diff options
author | netblue30 <netblue30@protonmail.com> | 2022-06-30 09:00:15 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-06-30 09:00:15 -0400 |
commit | 70aaf6fea40ac4f4f28094cad639ec4c00897843 (patch) | |
tree | b3013b4abeaf00cde4ab63f90bdc91ef8e6520a9 /Makefile | |
parent | test/fs: enable private-lib in firejail.config (diff) | |
parent | makefiles: add generated files as dependencies (diff) | |
download | firejail-70aaf6fea40ac4f4f28094cad639ec4c00897843.tar.gz firejail-70aaf6fea40ac4f4f28094cad639ec4c00897843.tar.zst firejail-70aaf6fea40ac4f4f28094cad639ec4c00897843.zip |
Merge pull request #5219 from kmk3/build-reduce-config-files
build: reduce autoconf input files from 32 to 2
Diffstat (limited to 'Makefile')
-rw-r--r-- | Makefile | 312 |
1 files changed, 312 insertions, 0 deletions
diff --git a/Makefile b/Makefile new file mode 100644 index 000000000..11e19ec37 --- /dev/null +++ b/Makefile | |||
@@ -0,0 +1,312 @@ | |||
1 | -include config.mk | ||
2 | |||
3 | ifneq ($(HAVE_MAN),no) | ||
4 | MAN_TARGET = man | ||
5 | MAN_SRC = src/man | ||
6 | endif | ||
7 | |||
8 | COMPLETIONDIRS = src/zsh_completion src/bash_completion | ||
9 | |||
10 | .PHONY: all | ||
11 | all: all_items mydirs $(MAN_TARGET) filters | ||
12 | APPS = src/firecfg/firecfg src/firejail/firejail src/firemon/firemon src/profstats/profstats src/jailcheck/jailcheck | ||
13 | SBOX_APPS = src/fbuilder/fbuilder src/ftee/ftee src/fids/fids | ||
14 | SBOX_APPS_NON_DUMPABLE = src/fcopy/fcopy src/fldd/fldd src/fnet/fnet src/fnetfilter/fnetfilter src/fzenity/fzenity | ||
15 | SBOX_APPS_NON_DUMPABLE += src/fsec-optimize/fsec-optimize src/fsec-print/fsec-print src/fseccomp/fseccomp | ||
16 | SBOX_APPS_NON_DUMPABLE += src/fnettrace/fnettrace src/fnettrace-dns/fnettrace-dns src/fnettrace-sni/fnettrace-sni | ||
17 | MYDIRS = src/lib $(MAN_SRC) $(COMPLETIONDIRS) | ||
18 | MYLIBS = src/libpostexecseccomp/libpostexecseccomp.so src/libtrace/libtrace.so src/libtracelog/libtracelog.so | ||
19 | COMPLETIONS = src/zsh_completion/_firejail src/bash_completion/firejail.bash_completion | ||
20 | MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 firejail-users.5 jailcheck.1 | ||
21 | SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx seccomp.mdwx.32 | ||
22 | ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS) | ||
23 | |||
24 | config.mk config.sh: | ||
25 | printf 'run ./configure to generate %s\n' "$@" >&2 | ||
26 | false | ||
27 | |||
28 | .PHONY: all_items $(ALL_ITEMS) | ||
29 | all_items: $(ALL_ITEMS) | ||
30 | $(ALL_ITEMS): $(MYDIRS) | ||
31 | $(MAKE) -C $(dir $@) | ||
32 | |||
33 | .PHONY: mydirs $(MYDIRS) | ||
34 | mydirs: $(MYDIRS) | ||
35 | $(MYDIRS): | ||
36 | $(MAKE) -C $@ | ||
37 | |||
38 | $(MANPAGES): src/man config.mk | ||
39 | ./mkman.sh $(VERSION) src/man/$(basename $@).man $@ | ||
40 | |||
41 | man: $(MANPAGES) | ||
42 | |||
43 | filters: $(SECCOMP_FILTERS) $(SBOX_APPS_NON_DUMPABLE) | ||
44 | seccomp: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize | ||
45 | src/fseccomp/fseccomp default seccomp | ||
46 | src/fsec-optimize/fsec-optimize seccomp | ||
47 | |||
48 | seccomp.debug: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize | ||
49 | src/fseccomp/fseccomp default seccomp.debug allow-debuggers | ||
50 | src/fsec-optimize/fsec-optimize seccomp.debug | ||
51 | |||
52 | seccomp.32: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize | ||
53 | src/fseccomp/fseccomp secondary 32 seccomp.32 | ||
54 | src/fsec-optimize/fsec-optimize seccomp.32 | ||
55 | |||
56 | seccomp.block_secondary: src/fseccomp/fseccomp | ||
57 | src/fseccomp/fseccomp secondary block seccomp.block_secondary | ||
58 | |||
59 | seccomp.mdwx: src/fseccomp/fseccomp | ||
60 | src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx | ||
61 | |||
62 | seccomp.mdwx.32: src/fseccomp/fseccomp | ||
