### Variable overrides # You can change many aspects of the build behaviour without modifying this # make file simply by setting environment variables. # # Dependencies and features are auto-detected, but can be overridden: # # OPENSSL_BASE Prefix of OpenSSL library and headers to build against # LIBEVENT_BASE Prefix of libevent library and headers to build against # LIBPCAP_BASE Prefix of libpcap library and headers to build against # LIBNET_BASE Prefix of libnet library and headers to build against # SQLITE_BASE Prefix of sqlite3 library and headers to build against # CHECK_BASE Prefix of check library and headers to build against (optional) # PKGCONFIG Name/path of pkg-config program to use for auto-detection # PCFLAGS Additional pkg-config flags # XNU_VERSION Version of included XNU headers to build against (OS X only) # FEATURES Enable optional or force-enable undetected features (see below) # # Where and how to install to: # # PREFIX Prefix to install under (default /usr/local) # DESTDIR Destination root under which prefix is located (default /) # MANDIR Subdir of PREFIX that contains man section dirs # INSTALLUID UID to use for installed files if installing as root # INSTALLGID GID to use for installed files if installing as root # # Standard compiler variables are respected, e.g.: # # CC Compiler, e.g. for cross-compiling, ccache or ccc-analyzer # CFLAGS Additional compiler flags, e.g. optimization flags # CPPFLAGS Additional pre-processor flags # LDFLAGS Additional linker flags # LIBS Additional libraries to link against # SOURCE_DATE_EPOCH Set to epoch time to make the build reproducible # # On macOS, the following build environment variables are respected: # # DEVELOPER_DIR Override Xcode Command Line Developer Tools directory # MACOSX_VERSION_MIN Minimal version of macOS to target, e.g. 10.11 # SDK SDK name to build against, e.g. macosx, macosx10.11 # # Examples: # # Build against custom installed libraries under /opt: # % OPENSSL_BASE=/opt/openssl LIBEVENT_BASE=/opt/libevent make # # Create a statically linked binary: # % PCFLAGS='--static' CFLAGS='-static' LDFLAGS='-static' make # # Build against musl libc that needs an additional library for fts(3): # % LIBS='-lfts' make # # Build a macOS binary for El Capitan using the default SDK from Xcode 7.3.1: # % MACOSX_VERSION_MIN=10.11 DEVELOPER_DIR=/Applications/Xcode-7.3.1.app/Contents/Developer make ### Mirroring # Define to disable support for mirroring connection content as emulated # packets to a network interface (-I/-T options). Doing so will remove the # dependency on both libnet and libpcap. Use this for constrained environments # or on platforms without usable libnet/libpcap. Logging connection content to # PCAP files will remain fully functional (-X/-Y/-y options) as it does not # make use of libnet and libpcap. #FEATURES+= -DWITHOUT_MIRROR ### OpenSSL tweaking # Define to enable support for SSLv2. # Default since 0.4.9 is to disable SSLv2 entirely even if OpenSSL supports it, # since there are servers that are not compatible with SSLv2 Client Hello # messages. If you build in SSLv2 support, you can disable it at runtime using # -R ssl2 