diff options
Diffstat (limited to 'Makefile')
-rw-r--r-- | Makefile | 307 |
1 files changed, 307 insertions, 0 deletions
diff --git a/Makefile b/Makefile new file mode 100644 index 000000000..c235aff7c --- /dev/null +++ b/Makefile | |||
@@ -0,0 +1,307 @@ | |||
1 | include config.mk | ||
2 | |||
3 | ifneq ($(HAVE_MAN),no) | ||
4 | MAN_TARGET = man | ||
5 | MAN_SRC = src/man | ||
6 | endif | ||
7 | |||
8 | COMPLETIONDIRS = src/zsh_completion src/bash_completion | ||
9 | |||
10 | .PHONY: all | ||
11 | all: all_items mydirs $(MAN_TARGET) filters | ||
12 | APPS = src/firecfg/firecfg src/firejail/firejail src/firemon/firemon src/profstats/profstats src/jailcheck/jailcheck | ||
13 | SBOX_APPS = src/fbuilder/fbuilder src/ftee/ftee src/fids/fids | ||
14 | SBOX_APPS_NON_DUMPABLE = src/fcopy/fcopy src/fldd/fldd src/fnet/fnet src/fnetfilter/fnetfilter src/fzenity/fzenity | ||
15 | SBOX_APPS_NON_DUMPABLE += src/fsec-optimize/fsec-optimize src/fsec-print/fsec-print src/fseccomp/fseccomp | ||
16 | SBOX_APPS_NON_DUMPABLE += src/fnettrace/fnettrace src/fnettrace-dns/fnettrace-dns src/fnettrace-sni/fnettrace-sni | ||
17 | MYDIRS = src/lib $(MAN_SRC) $(COMPLETIONDIRS) | ||
18 | MYLIBS = src/libpostexecseccomp/libpostexecseccomp.so src/libtrace/libtrace.so src/libtracelog/libtracelog.so | ||
19 | COMPLETIONS = src/zsh_completion/_firejail src/bash_completion/firejail.bash_completion | ||
20 | MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 firejail-users.5 jailcheck.1 | ||
21 | SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx seccomp.mdwx.32 | ||
22 | ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS) | ||
23 | |||
24 | .PHONY: all_items $(ALL_ITEMS) | ||
25 | all_items: $(ALL_ITEMS) | ||
26 | $(ALL_ITEMS): $(MYDIRS) | ||
27 | $(MAKE) -C $(dir $@) | ||
28 | |||
29 | .PHONY: mydirs $(MYDIRS) | ||
30 | mydirs: $(MYDIRS) | ||
31 | $(MYDIRS): | ||
32 | $(MAKE) -C $@ | ||
33 | |||
34 | $(MANPAGES): src/man | ||
35 | ./mkman.sh $(VERSION) src/man/$(basename $@).man $@ | ||
36 | |||
37 | man: $(MANPAGES) | ||
38 | |||
39 | filters: $(SECCOMP_FILTERS) $(SBOX_APPS_NON_DUMPABLE) | ||
40 | seccomp: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize | ||
41 | src/fseccomp/fseccomp default seccomp | ||
42 | src/fsec-optimize/fsec-optimize seccomp | ||
43 | |||
44 | seccomp.debug: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize | ||
45 | src/fseccomp/fseccomp default seccomp.debug allow-debuggers | ||
46 | src/fsec-optimize/fsec-optimize seccomp.debug | ||
47 | |||
48 | seccomp.32: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize | ||
49 | src/fseccomp/fseccomp secondary 32 seccomp.32 | ||
50 | src/fsec-optimize/fsec-optimize seccomp.32 | ||
51 | |||
52 | seccomp.block_secondary: src/fseccomp/fseccomp | ||
53 | src/fseccomp/fseccomp secondary block seccomp.block_secondary | ||
54 | |||
55 | seccomp.mdwx: src/fseccomp/fseccomp | ||
56 | src/fseccomp/fseccomp memory-deny-write-execute seccomp.mdwx | ||
57 | |||
58 | seccomp.mdwx.32: src/fseccomp/fseccomp | ||
59 | src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32 | ||
60 | |||
61 | .PHONY: clean | ||
62 | clean: | ||
63 | for dir in $$(dirname $(ALL_ITEMS)) $(MYDIRS); do \ | ||
64 | $(MAKE) -C $$dir clean; \ | ||
65 | done | ||
66 | $(MAKE) -C test clean | ||
67 | rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm | ||
68 | rm -f $(SECCOMP_FILTERS) | ||
69 | rm -f test/utils/index.html* | ||
70 | rm -f test/utils/wget-log | ||
71 | rm -f test/utils/firejail-test-file* | ||
72 | rm -f test/utils/lstesting | ||
73 | rm -f test/environment/index.html* | ||
74 | rm -f test/environment/wget-log* | ||
75 | rm -fr test/environment/-testdir | ||