63 | src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32 | ||
64 | |||
65 | .PHONY: clean | ||
66 | clean: | ||
67 | for dir in $$(dirname $(ALL_ITEMS)) $(MYDIRS); do \ | ||
68 | $(MAKE) -C $$dir clean; \ | ||
69 | done | ||
70 | $(MAKE) -C test clean | ||
71 | rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm | ||
72 | rm -f $(SECCOMP_FILTERS) | ||
73 | rm -f test/utils/index.html* | ||
74 | rm -f test/utils/wget-log | ||
75 | rm -f test/utils/firejail-test-file* | ||
76 | rm -f test/utils/lstesting | ||
77 | rm -f test/environment/index.html* | ||
78 | rm -f test/environment/wget-log* | ||
79 | rm -fr test/environment/-testdir | ||
80 | rm -f test/environment/logfile* | ||
81 | rm -f test/environment/index.html | ||
82 | rm -f test/environment/wget-log | ||
83 | rm -f test/sysutils/firejail_t* | ||
84 | cd test/compile; ./compile.sh --clean; cd ../.. | ||
85 | |||
86 | .PHONY: distclean | ||
87 | distclean: clean | ||
88 | for dir in $$(dirname $(ALL_ITEMS)) $(MYDIRS); do \ | ||
89 | $(MAKE) -C $$dir distclean; \ | ||
90 | done | ||
91 | $(MAKE) -C test distclean | ||
92 | rm -fr autom4te.cache config.log config.mk config.sh config.status | ||
93 | |||
94 | realinstall: config.mk | ||
95 | # firejail executable | ||
96 | install -m 0755 -d $(DESTDIR)$(bindir) | ||
97 | install -m 0755 src/firejail/firejail $(DESTDIR)$(bindir) | ||
98 | ifeq ($(HAVE_SUID),-DHAVE_SUID) | ||
99 | chmod u+s $(DESTDIR)$(bindir)/firejail | ||
100 | endif | ||
101 | # firemon executable | ||
102 | install -m 0755 src/firemon/firemon $(DESTDIR)$(bindir) | ||
103 | # firecfg executable | ||
104 | install -m 0755 src/firecfg/firecfg $(DESTDIR)$(bindir) | ||
105 | # jailcheck executable | ||
106 | install -m 0755 src/jailcheck/jailcheck $(DESTDIR)$(bindir) | ||
107 | # libraries and plugins | ||
108 | install -m 0755 -d $(DESTDIR)$(libdir)/firejail | ||
109 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/firecfg/firejail-welcome.sh | ||
110 | install -m 0644 -t $(DESTDIR)$(libdir)/firejail $(MYLIBS) $(SECCOMP_FILTERS) | ||
111 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS) | ||
112 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/profstats/profstats | ||
113 | # plugins w/o read permission (non-dumpable) | ||
114 | install -m 0711 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS_NON_DUMPABLE) | ||
115 | install -m 0711 -t $(DESTDIR)$(libdir)/firejail src/fshaper/fshaper.sh | ||
116 | install -m 0644 -t $(DESTDIR)$(libdir)/firejail src/fnettrace/static-ip-map | ||
117 | ifeq ($(HAVE_CONTRIB_INSTALL),yes) | ||
118 | # contrib scripts | ||
119 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail contrib/*.py contrib/*.sh | ||
120 | # vim syntax | ||
121 | install -m 0755 -d $(DESTDIR)$(datarootdir)/vim/vimfiles/ftdetect | ||
122 | install -m 0755 -d $(DESTDIR)$(datarootdir)/vim/vimfiles/syntax | ||
123 | install -m 0644 contrib/vim/ftdetect/firejail.vim $(DESTDIR)$(datarootdir)/vim/vimfiles/ftdetect | ||
124 | install -m 0644 contrib/vim/syntax/firejail.vim $(DESTDIR)$(datarootdir)/vim/vimfiles/syntax | ||
125 | endif | ||
126 | # documents | ||
127 | install -m 0755 -d $(DESTDIR)$(DOCDIR) | ||
128 | install -m 0644 -t $(DESTDIR)$(DOCDIR) COPYING README RELNOTES etc/templates/* | ||
129 | # profiles and settings | ||
130 | install -m 0755 -d $(DESTDIR)$(sysconfdir)/firejail | ||
131 | install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail src/firecfg/firecfg.config | ||
132 | install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail etc/profile-a-l/*.profile etc/profile-m-z/*.profile etc/inc/*.inc etc/net/*.net etc/firejail.config etc/ids.config | ||
133 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | ||
134 | ifeq ($(BUSYBOX_WORKAROUND),yes) | ||
135 | ./mketc.sh $(DESTDIR)$(sysconfdir)/firejail/disable-common.inc | ||
136 | endif | ||
137 | ifeq ($(HAVE_APPARMOR),-DHAVE_APPARMOR) | ||
