зеркало из https://github.com/mozilla/mig.git
356 строки
14 KiB
Makefile
356 строки
14 KiB
Makefile
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
|
|
# Although MIG components can be installed using the typical go tools
|
|
# e.g., using "go get", the Makefile here provides a few helper functions
|
|
# related to specific tasks. This includes appying a value to the mig package
|
|
# Version variable to give the components a version.
|
|
#
|
|
# We also have various targets in here related to binary signing and package
|
|
# creation.
|
|
#
|
|
# When the makefile is used to build components the binaries are placed in a
|
|
# bin directory at the repository root rather then in $GOPATH/bin.
|
|
|
|
BUILDENV := dev
|
|
BUILDREL := 0
|
|
BINSUFFIX :=
|
|
OS := $(shell uname -s| tr '[:upper:]' '[:lower:]')
|
|
ARCH := amd64
|
|
BINDIR := bin/$(OS)/$(ARCH)
|
|
|
|
ifeq ($(OS),windows)
|
|
# On windows, the version is year.month.date.release
|
|
BUILDREV := $(shell date +%y).$(shell date +%m).$(shell date +%d).$(BUILDREL)
|
|
BINSUFFIX := ".exe"
|
|
else
|
|
# On linux and darwin, the version is yearmonthdate.release+lastcommit.env
|
|
BUILDREV := $(shell date +%Y%m%d)-$(BUILDREL).$(shell git log --pretty=format:'%h' -n 1).$(BUILDENV)
|
|
endif
|
|
|
|
# Set this to yes if you want yara support and want to use the yara module
|
|
#
|
|
# This assumes yara has been compiled with the following options:
|
|
# --disable-shared --disable-magic --disable-cuckoo --without-crypto
|
|
#
|
|
# If you have built yara some other way or have yara shared libraries
|
|
# installed you will need to adjust the makefile.
|
|
#
|
|
# You may have to set the CPATH and LIBRARY_PATH environment variables
|
|
# if you have installed the yara headers and library somewhere the build
|
|
# tools can't locate.
|
|
WITHYARA := no
|
|
|
|
# These variables control signature operations used when building various
|
|
# targets on OSX.
|
|
#
|
|
# OSXPROCSIGID if set will result in the specified identity being used to
|
|
# sign the mig-agent and mig-loader binaries when built on OSX. If empty,
|
|
# the compiled binaries will not be signed.
|
|
#
|
|
# OSXPACKSIGID if set will result in the specified identity being used to
|
|
# sign the mig-loader package (osx-loader-pkg). If empty the .pkg will not
|
|
# be signed.
|
|
#
|
|
# This uses the signature related options to pkgbuild and codesign
|
|
#
|
|
# https://developer.apple.com/library/content/technotes/tn2206/_index.html
|
|
# https://developer.apple.com/developer-id/
|
|
#
|
|
OSXPROCSIGID ?=
|
|
OSXPACKSIGID ?=
|
|
SIGNFLAGS :=
|
|
|
|
ifeq ($(ARCH),amd64)
|
|
FPMARCH := x86_64
|
|
endif
|
|
ifeq ($(ARCH),386)
|
|
FPMARCH := i386
|
|
endif
|
|
|
|
# MSICONF is used for building Windows agent packages, and indicates the path to the
|
|
# wxs file wixl should use.
|
|
MSICONF := mig-agent-installer.wxs
|
|
|
|
# If code signing is enabled for OSX binaries, pass the -s flag during linking
|
|
# otherwise the signed binary will not execute correctly
|
|
# https://github.com/golang/go/issues/11887
|
|
ifneq ($(OSXPROCSIGID),)
|
|
ifeq ($(OS),darwin)
|
|
STRIPOPT := -s
|
|
endif
|
|
endif
|
|
|
|
CGOLDFLAGS :=
|
|
GO := GOOS=$(OS) GOARCH=$(ARCH) GO15VENDOREXPERIMENT=1 go
|
|
MIGVERFLAGS := -X mig.ninja/mig.Version=$(BUILDREV)
|
|
GOLDFLAGS := -ldflags "$(MIGVERFLAGS) $(STRIPOPT)"
|
|
INSTALL := install
|
|
SERVERTARGETS := mig-scheduler mig-api mig-runner runner-compliance runner-scribe
|
|
CLIENTTARGETS := mig-cmd mig-console mig-action-generator mig-action-verifier \
|
|
mig-agent-search
|
|
AGENTTARGETS := mig-agent mig-loader
|
|
ALLTARGETS := $(AGENTTARGETS) $(SERVERTARGETS) $(CLIENTTARGETS)