to get the same result as not building in SSLv2 support at all. #FEATURES+= -DWITH_SSLV2 ### User Authentication # Define to disable support for user authentication. # Doing so will remove the dependency on sqlite. #FEATURES+= -DWITHOUT_USERAUTH # UserAuth feature is supported on OpenBSD and Linux only ifneq ($(filter -DWITHOUT_USERAUTH,$(FEATURES)),-DWITHOUT_USERAUTH) ifneq ($(shell uname),OpenBSD) ifneq ($(shell uname),Linux) FEATURES+= -DWITHOUT_USERAUTH endif endif endif ### Debugging # These flags are added to CFLAGS iff building from a git repo. DEBUG_CFLAGS?= -g #DEBUG_CFLAGS+= -Werror # Define to remove false positives when debugging memory allocation. # Note that you probably want to build OpenSSL with -DPURIFY too. #FEATURES+= -DPURIFY # Define to add proxy state machine debugging; dump state in debug mode. #FEATURES+= -DDEBUG_PROXY # Define to add certificate debugging; dump all certificates in debug mode. #FEATURES+= -DDEBUG_CERTIFICATE # Define to add SSL session cache debugging; dump all sessions in debug mode. #FEATURES+= -DDEBUG_SESSION_CACHE # Define to add debugging of sslsplit's own ClientHello message parser. #FEATURES+= -DDEBUG_CLIENTHELLO_PARSER # Define to add thread debugging; dump thread state when choosing a thread. #FEATURES+= -DDEBUG_THREAD # Define to add privilege separation server event loop debugging. #FEATURES+= -DDEBUG_PRIVSEP_SERVER # Define to add diagnostic output for debugging option parsing. #FEATURES+= -DDEBUG_OPTS # When debugging OpenSSL related issues, make sure you use a debug build of # OpenSSL and consider enabling its debugging options -DREF_PRINT -DREF_CHECK # for debugging reference counting of OpenSSL objects and/or # -DPURIFY for using valgrind and similar tools. ### Mac OS X header selection # First, try to use the exact XNU version reported by the kernel. If they # are not available, try to look up a suitable XNU version that we have # headers for based on the OS X release reported by sw_vers. Then as a last # resort, fall back to the latest version of XNU that we have headers for, # which may or may not work, depending on if there were API or ABI changes # in the DIOCNATLOOK ioctl interface to the NAT state table in the kernel. # # Note that you can override the XNU headers used by defining XNU_VERSION. ifndef PROJECT_ROOT $(error PROJECT_ROOT not defined) endif ifeq ($(shell uname),Darwin) include $(PROJECT_ROOT)/Mk/xcode.mk ifneq ($(wildcard /usr/include/libproc.h),) FEATURES+= -DHAVE_DARWIN_LIBPROC endif OSX_VERSION= $(shell sw_vers -productVersion) ifneq ($(XNU_VERSION),) XNU_METHOD= override XNU_HAVE= $(shell uname -a|sed 's/^.*root:xnu-//g'|sed 's/~.*$$//') else XNU_METHOD= uname XNU_VERSION= $(shell uname -a|sed 's/^.*root:xnu-//g'|sed 's/~.*$$//') XNU_HAVE:= $(XNU_VERSION) endif ifeq ($(wildcard $(PROJECT_ROOT)/xnu/xnu-$(XNU_VERSION)),) XNU_METHOD= sw_vers XNU_VERSION= $(shell awk '/^XNU_RELS.