138 | # install apparmor profile | ||
139 | sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d; fi;" | ||
140 | install -m 0644 etc/apparmor/firejail-default $(DESTDIR)$(sysconfdir)/apparmor.d | ||
141 | # install apparmor profile customization file | ||
142 | sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d/local ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d/local; fi;" | ||
143 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/apparmor.d/local/firejail-default ]; then install -c -m 0644 etc/apparmor/firejail-local $(DESTDIR)/$(sysconfdir)/apparmor.d/local/firejail-default; fi;" | ||
144 | # install apparmor base abstraction drop-in | ||
145 | sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d/abstractions ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d/abstractions; fi;" | ||
146 | sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d/abstractions/base.d ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d/abstractions/base.d; fi;" | ||
147 | install -m 0644 etc/apparmor/firejail-base $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/base.d | ||
148 | endif | ||
149 | ifneq ($(HAVE_MAN),no) | ||
150 | # man pages | ||
151 | install -m 0755 -d $(DESTDIR)$(mandir)/man1 $(DESTDIR)$(mandir)/man5 | ||
152 | for man in $(MANPAGES); do \ | ||
153 | rm -f $$man.gz; \ | ||
154 | gzip -9n $$man; \ | ||
155 | case "$$man" in \ | ||
156 | *.1) install -m 0644 $$man.gz $(DESTDIR)$(mandir)/man1/; ;; \ | ||
157 | *.5) install -m 0644 $$man.gz $(DESTDIR)$(mandir)/man5/; ;; \ | ||
158 | esac; \ | ||
159 | done | ||
160 | rm -f $(MANPAGES) $(MANPAGES:%=%.gz) | ||
161 | endif | ||
162 | # bash completion | ||
163 | install -m 0755 -d $(DESTDIR)$(datarootdir)/bash-completion/completions | ||
164 | install -m 0644 src/bash_completion/firejail.bash_completion $(DESTDIR)$(datarootdir)/bash-completion/completions/firejail | ||
165 | install -m 0644 src/bash_completion/firemon.bash_completion $(DESTDIR)$(datarootdir)/bash-completion/completions/firemon | ||
166 | install -m 0644 src/bash_completion/firecfg.bash_completion $(DESTDIR)$(datarootdir)/bash-completion/completions/firecfg | ||
167 | # zsh completion | ||
168 | install -m 0755 -d $(DESTDIR)$(datarootdir)/zsh/site-functions | ||
169 | install -m 0644 src/zsh_completion/_firejail $(DESTDIR)$(datarootdir)/zsh/site-functions/ | ||
170 | |||
171 | install: all | ||
172 | $(MAKE) realinstall | ||
173 | |||
174 | install-strip: all | ||
175 | strip $(ALL_ITEMS) | ||
176 | $(MAKE) realinstall | ||
177 | |||
178 | uninstall: config.mk | ||
179 | rm -f $(DESTDIR)$(bindir)/firejail | ||
180 | rm -f $(DESTDIR)$(bindir)/firemon | ||
181 | rm -f $(DESTDIR)$(bindir)/firecfg | ||
182 | rm -fr $(DESTDIR)$(libdir)/firejail | ||
183 | rm -fr $(DESTDIR)$(libdir)/jailcheck | ||
184 | rm -fr $(DESTDIR)$(datarootdir)/doc/firejail | ||
185 | for man in $(MANPAGES); do \ | ||
186 | rm -f $(DESTDIR)$(mandir)/man5/$$man*; \ | ||
187 | rm -f $(DESTDIR)$(mandir)/man1/$$man*; \ | ||
188 | done | ||
189 | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firejail | ||
190 | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firemon | ||
191 | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firecfg | ||
192 | @echo "If you want to install a different version of firejail, you might also need to run 'rm -fr $(DESTDIR)$(sysconfdir)/firejail', see #2038." | ||
193 | |||
194 | DISTFILES = \ | ||
195 | COPYING \ | ||
196 | Makefile \ | ||
197 | README \ | ||
198 | RELNOTES \ | ||
199 | config.mk.in \ | ||
200 | config.sh.in \ | ||
201 | configure \ | ||
202 | configure.ac \ | ||
203 | contrib \ | ||
204 | etc \ | ||
205 | install.sh \ | ||
206 | m4 \ | ||
207 | mkdeb.sh \ | ||
208 | mketc.sh \ | ||
209 | mkman.sh \ | ||
210 | platform \ | ||
211 | src | ||
212 | |||
