# This Source Code Form is subject to the terms of the Mozilla Public # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. # Although MIG components can be installed using the typical go tools # e.g., using "go get", the Makefile here provides a few helper functions # related to specific tasks. This includes appying a value to the mig package # Version variable to give the components a version. # # We also have various targets in here related to binary signing and package # creation. # # When the makefile is used to build components the binaries are placed in a # bin directory at the repository root rather then in $GOPATH/bin. BUILDENV := dev BUILDREL := 0 BINSUFFIX := OS := $(shell uname -s| tr '[:upper:]' '[:lower:]') ARCH := amd64 BINDIR := bin/$(OS)/$(ARCH) ifeq ($(OS),windows) # On windows, the version is year.month.date.release BUILDREV := $(shell date +%y).$(shell date +%m).$(shell date +%d).$(BUILDREL) BINSUFFIX := ".exe" else # On linux and darwin, the version is yearmonthdate.release+lastcommit.env BUILDREV := $(shell date +%Y%m%d)-$(BUILDREL).$(shell git log --pretty=format:'%h' -n 1).$(BUILDENV) endif # Set this to yes if you want yara support and want to use the yara module # # This assumes yara has been compiled with the following options: # --disable-shared --disable-magic --disable-cuckoo --without-crypto # # If you have built yara some other way or have yara shared libraries # installed you will need to adjust the makefile. # # You may have to set the CPATH and LIBRARY_PATH environment variables # if you have installed the yara headers and library somewhere the build # tools can't locate. WITHYARA := no # These variables control signature operations used when building various # targets on OSX. # # OSXPROCSIGID if set will result in the specified identity being used to # sign the mig-agent and mig-loader binaries when built on OSX. If empty, # the compiled binaries will not be signed. # # OSXPACKSIGID if set will result in the specified identity being used to # sign the mig-loader package (osx-loader-pkg). If empty the .pkg will not # be signed. # # This uses the signature related options to pkgbuild and codesign # # https://developer.apple.com/library/content/technotes/tn2206/_index.html # https://developer.apple.com/developer-id/ # OSXPROCSIGID ?= OSXPACKSIGID ?= SIGNFLAGS := ifeq ($(ARCH),amd64) FPMARCH := x86_64 endif ifeq ($(ARCH),386) FPMARCH := i386 endif # MSICONF is used for building Windows agent packages, and indicates the path to the # wxs file wixl should use. MSICONF := mig-agent-installer.wxs # If code signing is enabled for OSX binaries, pass the -s flag during linking # otherwise the signed binary will not execute correctly # https://github.com/golang/go/issues/11887 ifneq ($(OSXPROCSIGID),) ifeq ($(OS),darwin) STRIPOPT := -s endif endif CGOLDFLAGS := GO := GOOS=$(OS) GOARCH=$(ARCH) GO15VENDOREXPERIMENT=1 go MIGVERFLAGS := -X mig.ninja/mig.Version=$(BUILDREV) GOLDFLAGS := -ldflags "$(MIGVERFLAGS) $(STRIPOPT)" INSTALL := install SERVERTARGETS := mig-scheduler mig-api mig-runner runner-compliance runner-scribe CLIENTTARGETS := mig-cmd mig-console mig-action-generator mig-action-verifier \ mig-agent-search AGENTTARGETS := mig-agent mig-loader ALLTARGETS := $(AGENTTARGETS) $(SERVERTARGETS) $(CLIENTTARGETS) # MODULETAGS can be set to indicate a specific module set the agent and