*\# $(OSX_VERSION)$$/ {print $$2}' $(PROJECT_ROOT)/xnu/GNUmakefile) endif ifeq ($(wildcard $(PROJECT_ROOT)/xnu/xnu-$(XNU_VERSION)),) XNU_METHOD= fallback XNU_VERSION= $(shell awk '/^XNU_RELS/ {print $$2}' $(PROJECT_ROOT)/xnu/GNUmakefile|tail -1) endif ifneq ($(wildcard $(PROJECT_ROOT)/xnu/xnu-$(XNU_VERSION)),) FEATURES+= -DHAVE_PF PKG_CPPFLAGS+= -I$(PROJECT_ROOT)/xnu/xnu-$(XNU_VERSION) BUILD_INFO+= OSX:$(OSX_VERSION) XNU:$(XNU_VERSION):$(XNU_METHOD):$(XNU_HAVE) endif endif ### Autodetected features # Autodetect pf ifneq ($(wildcard /usr/include/net/pfvar.h),) FEATURES+= -DHAVE_PF # OpenBSD 4.7+ and FreeBSD 9.0+ also include ipfw-style divert-to in pf FEATURES+= -DHAVE_IPFW endif # Autodetect ipfw ifneq ($(wildcard /sbin/ipfw),) FEATURES+= -DHAVE_IPFW endif # Autodetect ipfilter ifneq ($(wildcard /usr/include/netinet/ip_fil.h),) FEATURES+= -DHAVE_IPFILTER endif # Autodetect netfilter ifneq ($(wildcard /usr/include/linux/netfilter.h),) FEATURES+= -DHAVE_NETFILTER endif ### Variables you might need to override PREFIX?= /usr/local MANDIR?= share/man EXAMPLESDIR?= share/examples INSTALLUID?= 0 INSTALLGID?= 0 BINUID?= $(INSTALLUID) BINGID?= $(INSTALLGID) BINMODE?= 0755 CNFUID?= $(INSTALLUID) CNFGID?= $(INSTALLGID) CNFMODE?= 0644 MANUID?= $(INSTALLUID) MANGID?= $(INSTALLGID) MANMODE?= 0644 EXAMPLESMODE?= 0444 ifeq ($(shell id -u),0) BINOWNERFLAGS?= -o $(BINUID) -g $(BINGID) CNFOWNERFLAGS?= -o $(CNFUID) -g $(CNFGID) MANOWNERFLAGS?= -o $(MANUID) -g $(MANGID) else BINOWNERFLAGS?= CNFOWNERFLAGS?= MANOWNERFLAGS?= endif OPENSSL?= openssl PKGCONFIG?= $(shell command -v pkg-config||echo false) ifeq ($(PKGCONFIG),false) $(warning pkg-config not found - guessing paths/flags for dependencies) endif BASENAME?= basename CAT?= cat CHECKNR?= checknr CUT?= cut GREP?= grep INSTALL?= install MKDIR?= mkdir SED?= sed SORT?= sort ### Variables only used for developer targets KHASH_URL?= https://github.com/attractivechaos/klib/raw/master/khash.h GPGSIGNKEY?= 0xE1520675375F5E35 CPPCHECK?= cppcheck GPG?= gpg GIT?= git WGET?= wget ZIP?= gzip COL?= col LN?= ln MAN?= man TAR?= tar # TODO: RM defaults to rm -f causing multiple -f options, should we override it? #RM= rm ### You should not need to touch anything below this line SRCDIR:= src PKGLABEL:= SSLproxy PKGNAME:= sslproxy TARGET:= $(PKGNAME) FEATURES:= $(sort $(FEATURES)) include $(PROJECT_ROOT)/Mk/buildinfo.mk VERSION:= $(BUILD_VERSION) ifdef GITDIR CFLAGS+= $(DEBUG_CFLAGS) endif # Autodetect dependencies known to pkg-config PKGS:= ifndef OPENSSL_BASE PKGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --exists openssl \ && echo openssl) endif ifndef LIBEVENT_BASE PKGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --exists libevent \ && echo libevent) PKGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --exists libevent_openssl \ && echo libevent_openssl) PKGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --exists libevent_pthreads \ && echo libevent_pthreads) endif ifneq ($(filter -DWITHOUT_MIRROR,$(FEATURES)),-DWITHOUT_MIRROR) ifndef LIBPCAP_BASE PKGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --exists libpcap \ && echo libpcap) endif endif ifneq ($(filter -DWITHOUT_USERAUTH,$(FEATURES)),-DWITHOUT_USERAUTH) ifndef SQLITE_BASE PKGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --exists sqlite3 \ && echo sqlite3) endif endif TPKGS:= ifndef CHECK_BASE TPKGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --exists