76 | rm -f test/environment/logfile* | ||
77 | rm -f test/environment/index.html | ||
78 | rm -f test/environment/wget-log | ||
79 | rm -f test/sysutils/firejail_t* | ||
80 | cd test/compile; ./compile.sh --clean; cd ../.. | ||
81 | |||
82 | .PHONY: distclean | ||
83 | distclean: clean | ||
84 | for dir in $$(dirname $(ALL_ITEMS)) $(MYDIRS); do \ | ||
85 | $(MAKE) -C $$dir distclean; \ | ||
86 | done | ||
87 | $(MAKE) -C test distclean | ||
88 | rm -fr autom4te.cache config.log config.mk config.sh config.status | ||
89 | |||
90 | realinstall: | ||
91 | # firejail executable | ||
92 | install -m 0755 -d $(DESTDIR)$(bindir) | ||
93 | install -m 0755 src/firejail/firejail $(DESTDIR)$(bindir) | ||
94 | ifeq ($(HAVE_SUID),-DHAVE_SUID) | ||
95 | chmod u+s $(DESTDIR)$(bindir)/firejail | ||
96 | endif | ||
97 | # firemon executable | ||
98 | install -m 0755 src/firemon/firemon $(DESTDIR)$(bindir) | ||
99 | # firecfg executable | ||
100 | install -m 0755 src/firecfg/firecfg $(DESTDIR)$(bindir) | ||
101 | # jailcheck executable | ||
102 | install -m 0755 src/jailcheck/jailcheck $(DESTDIR)$(bindir) | ||
103 | # libraries and plugins | ||
104 | install -m 0755 -d $(DESTDIR)$(libdir)/firejail | ||
105 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/firecfg/firejail-welcome.sh | ||
106 | install -m 0644 -t $(DESTDIR)$(libdir)/firejail $(MYLIBS) $(SECCOMP_FILTERS) | ||
107 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS) | ||
108 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail src/profstats/profstats | ||
109 | # plugins w/o read permission (non-dumpable) | ||
110 | install -m 0711 -t $(DESTDIR)$(libdir)/firejail $(SBOX_APPS_NON_DUMPABLE) | ||
111 | install -m 0711 -t $(DESTDIR)$(libdir)/firejail src/fshaper/fshaper.sh | ||
112 | install -m 0644 -t $(DESTDIR)$(libdir)/firejail src/fnettrace/static-ip-map | ||
113 | ifeq ($(HAVE_CONTRIB_INSTALL),yes) | ||
114 | # contrib scripts | ||
115 | install -m 0755 -t $(DESTDIR)$(libdir)/firejail contrib/*.py contrib/*.sh | ||
116 | # vim syntax | ||
117 | install -m 0755 -d $(DESTDIR)$(datarootdir)/vim/vimfiles/ftdetect | ||
118 | install -m 0755 -d $(DESTDIR)$(datarootdir)/vim/vimfiles/syntax | ||
119 | install -m 0644 contrib/vim/ftdetect/firejail.vim $(DESTDIR)$(datarootdir)/vim/vimfiles/ftdetect | ||
120 | install -m 0644 contrib/vim/syntax/firejail.vim $(DESTDIR)$(datarootdir)/vim/vimfiles/syntax | ||
121 | endif | ||
122 | # documents | ||
123 | install -m 0755 -d $(DESTDIR)$(DOCDIR) | ||
124 | install -m 0644 -t $(DESTDIR)$(DOCDIR) COPYING README RELNOTES etc/templates/* | ||
125 | # profiles and settings | ||
126 | install -m 0755 -d $(DESTDIR)$(sysconfdir)/firejail | ||
127 | install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail src/firecfg/firecfg.config | ||
128 | install -m 0644 -t $(DESTDIR)$(sysconfdir)/firejail etc/profile-a-l/*.profile etc/profile-m-z/*.profile etc/inc/*.inc etc/net/*.net etc/firejail.config etc/ids.config | ||
129 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | ||
130 | ifeq ($(BUSYBOX_WORKAROUND),yes) | ||
131 | ./mketc.sh $(DESTDIR)$(sysconfdir)/firejail/disable-common.inc | ||
132 | endif | ||
133 | ifeq ($(HAVE_APPARMOR),-DHAVE_APPARMOR) | ||
134 | # install apparmor profile | ||
135 | sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d; fi;" | ||
136 | install -m 0644 etc/apparmor/firejail-default $(DESTDIR)$(sysconfdir)/apparmor.d | ||
137 | # install apparmor profile customization file | ||
138 | sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d/local ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d/local; fi;" | ||
