| 1 | # Makefile for secnet |
| 2 | # |
| 3 | # This file is part of secnet. |
| 4 | # See README for full list of copyright holders. |
| 5 | # |
| 6 | # secnet is free software; you can redistribute it and/or modify it |
| 7 | # under the terms of the GNU General Public License as published by |
| 8 | # the Free Software Foundation; either version 3 of the License, or |
| 9 | # (at your option) any later version. |
| 10 | # |
| 11 | # secnet is distributed in the hope that it will be useful, but |
| 12 | # WITHOUT ANY WARRANTY; without even the implied warranty of |
| 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 14 | # General Public License for more details. |
| 15 | # |
| 16 | # You should have received a copy of the GNU General Public License |
| 17 | # version 3 along with secnet; if not, see |
| 18 | # https://www.gnu.org/licenses/gpl.html. |
| 19 | |
| 20 | .PHONY: all clean realclean distclean dist install |
| 21 | |
| 22 | PACKAGE:=secnet |
| 23 | VERSION=0.4.5 |
| 24 | |
| 25 | @SET_MAKE@ |
| 26 | |
| 27 | srcdir:=@srcdir@ |
| 28 | VPATH:=@srcdir@ |
| 29 | |
| 30 | SHELL:=/bin/sh |
| 31 | RM:=@RM@ |
| 32 | CC:=@CC@ |
| 33 | INSTALL:=@INSTALL@ |
| 34 | INSTALL_PROGRAM:=@INSTALL_PROGRAM@ |
| 35 | INSTALL_SCRIPT:=@INSTALL_SCRIPT@ |
| 36 | INSTALL_DATA:=@INSTALL_DATA@ |
| 37 | |
| 38 | prefix:=$(DESTDIR)@prefix@ |
| 39 | exec_prefix:=@exec_prefix@ |
| 40 | sbindir:=@sbindir@ |
| 41 | sysconfdir:=$(DESTDIR)@sysconfdir@ |
| 42 | datarootdir:=@datarootdir@ |
| 43 | transform:=@program_transform_name@ |
| 44 | mandir:=@mandir@ |
| 45 | |
| 46 | CFLAGS:=-Wall @WRITESTRINGS@ @CFLAGS@ -Werror \ |
| 47 | -W -Wno-unused -Wno-unused-parameter \ |
| 48 | -Wno-pointer-sign -Wstrict-prototypes -Wmissing-prototypes \ |
| 49 | -Wmissing-declarations -Wnested-externs -Wredundant-decls \ |
| 50 | -Wpointer-arith -Wformat=2 -Winit-self \ |
| 51 | -Wswitch-enum -Wunused-variable -Wunused-function -Wbad-function-cast \ |
| 52 | -Wno-strict-aliasing -fno-strict-aliasing \ |
| 53 | -MMD |
| 54 | ALL_CFLAGS:=@DEFS@ -I$(srcdir) -I. $(CFLAGS) $(EXTRA_CFLAGS) |
| 55 | CPPFLAGS:=@CPPFLAGS@ -DDATAROOTDIR='"$(datarootdir)"' $(EXTRA_CPPFLAGS) |
| 56 | LDFLAGS:=@LDFLAGS@ $(EXTRA_LDFLAGS) |
| 57 | LDLIBS:=@LIBS@ $(EXTRA_LDLIBS) |
| 58 | |
| 59 | TARGETS:=secnet |
| 60 | |
| 61 | OBJECTS:=secnet.o util.o conffile.yy.o conffile.tab.o conffile.o modules.o \ |
| 62 | resolver.o random.o udp.o site.o transform-cbcmac.o transform-eax.o \ |
| 63 | comm-common.o polypath.o \ |
| 64 | netlink.o rsa.o dh.o xdh.o serpent.o serpentbe.o \ |
| 65 | scaf.o f25519.o x25519.o ed25519.o fgoldi.o x448.o \ |
| 66 | md5.o sha512.o tun.o slip.o sha1.o ipaddr.o log.o \ |
| 67 | process.o @LIBOBJS@ \ |
| 68 | hackypar.o |
| 69 | # version.o is handled specially below and in the link rule for secnet. |
| 70 | |
| 71 | TEST_OBJECTS:=eax-aes-test.o eax-serpent-test.o eax-serpentbe-test.o \ |
| 72 | eax-test.o aes.o x25519-test.o x448-test.o |
