1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
|
# Makefile for fscrypt
#
# Copyright 2017 Google Inc.
# Author: Joe Richey (joerichey@google.com)
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may not
# use this file except in compliance with the License. You may obtain a copy of
# the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
# Update this on each new release, along with the NEWS.md file.
VERSION := v0.3.5
NAME := fscrypt
PAM_NAME := pam_$(NAME)
###### Makefile Command Line Flags ######
#
# BIN: The location where binaries will be built. Default: bin
# DESTDIR: Installation destination directory. Default: ""
# PREFIX: Installation path prefix. Default: /usr/local
# BINDIR: Where to install the fscrypt binary. Default: $(PREFIX)/bin
# PAM_MODULE_DIR: Where to install pam_fscrypt.so. Default: $(PREFIX)/lib/security
# PAM_CONFIG_DIR: Where to install Ubuntu PAM config. Default: $(PREFIX)/share/pam-configs
# If the empty string, then the Ubuntu PAM config will not be installed.
#
# MOUNT: The filesystem where our tests are run. Default: /mnt/fscrypt_mount
# Ex: make test-setup MOUNT=/foo/bar
# Creates a test filesystem at that location.
# Ex: make test-teardown MOUNT=/foo/bar
# Cleans up a test filesystem created with "make test-setup".
# Ex: make test MOUNT=/foo/bar
# Run all integration tests on that filesystem. This can be an existing
# filesystem, or one created with "make test-setup" (this is the default).
#
# CFLAGS: The flags passed to the C compiler. Default: -O2 -Wall
# Ex: make fscrypt "CFLAGS = -O3 -Werror"
# Builds fscrypt with the C code failing on warnings and highly optimized.
#
# LDFLAGS: The flags passed to the C linker. Default empty
# Ex: make fscrypt "LDFLAGS = -static -ldl -laudit -lcap-ng"
# Builds fscrypt as a static binary.
#
# GO_FLAGS: The flags passed to "go build". Default empty
# Ex: make fscrypt "GO_FLAGS = -race"
# Builds fscrypt with race detection for the go code.
#
# GO_LINK_FLAGS: The flags passed to the go linker. Default: -s -w
# Ex: make fscrypt GO_LINK_FLAGS=""
# Builds fscrypt without stripping the binary.
BIN := bin
export PATH := $(BIN):$(PATH)
PAM_MODULE := $(BIN)/$(PAM_NAME).so
###### Setup Build Flags #####
CFLAGS := -O2 -Wall
# Pass CFLAGS to each cgo invocation.
export CGO_CFLAGS = $(CFLAGS)
# By default, we strip the binary to reduce size.
GO_LINK_FLAGS := -s -w
# Flag to embed the version (pulled from tags) into the binary.
TAG_VERSION := $(shell git describe --tags)
VERSION_FLAG := -X "main.version=$(if $(TAG_VERSION),$(TAG_VERSION),$(VERSION))"
override GO_LINK_FLAGS += $(VERSION_FLAG) -extldflags "$(LDFLAGS)"
override GO_FLAGS += --ldflags '$(GO_LINK_FLAGS)'
# Use -trimpath if available
ifneq "" "$(shell go help build | grep trimpath)"
override GO_FLAGS += -trimpath
endif
###### Find All Files and Directories ######
FILES := $(shell find . -path '*/.git*' -prune -o -type f -printf "%P\n")
GO_FILES := $(filter %.go,$(FILES))
GO_NONGEN_FILES := $(filter-out %.pb.go,$(GO_FILES))
GO_DIRS := $(sort $(dir $(GO_FILES)))
C_FILES := $(filter %.c %.h,$(FILES))
PROTO_FILES := $(filter %.proto,$(FILES))
###### Build, Formatting, and Linting Commands ######
.PHONY: default all gen format lint clean
default: $(BIN)/$(NAME) $(PAM_MODULE)
all: tools gen default format lint test
$(BIN)/$(NAME): $(GO_FILES) $(C_FILES)
go build $(GO_FLAGS) -o $@ ./cmd/$(NAME)
$(PAM_MODULE): $(GO_FILES) $(C_FILES)
go build $(GO_FLAGS) -buildmode=c-shared -o $@ ./$(PAM_NAME)
rm -f $(BIN)/$(PAM_NAME).h
gen: $(BIN)/protoc $(BIN)/protoc-gen-go $(PROTO_FILES)
protoc --go_out=. --go_opt=paths=source_relative $(PROTO_FILES)
format: $(BIN)/goimports
goimports -w $(GO_NONGEN_FILES)
clang-format -i -style=Google $(C_FILES)
lint: $(BIN)/staticcheck $(BIN)/misspell
go vet ./...
staticcheck ./...
misspell -source=text $(FILES)
shellcheck -s bash cmd/fscrypt/fscrypt_bash_completion
( cd cli-tests && shellcheck -x *.sh)
clean:
rm -f $(BIN)/$(NAME) $(PAM_MODULE) $(TOOLS) coverage.out $(COVERAGE_FILES) $(PAM_CONFIG)
###### Go tests ######
.PHONY: test test-setup test-teardown
# If MOUNT exists signal that we should run integration tests.
MOUNT := /tmp/$(NAME)-mount
IMAGE := /tmp/$(NAME)-image
ifneq ("$(wildcard $(MOUNT))","")
export TEST_FILESYSTEM_ROOT = $(MOUNT)
endif
test:
go test -p 1 ./...
