# Makefile for secnet
-# Copyright (C) 1995-2001 Stephen Early <steve@greenend.org.uk>
-
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-
+#
+# This file is part of secnet.
+# See README for full list of copyright holders.
+#
+# secnet is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# secnet is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+# version 3 along with secnet; if not, see
+# https://www.gnu.org/licenses/gpl.html.
.PHONY: all clean realclean distclean dist install
PACKAGE:=secnet
-VERSION:=0.1.12
+VERSION:=0.4.4
@SET_MAKE@
CC:=@CC@
INSTALL:=@INSTALL@
INSTALL_PROGRAM:=@INSTALL_PROGRAM@
+INSTALL_SCRIPT:=@INSTALL_SCRIPT@
+INSTALL_DATA:=@INSTALL_DATA@
-CFLAGS:=@CFLAGS@ @DEFS@ -Wall -I$(srcdir) -I.
-LDFLAGS:=@LDFLAGS@
-LDLIBS:=@LIBS@
-
-prefix:=@prefix@
+prefix:=$(DESTDIR)@prefix@
exec_prefix:=@exec_prefix@
sbindir:=@sbindir@
-sysconfdir:=@sysconfdir@
+sysconfdir:=$(DESTDIR)@sysconfdir@
+datarootdir:=@datarootdir@
transform:=@program_transform_name@
+mandir:=@mandir@
+
+CFLAGS:=-Wall @WRITESTRINGS@ @CFLAGS@ -Werror \
+ -W -Wno-unused -Wno-unused-parameter \
+ -Wno-pointer-sign -Wstrict-prototypes -Wmissing-prototypes \
+ -Wmissing-declarations -Wnested-externs -Wredundant-decls \
+ -Wpointer-arith -Wformat=2 -Winit-self \
+ -Wswitch-enum -Wunused-variable -Wunused-function -Wbad-function-cast \
+ -Wno-strict-aliasing -fno-strict-aliasing \
+ -MMD
+ALL_CFLAGS:=@DEFS@ -I$(srcdir) -I. $(CFLAGS) $(EXTRA_CFLAGS)
+CPPFLAGS:=@CPPFLAGS@ -DDATAROOTDIR='"$(datarootdir)"' $(EXTRA_CPPFLAGS)
+LDFLAGS:=@LDFLAGS@ $(EXTRA_LDFLAGS)
+LDLIBS:=@LIBS@ $(EXTRA_LDLIBS)
TARGETS:=secnet
OBJECTS:=secnet.o util.o conffile.yy.o conffile.tab.o conffile.o modules.o \
- resolver.o random.o udp.o site.o transform.o netlink.o rsa.o dh.o \
- serpent.o md5.o version.o tun.o slip.o sha1.o ipaddr.o log.o \
- process.o @LIBOBJS@
-
-DISTFILES:=BUGS COPYING CREDITS INSTALL LICENSE.txt Makefile.in \
- NEWS NOTES README TODO \
- alloca.c \
- conffile.c conffile.fl conffile.h conffile.y \
- conffile_internal.h config.h.bot \
- config.h.in config.h.top configure \
- configure.in debian depend.sh dh.c \
- example.conf \
- getopt.c getopt1.c getopt.h \
- install-sh ipaddr.c ipaddr.h ipaddr.py linux log.c md5.c md5.h \
- make-secnet-sites \
- modules.c netlink.c netlink.h process.c process.h \
- random.c resolver.c rsa.c \
- secnet.c secnet.h serpent.c serpent.h serpentsboxes.h \
- snprintf.c snprintf.h \
- sha1.c site.c slip.c stamp-h.in transform.c tun.c udp.c \
- unaligned.h util.c util.h
+ resolver.o random.o udp.o site.o transform-cbcmac.o transform-eax.o \
+ comm-common.o polypath.o \
+ netlink.o rsa.o dh.o serpent.o serpentbe.o \
+ md5.o sha512.o tun.o slip.o sha1.o ipaddr.o log.o \
+ process.o @LIBOBJS@ \
+ hackypar.o
+# version.o is handled specially below and in the link rule for secnet.