|
|
|
|
# MODULETAGS can be set to indicate a specific module set the agent and command line will
|
|
# include support for. By default, this is a set of modules that do not require cgo. For example,
|
|
# to include the memory module in the agent something like "make MODULETAGS='modmemory' mig-agent".
|
|
# To include no default modules, and only the memory module something like
|
|
# "make MODULETAGS='nomoddefaults modmemory' mig-agent" can be used. To see a list of available
|
|
# module tags see the modulepack package.
|
|
MODULETAGS :=
|
|
|
|
BUILDTAGS := $(MODULETAGS)
|
|
GOOPTS := -tags "$(BUILDTAGS)"
|
|
|
|
ifeq ($(WITHYARA),yes)
|
|
ifeq ($(OS),linux)
|
|
CGOLDFLAGS += -lyara -lm
|
|
else ifeq ($(OS),darwin)
|
|
# Nothing special required here for this to work on darwin
|
|
else
|
|
$(error WITHYARA not supported for this platform)
|
|
endif
|
|
endif
|
|
|
|
export CGO_LDFLAGS = $(CGOLDFLAGS)
|
|
|
|
all: test $(ALLTARGETS)
|
|
|
|
create-bindir:
|
|
mkdir -p $(BINDIR)
|
|
|
|
mig-agent: create-bindir
|
|
@echo building mig-agent for $(OS)/$(ARCH)
|
|
$(GO) build $(GOOPTS) -o $(BINDIR)/mig-agent-$(BUILDREV)$(BINSUFFIX) $(GOLDFLAGS) mig.ninja/mig/mig-agent
|
|
ln -fs "$$(pwd)/$(BINDIR)/mig-agent-$(BUILDREV)$(BINSUFFIX)" "$$(pwd)/$(BINDIR)/mig-agent-latest"
|
|
[ -x "$(BINDIR)/mig-agent-$(BUILDREV)$(BINSUFFIX)" ]
|
|
# If our build target is darwin and OSXPROCSIGID is set, sign the binary
|
|
if [ $(OS) = "darwin" -a ! -z "$(OSXPROCSIGID)" ]; then \
|
|
codesign -s "$(OSXPROCSIGID)" $(BINDIR)/mig-agent-$(BUILDREV)$(BINSUFFIX); \
|
|
fi
|
|
|
|
mig-scheduler: create-bindir
|
|
$(GO) build $(GOOPTS) -o $(BINDIR)/mig-scheduler $(GOLDFLAGS) mig.ninja/mig/mig-scheduler
|
|
|
|
mig-api: create-bindir
|
|
$(GO) build $(GOOPTS) -o $(BINDIR)/mig-api $(GOLDFLAGS) mig.ninja/mig/mig-api
|
|
|
|
mig-runner: create-bindir
|
|
$(GO) build $(GOOPTS) -o $(BINDIR)/mig-runner $(GOLDFLAGS) mig.ninja/mig/mig-runner
|
|
|
|
mig-action-generator: create-bindir
|
|
$(GO) build $(GOOPTS) -o $(BINDIR)/mig-action-generator $(GOLDFLAGS) mig.ninja/mig/client/mig-action-generator
|
|
|
|
mig-loader: create-bindir
|
|
$(GO) build $(GOOPTS) -o $(BINDIR)/mig-loader$(BINSUFFIX) $(GOLDFLAGS) mig.ninja/mig/mig-loader
|
|
if [ $(OS) = "darwin" -a ! -z "$(OSXPROCSIGID)" ]; then \
|
|
codesign -s "$(OSXPROCSIGID)" $(BINDIR)/mig-loader; \
|
|
fi
|
|
|
|
mig-action-verifier: create-bindir
|
|
$(GO) build $(GOOPTS) -o $(BINDIR)/mig-action-verifier $(GOLDFLAGS) mig.ninja/mig/client/mig-action-verifier
|
|
|
|
mig-console: create-bindir
|
|
$(GO) build $(GOOPTS) -o $(BINDIR)/mig-console $(GOLDFLAGS) mig.ninja/mig/client/mig-console
|
|
|
|
mig-cmd: create-bindir
|
|
$(GO) build $(GOOPTS) -o $(BINDIR)/mig $(GOLDFLAGS) mig.ninja/mig/client/mig
