diff options
Diffstat (limited to 'Makefile')
-rw-r--r-- | Makefile | 110 |
1 files changed, 97 insertions, 13 deletions
@@ -6,6 +6,10 @@ MAN_TARGET = man | |||
6 | MAN_SRC = src/man | 6 | MAN_SRC = src/man |
7 | endif | 7 | endif |
8 | 8 | ||
9 | ifneq ($(HAVE_CONTRIB_INSTALL),no) | ||
10 | CONTRIB_TARGET = contrib | ||
11 | endif | ||
12 | |||
9 | COMPLETIONDIRS = src/zsh_completion src/bash_completion | 13 | COMPLETIONDIRS = src/zsh_completion src/bash_completion |
10 | 14 | ||
11 | APPS = src/firecfg/firecfg src/firejail/firejail src/firemon/firemon src/profstats/profstats src/jailcheck/jailcheck | 15 | APPS = src/firecfg/firecfg src/firejail/firejail src/firemon/firemon src/profstats/profstats src/jailcheck/jailcheck |
@@ -17,16 +21,32 @@ SBOX_APPS_NON_DUMPABLE += src/fnettrace-icmp/fnettrace-icmp | |||
17 | MYDIRS = src/lib $(MAN_SRC) $(COMPLETIONDIRS) | 21 | MYDIRS = src/lib $(MAN_SRC) $(COMPLETIONDIRS) |
18 | MYLIBS = src/libpostexecseccomp/libpostexecseccomp.so src/libtrace/libtrace.so src/libtracelog/libtracelog.so | 22 | MYLIBS = src/libpostexecseccomp/libpostexecseccomp.so src/libtrace/libtrace.so src/libtracelog/libtracelog.so |
19 | COMPLETIONS = src/zsh_completion/_firejail src/bash_completion/firejail.bash_completion | 23 | COMPLETIONS = src/zsh_completion/_firejail src/bash_completion/firejail.bash_completion |
20 | MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 firejail-users.5 jailcheck.1 | ||
21 | SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx seccomp.mdwx.32 | 24 | SECCOMP_FILTERS = seccomp seccomp.debug seccomp.32 seccomp.block_secondary seccomp.mdwx seccomp.mdwx.32 |
25 | MANPAGES = firejail.1 firemon.1 firecfg.1 firejail-profile.5 firejail-login.5 firejail-users.5 jailcheck.1 | ||
26 | |||
27 | SYSCALL_HEADERS := $(sort $(wildcard src/include/syscall*.h)) | ||
28 | |||
29 | # Lists of keywords used in profiles; used for generating syntax files. | ||
30 | SYNTAX_LISTS = \ | ||
31 | contrib/syntax/lists/profile_commands_arg0.list \ | ||
32 | contrib/syntax/lists/profile_commands_arg1.list \ | ||
33 | contrib/syntax/lists/profile_conditionals.list \ | ||
34 | contrib/syntax/lists/profile_macros.list \ | ||
35 | contrib/syntax/lists/syscall_groups.list \ | ||
36 | contrib/syntax/lists/syscalls.list \ | ||
37 | contrib/syntax/lists/system_errnos.list | ||
38 | |||
39 | SYNTAX_FILES_IN := $(sort $(wildcard contrib/syntax/files/*.in)) | ||
40 | SYNTAX_FILES := $(SYNTAX_FILES_IN:.in=) | ||
41 | |||
22 | ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS) | 42 | ALL_ITEMS = $(APPS) $(SBOX_APPS) $(SBOX_APPS_NON_DUMPABLE) $(MYLIBS) |
23 | 43 | ||
24 | .PHONY: all | 44 | .PHONY: all |
25 | all: all_items mydirs $(MAN_TARGET) filters | 45 | all: all_items mydirs filters $(MAN_TARGET) $(CONTRIB_TARGET) |
26 | 46 | ||
27 | config.mk config.sh: | 47 | config.mk config.sh: |
28 | printf 'run ./configure to generate %s\n' "$@" >&2 | 48 | @printf 'error: run ./configure to generate %s\n' "$@" >&2 |
29 | false | 49 | @false |
30 | 50 | ||
31 | .PHONY: all_items $(ALL_ITEMS) | 51 | .PHONY: all_items $(ALL_ITEMS) |
32 | all_items: $(ALL_ITEMS) | 52 | all_items: $(ALL_ITEMS) |
@@ -38,11 +58,6 @@ mydirs: $(MYDIRS) | |||
38 | $(MYDIRS): | 58 | $(MYDIRS): |
39 | $(MAKE) -C $@ | 59 | $(MAKE) -C $@ |
40 | 60 | ||