| 73 | |
| 74 | ifeq (version.o,$(MAKECMDGOALS)) |
| 75 | OBJECTS:=version.o |
| 76 | TEST_OBJECTS:= |
| 77 | endif |
| 78 | |
| 79 | STALE_PYTHON_FILES= $(foreach e, py pyc, \ |
| 80 | $(foreach p, /usr /usr/local, \ |
| 81 | $(foreach l, ipaddr, \ |
| 82 | $(DESTDIR)$p/share/secnet/$l.$e \ |
| 83 | ))) |
| 84 | |
| 85 | %.c: %.y |
| 86 | |
| 87 | %.yy.c: %.fl |
| 88 | flex --header=$*.yy.h -o$@ $< |
| 89 | |
| 90 | %.tab.c %.tab.h: %.y |
| 91 | bison -d -o $@ $< |
| 92 | |
| 93 | %.o: %.c conffile.yy.h |
| 94 | $(CC) $(CPPFLAGS) $(ALL_CFLAGS) -c $< -o $@ |
| 95 | |
| 96 | all: $(TARGETS) check |
| 97 | |
| 98 | # Automatic remaking of configuration files, from autoconf documentation |
| 99 | ${srcdir}/configure: configure.in |
| 100 | cd ${srcdir} && autoconf |
| 101 | |
| 102 | # autoheader might not change config.h.in, so touch a stamp file. |
| 103 | ${srcdir}/config.h.in: stamp-h.in |
| 104 | ${srcdir}/stamp-h.in: configure.in |
| 105 | cd ${srcdir} && autoheader |
| 106 | echo timestamp > ${srcdir}/stamp-h.in |
| 107 | |
| 108 | config.h: stamp-h |
| 109 | stamp-h: config.h.in config.status |
| 110 | ./config.status |
| 111 | |
| 112 | Makefile: Makefile.in config.status |
| 113 | ./config.status |
| 114 | |
| 115 | config.status: configure |
| 116 | ./config.status --recheck |
| 117 | # End of config file remaking rules |
| 118 | |
| 119 | # C and header file dependency rules |
| 120 | SOURCES:=$(OBJECTS:.o=.c) $(TEST_OBJECTS:.o=.c) |
| 121 | DEPENDS:=$(OBJECTS:.o=.d) $(TEST_OBJECTS:.o=.d) |
| 122 | |
| 123 | -include *.d |
| 124 | |
| 125 | # Manual dependencies section |
| 126 | conffile.yy.c: conffile.fl conffile.tab.c |
| 127 | conffile.yy.h: conffile.yy.c |
| 128 | conffile.tab.c: conffile.y |
| 129 | # End of manual dependencies section |
| 130 | |
| 131 | conffile.yy.o: ALL_CFLAGS += -Wno-sign-compare |
| 132 | |
| 133 | secnet: $(OBJECTS) |
| 134 | $(MAKE) version.o # *.o $(filter-out %.o, $^) |
| 135 | $(CC) $(LDFLAGS) $(ALL_CFLAGS) -o $@ $(OBJECTS) version.o $(LDLIBS) |
| 136 | # We (always) regenerate the version, but only if we regenerate the |
| 137 | # binary. (This is necessary as the version string is can depend on |
| 138 | # any of the source files, eg to see whether "+" is needed.) |
| 139 | |
| 140 | ifneq (,$(wildcard .git/HEAD)) |
| 141 | # If we have (eg) committed, relink and thus regenerate the version |
| 142 | # with the new info from git describe. |
| 143 | secnet: Makefile .git/HEAD $(shell sed -n 's#^ref: #.git/#p' .git/HEAD) |
| 144 | secnet: $(wildcard .git/packed-refs) |
| 145 | endif |
| 146 | |
| 147 | check: eax-aes-test.confirm eax-serpent-test.confirm \ |
| 148 | eax-serpentbe-test.confirm check-ipaddrset \ |
| 149 | msgcode-test.confirm \ |
| 150 | f25519-test.confirm x25519-test.confirm ed25519-test.confirm \ |
| 151 | fgoldi-test.confirm x448-test.confirm |
| 152 | |
| 153 | version.c: Makefile |