command line will # include support for. By default, this is a set of modules that do not require cgo. For example, # to include the memory module in the agent something like "make MODULETAGS='modmemory' mig-agent". # To include no default modules, and only the memory module something like # "make MODULETAGS='nomoddefaults modmemory' mig-agent" can be used. To see a list of available # module tags see the modulepack package. MODULETAGS := BUILDTAGS := $(MODULETAGS) GOOPTS := -tags "$(BUILDTAGS)" ifeq ($(WITHYARA),yes) ifeq ($(OS),linux) CGOLDFLAGS += -lyara -lm else ifeq ($(OS),darwin) # Nothing special required here for this to work on darwin else $(error WITHYARA not supported for this platform) endif endif export CGO_LDFLAGS = $(CGOLDFLAGS) all: test $(ALLTARGETS) create-bindir: mkdir -p $(BINDIR) mig-agent: create-bindir @echo building mig-agent for $(OS)/$(ARCH) $(GO) build $(GOOPTS) -o $(BINDIR)/mig-agent-$(BUILDREV)$(BINSUFFIX) $(GOLDFLAGS) mig.ninja/mig/mig-agent ln -fs "$$(pwd)/$(BINDIR)/mig-agent-$(BUILDREV)$(BINSUFFIX)" "$$(pwd)/$(BINDIR)/mig-agent-latest" [ -x "$(BINDIR)/mig-agent-$(BUILDREV)$(BINSUFFIX)" ] # If our build target is darwin and OSXPROCSIGID is set, sign the binary if [ $(OS) = "darwin" -a ! -z "$(OSXPROCSIGID)" ]; then \ codesign -s "$(OSXPROCSIGID)" $(BINDIR)/mig-agent-$(BUILDREV)$(BINSUFFIX); \ fi mig-scheduler: create-bindir $(GO) build $(GOOPTS) -o $(BINDIR)/mig-scheduler $(GOLDFLAGS) mig.ninja/mig/mig-scheduler mig-api: create-bindir $(GO) build $(GOOPTS) -o $(BINDIR)/mig-api $(GOLDFLAGS) mig.ninja/mig/mig-api mig-runner: create-bindir $(GO) build $(GOOPTS) -o $(BINDIR)/mig-runner $(GOLDFLAGS) mig.ninja/mig/mig-runner mig-action-generator: create-bindir $(GO) build $(GOOPTS) -o $(BINDIR)/mig-action-generator $(GOLDFLAGS) mig.ninja/mig/client/mig-action-generator mig-loader: create-bindir $(GO) build $(GOOPTS) -o $(BINDIR)/mig-loader$(BINSUFFIX) $(GOLDFLAGS) mig.ninja/mig/mig-loader if [ $(OS) = "darwin" -a ! -z "$(OSXPROCSIGID)" ]; then \ codesign -s "$(OSXPROCSIGID)" $(BINDIR)/mig-loader; \ fi mig-action-verifier: create-bindir $(GO) build $(GOOPTS) -o $(BINDIR)/mig-action-verifier $(GOLDFLAGS) mig.ninja/mig/client/mig-action-verifier mig-console: create-bindir $(GO) build $(GOOPTS) -o $(BINDIR)/mig-console $(GOLDFLAGS) mig.ninja/mig/client/mig-console mig-cmd: create-bindir $(GO) build $(GOOPTS) -o $(BINDIR)/mig $(GOLDFLAGS) mig.ninja/mig/client/mig mig-agent-search: create-bindir $(GO) build $(GOOPTS) -o $(BINDIR)/mig-agent-search $(GOLDFLAGS) mig.ninja/mig/client/mig-agent-search worker-agent-verif: create-bindir $(GO) build $(GOOPTS) -o $(BINDIR)/mig-worker-agent-verif $(GOLDFLAGS) mig.ninja/mig/workers/mig-worker-agent-verif runner-compliance: create-bindir $(GO) build $(GOOPTS) -o $(BINDIR)/runner-compliance $(GOLDFLAGS) mig.ninja/mig/runner-plugins/runner-compliance runner-scribe: create-bindir $(GO) build $(GOOPTS) -o $(BINDIR)/runner-scribe $(GOLDFLAGS) mig.ninja/mig/runner-plugins/runner-scribe go_vendor_dependencies: govend -v -u rpm-agent: mig-agent rm -fr tmp $(INSTALL) -D -m 0755 $(BINDIR)/mig-agent-$(BUILDREV) tmp/sbin/mig-agent-$(BUILDREV) mkdir -p tmp/var/lib/mig make agent-install-script-linux make agent-remove-script-linux fpm -C tmp -n mig-agent --license GPL --vendor mozilla --description "Mozilla InvestiGator Agent" \ -m "Mozilla " --url http://mig.mozilla.org --architecture $(FPMARCH) -v $(BUILDREV) \ --after-remove tmp/agent_remove.sh --after-install tmp/agent_install.sh \ -s dir -t rpm . deb-agent: mig-agent rm -fr tmp $(INSTALL) -s -D -m 0755 $(BINDIR)/mig-agent-$(BUILDREV) tmp/sbin/mig-agent-$(BUILDREV) $(INSTALL) -D -m 0644 LICENSE tmp/usr/share/doc/mig-agent/copyright mkdir -p tmp/var/lib/mig make agent-install-script-linux make agent-remove-script-linux fpm -C tmp -n mig-agent --license GPL --vendor mozilla \ --description "Mozilla InvestiGator Agent\nAgent binary" \ -m "Mozilla " --url http://mig.mozilla.org \ --architecture $(FPMARCH) -v $(BUILDREV) \ --after-remove tmp/agent_remove.sh --after-install tmp/agent_install.sh \ -s dir -t deb . deb-loader: mig-loader rm -fr tmp $(INSTALL) -s -D -m 0755 $(BINDIR)/mig-loader tmp/sbin/mig-loader $(INSTALL) -D -m 0644 LICENSE tmp/usr/share/doc/mig-loader/copyright mkdir -p tmp/var/lib/mig mkdir -p tmp/etc/mig fpm -C tmp -n mig-loader --license GPL --vendor mozilla \ --description "Mozilla InvestiGator Agent Loader\nAgent loader binary" \ -m "Mozilla " --url http://mig.mozilla.org \ --architecture $(FPMARCH) -v $(BUILDREV) \ -s dir -t deb . rpm-loader: mig-loader rm -fr tmp $(INSTALL) -s -D -m 0755 $(BINDIR)/mig-loader tmp/sbin/mig-loader $(INSTALL) -D -m 0644 LICENSE tmp/usr/share/doc/mig-loader/copyright mkdir -p tmp/var/lib/mig mkdir -p tmp/etc/mig fpm -C tmp -n mig-loader --license GPL --vendor mozilla \ --description "Mozilla InvestiGator Agent Loader\nAgent loader binary" \ -m "Mozilla " --url http://mig.mozilla.org \ --architecture $(FPMARCH) -v $(BUILDREV) \ -s dir -t rpm . dmg-agent: mig-agent ifneq ($(OS),darwin) echo 'Set OS=darwin on the make command line to build an OSX package (must be on darwin)' else rm -fr tmp tmpdmg mkdir -p tmp/usr/local/bin mkdir tmpdmg $(INSTALL) -m 0755 $(BINDIR)/mig-agent-$(BUILDREV) tmp/usr/local/bin/mig-agent-$(BUILDREV) mkdir -p 'tmp/Library/Preferences/mig/' make agent-install-script-osx fpm -C tmp -n mig-agent --license GPL --vendor mozilla --description "Mozilla InvestiGator Agent" \ -m "Mozilla " --url http://mig.mozilla.org --architecture $(FPMARCH) -v $(BUILDREV) \ --after-install tmp/agent_install.sh \ -s dir -t osxpkg --osxpkg-identifier-prefix org.mozilla.mig -p tmpdmg/mig-agent-$(BUILDREV)-$(FPMARCH).pkg . hdiutil makehybrid -hfs -hfs-volume-name "Mozilla InvestiGator Agent" \ -o ./mig-agent-$(BUILDREV)-$(FPMARCH).dmg tmpdmg endif agent-install-script-linux: echo '#!/bin/sh' > tmp/agent_install.sh echo 'chmod 500 /sbin/mig-agent-$(BUILDREV)' >> tmp/agent_install.sh echo 'chown root:root /sbin/mig-agent-$(BUILDREV)' >> tmp/agent_install.sh echo 'rm /sbin/mig-agent; ln -s /sbin/mig-agent-$(BUILDREV) /sbin/mig-agent' >> tmp/agent_install.sh chmod 0755 tmp/agent_install.sh agent-install-script-osx: echo '#!/bin/sh' > tmp/agent_install.sh echo 'chmod 500 /usr/local/bin/mig-agent-$(BUILDREV)' >> tmp/agent_install.sh echo 'chown root:root /usr/local/bin/mig-agent-$(BUILDREV)' >> tmp/agent_install.sh echo 'rm /usr/local/bin/mig-agent; ln -s /usr/local/bin/mig-agent-$(BUILDREV)' \ '/usr/local/bin/mig-agent' >> tmp/agent_install.sh chmod 0755 tmp/agent_install.sh agent-remove-script-linux: echo '#!