.PHONY: all clean realclean distclean dist install
PACKAGE:=secnet
-VERSION:=0.1.18
+VERSION:=0.3.4
@SET_MAKE@
INSTALL:=@INSTALL@
INSTALL_PROGRAM:=@INSTALL_PROGRAM@
-# Use -DHACKY_PARALLEL if you are compiling secnet for an extremely
-# slow machine
-#CFLAGS:=-Wall @WRITESTRINGS@ @CFLAGS@ -DHACKY_PARALLEL
-CFLAGS:=-Wall @WRITESTRINGS@ @CFLAGS@ \
- -W -Wno-unused \
+CFLAGS:=-Wall @WRITESTRINGS@ @CFLAGS@ -Werror \
+ -W -Wno-unused -Wno-unused-parameter \
-Wno-pointer-sign -Wstrict-prototypes -Wmissing-prototypes \
-Wmissing-declarations -Wnested-externs -Wredundant-decls \
-Wpointer-arith -Wformat=2 -Winit-self \
- -Wswitch-enum -Wunused-variable -Wbad-function-cast
-ALL_CFLAGS:=@DEFS@ -I$(srcdir) -I. $(CFLAGS)
-CPPFLAGS:=@CPPFLAGS@
-LDFLAGS:=@LDFLAGS@
-LDLIBS:=@LIBS@
+ -Wswitch-enum -Wunused-variable -Wunused-function -Wbad-function-cast \
+ -Wno-strict-aliasing -fno-strict-aliasing
+ALL_CFLAGS:=@DEFS@ -I$(srcdir) -I. $(CFLAGS) $(EXTRA_CFLAGS)
+CPPFLAGS:=@CPPFLAGS@ $(EXTRA_CPPFLAGS)
+LDFLAGS:=@LDFLAGS@ $(EXTRA_LDFLAGS)
+LDLIBS:=@LIBS@ $(EXTRA_LDLIBS)
prefix:=@prefix@
exec_prefix:=@exec_prefix@
sbindir:=@sbindir@
sysconfdir:=@sysconfdir@
transform:=@program_transform_name@
+mandir:=@mandir@
TARGETS:=secnet
OBJECTS:=secnet.o util.o conffile.yy.o conffile.tab.o conffile.o modules.o \
- resolver.o random.o udp.o site.o transform.o netlink.o rsa.o dh.o \
- serpent.o md5.o version.o tun.o slip.o sha1.o ipaddr.o log.o \
+ resolver.o random.o udp.o site.o transform-cbcmac.o transform-eax.o \
+ netlink.o rsa.o dh.o serpent.o serpentbe.o \
+ md5.o sha512.o tun.o slip.o sha1.o ipaddr.o log.o \
process.o @LIBOBJS@ \
hackypar.o
+# version.o is handled specially below and in the link rule for secnet.
-DISTDIRS:=debian
-DISTFILES:=BUGS COPYING CREDITS INSTALL LICENSE.txt Makefile.in \
- NEWS NOTES README TODO \
- ac_prog_cc_no_writeable_strings.m4 \
- conffile.c conffile.fl conffile.h conffile.y \
- conffile_internal.h \
- config.h.in configure \
- configure.in depend.sh dh.c \
- example.conf \
- getopt.c getopt1.c getopt.h \
- install-sh ipaddr.c ipaddr.h ipaddr.py linux log.c \
- magic.h md5.c md5.h \
- make-secnet-sites \
- modules.c netlink.c netlink.h process.c process.h \
- random.c resolver.c rsa.c \
- secnet.c secnet.h serpent.c serpent.h serpentsboxes.h \
- snprintf.c snprintf.h \
- sha1.c site.c slip.c stamp-h.in transform.c tun.c udp.c \
- unaligned.h util.c util.h \
- hackypar.c hackypar.h
-DISTSUBDIRS:=debian/copyright debian/changelog debian/control \
- debian/init debian/rules debian/compat debian/default
+TEST_OBJECTS:=eax-aes-test.o eax-serpent-test.o eax-serpentbe-test.o \
+ eax-test.o aes.o
+
+ifeq (version.o,$(MAKECMDGOALS))
+OBJECTS:=version.o
+TEST_OBJECTS:=
+endif
%.c: %.y
%.yy.c: %.fl
- flex -o$@ $<
+ flex --header=$*.yy.h -o$@ $<
%.tab.c %.tab.h: %.y
bison -d -o $@ $<
%.o: %.c
$(CC) $(CPPFLAGS) $(ALL_CFLAGS) -c $< -o $@
-all: $(TARGETS)
+all: $(TARGETS) check
# Automatic remaking of configuration files, from autoconf documentation
${srcdir}/configure: configure.in
# End of config file remaking rules
# C and header file dependency rules
-SOURCES:=$(OBJECTS:.o=.c)
-DEPENDS:=$(OBJECTS:.o=.d)
+SOURCES:=$(OBJECTS:.o=.c) $(TEST_OBJECTS:.o=.c)
+DEPENDS:=$(OBJECTS:.o=.d) $(TEST_OBJECTS:.o=.d)
$(DEPENDS): ${srcdir}/depend.sh
# Manual dependencies section
conffile.yy.c: conffile.fl conffile.tab.c
+conffile.yy.h: conffile.yy.c
conffile.tab.c: conffile.y
# End of manual dependencies section
secnet: $(OBJECTS)
- $(CC) $(LDFLAGS) $(ALL_CFLAGS) -o $@ $(OBJECTS) $(LDLIBS)
+ $(MAKE) version.o # *.o $(filter-out %.o, $^)
+ $(CC) $(LDFLAGS) $(ALL_CFLAGS) -o $@ $(OBJECTS) version.o $(LDLIBS)
+# We (always) regenerate the version, but only if we regenerate the
+# binary. (This is necessary as the version string is can depend on
+# any of the source files, eg to see whether "+" is needed.)