test-setup:
dd if=/dev/zero of=$(IMAGE) bs=1M count=20
mkfs.ext4 -b 4096 -O encrypt $(IMAGE) -F
mkdir -p $(MOUNT)
sudo mount -o rw,loop,user $(IMAGE) $(MOUNT)
sudo chmod +777 $(MOUNT)
test-teardown:
sudo umount $(MOUNT)
rmdir $(MOUNT)
rm -f $(IMAGE)
###### Command-line interface tests ######
.PHONY: cli-test cli-test-update
cli-test: $(BIN)/$(NAME)
sudo cli-tests/run.sh
cli-test-update: $(BIN)/$(NAME)
sudo cli-tests/run.sh --update-output
# Runs tests and generates coverage
COVERAGE_FILES := $(addsuffix coverage.out,$(GO_DIRS))
coverage.out: $(BIN)/gocovmerge $(COVERAGE_FILES)
@gocovmerge $(COVERAGE_FILES) > $@
%/coverage.out: $(GO_FILES) $(C_FILES)
@go test -coverpkg=./... -covermode=count -coverprofile=$@ -p 1 ./$* 2> /dev/null
###### Installation Commands (require sudo) #####
.PHONY: install install-bin install-pam uninstall install-completion
install: install-bin install-pam install-completion
PREFIX := /usr/local
BINDIR := $(PREFIX)/bin
install-bin: $(BIN)/$(NAME)
install -d $(DESTDIR)$(BINDIR)
install $< $(DESTDIR)$(BINDIR)
PAM_MODULE_DIR := $(PREFIX)/lib/security
PAM_INSTALL_PATH := $(PAM_MODULE_DIR)/$(PAM_NAME).so
PAM_CONFIG := $(BIN)/config
PAM_CONFIG_DIR := $(PREFIX)/share/pam-configs
install-pam: $(PAM_MODULE)
install -d $(DESTDIR)$(PAM_MODULE_DIR)
install $(PAM_MODULE) $(DESTDIR)$(PAM_MODULE_DIR)
ifdef PAM_CONFIG_DIR
m4 --define=PAM_INSTALL_PATH=$(PAM_INSTALL_PATH) < $(PAM_NAME)/config > $(PAM_CONFIG)
install -d $(DESTDIR)$(PAM_CONFIG_DIR)
install $(PAM_CONFIG) $(DESTDIR)$(PAM_CONFIG_DIR)/$(NAME)
endif
COMPLETION_INSTALL_DIR := $(PREFIX)/share/bash-completion/completions
install-completion: cmd/fscrypt/fscrypt_bash_completion
install -Dm644 $< $(DESTDIR)$(COMPLETION_INSTALL_DIR)/fscrypt
uninstall:
rm -f $(DESTDIR)$(BINDIR)/$(NAME) \
$(DESTDIR)$(PAM_INSTALL_PATH) \
$(DESTDIR)$(COMPLETION_INSTALL_DIR)/fscrypt
ifdef PAM_CONFIG_DIR
rm -f $(DESTDIR)$(PAM_CONFIG_DIR)/$(NAME)
endif
#### Tool Building Commands ####
TOOLS := $(addprefix $(BIN)/,protoc protoc-gen-go goimports staticcheck gocovmerge misspell)
.PHONY: tools
tools: $(TOOLS)
$(BIN)/protoc-gen-go:
go build -o $@ google.golang.org/protobuf/cmd/protoc-gen-go
$(BIN)/goimports:
go build -o $@ golang.org/x/tools/cmd/goimports
$(BIN)/staticcheck:
go build -o $@ honnef.co/go/tools/cmd/staticcheck
$(BIN)/gocovmerge:
go build -o $@ github.com/wadey/gocovmerge
$(BIN)/misspell:
go build -o $@ github.com/client9/misspell/cmd/misspell
# Non-go tools downloaded from appropriate repository
PROTOC_VERSION := 3.6.1
ARCH := $(shell uname -m)
ifeq (x86_64,$(ARCH))
PROTOC_ARCH := x86_64
else ifneq ($(filter i386 i686,$(ARCH)),)
PROTOC_ARCH := x86_32
else ifneq ($(filter aarch64 armv8l,$(ARCH)),)
PROTOC_ARCH := aarch_64
endif
ifdef PROTOC_ARCH
PROTOC_URL := https://github.com/google/protobuf/releases/download/v$(PROTOC_VERSION)/protoc-$(PROTOC_VERSION)-linux-$(PROTOC_ARCH).zip
$(BIN)/protoc:
wget -q $(PROTOC_URL) -O /tmp/protoc.zip
unzip -q -j /tmp/protoc.zip bin/protoc -d $(BIN)
else
PROTOC_PATH := $(shell which protoc)
$(BIN)/protoc: $(PROTOC_PATH)
ifneq ($(wildcard $(PROTOC_PATH)),)
cp $< $@
else
$(error Could not download protoc binary or locate it on the system. Please install it)
endif
endif
|