|
|
|
|
mig-agent-search: create-bindir
|
|
$(GO) build $(GOOPTS) -o $(BINDIR)/mig-agent-search $(GOLDFLAGS) mig.ninja/mig/client/mig-agent-search
|
|
|
|
runner-compliance: create-bindir
|
|
$(GO) build $(GOOPTS) -o $(BINDIR)/runner-compliance $(GOLDFLAGS) mig.ninja/mig/runner-plugins/runner-compliance
|
|
|
|
runner-scribe: create-bindir
|
|
$(GO) build $(GOOPTS) -o $(BINDIR)/runner-scribe $(GOLDFLAGS) mig.ninja/mig/runner-plugins/runner-scribe
|
|
|
|
go_vendor_dependencies:
|
|
govend -v -u
|
|
|
|
rpm-agent: mig-agent
|
|
rm -fr tmp
|
|
$(INSTALL) -D -m 0755 $(BINDIR)/mig-agent-$(BUILDREV) tmp/sbin/mig-agent-$(BUILDREV)
|
|
mkdir -p tmp/var/lib/mig
|
|
make agent-install-script-linux
|
|
make agent-remove-script-linux
|
|
fpm -C tmp -n mig-agent --license GPL --vendor mozilla --description "Mozilla InvestiGator Agent" \
|
|
-m "Mozilla <noreply@mozilla.com>" --url http://mig.mozilla.org --architecture $(FPMARCH) -v $(BUILDREV) \
|
|
--after-remove tmp/agent_remove.sh --after-install tmp/agent_install.sh \
|
|
-s dir -t rpm .
|
|
|
|
deb-agent: mig-agent
|
|
rm -fr tmp
|
|
$(INSTALL) -s -D -m 0755 $(BINDIR)/mig-agent-$(BUILDREV) tmp/sbin/mig-agent-$(BUILDREV)
|
|
$(INSTALL) -D -m 0644 LICENSE tmp/usr/share/doc/mig-agent/copyright
|
|
mkdir -p tmp/var/lib/mig
|
|
make agent-install-script-linux
|
|
make agent-remove-script-linux
|
|
fpm -C tmp -n mig-agent --license GPL --vendor mozilla \
|
|
--description "Mozilla InvestiGator Agent\nAgent binary" \
|
|
-m "Mozilla <noreply@mozilla.com>" --url http://mig.mozilla.org \
|
|
--architecture $(FPMARCH) -v $(BUILDREV) \
|
|
--after-remove tmp/agent_remove.sh --after-install tmp/agent_install.sh \
|
|
-s dir -t deb .
|
|
|
|
deb-loader: mig-loader
|
|
rm -fr tmp
|
|
$(INSTALL) -s -D -m 0755 $(BINDIR)/mig-loader tmp/sbin/mig-loader
|
|
$(INSTALL) -D -m 0644 LICENSE tmp/usr/share/doc/mig-loader/copyright
|
|
mkdir -p tmp/var/lib/mig
|
|
mkdir -p tmp/etc/mig
|
|
fpm -C tmp -n mig-loader --license GPL --vendor mozilla \
|
|
--description "Mozilla InvestiGator Agent Loader\nAgent loader binary" \
|
|
-m "Mozilla <noreply@mozilla.com>" --url http://mig.mozilla.org \
|
|
--architecture $(FPMARCH) -v $(BUILDREV) \
|
|
-s dir -t deb .
|
|
|
|
rpm-loader: mig-loader
|
|
rm -fr tmp
|
|
$(INSTALL) -s -D -m 0755 $(BINDIR)/mig-loader tmp/sbin/mig-loader
|
|
$(INSTALL) -D -m 0644 LICENSE tmp/usr/share/doc/mig-loader/copyright
|
|
mkdir -p tmp/var/lib/mig
|
|
mkdir -p tmp/etc/mig
|
|
fpm -C tmp -n mig-loader --license GPL --vendor mozilla \
|
|
--description "Mozilla InvestiGator Agent Loader\nAgent loader binary" \
|
|
-m "Mozilla <noreply@mozilla.com>" --url http://mig.mozilla.org \
|
|
--architecture $(FPMARCH) -v $(BUILDREV) \
|
|
-s dir -t rpm .