+
+ifneq (,$(wildcard .git/HEAD))
+# If we have (eg) committed, relink and thus regenerate the version
+# with the new info from git describe.
+secnet: Makefile .git/HEAD $(shell sed -n 's#^ref: #.git/#p' .git/HEAD)
+secnet: $(wildcard .git/packed-refs)
+endif
+
+check: eax-aes-test.confirm eax-serpent-test.confirm \
+ eax-serpentbe-test.confirm
version.c: Makefile
echo "#include \"secnet.h\"" >$@.new
- echo "char version[]=\"secnet $(VERSION)\";" >>$@.new
+ @set -ex; if test -e .git; then \
+ v=$$(git describe --match 'v*'); v=$${v#v}; \
+ if ! git diff --quiet HEAD; then v="$$v+"; fi; \
+ else \
+ v="$(VERSION)"; \
+ fi; \
+ echo "char version[]=\"secnet $$v\";" >>$@.new
+ mv -f $@.new $@
+
+eax-%-test: eax-%-test.o eax-test.o %.o
+ $(CC) $(LDFLAGS) $(ALL_CFLAGS) -o $@ $^
+
+eax-%-test.confirm: eax-%-test eax-%-test.vectors
+ ./$< <$(srcdir)/eax-$*-test.vectors >$@.new
mv -f $@.new $@
-install: all
+.PRECIOUS: eax-%-test
+
+installdirs:
$(INSTALL) -d $(prefix)/share/secnet $(sbindir)
+ $(INSTALL) -d $(mandir)/man8
+
+install: installdirs
$(INSTALL_PROGRAM) secnet $(sbindir)/`echo secnet|sed '$(transform)'`
$(INSTALL_PROGRAM) ${srcdir}/make-secnet-sites $(sbindir)/`echo make-secnet-sites|sed '$(transform)'`
$(INSTALL) ${srcdir}/ipaddr.py $(prefix)/share/secnet/ipaddr.py
+ $(INSTALL) secnet.8 $(mandir)/man8/secnet.8
clean:
$(RM) -f *.o *.yy.c *.tab.[ch] $(TARGETS) core version.c
- $(RM) -f *.d *~
+ $(RM) -f *.d *~ eax-*-test.confirm eax-*-test
realclean: clean
$(RM) -f *~ Makefile config.h *.d \
distclean: realclean
pfname:=$(PACKAGE)-$(VERSION)
+tarfname:=../$(pfname).tar
dist:
- $(RM) -rf $(pfname)
- mkdir $(pfname)
- for i in $(DISTDIRS) ; do mkdir $(pfname)/$$i ; done
- for i in $(DISTFILES) ; do ln -s ../$(srcdir)/$$i $(pfname)/ ; done
- for i in $(DISTSUBDIRS) ; do ln -s ../../$(srcdir)/$$i $(pfname)/$$i ; done
- tar hcf ../$(pfname).tar --exclude=CVS --exclude=.cvsignore $(pfname)
- gzip -9f ../$(pfname).tar
- $(RM) -rf $(pfname)
+ $(RM) -rf $(tarfname) $(tarfname).gz
+ git archive --format=tar --prefix=$(pfname)/ HEAD -o $(tarfname)
+ gzip -9f $(tarfname)
+
+# Release checklist:
+# 1. Check that the tree has what you want
+#
+# 2. Update VERSION (above) and debian/changelog
+# but DO NOT COMMIT
+#
+# 3. Run
+# ./configure
+# make dist
+# and check that the resulting tarball looks OK.
+# Eg, untar it and build it, or have it reviewed.
+#
+# 3. Commit the updates to VERSION (above) and debian/changelog
+#
+# 4. git-tag -m "secnet $VERSION" -s v$VERSION
+#
+# 5. git-push origin v$VERSION v${VERSION}~0:master
+#
+# 6. Run, again,
+# make dist
+#
+# 7. gpg --detach-sign ../secnet-$VERSION.tar.gz
+#
+# 8. rsync -v ../secnet-$VERSION.tar.gz* \
+# chiark:/home/ianmdlvl/public-html/secnet/download/
+#
+# 9. On chiark:
+# tar zxf ~ianmdlvl/public-html/secnet/download/secnet-$VERSION.tar.gz
+# cd secnet-$VERSION
+# debian/rules build
+# fakeroot debian/rules binary
+# mv ../secnet_${VERSION}_i386.deb ~ianmdlvl/public-html/secnet/download/
+#
+# 10. On chiark as user secnet:
+# cd ~secnet/public-html/release/
+# mkdir $VERSION
+# cd $VERSION
+# ln -s /home/ianmdlvl/public-html/secnet/download/secnet?$VERSION* .
+#
+# 11. write and post a release announcement