check \ && echo check) endif # Function: Generate list of base paths to search when locating packages # $1 packagename bases= /usr/local/opt/$(1) \ /opt/local \ /usr/local \ /usr # Function: Locate base path for a package we depend on # $1 packagename, $2 pattern suffix, $3 override path(s) locate= $(subst /$(2),,$(word 1,$(wildcard \ $(addsuffix /$(2),$(if $(3),$(3),$(call bases,$(1))))))) # Autodetect dependencies not known to pkg-config ifeq (,$(filter openssl,$(PKGS))) OPENSSL_FOUND:= $(call locate,openssl,include/openssl/ssl.h,$(OPENSSL_BASE)) OPENSSL:= $(OPENSSL_FOUND)/bin/openssl ifndef OPENSSL_FOUND $(error dependency 'OpenSSL' not found; \ install it or point OPENSSL_BASE to base path) endif endif ifeq (,$(filter libevent,$(PKGS))) LIBEVENT_FOUND:=$(call locate,libevent,include/event2/event.h,$(LIBEVENT_BASE)) ifndef LIBEVENT_FOUND $(error dependency 'libevent 2.x' not found; \ install it or point LIBEVENT_BASE to base path) endif endif ifneq ($(filter -DWITHOUT_MIRROR,$(FEATURES)),-DWITHOUT_MIRROR) ifeq (,$(filter libpcap,$(PKGS))) LIBPCAP_FOUND:= $(call locate,libpcap,include/pcap.h,$(LIBPCAP_BASE)) ifndef LIBPCAP_FOUND $(error dependency 'libpcap' not found; \ install it or point LIBPCAP_BASE to base path) endif endif endif ifneq ($(filter -DWITHOUT_USERAUTH,$(FEATURES)),-DWITHOUT_USERAUTH) ifeq (,$(filter sqlite3,$(PKGS))) SQLITE_FOUND:=$(call locate,sqlite3,include/sqlite3.h,$(SQLITE_BASE)) ifndef SQLITE_FOUND $(error dependency 'SQLite3' not found; \ install it or point SQLITE_BASE to base path) endif endif endif ifeq (,$(filter check,$(TPKGS))) CHECK_FOUND:= $(call locate,check,include/check.h,$(CHECK_BASE)) ifndef CHECK_FOUND CHECK_MISSING:= 1 endif endif # Always search filesystem for libnet because libnet-config is unreliable ifneq ($(filter -DWITHOUT_MIRROR,$(FEATURES)),-DWITHOUT_MIRROR) LIBNET_FOUND:= $(call locate,libnet,include/libnet-1.1/libnet.h,$(LIBNET_BASE)) ifdef LIBNET_FOUND LIBNET_FOUND_INC:= $(LIBNET_FOUND)/include/libnet-1.1 else LIBNET_FOUND:= $(call locate,libnet,include/libnet.h,$(LIBNET_BASE)) LIBNET_FOUND_INC:= $(LIBNET_FOUND)/include endif ifndef LIBNET_FOUND $(error dependency 'libnet' not found; \ install it or point LIBNET_BASE to base path) endif endif ifdef OPENSSL_FOUND PKG_CPPFLAGS+= -I$(OPENSSL_FOUND)/include ifneq ($(findstring openssl-3.,$(OPENSSL_FOUND)),openssl-3.) PKG_LDFLAGS+= -L$(OPENSSL_FOUND)/lib else PKG_LDFLAGS+= -L$(OPENSSL_FOUND)/lib64 endif PKG_LIBS+= -lssl -lcrypto -lz endif ifdef LIBEVENT_FOUND PKG_CPPFLAGS+= -I$(LIBEVENT_FOUND)/include PKG_LDFLAGS+= -L$(LIBEVENT_FOUND)/lib PKG_LIBS+= -levent endif ifeq (,$(filter libevent_openssl,$(PKGS))) PKG_LIBS+= -levent_openssl endif ifeq (,$(filter libevent_pthreads,$(PKGS))) PKG_LIBS+= -levent_pthreads endif ifneq ($(filter -DWITHOUT_MIRROR,$(FEATURES)),-DWITHOUT_MIRROR) ifdef LIBNET_FOUND PKG_CPPFLAGS+= -I$(LIBNET_FOUND_INC) PKG_LDFLAGS+= -L$(LIBNET_FOUND)/lib PKG_LIBS+= -lnet endif ifdef LIBPCAP_FOUND PKG_CPPFLAGS+= -I$(LIBPCAP_FOUND)/include PKG_LDFLAGS+= -L$(LIBPCAP_FOUND)/lib PKG_LIBS+= -lpcap endif endif ifneq ($(filter -DWITHOUT_USERAUTH,$(FEATURES)),-DWITHOUT_USERAUTH) ifdef