139 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/apparmor.d/local/firejail-default ]; then install -c -m 0644 etc/apparmor/firejail-local $(DESTDIR)/$(sysconfdir)/apparmor.d/local/firejail-default; fi;" | ||
140 | # install apparmor base abstraction drop-in | ||
141 | sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d/abstractions ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d/abstractions; fi;" | ||
142 | sh -c "if [ ! -d $(DESTDIR)/$(sysconfdir)/apparmor.d/abstractions/base.d ]; then install -d -m 755 $(DESTDIR)/$(sysconfdir)/apparmor.d/abstractions/base.d; fi;" | ||
143 | install -m 0644 etc/apparmor/firejail-base $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/base.d | ||
144 | endif | ||
145 | ifneq ($(HAVE_MAN),no) | ||
146 | # man pages | ||
147 | install -m 0755 -d $(DESTDIR)$(mandir)/man1 $(DESTDIR)$(mandir)/man5 | ||
148 | for man in $(MANPAGES); do \ | ||
149 | rm -f $$man.gz; \ | ||
150 | gzip -9n $$man; \ | ||
151 | case "$$man" in \ | ||
152 | *.1) install -m 0644 $$man.gz $(DESTDIR)$(mandir)/man1/; ;; \ | ||
153 | *.5) install -m 0644 $$man.gz $(DESTDIR)$(mandir)/man5/; ;; \ | ||
154 | esac; \ | ||
155 | done | ||
156 | rm -f $(MANPAGES) $(MANPAGES:%=%.gz) | ||
157 | endif | ||
158 | # bash completion | ||
159 | install -m 0755 -d $(DESTDIR)$(datarootdir)/bash-completion/completions | ||
160 | install -m 0644 src/bash_completion/firejail.bash_completion $(DESTDIR)$(datarootdir)/bash-completion/completions/firejail | ||
161 | install -m 0644 src/bash_completion/firemon.bash_completion $(DESTDIR)$(datarootdir)/bash-completion/completions/firemon | ||
162 | install -m 0644 src/bash_completion/firecfg.bash_completion $(DESTDIR)$(datarootdir)/bash-completion/completions/firecfg | ||
163 | # zsh completion | ||
164 | install -m 0755 -d $(DESTDIR)$(datarootdir)/zsh/site-functions | ||
165 | install -m 0644 src/zsh_completion/_firejail $(DESTDIR)$(datarootdir)/zsh/site-functions/ | ||
166 | |||
167 | install: all | ||
168 | $(MAKE) realinstall | ||
169 | |||
170 | install-strip: all | ||
171 | strip $(ALL_ITEMS) | ||
172 | $(MAKE) realinstall | ||
173 | |||
174 | uninstall: | ||
175 | rm -f $(DESTDIR)$(bindir)/firejail | ||
176 | rm -f $(DESTDIR)$(bindir)/firemon | ||
177 | rm -f $(DESTDIR)$(bindir)/firecfg | ||
178 | rm -fr $(DESTDIR)$(libdir)/firejail | ||
179 | rm -fr $(DESTDIR)$(libdir)/jailcheck | ||
180 | rm -fr $(DESTDIR)$(datarootdir)/doc/firejail | ||
181 | for man in $(MANPAGES); do \ | ||
182 | rm -f $(DESTDIR)$(mandir)/man5/$$man*; \ | ||
183 | rm -f $(DESTDIR)$(mandir)/man1/$$man*; \ | ||
184 | done | ||
185 | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firejail | ||
186 | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firemon | ||
187 | rm -f $(DESTDIR)$(datarootdir)/bash-completion/completions/firecfg | ||
188 | @echo "If you want to install a different version of firejail, you might also need to run 'rm -fr $(DESTDIR)$(sysconfdir)/firejail', see #2038." | ||
189 | |||
190 | DISTFILES = \ | ||
191 | COPYING \ | ||
192 | Makefile \ | ||
193 | README \ | ||
194 | RELNOTES \ | ||
195 | config.mk.in \ | ||
196 | config.sh.in \ | ||
197 | configure \ | ||
198 | configure.ac \ | ||
199 | contrib \ | ||
200 | etc \ | ||
201 | install.sh \ | ||
202 | m4 \ | ||
203 | mkdeb.sh \ | ||
204 | mketc.sh \ | ||
205 | mkman.sh \ | ||
206 | platform \ | ||
207 | src | ||
208 | |||
209 | DISTFILES_TEST = test/Makefile test/apps test/apps-x11 test/apps-x11-xorg test/root test/private-lib test/fnetfilter test/fcopy test/environment test/profiles test/utils test/compile test/filters test/network test/fs test/sysutils test/chroot | ||
210 | |||
211 | dist: | ||
212 | mv config.sh config.sh.old | ||