+
+TEST_OBJECTS:=eax-aes-test.o eax-serpent-test.o eax-serpentbe-test.o \
+ eax-test.o aes.o
+
+ifeq (version.o,$(MAKECMDGOALS))
+OBJECTS:=version.o
+TEST_OBJECTS:=
+endif
+
+STALE_PYTHON_FILES= $(foreach e, py pyc, \
+ $(foreach p, /usr /usr/local, \
+ $(foreach l, ipaddr, \
+ $(DESTDIR)$p/share/secnet/$l.$e \
+ )))
%.c: %.y
%.yy.c: %.fl
- flex -o$@ $<
+ flex --header=$*.yy.h -o$@ $<
-%.tab.c: %.y
+%.tab.c %.tab.h: %.y
bison -d -o $@ $<
+%.o: %.c conffile.yy.h
+ $(CC) $(CPPFLAGS) $(ALL_CFLAGS) -c $< -o $@
-all: $(TARGETS)
+all: $(TARGETS) check
# Automatic remaking of configuration files, from autoconf documentation
${srcdir}/configure: configure.in
# autoheader might not change config.h.in, so touch a stamp file.
${srcdir}/config.h.in: stamp-h.in
-${srcdir}/stamp-h.in: configure.in config.h.top config.h.bot
+${srcdir}/stamp-h.in: configure.in
cd ${srcdir} && autoheader
echo timestamp > ${srcdir}/stamp-h.in
# End of config file remaking rules
# C and header file dependency rules
-SOURCES:=$(OBJECTS:.o=.c)
-DEPENDS:=$(OBJECTS:.o=.d)
-
-$(DEPENDS): ${srcdir}/depend.sh
+SOURCES:=$(OBJECTS:.o=.c) $(TEST_OBJECTS:.o=.c)
+DEPENDS:=$(OBJECTS:.o=.d) $(TEST_OBJECTS:.o=.d)
-%.d: %.c
- ${srcdir}/depend.sh $(srcdir) $(CFLAGS) $< > $@
-
--include $(DEPENDS)
+-include *.d
# Manual dependencies section
conffile.yy.c: conffile.fl conffile.tab.c
+conffile.yy.h: conffile.yy.c
conffile.tab.c: conffile.y
# End of manual dependencies section
+conffile.yy.o: ALL_CFLAGS += -Wno-sign-compare
+
secnet: $(OBJECTS)
+ $(MAKE) version.o # *.o $(filter-out %.o, $^)
+ $(CC) $(LDFLAGS) $(ALL_CFLAGS) -o $@ $(OBJECTS) version.o $(LDLIBS)
+# We (always) regenerate the version, but only if we regenerate the
+# binary. (This is necessary as the version string is can depend on
+# any of the source files, eg to see whether "+" is needed.)
+
+ifneq (,$(wildcard .git/HEAD))
+# If we have (eg) committed, relink and thus regenerate the version
+# with the new info from git describe.
+secnet: Makefile .git/HEAD $(shell sed -n 's#^ref: #.git/#p' .git/HEAD)
+secnet: $(wildcard .git/packed-refs)
+endif
+
+check: eax-aes-test.confirm eax-serpent-test.confirm \
+ eax-serpentbe-test.confirm check-ipaddrset
version.c: Makefile
- echo "char version[]=\"secnet-$(VERSION)\";" >version.c
-
-install: all
+ echo "#include \"secnet.h\"" >$@.new
+ @set -ex; if test -e .git && type -p git >/dev/null; then \
+ v=$$(git describe --match 'v*'); v=$${v#v}; \
+ if ! git diff --quiet HEAD; then v="$$v+"; fi; \
+ else \
+ v="$(VERSION)"; \
+ fi; \
+ echo "char version[]=\"secnet $$v\";" >>$@.new
+ mv -f $@.new $@
+
+eax-%-test: eax-%-test.o eax-test.o %.o
+ $(CC) $(LDFLAGS) $(ALL_CFLAGS) -o $@ $^
+
+eax-%-test.confirm: eax-%-test eax-%-test.vectors
+ ./$< <$(srcdir)/eax-$*-test.vectors >$@.new
+ mv -f $@.new $@
+
+check-ipaddrset: ipaddrset-test.py ipaddrset.py ipaddrset-test.expected
+ $(srcdir)/ipaddrset-test.py >ipaddrset-test.new
+ diff -u $(srcdir)/ipaddrset-test.expected ipaddrset-test.new
+
+.PRECIOUS: eax-%-test
+
+installdirs:
$(INSTALL) -d $(prefix)/share/secnet $(sbindir)
+ $(INSTALL) -d $(mandir)/man8
+ $(INSTALL) -d $(datarootdir)/secnet
+
+install: installdirs
+ set -e; ok=true; for f in $(STALE_PYTHON_FILES); do \
+ if test -e $$f; then \
+ echo >&2 "ERROR: $$f still exists "\
+ "- try \`make install-force'"; \
+ ok=false; \
+ fi; \
+ done; \
+ $$ok
$(INSTALL_PROGRAM) secnet $(sbindir)/`echo secnet|sed '$(transform)'`
$(INSTALL_PROGRAM) ${srcdir}/make-secnet-sites $(sbindir)/`echo make-secnet-sites|sed '$(transform)'`
- $(INSTALL) ${srcdir}/ipaddr.py $(prefix)/share/secnet/ipaddr.py
+ $(INSTALL_DATA) ${srcdir}/ipaddrset.py $(prefix)/share/secnet/ipaddrset.py
+ $(INSTALL_SCRIPT) ${srcdir}/polypath-interface-monitor-linux \
+ $(datarootdir)/secnet/.
