ###-------------------------------------------------------------------------- | |
96 | ### Hosts. | |
97 | ||
98 | TARGETS = $(addsuffix .sh,$(HOSTS)) | |
99 | ||
100 | ###-------------------------------------------------------------------------- | |
d8eafff6 MW |
101 | ### Prologue testing. |
102 | ||
103 | TARGETS += dummy.sh | |
104 | dummy.sh: base.m4 prologue.m4 dummy-payload.m4 | |
961148a5 MW |
105 | $(V_M4)-DFWHOST=testing $^ >$@.new |
106 | $(V_AT)chmod +x $@.new && mv $@.new $@ | |
d8eafff6 MW |
107 | |
108 | TARGETS += dummy-inst.sh | |
109 | dummy-inst.sh: dummy.sh | |
110 | $(V_GEN)sed '/dummy_action=/s/lose/win/' $< >$@.new | |
111 | $(V_AT)chmod +x $@.new && mv $@.new $@ | |
112 | ||
113 | ###-------------------------------------------------------------------------- | |
3ec0574c MW |
114 | ### Other utilities. |
115 | ||
116 | ## A list of diversions in ascending numerical order. | |
117 | CLEANFILES += divs | |
118 | divs: $(M4_SOURCES) $(addsuffix .m4,$(HOSTS)) | |
119 | $(V_GEN)grep -n m4_divert $^ | \ | |
120 | grep -v 'm4_divert(-1)' | \ | |
121 | sort -t\( -k2n >$@ | |
122 | ||
123 | ###-------------------------------------------------------------------------- | |
bfdc045d MW |
124 | ### Building. |
125 | ||
126 | all: $(TARGETS) | |
0850e508 | 127 | .PHONY: all |
bfdc045d MW |
128 | |
129 | %.sh: %.m4 $(M4_SOURCES) | |
961148a5 | 130 | $(V_M4)-DFWHOST=$* base.m4 $*.m4 $(MAIN_M4_SOURCES) >$@.new |
5a4a2cde | 131 | $(V_AT)chmod +x $@.new && mv $@.new $@ |
bfdc045d | 132 | |
3ec0574c | 133 | clean:; rm -f $(TARGETS) *.new $(CLEANFILES) |
0850e508 | 134 | .PHONY: clean |
bfdc045d | 135 | |
d8eafff6 MW |
136 | ###-------------------------------------------------------------------------- |
137 | ### Installation. | |
138 | ||
139 | ## The local machine doesn't want the complicated SSH stuff. | |
140 | THISHOST = $(shell hostname) | |
1a5559af | 141 | OTHERHOSTS = $(filter-out $(THISHOST), $(HOSTS)) |
d8eafff6 MW |
142 | |
143 | ## Testing. | |
144 | check: $(THISHOST).sh | |
145 | $(ROOT) ./$(THISHOST).sh test | |
146 | ||
147 | ## Installation on a local host, | |
148 | install/$(THISHOST): $(THISHOST).sh | |
149 | [ "x$(SCRIPTS)" = x ] || $(ROOT) install -m755 $(SCRIPTS) $(sbindir) | |
150 | $(ROOT) ./$(THISHOST).sh replace | |
151 | ||
152 | ## Installation on a remote host. | |
1a5559af | 153 | $(addprefix install/, $(OTHERHOSTS)): install/%: %.sh |
d8eafff6 MW |
154 | if [ "x$(SCRIPTS)" != x ]; then \ |
155 | for i in $(SCRIPTS); do \ | |
156 | $(ROOT) scp $$i root@$*:$(sbindir)/$$i.new && \ | |
157 | $(ROOT) ssh root@$* \ | |
158 | 'cd $(sbindir) && chmod 755 $$i.new && mv $$i.new $i' || \ | |
159 | exit 1; \ | |
160 | done; \ | |
161 | fi | |
162 | $(ROOT) scp $*.sh root@$*:$(FIREWALL).new | |
1a5559af MW |
163 | $(ROOT) ssh root@$* $(FIREWALL).new remote-prepare |
164 | $(ROOT) ssh root@$* $(FIREWALL).new remote-commit | |
d8eafff6 MW |
165 | $(ROOT) ssh root@$* rm -f $(FIREWALL).new |
166 | ||
167 | ## General installation target. | |
243e9e1b | 168 | install: all $(addprefix install/,$(HOSTS)) |
1a5559af | 169 | .PHONY: install $(addprefix install/,$(HOSTS)) |
d8eafff6 | 170 | |
bfdc045d | 171 | ###----- That's all, folks -------------------------------------------------- |