213 | DISTFILES_TEST = test/Makefile test/apps test/apps-x11 test/apps-x11-xorg test/root test/private-lib test/fnetfilter test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/fs test/sysutils test/chroot | ||
214 | |||
215 | dist: config.mk | ||
216 | mv config.sh config.sh.old | ||
217 | mv config.status config.status.old | ||
218 | make distclean | ||
219 | mv config.status.old config.status | ||
220 | mv config.sh.old config.sh | ||
221 | rm -fr $(NAME)-$(VERSION) $(NAME)-$(VERSION).tar.xz | ||
222 | mkdir -p $(NAME)-$(VERSION)/test | ||
223 | cp -a $(DISTFILES) $(NAME)-$(VERSION) | ||
224 | cp -a $(DISTFILES_TEST) $(NAME)-$(VERSION)/test | ||
225 | rm -rf $(NAME)-$(VERSION)/src/tools | ||
226 | find $(NAME)-$(VERSION) -name .svn -delete | ||
227 | tar -cJvf $(NAME)-$(VERSION).tar.xz $(NAME)-$(VERSION) | ||
228 | rm -fr $(NAME)-$(VERSION) | ||
229 | |||
230 | asc: config.mk | ||
231 | ./mkasc.sh $(VERSION) | ||
232 | |||
233 | deb: dist config.sh | ||
234 | ./mkdeb.sh | ||
235 | |||
236 | deb-apparmor: dist config.sh | ||
237 | ./mkdeb.sh -apparmor --enable-apparmor | ||
238 | |||
239 | test-compile: dist config.mk | ||
240 | cd test/compile; ./compile.sh $(NAME)-$(VERSION) | ||
241 | |||
242 | .PHONY: rpms | ||
243 | rpms: src/man config.mk | ||
244 | ./platform/rpm/mkrpm.sh $(NAME) $(VERSION) | ||
245 | |||
246 | extras: all | ||
247 | $(MAKE) -C extras/firetools | ||
248 | |||
249 | cppcheck: clean | ||
250 | cppcheck --force --error-exitcode=1 --enable=warning,performance . | ||
251 | |||
252 | scan-build: clean | ||
253 | NO_EXTRA_CFLAGS="yes" scan-build make | ||
254 | |||
255 | # | ||
256 | # make test | ||
257 | # | ||
258 | |||
259 | TESTS=profiles private-lib apps apps-x11 apps-x11-xorg sysutils utils environment filters fs fcopy fnetfilter | ||
260 | TEST_TARGETS=$(patsubst %,test-%,$(TESTS)) | ||
261 | |||
262 | $(TEST_TARGETS): | ||
263 | $(MAKE) -C test $(subst test-,,$@) | ||
264 | |||
265 | test: test-profiles test-private-lib test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters | ||
266 | echo "TEST COMPLETE" | ||
267 | |||
268 | test-noprofiles: test-private-lib test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters | ||
269 | echo "TEST COMPLETE" | ||
270 | |||
271 | test-github: test-profiles test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment | ||
272 | echo "TEST COMPLETE" | ||
273 | |||
274 | ########################################## | ||
275 | # Individual tests, some of them require root access | ||
276 | # The tests are very intrusive, by the time you are done | ||
277 | # with them you will need to restart your computer. | ||
278 | ########################################## | ||
279 | |||
280 | # a firejail-test account is required, public/private key setup | ||
281 | test-ssh: | ||
282 | $(MAKE) -C test $(subst test-,,$@) | ||
283 | |||
284 | # requires root access | ||
285 | test-chroot: | ||
286 | $(MAKE) -C test $(subst test-,,$@) | ||
287 | |||
288 | # Huge appimage files, not included in "make dist" archive | ||
289 | test-appimage: | ||
290 | $(MAKE) -C test $(subst test-,,$@) | ||
291 | |||
292 | # Root access, network devices are created before the test | ||
293 | # restart your computer to get rid of these devices | ||
294 | test-network: | ||
295 | $(MAKE) -C test $(subst test-,,$@) | ||
296 | |||
297 | # requires the same setup as test-network | ||
298 | test-stress: | ||
299 | $(MAKE) -C test $(subst test-,,$@) | ||
300 | |||
301 | # Tests running a root user | ||
302 | test-root: | ||
303 | $(MAKE) -C test $(subst test-,,$@) | ||
304 | |||
305 | # OverlayFS is not available on all platforms | ||
306 | test-overlay: | ||
307 | $(MAKE) -C test $(subst test-,,$@) | ||
308 | |||
309 | # For testing hidepid system, the command to set it up is "mount -o remount,rw,hidepid=2 /proc" | ||
310 | |||
311 | test-all: test-root test-chroot test-network test-appimage test-overlay | ||
312 | echo "TEST COMPLETE" | ||