forked from rbsec/sslscan
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Makefile
143 lines (123 loc) · 4 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
# set gcc as default if CC is not set
GIT_VERSION = $(shell git describe --tags --always --dirty=-wip)
# Ugly hack to get version if git isn't installed
ifeq ($(GIT_VERSION),)
GIT_VERSION = $(shell grep -E -o -m 1 "[0-9]+\.[0-9]+\.[0-9]+" Changelog)
endif
# Detect OS
OS := $(shell uname)
# Handle different version of Make
ifeq ($(OS), SunOS)
ifndef $(CC)
CC=gcc
endif
ifndef $(PREFIX)
PREFIX = /usr
endif
else
CC ?= gcc
PREFIX ?= /usr
endif
SRCS = sslscan.c
BINDIR = $(PREFIX)/bin
MANDIR = $(PREFIX)/share/man
MAN1DIR = $(MANDIR)/man1
WARNINGS = -Wall -Wformat=2 -Wformat-security
DEFINES = -DVERSION=\"$(GIT_VERSION)\"
# for dynamic linking
LIBS = -lssl -lcrypto
ifneq ($(OS), FreeBSD)
LIBS += -ldl
endif
ifeq ($(OS), SunOS)
CFLAGS += -m64
LIBS += -lsocket -lnsl
endif
# Enable checks for buffer overflows, add stack protectors, generate position
# independent code, mark the relocation table read-only, and mark the global
# offset table read-only.
CFLAGS += -D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIE
# Don't enable some hardening flags on OS X because it uses an old version of Clang
ifneq ($(OS), Darwin)
ifneq ($(OS), SunOS)
# Cygwin's linker does not support -z option.
ifneq ($(findstring CYGWIN,$(OS)),CYGWIN)
LDFLAGS += -pie -z relro -z now
endif
endif
endif
# for static linking
ifeq ($(STATIC_BUILD), TRUE)
PWD = $(shell pwd)/openssl
LDFLAGS += -L${PWD}/
CFLAGS += -I${PWD}/include/ -I${PWD}/
LIBS = -lssl -lcrypto -lz
ifneq ($(OS), FreeBSD)
LIBS += -ldl
endif
ifeq ($(OS), SunOS)
LIBS += -lsocket -lnsl
endif
GIT_VERSION := $(GIT_VERSION)-static
else
# for dynamic linking
LDFLAGS += -L/usr/local/lib -L/usr/local/ssl/lib -L/usr/local/opt/openssl/lib -L/opt/local/lib
CFLAGS += -I/usr/local/include -I/usr/local/ssl/include -I/usr/local/ssl/include/openssl -I/usr/local/opt/openssl/include -I/opt/local/include -I/opt/local/include/openssl
endif
.PHONY: all sslscan clean install uninstall static opensslpull
all: sslscan
@echo
@echo "==========="
@echo "| WARNING |"
@echo "==========="
@echo
@echo "Building against system OpenSSL. Legacy protocol checks may not be possible."
@echo "It is recommended that you statically build sslscan with \`make static\`."
@echo
sslscan: $(SRCS)
$(CC) -o $@ ${WARNINGS} ${LDFLAGS} ${CFLAGS} ${CPPFLAGS} ${DEFINES} ${SRCS} ${LIBS}
install:
@if [ ! -f sslscan ] ; then \
echo "\n=========\n| ERROR |\n========="; \
echo "Before installing you need to build sslscan with either \`make\` or \`make static\`\n"; \
exit 1; \
fi
ifeq ($(OS), Darwin)
install -d $(DESTDIR)$(BINDIR)/;
install sslscan $(DESTDIR)$(BINDIR)/sslscan;
install -d $(DESTDIR)$(MAN1DIR)/;
install sslscan.1 $(DESTDIR)$(MAN1DIR)/sslscan.1;
else
install -D sslscan $(DESTDIR)$(BINDIR)/sslscan;
install -D sslscan.1 $(DESTDIR)$(MAN1DIR)/sslscan.1;
endif
uninstall:
rm -f $(DESTDIR)$(BINDIR)/sslscan
rm -f $(DESTDIR)$(MAN1DIR)/sslscan.1
.openssl.is.fresh: opensslpull
true
opensslpull:
if [ -d openssl -a -d openssl/.git ]; then \
cd ./openssl && git checkout OpenSSL_1_0_2-stable && git pull | grep -q "Already up-to-date." && [ -e ../.openssl.is.fresh ] || touch ../.openssl.is.fresh ; \
else \
git clone --depth 1 -b OpenSSL_1_0_2-stable https://github.com/PeterMosmans/openssl ./openssl && cd ./openssl && touch ../.openssl.is.fresh ; \
fi
# Need to build OpenSSL differently on OSX
ifeq ($(OS), Darwin)
openssl/Makefile: .openssl.is.fresh
cd ./openssl; ./Configure -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC enable-ssl2 enable-weak-ssl-ciphers zlib darwin64-x86_64-cc
# Any other *NIX platform
else
openssl/Makefile: .openssl.is.fresh
cd ./openssl; ./config -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC no-shares enable-weak-ssl-ciphers enable-ssl2 zlib
endif
openssl/libcrypto.a: openssl/Makefile
$(MAKE) -C openssl depend
$(MAKE) -C openssl all
$(MAKE) -C openssl test
static: openssl/libcrypto.a
$(MAKE) sslscan STATIC_BUILD=TRUE
clean:
if [ -d openssl ]; then ( rm -rf openssl ); fi;
rm -f sslscan
rm -f .openssl.is.fresh