| 154 | echo "#include \"secnet.h\"" >$@.new |
| 155 | @set -ex; if test -e .git && type -p git >/dev/null; then \ |
| 156 | v=$$(git describe --match 'v*'); v=$${v#v}; \ |
| 157 | if ! git diff --quiet HEAD; then v="$$v+"; fi; \ |
| 158 | else \ |
| 159 | v="$(VERSION)"; \ |
| 160 | fi; \ |
| 161 | echo "char version[]=\"secnet $$v\";" >>$@.new |
| 162 | mv -f $@.new $@ |
| 163 | |
| 164 | eax-%-test: eax-%-test.o eax-test.o %.o |
| 165 | $(CC) $(LDFLAGS) $(ALL_CFLAGS) -o $@ $^ |
| 166 | |
| 167 | eax-%-test.confirm: eax-%-test eax-%-test.vectors |
| 168 | ./$< <$(srcdir)/eax-$*-test.vectors >$@.new |
| 169 | mv -f $@.new $@ |
| 170 | |
| 171 | msgcode-test: msgcode-test.o |
| 172 | $(CC) $(LDFLAGS) $(ALL_CFLAGS) -o $@ $^ |
| 173 | |
| 174 | msgcode-test.confirm: msgcode-test |
| 175 | ./msgcode-test |
| 176 | touch $@ |
| 177 | |
| 178 | XDH_FUNCS = x25519 x448 |
| 179 | x25519_FIELD = f25519 |
| 180 | x448_FIELD = fgoldi |
| 181 | XDH_FIELDS = $(foreach f,$(XDH_FUNCS),$($f_FIELD)) |
| 182 | |
| 183 | $(addsuffix -test, $(XDH_FIELDS)): %-test: %-test.o %.o crypto-test.o |
| 184 | $(CC) $(LDFLAGS) $(ALL_CFLAGS) -o $@ $^ |
| 185 | |
| 186 | $(addsuffix -test.o, $(XDH_FIELDS)): %-test.o: ec-field-test.c |
| 187 | $(CC) $(CPPFLAGS) $(ALL_CFLAGS) -c \ |
| 188 | -DFIELD=$* $< -o $@ |
| 189 | |
| 190 | $(addsuffix -test, $(XDH_FUNCS)): %-test: %-test.o %.o crypto-test.o |
| 191 | $(CC) $(LDFLAGS) $(ALL_CFLAGS) -o $@ $^ |
| 192 | x25519-test: f25519.o |
| 193 | x448-test: fgoldi.o |
| 194 | |
| 195 | $(addsuffix -test.o, $(XDH_FUNCS)): %-test.o: xdh-test.c |
| 196 | $(CC) $(CPPFLAGS) $(ALL_CFLAGS) -c \ |
| 197 | -DXDH=$* -DFIELD=$($*_FIELD) \ |
| 198 | $< -o $@ |
| 199 | |
| 200 | $(addsuffix -test.confirm, $(XDH_FUNCS) $(XDH_FIELDS)): \ |
| 201 | %-test.confirm: %-test %-tests.in |
| 202 | ./$*-test <$(srcdir)/$*-tests.in |
| 203 | touch $@ |
| 204 | |
| 205 | ed25519-test: ed25519-test.o sha512.o f25519.o scaf.o ed25519.o crypto-test.o |
| 206 | $(CC) $(LDFLAGS) $(ALL_CFLAGS) -o $@ $^ |
| 207 | |
| 208 | ed25519-test.confirm: ed25519-test ed25519-tests.in |
| 209 | ./ed25519-test <$(srcdir)/ed25519-tests.in |
| 210 | touch $@ |
| 211 | |
| 212 | check-ipaddrset: ipaddrset-test.py ipaddrset.py ipaddrset-test.expected |
| 213 | $(srcdir)/ipaddrset-test.py >ipaddrset-test.new |
| 214 | diff -u $(srcdir)/ipaddrset-test.expected ipaddrset-test.new |
| 215 | |
| 216 | .PRECIOUS: eax-%-test |
| 217 | |
| 218 | installdirs: |
| 219 | $(INSTALL) -d $(prefix)/share/secnet $(sbindir) |
| 220 | $(INSTALL) -d $(mandir)/man8 |
| 221 | $(INSTALL) -d $(datarootdir)/secnet |
| 222 | |
| 223 | install: installdirs |
| 224 | set -e; ok=true; for f in $(STALE_PYTHON_FILES); do \ |
| 225 | if test -e $$f; then \ |
| 226 | echo >&2 "ERROR: $$f still exists "\ |
| 227 | "- try \`make install-force'"; \ |
| 228 | ok=false; \ |
| 229 | fi; \ |
| 230 | done; \ |
| 231 | $$ok |
