forked from sonertari/SSLproxy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.mk
509 lines (446 loc) · 15.4 KB
/
main.mk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
### Variable overrides
# You can change many aspects of the build behaviour without modifying this
# make file simply by setting environment variables.
#
# Dependencies and features are auto-detected, but can be overridden:
#
# OPENSSL_BASE Prefix of OpenSSL library and headers to build against
# LIBEVENT_BASE Prefix of libevent library and headers to build against
# LIBPCAP_BASE Prefix of libpcap library and headers to build against
# LIBNET_BASE Prefix of libnet library and headers to build against
# SQLITE_BASE Prefix of sqlite3 library and headers to build against
# CHECK_BASE Prefix of check library and headers to build against (optional)
# PKGCONFIG Name/path of pkg-config program to use for auto-detection
# PCFLAGS Additional pkg-config flags
# XNU_VERSION Version of included XNU headers to build against (OS X only)
# FEATURES Enable optional or force-enable undetected features (see below)
#
# Where and how to install to:
#
# PREFIX Prefix to install under (default /usr/local)
# DESTDIR Destination root under which prefix is located (default /)
# MANDIR Subdir of PREFIX that contains man section dirs
# INSTALLUID UID to use for installed files if installing as root
# INSTALLGID GID to use for installed files if installing as root
#
# Standard compiler variables are respected, e.g.:
#
# CC Compiler, e.g. for cross-compiling, ccache or ccc-analyzer
# CFLAGS Additional compiler flags, e.g. optimization flags
# CPPFLAGS Additional pre-processor flags
# LDFLAGS Additional linker flags
# LIBS Additional libraries to link against
# SOURCE_DATE_EPOCH Set to epoch time to make the build reproducible
#
# On macOS, the following build environment variables are respected:
#
# DEVELOPER_DIR Override Xcode Command Line Developer Tools directory
# MACOSX_VERSION_MIN Minimal version of macOS to target, e.g. 10.11
# SDK SDK name to build against, e.g. macosx, macosx10.11
#
# Examples:
#
# Build against custom installed libraries under /opt:
# % OPENSSL_BASE=/opt/openssl LIBEVENT_BASE=/opt/libevent make
#
# Create a statically linked binary:
# % PCFLAGS='--static' CFLAGS='-static' LDFLAGS='-static' make
#
# Build against musl libc that needs an additional library for fts(3):
# % LIBS='-lfts' make
#
# Build a macOS binary for El Capitan using the default SDK from Xcode 7.3.1:
# % MACOSX_VERSION_MIN=10.11 DEVELOPER_DIR=/Applications/Xcode-7.3.1.app/Contents/Developer make
### Mirroring
# Define to disable support for mirroring connection content as emulated
# packets to a network interface (-I/-T options). Doing so will remove the
# dependency on both libnet and libpcap. Use this for constrained environments
# or on platforms without usable libnet/libpcap. Logging connection content to
# PCAP files will remain fully functional (-X/-Y/-y options) as it does not
# make use of libnet and libpcap.
#FEATURES+= -DWITHOUT_MIRROR
### OpenSSL tweaking
# Define to enable support for SSLv2.
# Default since 0.4.9 is to disable SSLv2 entirely even if OpenSSL supports it,
# since there are servers that are not compatible with SSLv2 Client Hello
# messages. If you build in SSLv2 support, you can disable it at runtime using
# -R ssl2 to get the same result as not building in SSLv2 support at all.
#FEATURES+= -DWITH_SSLV2
### User Authentication
# Define to disable support for user authentication.
# Doing so will remove the dependency on sqlite.
#FEATURES+= -DWITHOUT_USERAUTH
# UserAuth feature is supported on OpenBSD and Linux only
ifneq ($(filter -DWITHOUT_USERAUTH,$(FEATURES)),-DWITHOUT_USERAUTH)
ifneq ($(shell uname),OpenBSD)
ifneq ($(shell uname),Linux)