41 | $(MANPAGES): src/man config.mk | ||
42 | ./mkman.sh $(VERSION) src/man/$(basename $@).man $@ | ||
43 | |||
44 | man: $(MANPAGES) | ||
45 | |||
46 | filters: $(SECCOMP_FILTERS) $(SBOX_APPS_NON_DUMPABLE) | 61 | filters: $(SECCOMP_FILTERS) $(SBOX_APPS_NON_DUMPABLE) |
47 | seccomp: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize | 62 | seccomp: src/fseccomp/fseccomp src/fsec-optimize/fsec-optimize |
48 | src/fseccomp/fseccomp default seccomp | 63 | src/fseccomp/fseccomp default seccomp |
@@ -65,14 +80,83 @@ seccomp.mdwx: src/fseccomp/fseccomp | |||
65 | seccomp.mdwx.32: src/fseccomp/fseccomp | 80 | seccomp.mdwx.32: src/fseccomp/fseccomp |
66 | src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32 | 81 | src/fseccomp/fseccomp memory-deny-write-execute.32 seccomp.mdwx.32 |
67 | 82 | ||
83 | $(MANPAGES): src/man config.mk | ||
84 | ./mkman.sh $(VERSION) src/man/$(basename $@).man $@ | ||
85 | |||
86 | man: $(MANPAGES) | ||
87 | |||
88 | # Makes all targets in contrib/ | ||
89 | .PHONY: contrib | ||
90 | contrib: syntax | ||
91 | |||
92 | .PHONY: syntax | ||
93 | syntax: $(SYNTAX_FILES) | ||
94 | |||
95 | # TODO: include/rlimit are false positives | ||
96 | contrib/syntax/lists/profile_commands_arg0.list: src/firejail/profile.c | ||
97 | @sed -En 's/.*strn?cmp\(ptr, "([^ "]*[^ ])".*/\1/p' $< | \ | ||
98 | grep -Ev '^(include|rlimit)$$' | sed 's/\./\\./' | LC_ALL=C sort -u >$@ | ||
99 | |||
100 | # TODO: private-lib is special-cased in the code and doesn't match the regex | ||
101 | contrib/syntax/lists/profile_commands_arg1.list: src/firejail/profile.c | ||
102 | @{ sed -En 's/.*strn?cmp\(ptr, "([^"]+) ".*/\1/p' $<; echo private-lib; } | \ | ||
103 | LC_ALL=C sort -u >$@ | ||
104 | |||
105 | contrib/syntax/lists/profile_conditionals.list: src/firejail/profile.c | ||
106 | @awk -- 'BEGIN {process=0;} /^Cond conditionals\[\] = \{$$/ {process=1;} \ | ||
107 | /\t*\{"[^"]+".*/ \ | ||
108 | { if (process) {print gensub(/^\t*\{"([^"]+)".*$$/, "\\1", 1);} } \ | ||
109 | /^\t\{ NULL, NULL \}$$/ {process=0;}' \ | ||
110 | $< | LC_ALL=C sort -u >$@ | ||
111 | |||
112 | contrib/syntax/lists/profile_macros.list: src/firejail/macros.c | ||
113 | @sed -En 's/.*\$$\{([^}]+)\}.*/\1/p' $< | LC_ALL=C sort -u >$@ | ||
114 | |||
115 | contrib/syntax/lists/syscall_groups.list: src/lib/syscall.c | ||
116 | @sed -En 's/.*"@([^",]+).*/\1/p' $< | LC_ALL=C sort -u >$@ | ||
117 | |||
118 | contrib/syntax/lists/syscalls.list: $(SYSCALL_HEADERS) | ||
119 | @sed -n 's/{\s\+"\([^"]\+\)",.*},/\1/p' $(SYSCALL_HEADERS) | \ | ||
120 | LC_ALL=C sort -u >$@ | ||
121 | |||
122 | contrib/syntax/lists/system_errnos.list: src/lib/errno.c | ||
123 | @sed -En 's/.*"(E[^"]+).*/\1/p' $< | LC_ALL=C sort -u >$@ | ||
124 | |||
125 | pipe_fromlf = { tr '\n' '|' | sed 's/|$$//'; } | ||
126 | space_fromlf = { tr '\n' ' ' | sed 's/ $$//'; } | ||
127 | edit_syntax_file = sed \ | ||
128 | -e "s/@make_input@/$$(basename $@). Generated from $$(basename $<) by make./" \ | ||
129 | -e "s/@FJ_PROFILE_COMMANDS_ARG0@/$$($(pipe_fromlf) <contrib/syntax/lists/profile_commands_arg0.list)/" \ | ||
130 | -e "s/@FJ_PROFILE_COMMANDS_ARG1@/$$($(pipe_fromlf) <contrib/syntax/lists/profile_commands_arg1.list)/" \ | ||
131 | -e "s/@FJ_PROFILE_CONDITIONALS@/$$($(pipe_fromlf) <contrib/syntax/lists/profile_conditionals.list)/" \ | ||