/bin/sh' > tmp/agent_remove.sh echo 'for f in "/etc/cron.d/mig-agent" "/etc/init/mig-agent.conf"' \ '"/etc/init.d/mig-agent" "/etc/systemd/system/mig-agent.service"; do' >> tmp/agent_remove.sh echo ' [ -e "$$f" ] && rm -f "$$f"' >> tmp/agent_remove.sh echo 'done' >> tmp/agent_remove.sh echo 'echo mig-agent removed but not killed if running' >> tmp/agent_remove.sh chmod 0755 tmp/agent_remove.sh msi-agent: mig-agent ifneq ($(OS),windows) echo 'Set OS=windows on the make command line to compile an MSI package' else rm -fr tmp mkdir 'tmp' $(INSTALL) -m 0755 $(BINDIR)/mig-agent-$(BUILDREV).exe tmp/mig-agent-$(BUILDREV).exe cp conf/$(MSICONF) tmp/ sed -i "s/REPLACE_WITH_MIG_AGENT_VERSION/$(BUILDREV)/" tmp/$(MSICONF) wixl tmp/$(MSICONF) cp tmp/mig-agent-installer.msi mig-agent-$(BUILDREV).msi endif deb-server: mig-scheduler mig-api mig-runner rm -rf tmp $(INSTALL) -D -m 0755 $(BINDIR)/mig-scheduler tmp/opt/mig/bin/mig-scheduler $(INSTALL) -D -m 0755 $(BINDIR)/mig-api tmp/opt/mig/bin/mig-api $(INSTALL) -D -m 0755 $(BINDIR)/mig-runner tmp/opt/mig/bin/mig-runner $(INSTALL) -D -m 0640 conf/scheduler.cfg.inc tmp/etc/mig/scheduler.cfg $(INSTALL) -D -m 0640 conf/api.cfg.inc tmp/etc/mig/api.cfg mkdir -p tmp/var/cache/mig fpm -C tmp -n mig-server --license GPL --vendor mozilla --description "Mozilla InvestiGator Server" \ -m "Mozilla " --url http://mig.mozilla.org \ --architecture $(FPMARCH) -v $(BUILDREV) -s dir -t deb . osx-loader-pkg: mig-loader ifneq ($(OSXPACKSIGID),) $(eval SIGNFLAGS:=--sign "$(OSXPACKSIGID)") endif tmpdir=$$(mktemp -d) && \ scriptstmp=$$(mktemp -d) && \ echo $$signflags && \ $(INSTALL) -m 0755 -d $${tmpdir}/usr/local/bin && \ $(INSTALL) -m 0750 -d $${tmpdir}/etc/mig && \ $(INSTALL) -m 0755 -d $${tmpdir}/Library/LaunchAgents && \ $(INSTALL) -m 0755 $(BINDIR)/mig-loader $${tmpdir}/usr/local/bin/mig-loader && \ $(INSTALL) -m 0755 tools/osx-loader-pkg-postinstall.sh $${scriptstmp}/postinstall && \ pkgbuild --root $${tmpdir} --identifier org.mozilla.mig-loader --version $(BUILDREV) \ --ownership recommended --scripts $${scriptstmp} \ $(SIGNFLAGS) \ ./mig-loader-$(BUILDREV)-darwin-$(ARCH).pkg && \ rm -rf $${tmpdir} && \ rm -rf $${scriptstmp} doc: make -C doc doc test: test-modules $(GO) test mig.ninja/mig/mig-agent/... $(GO) test mig.ninja/mig/mig-scheduler/... $(GO) test mig.ninja/mig/mig-api/... $(GO) test mig.ninja/mig/mig-runner/... $(GO) test mig.ninja/mig/mig-loader/... $(GO) test mig.ninja/mig/client/... $(GO) test mig.ninja/mig/database/... $(GO) test mig.ninja/mig/workers/... $(GO) test mig.ninja/mig test-modules: $(GO) test mig.ninja/mig/modules/ $(GO) test mig.ninja/mig/modules/agentdestroy $(GO) test mig.ninja/mig/modules/example $(GO) test mig.ninja/mig/modules/examplepersist $(GO) test mig.ninja/mig/modules/file $(GO) test mig.ninja/mig/modules/fswatch $(GO) test mig.ninja/mig/modules/memory $(GO) test mig.ninja/mig/modules/netstat $(GO) test mig.ninja/mig/modules/ping $(GO) test mig.ninja/mig/modules/pkg $(GO) test mig.ninja/mig/modules/scribe $(GO) test mig.ninja/mig/modules/timedrift $(GO) test mig.ninja/mig/modules/sshkey ifeq ($(WITHYARA),yes) $(GO) test mig.ninja/mig/modules/yara endif vet: $(GO) vet mig.ninja/mig/mig-agent/... $(GO) vet mig.ninja/mig/mig-scheduler/... $(GO) vet mig.ninja/mig/mig-api/... $(GO) vet mig.ninja/mig/mig-runner/... $(GO) vet mig.ninja/mig/client/... $(GO) vet mig.ninja/mig/modules/... $(GO) vet mig.ninja/mig/database/... $(GO) vet mig.ninja/mig/workers/... $(GO) vet mig.ninja/mig clean: clean-agent rm -rf bin rm -rf tmp .PHONY: doc