|
|
|
|
dmg-agent: mig-agent
|
|
ifneq ($(OS),darwin)
|
|
echo 'Set OS=darwin on the make command line to build an OSX package (must be on darwin)'
|
|
else
|
|
rm -fr tmp tmpdmg
|
|
mkdir -p tmp/usr/local/bin
|
|
mkdir tmpdmg
|
|
$(INSTALL) -m 0755 $(BINDIR)/mig-agent-$(BUILDREV) tmp/usr/local/bin/mig-agent-$(BUILDREV)
|
|
mkdir -p 'tmp/Library/Preferences/mig/'
|
|
make agent-install-script-osx
|
|
fpm -C tmp -n mig-agent --license GPL --vendor mozilla --description "Mozilla InvestiGator Agent" \
|
|
-m "Mozilla <noreply@mozilla.com>" --url http://mig.mozilla.org --architecture $(FPMARCH) -v $(BUILDREV) \
|
|
--after-install tmp/agent_install.sh \
|
|
-s dir -t osxpkg --osxpkg-identifier-prefix org.mozilla.mig -p tmpdmg/mig-agent-$(BUILDREV)-$(FPMARCH).pkg .
|
|
hdiutil makehybrid -hfs -hfs-volume-name "Mozilla InvestiGator Agent" \
|
|
-o ./mig-agent-$(BUILDREV)-$(FPMARCH).dmg tmpdmg
|
|
endif
|
|
|
|
agent-install-script-linux:
|
|
echo '#!/bin/sh' > tmp/agent_install.sh
|
|
echo 'chmod 500 /sbin/mig-agent-$(BUILDREV)' >> tmp/agent_install.sh
|
|
echo 'chown root:root /sbin/mig-agent-$(BUILDREV)' >> tmp/agent_install.sh
|
|
echo 'rm /sbin/mig-agent; ln -s /sbin/mig-agent-$(BUILDREV) /sbin/mig-agent' >> tmp/agent_install.sh
|
|
chmod 0755 tmp/agent_install.sh
|
|
|
|
agent-install-script-osx:
|
|
echo '#!/bin/sh' > tmp/agent_install.sh
|
|
echo 'chmod 500 /usr/local/bin/mig-agent-$(BUILDREV)' >> tmp/agent_install.sh
|
|
echo 'chown root:root /usr/local/bin/mig-agent-$(BUILDREV)' >> tmp/agent_install.sh
|
|
echo 'rm /usr/local/bin/mig-agent; ln -s /usr/local/bin/mig-agent-$(BUILDREV)' \
|
|
'/usr/local/bin/mig-agent' >> tmp/agent_install.sh
|
|
chmod 0755 tmp/agent_install.sh
|
|
|
|
agent-remove-script-linux:
|
|
echo '#!/bin/sh' > tmp/agent_remove.sh
|
|
echo 'for f in "/etc/cron.d/mig-agent" "/etc/init/mig-agent.conf"' \
|
|
'"/etc/init.d/mig-agent" "/etc/systemd/system/mig-agent.service"; do' >> tmp/agent_remove.sh
|
|
echo ' [ -e "$$f" ] && rm -f "$$f"' >> tmp/agent_remove.sh
|
|
echo 'done' >> tmp/agent_remove.sh
|
|
echo 'echo mig-agent removed but not killed if running' >> tmp/agent_remove.sh
|
|
chmod 0755 tmp/agent_remove.sh
|
|
|
|
msi-agent: mig-agent
|
|
ifneq ($(OS),windows)
|
|
echo 'Set OS=windows on the make command line to compile an MSI package'
|
|
else
|
|
rm -fr tmp
|
|
mkdir 'tmp'
|
|
$(INSTALL) -m 0755 $(BINDIR)/mig-agent-$(BUILDREV).exe tmp/mig-agent-$(BUILDREV).exe
|
|
cp conf/$(MSICONF) tmp/
|
|
sed -i "s/REPLACE_WITH_MIG_AGENT_VERSION/$(BUILDREV)/" tmp/$(MSICONF)
|
|
wixl tmp/$(MSICONF)
|
|
cp tmp/mig-agent-installer.msi mig-agent-$(BUILDREV).msi
|
|
endif
|
|
|
|
deb-server: mig-scheduler mig-api mig-runner
|
|
rm -rf tmp
|
|
$(INSTALL) -D -m 0755 $(BINDIR)/mig-scheduler tmp/opt/mig/bin/mig-scheduler
|
|
$(INSTALL) -D -m 0755 $(BINDIR)/mig-api tmp/opt/mig/bin/mig-api
|
|
$(INSTALL) -D -m 0755 $(BINDIR)/mig-runner tmp/opt/mig/bin/mig-runner
|
|
$(INSTALL) -D -m 0640 conf/scheduler.cfg.inc tmp/etc/mig/scheduler.cfg
|
|
$(INSTALL) -D -m 0640 conf/api.cfg.inc tmp/etc/mig/api.cfg
|
|
mkdir -p tmp/var/cache/mig
|
|
fpm -C tmp -n mig-server --license GPL --vendor mozilla --description "Mozilla InvestiGator Server" \
|
|
-m "Mozilla <noreply@mozilla.com>" --url http://mig.mozilla.org \
|
|
--architecture $(FPMARCH) -v $(BUILDREV) -s dir -t deb .