SQLITE_FOUND PKG_CPPFLAGS+= -I$(SQLITE_FOUND)/include PKG_LDFLAGS+= -L$(SQLITE_FOUND)/lib PKG_LIBS+= -lsqlite3 endif endif ifdef CHECK_FOUND TPKG_CPPFLAGS+= -I$(CHECK_FOUND)/include TPKG_LDFLAGS+= -L$(CHECK_FOUND)/lib TPKG_LIBS+= -lcheck endif ifneq (,$(strip $(PKGS))) PKG_CFLAGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --cflags-only-other $(PKGS)) PKG_CPPFLAGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --cflags-only-I $(PKGS)) PKG_LDFLAGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --libs-only-L \ --libs-only-other $(PKGS)) PKG_LIBS+= $(shell $(PKGCONFIG) $(PCFLAGS) --libs-only-l $(PKGS)) endif ifneq (,$(strip $(TPKGS))) TPKG_CFLAGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --cflags-only-other $(TPKGS)) TPKG_CPPFLAGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --cflags-only-I $(TPKGS)) TPKG_LDFLAGS+= $(shell $(PKGCONFIG) $(PCFLAGS) --libs-only-L \ --libs-only-other $(TPKGS)) TPKG_LIBS+= $(shell $(PKGCONFIG) $(PCFLAGS) --libs-only-l $(TPKGS)) endif CPPDEFS+= -D_GNU_SOURCE \ -D"PKGLABEL=\"$(PKGLABEL)\"" CPPCHECKFLAGS+= $(CPPDEFS) ifneq (ccc-analyzer,$(notdir $(CC))) PKG_CPPFLAGS:= $(subst -I,-isystem,$(PKG_CPPFLAGS)) TPKG_CPPFLAGS:= $(subst -I,-isystem,$(TPKG_CPPFLAGS)) endif CFLAGS+= $(PKG_CFLAGS) \ -std=c99 -Wall -Wextra -pedantic \ -D_FORTIFY_SOURCE=2 -fstack-protector-all CPPFLAGS+= $(PKG_CPPFLAGS) $(CPPDEFS) $(FEATURES) TCPPFLAGS+= $(TPKG_CPPFLAGS) LDFLAGS+= $(PKG_LDFLAGS) LIBS+= $(PKG_LIBS) ifneq ($(shell uname),Darwin) CFLAGS+= -pthread LDFLAGS+= -pthread endif # _FORTIFY_SOURCE requires -O on Linux ifeq (,$(findstring -O,$(CFLAGS))) CFLAGS+= -O2 endif export VERSION export OPENSSL export OPENSSL_BASE export OPENSSL_FOUND export MKDIR export WGET ifndef MAKE_RESTARTS $(info ------------------------------------------------------------------------------) $(info $(PKGLABEL) $(VERSION)) $(info ------------------------------------------------------------------------------) $(info Report bugs at https://github.com/sonertari/SSLproxy/issues/new) $(info Please supply this header for diagnostics when reporting build issues) $(info Before reporting bugs, make sure to try the latest develop branch first:) $(info % git clone -b develop https://github.com/sonertari/SSLproxy.git) $(info ------------------------------------------------------------------------------) $(info Via pkg-config: $(strip $(PKGS) $(TPKGS))) ifdef OPENSSL_FOUND $(info OPENSSL_BASE: $(strip $(OPENSSL_FOUND))) endif ifdef LIBEVENT_FOUND $(info LIBEVENT_BASE: $(strip $(LIBEVENT_FOUND))) endif ifdef LIBPCAP_FOUND $(info LIBPCAP_BASE: $(strip $(LIBPCAP_FOUND))) endif ifdef LIBNET_FOUND $(info LIBNET_BASE: $(strip $(LIBNET_FOUND))) endif ifdef SQLITE_FOUND $(info SQLITE_BASE: $(strip $(SQLITE_FOUND))) endif ifdef CHECK_FOUND $(info CHECK_BASE: $(strip $(CHECK_FOUND))) endif $(info Build options: $(FEATURES)) $(info Build info: $(BUILD_INFO)) ifeq ($(shell uname),Darwin) $(info OSX_VERSION: $(OSX_VERSION)) $(info XNU_VERSION: $(XNU_VERSION) ($(XNU_METHOD), have $(XNU_HAVE))) endif $(info uname -a: $(shell uname -a)) $(info ------------------------------------------------------------------------------) endif