### -*-makefile-*-
###
### Makefile for firewall scripts
###
### (c) 2008 Mark Wooding
###

###----- Licensing notice ---------------------------------------------------
###
### This program is free software; you can redistribute it and/or modify
### it under the terms of the GNU General Public License as published by
### the Free Software Foundation; either version 2 of the License, or
### (at your option) any later version.
###
### This program is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
### GNU General Public License for more details.
###
### You should have received a copy of the GNU General Public License
### along with this program; if not, write to the Free Software Foundation,
### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
### Makefile for firewall scripts

###--------------------------------------------------------------------------
### Preamble.

## Extend these variables in `local.mk' to match your site.
MAIN_M4_SOURCES		 =
HOSTS			 =

## Where to install the scripts.
FIREWALL		 = /etc/init.d/firewall

## How to achieve root privileges.
ROOT			 = sudo

## Throw additional scripts in here to have them installed.
SCRIPTS			 =
sbindir			 = /usr/local/sbin

## Establish the default target early, so that targets in `local.mk' don't
## override it.
default: all
.PHONY: default

###--------------------------------------------------------------------------
### Clever silent-rules stuff.

## Verbosity switch.
V			 = 0

## Suppressing command output.
V_AT			 = $(V_AT_$V)
V_AT_0			 = @
V_AT_1			 =

## Replacing them with messages.
v_echo			 = $(call v_echo_$V,$1)
v_echo_0		 = @printf "  %-6s %s\n" "$1" "$@";
v_echo_1		 =

## Hacking.
empty			 =
space			 = $(empty) $(empty)

## Specific commands.
V_M4			 = $(call v_echo,M4)m4 -P$(space)
V_GEN			 = $(call v_echo,GEN)

###--------------------------------------------------------------------------
### Local configuration.

## Should set up HOSTS and add stuff to MAIN_M4_SOURCES if necessary.  Feel
## free to define additional targets here.
include	local.mk

###--------------------------------------------------------------------------
### Configuration.

## The main m4 inputs which construct the firewall.  These are read in last
## to allow local configuration to change their environments.
MAIN_M4_SOURCES		+= config.m4
MAIN_M4_SOURCES		+= prologue.m4
MAIN_M4_SOURCES		+= functions.m4
MAIN_M4_SOURCES		+= numbers.m4
MAIN_M4_SOURCES		+= bookends.m4
MAIN_M4_SOURCES		+= classify.m4
MAIN_M4_SOURCES		+= icmp.m4

## All of our m4 inputs.  The base gets read first to set things up.
M4_SOURCES		 = base.m4
M4_SOURCES		+= $(MAIN_M4_SOURCES)

###--------------------------------------------------------------------------
### Hosts.

TARGETS			 = $(addsuffix .sh,$(HOSTS))

###--------------------------------------------------------------------------
### Prologue testing.

TARGETS			+= dummy.sh
dummy.sh: base.m4 prologue.m4 dummy-payload.m4
	$(V_M4)-DFWHOST=testing $^ >$@.new
	$(V_AT)chmod +x $@.new && mv $@.new $@

TARGETS			+= dummy-inst.sh
dummy-inst.sh: dummy.sh
	$(V_GEN)sed '/dummy_action=/s/lose/win/' $< >$@.new
	$(V_AT)chmod +x $@.new && mv $@.new $@

###--------------------------------------------------------------------------
### Other utilities.

## A list of diversions in ascending numerical order.
CLEANFILES		+= divs
divs: $(M4_SOURCES) $(addsuffix .m4,$(HOSTS))
	$(V_GEN)grep -n m4_divert $^ | \
		grep -v 'm4_divert(-1)' | \
		sort -t\( -k2n >$@

###--------------------------------------------------------------------------
### Building.

all: $(TARGETS)
.PHONY: all

%.sh: %.m4 $(M4_SOURCES)
	$(V_M4)-DFWHOST=$* base.m4 $*.m4 $(MAIN_M4_SOURCES) >$@.new
	$(V_AT)chmod +x $@.new && mv $@.new $@

clean:; rm -f $(TARGETS) *.new $(CLEANFILES)
.PHONY: clean

###--------------------------------------------------------------------------
### Installation.

## The local machine doesn't want the complicated SSH stuff.
THISHOST		 = $(shell hostname)
OTHERHOSTS		 = $(filter-out $(THISHOST), $(HOSTS))

## Testing.
check: $(THISHOST).sh
	$(ROOT) ./$(THISHOST).sh test

## Installation on a local host,
install/$(THISHOST): $(THISHOST).sh
	[ "x$(SCRIPTS)" = x ] || $(ROOT) install -m755 $(SCRIPTS) $(sbindir)
	$(ROOT) ./$(THISHOST).sh replace </dev/tty

## Installation on a remote host.
$(addprefix install/, $(OTHERHOSTS)): install/%: %.sh
	if [ "x$(SCRIPTS)" != x ]; then \
	  for i in $(SCRIPTS); do \
	    $(ROOT) scp $$i root@$*:$(sbindir)/$$i.new && \
	    $(ROOT) ssh root@$* \
		'cd $(sbindir) && chmod 755 $$i.new && mv $$i.new $i' || \
	    exit 1; \
	  done; \
	fi
	$(ROOT) scp $*.sh root@$*:$(FIREWALL).new
	$(ROOT) ssh root@$* $(FIREWALL).new remote-prepare
	$(ROOT) ssh root@$* $(FIREWALL).new remote-commit
	$(ROOT) ssh root@$* rm -f $(FIREWALL).new

## General installation target.
install: all $(addprefix install/,$(HOSTS))
.PHONY: install $(addprefix install/,$(HOSTS))

###----- That's all, folks --------------------------------------------------