|
|
|
|
osx-loader-pkg: mig-loader
|
|
ifneq ($(OSXPACKSIGID),)
|
|
$(eval SIGNFLAGS:=--sign "$(OSXPACKSIGID)")
|
|
endif
|
|
tmpdir=$$(mktemp -d) && \
|
|
scriptstmp=$$(mktemp -d) && \
|
|
echo $$signflags && \
|
|
$(INSTALL) -m 0755 -d $${tmpdir}/usr/local/bin && \
|
|
$(INSTALL) -m 0750 -d $${tmpdir}/etc/mig && \
|
|
$(INSTALL) -m 0755 -d $${tmpdir}/Library/LaunchAgents && \
|
|
$(INSTALL) -m 0755 $(BINDIR)/mig-loader $${tmpdir}/usr/local/bin/mig-loader && \
|
|
$(INSTALL) -m 0755 tools/osx-loader-pkg-postinstall.sh $${scriptstmp}/postinstall && \
|
|
pkgbuild --root $${tmpdir} --identifier org.mozilla.mig-loader --version $(BUILDREV) \
|
|
--ownership recommended --scripts $${scriptstmp} \
|
|
$(SIGNFLAGS) \
|
|
./mig-loader-$(BUILDREV)-darwin-$(ARCH).pkg && \
|
|
rm -rf $${tmpdir} && \
|
|
rm -rf $${scriptstmp}
|
|
|
|
doc:
|
|
make -C doc doc
|
|
|
|
test: test-modules
|
|
$(GO) test mig.ninja/mig/mig-agent/...
|
|
$(GO) test mig.ninja/mig/mig-scheduler/...
|
|
$(GO) test mig.ninja/mig/mig-api/...
|
|
$(GO) test mig.ninja/mig/mig-runner/...
|
|
$(GO) test mig.ninja/mig/mig-loader/...
|
|
$(GO) test mig.ninja/mig/client/...
|
|
$(GO) test mig.ninja/mig/database/...
|
|
$(GO) test mig.ninja/mig
|
|
|
|
test-modules:
|
|
$(GO) test mig.ninja/mig/modules/
|
|
$(GO) test mig.ninja/mig/modules/agentdestroy
|
|
$(GO) test mig.ninja/mig/modules/example
|
|
$(GO) test mig.ninja/mig/modules/examplepersist
|
|
$(GO) test mig.ninja/mig/modules/file
|
|
$(GO) test mig.ninja/mig/modules/fswatch
|
|
$(GO) test mig.ninja/mig/modules/dispatch
|
|
$(GO) test mig.ninja/mig/modules/audit
|
|
$(GO) test mig.ninja/mig/modules/memory
|
|
$(GO) test mig.ninja/mig/modules/netstat
|
|
$(GO) test mig.ninja/mig/modules/ping
|
|
$(GO) test mig.ninja/mig/modules/pkg
|
|
$(GO) test mig.ninja/mig/modules/scribe
|
|
$(GO) test mig.ninja/mig/modules/timedrift
|
|
$(GO) test mig.ninja/mig/modules/sshkey
|
|
ifeq ($(WITHYARA),yes)
|
|
$(GO) test mig.ninja/mig/modules/yara
|
|
endif
|
|
|
|
vet:
|
|
$(GO) vet mig.ninja/mig/mig-agent/...
|
|
$(GO) vet mig.ninja/mig/mig-scheduler/...
|
|
$(GO) vet mig.ninja/mig/mig-api/...
|
|
$(GO) vet mig.ninja/mig/mig-runner/...
|
|
$(GO) vet mig.ninja/mig/client/...
|
|
$(GO) vet mig.ninja/mig/modules/...
|
|
$(GO) vet mig.ninja/mig/database/...
|
|
$(GO) vet mig.ninja/mig
|
|
|
|
clean: clean-agent
|
|
rm -rf bin
|
|
rm -rf tmp
|
|
|
|
.PHONY: doc
|