| 232 | $(INSTALL_PROGRAM) secnet $(sbindir)/`echo secnet|sed '$(transform)'` |
| 233 | $(INSTALL_PROGRAM) ${srcdir}/make-secnet-sites $(sbindir)/`echo make-secnet-sites|sed '$(transform)'` |
| 234 | $(INSTALL_DATA) ${srcdir}/ipaddrset.py $(prefix)/share/secnet/ipaddrset.py |
| 235 | $(INSTALL_SCRIPT) ${srcdir}/polypath-interface-monitor-linux \ |
| 236 | $(datarootdir)/secnet/. |
| 237 | $(INSTALL_DATA) ${srcdir}/secnet.8 $(mandir)/man8/secnet.8 |
| 238 | |
| 239 | install-force: |
| 240 | rm -f $(STALE_PYTHON_FILES) |
| 241 | $(MAKE) install |
| 242 | |
| 243 | clean: |
| 244 | $(RM) -f *.o *.yy.[ch] *.tab.[ch] $(TARGETS) core version.c |
| 245 | $(RM) -f *.d *.pyc *~ eax-*-test.confirm eax-*-test |
| 246 | $(RM) -f msgcode-test.confirm msgcode-test |
| 247 | $(RM) -f $(addsuffix -test, $(XDH_FUNCS)) |
| 248 | $(RM) -f $(addsuffix -test.confirm, $(XDH_FUNCS)) |
| 249 | |
| 250 | realclean: clean |
| 251 | $(RM) -f *~ Makefile config.h *.d \ |
| 252 | config.log config.status config.cache \ |
| 253 | stamp-h Makefile.bak |
| 254 | |
| 255 | distclean: realclean |
| 256 | |
| 257 | # Release checklist: |
| 258 | # |
| 259 | # 0. Use this checklist from Makefile.in |
| 260 | # |
| 261 | # 1. Check that the tree has what you want |
| 262 | # |
| 263 | # 2. Update changelog: |
| 264 | # gbp dch --since=<PREVIOUS VERSION> |
| 265 | # and then edit debian/changelog. |
| 266 | # |
| 267 | # 3. Update VERSION (in this file, above) and |
| 268 | # finalise debian/changelog (removing ~ from version) and commit. |
| 269 | # |
| 270 | # 4. Build source and binaries: |
| 271 | # dgit -wgf sbuild -A -c stretch |
| 272 | # |
| 273 | # 5. dpkg -i on zealot just to check |
| 274 | # dpkg -i ~ian/things/Fvpn/bpd/secnet_${VERSION}_amd64.deb |
| 275 | # |
| 276 | # 6. run it on chiark |
| 277 | # check we can still ping davenant and chiark |
| 278 | # |
| 279 | # 7. Make git tag and source tarball signature: |
| 280 | # git-tag -u general -m "secnet $VERSION" -s v${VERSION//\~/_} |
| 281 | # gpg -u general --detach-sign ../bpd/secnet_$VERSION.tar.gz |
| 282 | # |
| 283 | # 8. Publish the branch and distriubtion files: |
| 284 | # git-push origin v${VERSION//\~/_} v${VERSION//\~/_}~0:master |
| 285 | # dcmd rsync -v ../bpd/secnet_${VERSION}_multi.changes chiark:/home/ianmdlvl/public-html/secnet/download/ |
| 286 | # |
| 287 | # 9. Sort out html. On chiark as user secnet: |
| 288 | # cd ~secnet/public-html/release/ |
| 289 | # mkdir $VERSION |
| 290 | # cd $VERSION |
| 291 | # ln -s /home/ianmdlvl/public-html/secnet/download/secnet?$VERSION* . |
| 292 | # ln -sfn $VERSION ../current |
| 293 | # |
| 294 | # 10. write and post a release announcement |
| 295 | # cd ../bpd |
| 296 | # dcmd sha256sum secnet_${VERSION}_multi.changes |
| 297 | # ... |
| 298 | # gpg --clearsign ../release-announcement |
| 299 | # rsync -vP ../release-announcement.asc c:mail/d/ |
| 300 | # |
| 301 | # 11. bump changelog version in master, to new version with ~ |