132 | -e "s/@FJ_PROFILE_MACROS@/$$($(pipe_fromlf) <contrib/syntax/lists/profile_macros.list)/" \ | ||
133 | -e "s/@FJ_SYSCALLS@/$$($(space_fromlf) <contrib/syntax/lists/syscalls.list)/" \ | ||
134 | -e "s/@FJ_SYSCALL_GROUPS@/$$($(pipe_fromlf) <contrib/syntax/lists/syscall_groups.list)/" \ | ||
135 | -e "s/@FJ_SYSTEM_ERRNOS@/$$($(pipe_fromlf) <contrib/syntax/lists/system_errnos.list)/" | ||
136 | |||
137 | contrib/syntax/files/example: contrib/syntax/files/example.in $(SYNTAX_LISTS) | ||
138 | @printf 'Generating %s from %s\n' $@ $< | ||
139 | @$(edit_syntax_file) $< >$@ | ||
140 | |||
141 | # gtksourceview language-specs | ||
142 | contrib/syntax/files/%.lang: contrib/syntax/files/%.lang.in $(SYNTAX_LISTS) | ||
143 | @printf 'Generating %s from %s\n' $@ $< | ||
144 | @$(edit_syntax_file) $< >$@ | ||
145 | |||
146 | # vim syntax files | ||
147 | contrib/syntax/files/%.vim: contrib/syntax/files/%.vim.in $(SYNTAX_LISTS) | ||
148 | @printf 'Generating %s from %s\n' $@ $< | ||
149 | @$(edit_syntax_file) $< >$@ | ||
150 | |||
68 | .PHONY: clean | 151 | .PHONY: clean |
69 | clean: | 152 | clean: |
70 | for dir in $$(dirname $(ALL_ITEMS)) $(MYDIRS); do \ | 153 | for dir in $$(dirname $(ALL_ITEMS)) $(MYDIRS); do \ |
71 | $(MAKE) -C $$dir clean; \ | 154 | $(MAKE) -C $$dir clean; \ |
72 | done | 155 | done |
73 | $(MAKE) -C test clean | 156 | $(MAKE) -C test clean |
74 | rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm | ||
75 | rm -f $(SECCOMP_FILTERS) | 157 | rm -f $(SECCOMP_FILTERS) |
158 | rm -f $(MANPAGES) $(MANPAGES:%=%.gz) firejail*.rpm | ||
159 | rm -f $(SYNTAX_FILES) | ||
76 | rm -f test/utils/index.html* | 160 | rm -f test/utils/index.html* |
77 | rm -f test/utils/wget-log | 161 | rm -f test/utils/wget-log |
78 | rm -f test/utils/firejail-test-file* | 162 | rm -f test/utils/firejail-test-file* |
@@ -124,10 +208,10 @@ ifeq ($(HAVE_CONTRIB_INSTALL),yes) | |||
124 | install -m 0755 -d $(DESTDIR)$(datarootdir)/vim/vimfiles/ftdetect | 208 | install -m 0755 -d $(DESTDIR)$(datarootdir)/vim/vimfiles/ftdetect |
125 | install -m 0755 -d $(DESTDIR)$(datarootdir)/vim/vimfiles/syntax | 209 | install -m 0755 -d $(DESTDIR)$(datarootdir)/vim/vimfiles/syntax |
126 | install -m 0644 contrib/vim/ftdetect/firejail.vim $(DESTDIR)$(datarootdir)/vim/vimfiles/ftdetect | 210 | install -m 0644 contrib/vim/ftdetect/firejail.vim $(DESTDIR)$(datarootdir)/vim/vimfiles/ftdetect |
127 | install -m 0644 contrib/vim/syntax/firejail.vim $(DESTDIR)$(datarootdir)/vim/vimfiles/syntax | 211 | install -m 0644 contrib/syntax/files/firejail.vim $(DESTDIR)$(datarootdir)/vim/vimfiles/syntax |
128 | # gtksourceview-5 language-specs | 212 | # gtksourceview language-specs |
129 | install -m 0755 -d $(DESTDIR)$(datarootdir)/gtksourceview-5/language-specs | 213 | install -m 0755 -d $(DESTDIR)$(datarootdir)/gtksourceview-5/language-specs |
130 | install -m 0644 contrib/gtksourceview-5/language-specs/firejail-profile.lang $(DESTDIR)$(datarootdir)/gtksourceview-5/language-specs | 214 | install -m 0644 contrib/syntax/files/firejail-profile.lang $(DESTDIR)$(datarootdir)/gtksourceview-5/language-specs |
131 | endif | 215 | endif |
132 | # documents | 216 | # documents |
133 | install -m 0755 -d $(DESTDIR)$(docdir) | 217 | install -m 0755 -d $(DESTDIR)$(docdir) |