FEATURES+= -DWITHOUT_USERAUTH
endif
endif
endif
### Debugging
# These flags are added to CFLAGS iff building from a git repo.
DEBUG_CFLAGS?= -g
#DEBUG_CFLAGS+= -Werror
# Define to remove false positives when debugging memory allocation.
# Note that you probably want to build OpenSSL with -DPURIFY too.
#FEATURES+= -DPURIFY
# Define to add proxy state machine debugging; dump state in debug mode.
#FEATURES+= -DDEBUG_PROXY
# Define to add certificate debugging; dump all certificates in debug mode.
#FEATURES+= -DDEBUG_CERTIFICATE
# Define to add SSL session cache debugging; dump all sessions in debug mode.
#FEATURES+= -DDEBUG_SESSION_CACHE
# Define to add debugging of sslsplit's own ClientHello message parser.
#FEATURES+= -DDEBUG_CLIENTHELLO_PARSER
# Define to add thread debugging; dump thread state when choosing a thread.
#FEATURES+= -DDEBUG_THREAD
# Define to add privilege separation server event loop debugging.
#FEATURES+= -DDEBUG_PRIVSEP_SERVER
# Define to add diagnostic output for debugging option parsing.
#FEATURES+= -DDEBUG_OPTS
# When debugging OpenSSL related issues, make sure you use a debug build of
# OpenSSL and consider enabling its debugging options -DREF_PRINT -DREF_CHECK
# for debugging reference counting of OpenSSL objects and/or
# -DPURIFY for using valgrind and similar tools.
### Mac OS X header selection
# First, try to use the exact XNU version reported by the kernel. If they
# are not available, try to look up a suitable XNU version that we have
# headers for based on the OS X release reported by sw_vers. Then as a last
# resort, fall back to the latest version of XNU that we have headers for,
# which may or may not work, depending on if there were API or ABI changes
# in the DIOCNATLOOK ioctl interface to the NAT state table in the kernel.
#
# Note that you can override the XNU headers used by defining XNU_VERSION.
ifndef PROJECT_ROOT
$(error PROJECT_ROOT not defined)
endif
ifeq ($(shell uname),Darwin)
include $(PROJECT_ROOT)/Mk/xcode.mk
ifneq ($(wildcard /usr/include/libproc.h),)
FEATURES+= -DHAVE_DARWIN_LIBPROC
endif
OSX_VERSION= $(shell sw_vers -productVersion)
ifneq ($(XNU_VERSION),)
XNU_METHOD= override
XNU_HAVE= $(shell uname -a|sed 's/^.*root:xnu-//g'|sed 's/~.*$$//')
else
XNU_METHOD= uname
XNU_VERSION= $(shell uname -a|sed 's/^.*root:xnu-//g'|sed 's/~.*$$//')
XNU_HAVE:= $(XNU_VERSION)
endif
ifeq ($(wildcard $(PROJECT_ROOT)/xnu/xnu-$(XNU_VERSION)),)
XNU_METHOD= sw_vers
XNU_VERSION= $(shell awk '/^XNU_RELS.*\# $(OSX_VERSION)$$/ {print $$2}' $(PROJECT_ROOT)/xnu/GNUmakefile)
endif
ifeq ($(wildcard $(PROJECT_ROOT)/xnu/xnu-$(XNU_VERSION)),)
XNU_METHOD= fallback
XNU_VERSION= $(shell awk '/^XNU_RELS/ {print $$2}' $(PROJECT_ROOT)/xnu/GNUmakefile|tail -1)
endif
ifneq ($(wildcard $(PROJECT_ROOT)/xnu/xnu-$(XNU_VERSION)),)
FEATURES+= -DHAVE_PF
PKG_CPPFLAGS+= -I$(PROJECT_ROOT)/xnu/xnu-$(XNU_VERSION)
BUILD_INFO+= OSX:$(OSX_VERSION) XNU:$(XNU_VERSION):$(XNU_METHOD):$(XNU_HAVE)
endif
endif
### Autodetected features
# Autodetect pf
ifneq ($(wildcard /usr/include/net/pfvar.h),)
FEATURES+= -DHAVE_PF
