Codebase list sslscan / master Makefile
master

Tree @master (Download .tar.gz)

Makefile @masterraw · history · blame 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
# set gcc as default if CC is not set

GIT_VERSION = $(shell git describe --tags --always --dirty=-wip)

# Ugly hack to get version if git isn't installed
ifeq ($(GIT_VERSION),)
  GIT_VERSION = $(shell grep -E -o -m 1 "[0-9]+\.[0-9]+\.[0-9]+" Changelog)
endif

# Detect OS
OS := $(shell uname)
ARCH := $(shell uname -m)

# Handle different version of Make
ifeq ($(OS), SunOS)
	ifndef $(CC)
		CC=gcc
	endif
	ifndef $(PREFIX)
		PREFIX = /usr
	endif
else
	CC ?= gcc
	PREFIX ?= /usr
endif

SRCS      = sslscan.c
BINDIR    = $(PREFIX)/bin
MANDIR    = $(PREFIX)/share/man
MAN1DIR   = $(MANDIR)/man1

WARNINGS  = -Wall -Wformat=2 -Wformat-security -Wno-deprecated-declarations
DEFINES   = -DVERSION=\"$(GIT_VERSION)\"

# for dynamic linking
LIBS      = -lssl -lcrypto
ifneq ($(OS), FreeBSD)
	LIBS += -ldl
endif
ifeq ($(OS), SunOS)
	CFLAGS += -m64
	LIBS   += -lsocket -lnsl
endif

# Enable checks for buffer overflows, add stack protectors, generate position
# independent code, mark the relocation table read-only, and mark the global
# offset table read-only.
CFLAGS  += -D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIE

# Don't enable some hardening flags on OS X because it uses an old version of Clang
ifneq ($(OS), Darwin)
ifneq ($(OS), SunOS)
	LDFLAGS += -pie -z relro -z now
endif
endif

# Force C11 mode to fix the build on very old version of GCC
CFLAGS += -std=gnu11

# for static linking
ifeq ($(STATIC_BUILD), TRUE)
PWD          = $(shell pwd)/openssl
LDFLAGS      += -L${PWD}/
CFLAGS       += -I${PWD}/include/ -I${PWD}/
ifeq ($(OS), Darwin)
LIBS	     = ./openssl/libssl.a ./openssl/libcrypto.a -lz -lpthread
else
LIBS         = -lssl -lcrypto -lz -lpthread
endif
ifneq ($(OS), FreeBSD)
	LIBS += -ldl
endif
ifeq ($(OS), SunOS)
	LIBS += -lsocket -lnsl
endif
GIT_VERSION  := $(GIT_VERSION)-static
else
# for dynamic linking
LDFLAGS   += -L/usr/local/lib -L/usr/local/ssl/lib -L/usr/local/opt/openssl/lib -L/opt/local/lib
CFLAGS    += -I/usr/local/include -I/usr/local/ssl/include -I/usr/local/ssl/include/openssl -I/usr/local/opt/openssl/include -I/opt/local/include -I/opt/local/include/openssl
endif

# Find the number of processors on the system (used in -j option in building OpenSSL).
# Uses /usr/bin/nproc if available, otherwise defaults to 1.
NUM_PROCS = 1
ifneq (,$(wildcard /usr/bin/nproc))
	NUM_PROCS = `/usr/bin/nproc --all`
endif


.PHONY: all sslscan clean install uninstall static opensslpull

all: sslscan
	@echo
	@echo "==========="
	@echo "| WARNING |"
	@echo "==========="
	@echo
	@echo "Building against system OpenSSL. Compression and other checks may not be possible."
	@echo "It is recommended that you statically build sslscan with  \`make static\`."
	@echo

sslscan: $(SRCS)
	$(CC) -o $@ ${WARNINGS} ${LDFLAGS} ${CFLAGS} ${CPPFLAGS} ${DEFINES} ${SRCS} ${LIBS}

install:
	@if [ ! -f sslscan ] ; then \
		echo "\n=========\n| ERROR |\n========="; \
		echo "Before installing you need to build sslscan with either \`make\` or \`make static\`\n"; \
		exit 1; \
	fi
ifeq ($(OS), Darwin)
	install -d $(DESTDIR)$(BINDIR)/;
	install sslscan $(DESTDIR)$(BINDIR)/sslscan;
	install -d $(DESTDIR)$(MAN1DIR)/;
	install sslscan.1 $(DESTDIR)$(MAN1DIR)/sslscan.1;
else
	install -D sslscan $(DESTDIR)$(BINDIR)/sslscan;
	install -D sslscan.1 $(DESTDIR)$(MAN1DIR)/sslscan.1;
endif

uninstall:
	rm -f $(DESTDIR)$(BINDIR)/sslscan
	rm -f $(DESTDIR)$(MAN1DIR)/sslscan.1

.openssl.is.fresh: opensslpull
	true
opensslpull:
	if [ -d openssl -a -d openssl/.git ]; then \
		cd ./openssl && git checkout OpenSSL_1_1_1-stable && git pull | grep -q "Already up-to-date." && [ -e ../.openssl.is.fresh ] || touch ../.openssl.is.fresh ; \
	else \
		git clone --depth 1 -b OpenSSL_1_1_1-stable https://github.com/openssl/openssl ./openssl && cd ./openssl && touch ../.openssl.is.fresh ; \
	fi

# Need to build OpenSSL differently on OSX
ifeq ($(OS), Darwin)
ifeq ($(ARCH), arm64)
OSSL_TARGET=darwin64-arm64-cc
else
OSSL_TARGET=darwin64-x86_64-cc
endif
openssl/Makefile: .openssl.is.fresh
	cd ./openssl; ./Configure -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC enable-weak-ssl-ciphers zlib $(OSSL_TARGET)
# Any other *NIX platform
else
openssl/Makefile: .openssl.is.fresh
	cd ./openssl; ./config -v -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIC no-shared enable-weak-ssl-ciphers zlib
endif

openssl/libcrypto.a: openssl/Makefile
	$(MAKE) -j $(NUM_PROCS) -C openssl depend
	$(MAKE) -j $(NUM_PROCS) -C openssl all
#	$(MAKE) -j $(NUM_PROCS) -C openssl test # Disabled because this takes 45+ minutes for OpenSSL v1.1.1.

static: openssl/libcrypto.a
	$(MAKE) -j $(NUM_PROCS) sslscan STATIC_BUILD=TRUE

test:	static
	./docker_test.sh

clean:
	if [ -d openssl ]; then ( rm -rf openssl ); fi;
	rm -f sslscan
	rm -f .openssl.is.fresh