+ $(INSTALL_DATA) ${srcdir}/secnet.8 $(mandir)/man8/secnet.8
+
+install-force:
+ rm -f $(STALE_PYTHON_FILES)
+ $(MAKE) install
clean:
- $(RM) -f *.o *.yy.c *.tab.[ch] $(TARGETS) core version.c
+ $(RM) -f *.o *.yy.[ch] *.tab.[ch] $(TARGETS) core version.c
+ $(RM) -f *.d *.pyc *~ eax-*-test.confirm eax-*-test
realclean: clean
$(RM) -f *~ Makefile config.h *.d \
distclean: realclean
pfname:=$(PACKAGE)-$(VERSION)
+tarfname:=../$(pfname).tar
dist:
- $(RM) -rf $(pfname)
- mkdir $(pfname)
- for i in $(DISTFILES) ; do ln -s ../$(srcdir)/$$i $(pfname)/ ; done
- tar hcf ../$(pfname).tar $(pfname)
- gzip -9f ../$(pfname).tar
- $(RM) -rf $(pfname)
+ $(RM) -rf $(tarfname) $(tarfname).gz
+ git archive --format=tar --prefix=$(pfname)/ HEAD -o $(tarfname)
+ gzip -9f $(tarfname)
+
+# Release checklist:
+#
+# 0. Use this checklist from Makefile.in
+#
+# 1. Check that the tree has what you want
+#
+# 2. Update VERSION (above) and debian/changelog
+# but DO NOT COMMIT
+#
+# 3. Run
+# ./configure
+# make dist
+# and check that the resulting tarball looks OK.
+# Eg, untar it and build it, or have it reviewed.
+#
+# 3. Commit the updates to VERSION (above) and debian/changelog
+#
+# 4. git-tag -m "secnet $VERSION" -s v${VERSION//\~/_}
+#
+# 5. git-push origin v${VERSION//\~/_} v${VERSION//\~/_}~0:master
+#
+# 6. Run, again,
+# make dist
+#
+# 7. gpg --detach-sign ../secnet-$VERSION.tar.gz
+#
+# 8. rsync -v ../secnet-$VERSION.tar.gz* \
+# chiark:/home/ianmdlvl/public-html/secnet/download/
+#
+# 9. In zealot's squeeze chroot:
+# rm -rf ../d; mkdir ../d; cd ../d
+# tar zxf ../secnet-$VERSION.tar.gz
+# cd secnet-$VERSION
+# dpkg-buildpackage -F -uc -us -rfakeroot
+# rsync -vP ../secnet_${VERSION}_i386.deb ianmdlvl@chiark:public-html/secnet/download/
+#
+# 9a. On chiark as ianmdlvl:
+# cd ~ianmdlvl/secnet-build/
+# tar zxf ~ianmdlvl/public-html/secnet/download/secnet-$VERSION.tar.gz
+# cd secnet-$VERSION
+# dpkg-buildpackage -a -uc -us -rfakeroot
+# mv ../secnet_${VERSION}_i386.deb ~ianmdlvl/public-html/secnet/download/backport/
+#
+# 10. On chiark as user secnet:
+# cd ~secnet/public-html/release/
+# mkdir $VERSION
+# cd $VERSION
+# ln -s /home/ianmdlvl/public-html/secnet/download/secnet?$VERSION* .
+# mkdir polypath-backport
+# ln -s /home/ianmdlvl/public-html/secnet/download/backport/secnet?$VERSION* polypath-backport/.
+# ln -s /home/ianmdlvl/public-html/secnet/download/backport/*adns* polypath-backport/.
+#
+# 11. write and post a release announcement
+# find -type l | sort | xargs sha256sum