# OpenBSD 4.7+ and FreeBSD 9.0+ also include ipfw-style divert-to in pf
FEATURES+= -DHAVE_IPFW
endif
# Autodetect ipfw
ifneq ($(wildcard /sbin/ipfw),)
FEATURES+= -DHAVE_IPFW
endif
# Autodetect ipfilter
ifneq ($(wildcard /usr/include/netinet/ip_fil.h),)
FEATURES+= -DHAVE_IPFILTER
endif
# Autodetect netfilter
ifneq ($(wildcard /usr/include/linux/netfilter.h),)
FEATURES+= -DHAVE_NETFILTER
endif
### Variables you might need to override
PREFIX?= /usr/local
MANDIR?= share/man
EXAMPLESDIR?= share/examples
INSTALLUID?= 0
INSTALLGID?= 0
BINUID?= $(INSTALLUID)
BINGID?= $(INSTALLGID)
BINMODE?= 0755
CNFUID?= $(INSTALLUID)
CNFGID?= $(INSTALLGID)
CNFMODE?= 0644
MANUID?= $(INSTALLUID)
MANGID?= $(INSTALLGID)
MANMODE?= 0644
EXAMPLESMODE?= 0444
ifeq ($(shell id -u),0)
BINOWNERFLAGS?= -o $(BINUID) -g $(BINGID)
CNFOWNERFLAGS?= -o $(CNFUID) -g $(CNFGID)
MANOWNERFLAGS?= -o $(MANUID) -g $(MANGID)
else
BINOWNERFLAGS?=
CNFOWNERFLAGS?=
MANOWNERFLAGS?=
endif
OPENSSL?= openssl
PKGCONFIG?= $(shell command -v pkg-config||echo false)
ifeq ($(PKGCONFIG),false)
$(warning pkg-config not found - guessing paths/flags for dependencies)
endif
BASENAME?= basename
CAT?= cat
CHECKNR?= checknr
CUT?= cut
GREP?= grep
INSTALL?= install
MKDIR?= mkdir
SED?= sed
SORT?= sort
### Variables only used for developer targets
KHASH_URL?= https://github.com/attractivechaos/klib/raw/master/khash.h
GPGSIGNKEY?= 0xE1520675375F5E35
CPPCHECK?= cppcheck
GPG?= gpg
GIT?= git
WGET?= wget
ZIP?= gzip
COL?= col
LN?= ln
MAN?= man
TAR?= tar
# TODO: RM defaults to rm -f causing multiple -f options, should we override it?
#RM= rm
### You should not need to touch anything below this line
SRCDIR:= src
PKGLABEL:= SSLproxy
PKGNAME:= sslproxy
TARGET:= $(PKGNAME)
FEATURES:= $(sort $(FEATURES))
include $(PROJECT_ROOT)/Mk/buildinfo.mk
VERSION:= $(BUILD_VERSION)
ifdef GITDIR
CFLAGS+= $(DEBUG_CFLAGS)
endif
# Autodetect dependencies known to pkg-config
PKGS:=
ifndef OPENSSL_BASE
PKGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --exists openssl \
&& echo openssl)
endif
ifndef LIBEVENT_BASE
PKGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --exists libevent \
&& echo libevent)
PKGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --exists libevent_openssl \
&& echo libevent_openssl)
PKGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --exists libevent_pthreads \
&& echo libevent_pthreads)
endif
ifneq ($(filter -DWITHOUT_MIRROR,$(FEATURES)),-DWITHOUT_MIRROR)
ifndef LIBPCAP_BASE
PKGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --exists libpcap \
&& echo libpcap)
endif
endif
ifneq ($(filter -DWITHOUT_USERAUTH,$(FEATURES)),-DWITHOUT_USERAUTH)
ifndef SQLITE_BASE
PKGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --exists sqlite3 \
&& echo sqlite3)
endif
endif
TPKGS:=
ifndef CHECK_BASE
TPKGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --exists check \
&& echo check)
endif
# Function: Generate list of base paths to search when locating packages
# $1 packagename
bases= /usr/local/opt/$(1) \
/opt/local \
/usr/local \
/usr