213 | mv config.status config.status.old | ||
214 | make distclean | ||
215 | mv config.status.old config.status | ||
216 | mv config.sh.old config.sh | ||
217 | rm -fr $(NAME)-$(VERSION) $(NAME)-$(VERSION).tar.xz | ||
218 | mkdir -p $(NAME)-$(VERSION)/test | ||
219 | cp -a $(DISTFILES) $(NAME)-$(VERSION) | ||
220 | cp -a $(DISTFILES_TEST) $(NAME)-$(VERSION)/test | ||
221 | rm -rf $(NAME)-$(VERSION)/src/tools | ||
222 | find $(NAME)-$(VERSION) -name .svn -delete | ||
223 | tar -cJvf $(NAME)-$(VERSION).tar.xz $(NAME)-$(VERSION) | ||
224 | rm -fr $(NAME)-$(VERSION) | ||
225 | |||
226 | asc:; ./mkasc.sh $(VERSION) | ||
227 | |||
228 | deb: dist | ||
229 | ./mkdeb.sh | ||
230 | |||
231 | deb-apparmor: dist | ||
232 | ./mkdeb.sh -apparmor --enable-apparmor | ||
233 | |||
234 | test-compile: dist | ||
235 | cd test/compile; ./compile.sh $(NAME)-$(VERSION) | ||
236 | |||
237 | .PHONY: rpms | ||
238 | rpms: src/man | ||
239 | ./platform/rpm/mkrpm.sh $(NAME) $(VERSION) | ||
240 | |||
241 | extras: all | ||
242 | $(MAKE) -C extras/firetools | ||
243 | |||
244 | cppcheck: clean | ||
245 | cppcheck --force --error-exitcode=1 --enable=warning,performance . | ||
246 | |||
247 | scan-build: clean | ||
248 | NO_EXTRA_CFLAGS="yes" scan-build make | ||
249 | |||
250 | # | ||
251 | # make test | ||
252 | # | ||
253 | |||
254 | TESTS=profiles private-lib apps apps-x11 apps-x11-xorg sysutils utils environment filters fs fcopy fnetfilter | ||
255 | TEST_TARGETS=$(patsubst %,test-%,$(TESTS)) | ||
256 | |||
257 | $(TEST_TARGETS): | ||
258 | $(MAKE) -C test $(subst test-,,$@) | ||
259 | |||
260 | test: test-profiles test-private-lib test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters | ||
261 | echo "TEST COMPLETE" | ||
262 | |||
263 | test-noprofiles: test-private-lib test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment test-apps test-apps-x11 test-apps-x11-xorg test-filters | ||
264 | echo "TEST COMPLETE" | ||
265 | |||
266 | test-github: test-profiles test-fcopy test-fnetfilter test-fs test-utils test-sysutils test-environment | ||
267 | echo "TEST COMPLETE" | ||
268 | |||
269 | ########################################## | ||
270 | # Individual tests, some of them require root access | ||
271 | # The tests are very intrusive, by the time you are done | ||
272 | # with them you will need to restart your computer. | ||
273 | ########################################## | ||
274 | |||
275 | # a firejail-test account is required, public/private key setup | ||
276 | test-ssh: | ||
277 | $(MAKE) -C test $(subst test-,,$@) | ||
278 | |||
279 | # requires root access | ||
280 | test-chroot: | ||
281 | $(MAKE) -C test $(subst test-,,$@) | ||
282 | |||
283 | # Huge appimage files, not included in "make dist" archive | ||
284 | test-appimage: | ||
285 | $(MAKE) -C test $(subst test-,,$@) | ||
286 | |||
287 | # Root access, network devices are created before the test | ||
288 | # restart your computer to get rid of these devices | ||
289 | test-network: | ||
290 | $(MAKE) -C test $(subst test-,,$@) | ||
291 | |||
292 | # requires the same setup as test-network | ||
293 | test-stress: | ||
294 | $(MAKE) -C test $(subst test-,,$@) | ||
295 | |||
296 | # Tests running a root user | ||
297 | test-root: | ||
298 | $(MAKE) -C test $(subst test-,,$@) | ||
299 | |||
300 | # OverlayFS is not available on all platforms | ||
301 | test-overlay: | ||
302 | $(MAKE) -C test $(subst test-,,$@) | ||
303 | |||
304 | # For testing hidepid system, the command to set it up is "mount -o remount,rw,hidepid=2 /proc" | ||
305 | |||
306 | test-all: test-root test-chroot test-network test-appimage test-overlay | ||
307 | echo "TEST COMPLETE" | ||