# Function: Locate base path for a package we depend on
# $1 packagename, $2 pattern suffix, $3 override path(s)
locate= $(subst /$(2),,$(word 1,$(wildcard \
$(addsuffix /$(2),$(if $(3),$(3),$(call bases,$(1)))))))
# Autodetect dependencies not known to pkg-config
ifeq (,$(filter openssl,$(PKGS)))
OPENSSL_FOUND:= $(call locate,openssl,include/openssl/ssl.h,$(OPENSSL_BASE))
OPENSSL:= $(OPENSSL_FOUND)/bin/openssl
ifndef OPENSSL_FOUND
$(error dependency 'OpenSSL' not found; \
install it or point OPENSSL_BASE to base path)
endif
endif
ifeq (,$(filter libevent,$(PKGS)))
LIBEVENT_FOUND:=$(call locate,libevent,include/event2/event.h,$(LIBEVENT_BASE))
ifndef LIBEVENT_FOUND
$(error dependency 'libevent 2.x' not found; \
install it or point LIBEVENT_BASE to base path)
endif
endif
ifneq ($(filter -DWITHOUT_MIRROR,$(FEATURES)),-DWITHOUT_MIRROR)
ifeq (,$(filter libpcap,$(PKGS)))
LIBPCAP_FOUND:= $(call locate,libpcap,include/pcap.h,$(LIBPCAP_BASE))
ifndef LIBPCAP_FOUND
$(error dependency 'libpcap' not found; \
install it or point LIBPCAP_BASE to base path)
endif
endif
endif
ifneq ($(filter -DWITHOUT_USERAUTH,$(FEATURES)),-DWITHOUT_USERAUTH)
ifeq (,$(filter sqlite3,$(PKGS)))
SQLITE_FOUND:=$(call locate,sqlite3,include/sqlite3.h,$(SQLITE_BASE))
ifndef SQLITE_FOUND
$(error dependency 'SQLite3' not found; \
install it or point SQLITE_BASE to base path)
endif
endif
endif
ifeq (,$(filter check,$(TPKGS)))
CHECK_FOUND:= $(call locate,check,include/check.h,$(CHECK_BASE))
ifndef CHECK_FOUND
CHECK_MISSING:= 1
endif
endif
# Always search filesystem for libnet because libnet-config is unreliable
ifneq ($(filter -DWITHOUT_MIRROR,$(FEATURES)),-DWITHOUT_MIRROR)
LIBNET_FOUND:= $(call locate,libnet,include/libnet-1.1/libnet.h,$(LIBNET_BASE))
ifdef LIBNET_FOUND
LIBNET_FOUND_INC:= $(LIBNET_FOUND)/include/libnet-1.1
else
LIBNET_FOUND:= $(call locate,libnet,include/libnet.h,$(LIBNET_BASE))
LIBNET_FOUND_INC:= $(LIBNET_FOUND)/include
endif
ifndef LIBNET_FOUND
$(error dependency 'libnet' not found; \
install it or point LIBNET_BASE to base path)
endif
endif
ifdef OPENSSL_FOUND
PKG_CPPFLAGS+= -I$(OPENSSL_FOUND)/include
ifneq ($(findstring openssl-3.,$(OPENSSL_FOUND)),openssl-3.)
PKG_LDFLAGS+= -L$(OPENSSL_FOUND)/lib
else
PKG_LDFLAGS+= -L$(OPENSSL_FOUND)/lib64
endif
PKG_LIBS+= -lssl -lcrypto -lz
endif
ifdef LIBEVENT_FOUND
PKG_CPPFLAGS+= -I$(LIBEVENT_FOUND)/include
PKG_LDFLAGS+= -L$(LIBEVENT_FOUND)/lib
PKG_LIBS+= -levent
endif
ifeq (,$(filter libevent_openssl,$(PKGS)))
PKG_LIBS+= -levent_openssl
endif
ifeq (,$(filter libevent_pthreads,$(PKGS)))
PKG_LIBS+= -levent_pthreads
endif
ifneq ($(filter -DWITHOUT_MIRROR,$(FEATURES)),-DWITHOUT_MIRROR)
ifdef LIBNET_FOUND
PKG_CPPFLAGS+= -I$(LIBNET_FOUND_INC)
PKG_LDFLAGS+= -L$(LIBNET_FOUND)/lib
PKG_LIBS+= -lnet
endif
ifdef LIBPCAP_FOUND
PKG_CPPFLAGS+= -I$(LIBPCAP_FOUND)/include
PKG_LDFLAGS+= -L$(LIBPCAP_FOUND)/lib
PKG_LIBS+= -lpcap
endif
endif
ifneq ($(filter -DWITHOUT_USERAUTH,$(FEATURES)),-DWITHOUT_USERAUTH)
ifdef SQLITE_FOUND
PKG_CPPFLAGS+= -I$(SQLITE_FOUND)/include
PKG_LDFLAGS+= -L$(SQLITE_FOUND)/lib
PKG_LIBS+= -lsqlite3
endif
endif
ifdef CHECK_FOUND
TPKG_CPPFLAGS+= -I$(CHECK_FOUND)/include
TPKG_LDFLAGS+= -L$(CHECK_FOUND)/lib
TPKG_LIBS+= -lcheck
endif
ifneq (,$(strip $(PKGS)))
PKG_CFLAGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --cflags-only-other $(PKGS))
PKG_CPPFLAGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --cflags-only-I $(PKGS))
PKG_LDFLAGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --libs-only-L \
--libs-only-other $(PKGS))
PKG_LIBS+= $(shell $(PKGCONFIG) $(PCFLAGS) --libs-only-l $(PKGS))
endif
ifneq (,$(strip $(TPKGS)))
TPKG_CFLAGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --cflags-only-other $(TPKGS))
TPKG_CPPFLAGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --cflags-only-I $(TPKGS))
TPKG_LDFLAGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --libs-only-L \
--libs-only-other $(TPKGS))
TPKG_LIBS+= $(shell $(PKGCONFIG) $(PCFLAGS) --libs-only-l $(TPKGS))
endif
CPPDEFS+= -D_GNU_SOURCE \
-D"PKGLABEL=\"$(PKGLABEL)\""
CPPCHECKFLAGS+= $(CPPDEFS)
ifneq (ccc-analyzer,$(notdir $(CC)))
PKG_CPPFLAGS:= $(subst -I,-isystem,$(PKG_CPPFLAGS))
TPKG_CPPFLAGS:= $(subst -I,-isystem,$(TPKG_CPPFLAGS))
endif
CFLAGS+= $(PKG_CFLAGS) \
-std=c99 -Wall -Wextra -pedantic \
-D_FORTIFY_SOURCE=2 -fstack-protector-all
CPPFLAGS+= $(PKG_CPPFLAGS) $(CPPDEFS) $(FEATURES)
TCPPFLAGS+= $(TPKG_CPPFLAGS)
LDFLAGS+= $(PKG_LDFLAGS)
LIBS+= $(PKG_LIBS)
ifneq ($(shell uname),Darwin)
CFLAGS+= -pthread
LDFLAGS+= -pthread
endif
# _FORTIFY_SOURCE requires -O on Linux
ifeq (,$(findstring -O,$(CFLAGS)))
CFLAGS+= -O2
endif
export VERSION
export OPENSSL
export OPENSSL_BASE
export OPENSSL_FOUND
export MKDIR
export WGET
ifndef MAKE_RESTARTS
$(info ------------------------------------------------------------------------------)
$(info $(PKGLABEL) $(VERSION))
$(info ------------------------------------------------------------------------------)
$(info Report bugs at https://github.com/sonertari/SSLproxy/issues/new)
$(info Please supply this header for diagnostics when reporting build issues)
$(info Before reporting bugs, make sure to try the latest develop branch first:)
$(info % git clone -b develop https://github.com/sonertari/SSLproxy.git)
$(info ------------------------------------------------------------------------------)
$(info Via pkg-config: $(strip $(PKGS) $(TPKGS)))
ifdef OPENSSL_FOUND
$(info OPENSSL_BASE: $(strip $(OPENSSL_FOUND)))
endif
ifdef LIBEVENT_FOUND
$(info LIBEVENT_BASE: $(strip $(LIBEVENT_FOUND)))
endif
ifdef LIBPCAP_FOUND
$(info LIBPCAP_BASE: $(strip $(LIBPCAP_FOUND)))
endif
ifdef LIBNET_FOUND
$(info LIBNET_BASE: $(strip $(LIBNET_FOUND)))
endif
ifdef SQLITE_FOUND
$(info SQLITE_BASE: $(strip $(SQLITE_FOUND)))
endif
ifdef CHECK_FOUND
$(info CHECK_BASE: $(strip $(CHECK_FOUND)))
endif
$(info Build options: $(FEATURES))
$(info Build info: $(BUILD_INFO))
ifeq ($(shell uname),Darwin)
$(info OSX_VERSION: $(OSX_VERSION))
$(info XNU_VERSION: $(XNU_VERSION) ($(XNU_METHOD), have $(XNU_HAVE)))
endif
$(info uname -a: $(shell uname -a))
$(info ------------------------------------------------------------------------------)
endif