cloudflare/cloudflared
Publicmirrored from https://github.com/cloudflare/cloudflaredAvailable
Makefile
282lines · modecode
| 1 | VERSION := $(shell git describe --tags --always --match "[0-9][0-9][0-9][0-9].*.*") |
| 2 | MSI_VERSION := $(shell git tag -l --sort=v:refname | grep "w" | tail -1 | cut -c2-) |
| 3 | #MSI_VERSION expects the format of the tag to be: (wX.X.X). Starts with the w character to not break cfsetup. |
| 4 | #e.g. w3.0.1 or w4.2.10. It trims off the w character when creating the MSI. |
| 5 | |
| 6 | ifeq ($(FIPS), true) |
| 7 | BINARY_NAME := cloudflared-fips |
| 8 | else |
| 9 | BINARY_NAME := cloudflared |
| 10 | endif |
| 11 | |
| 12 | ifeq ($(NIGHTLY), true) |
| 13 | # We do not release FIPS in NIGHTLY, so no need to consider that case here. |
| 14 | DEB_PACKAGE_NAME := cloudflared-nightly |
| 15 | NIGHTLY_FLAGS := --conflicts cloudflared --replaces cloudflared |
| 16 | else |
| 17 | DEB_PACKAGE_NAME := $(BINARY_NAME) |
| 18 | endif |
| 19 | |
| 20 | DATE := $(shell date -u '+%Y-%m-%d-%H%M UTC') |
| 21 | VERSION_FLAGS := -X "main.Version=$(VERSION)" -X "main.BuildTime=$(DATE)" |
| 22 | |
| 23 | LINK_FLAGS := |
| 24 | ifeq ($(FIPS), true) |
| 25 | LINK_FLAGS := -linkmode=external -extldflags=-static $(LINK_FLAGS) |
| 26 | # Prevent linking with libc regardless of CGO enabled or not. |
| 27 | GO_BUILD_TAGS := $(GO_BUILD_TAGS) osusergo netgo fips |
| 28 | VERSION_FLAGS := $(VERSION_FLAGS) -X "main.BuildType=FIPS" |
| 29 | endif |
| 30 | |
| 31 | LDFLAGS := -ldflags='$(VERSION_FLAGS) $(LINK_FLAGS)' |
| 32 | ifneq ($(GO_BUILD_TAGS),) |
| 33 | GO_BUILD_TAGS := -tags "$(GO_BUILD_TAGS)" |
| 34 | endif |
| 35 | |
| 36 | IMPORT_PATH := github.com/cloudflare/cloudflared |
| 37 | PACKAGE_DIR := $(CURDIR)/packaging |
| 38 | INSTALL_BINDIR := /usr/bin/ |
| 39 | MAN_DIR := /usr/share/man/man1/ |
| 40 | |
| 41 | LOCAL_ARCH ?= $(shell uname -m) |
| 42 | ifneq ($(GOARCH),) |
| 43 | TARGET_ARCH ?= $(GOARCH) |
| 44 | else ifeq ($(LOCAL_ARCH),x86_64) |
| 45 | TARGET_ARCH ?= amd64 |
| 46 | else ifeq ($(LOCAL_ARCH),amd64) |
| 47 | TARGET_ARCH ?= amd64 |
| 48 | else ifeq ($(LOCAL_ARCH),i686) |
| 49 | TARGET_ARCH ?= amd64 |
| 50 | else ifeq ($(shell echo $(LOCAL_ARCH) | head -c 5),armv8) |
| 51 | TARGET_ARCH ?= arm64 |
| 52 | else ifeq ($(LOCAL_ARCH),aarch64) |
| 53 | TARGET_ARCH ?= arm64 |
| 54 | else ifeq ($(LOCAL_ARCH),arm64) |
| 55 | TARGET_ARCH ?= arm64 |
| 56 | else ifeq ($(shell echo $(LOCAL_ARCH) | head -c 4),armv) |
| 57 | TARGET_ARCH ?= arm |
| 58 | else |
| 59 | $(error This system's architecture $(LOCAL_ARCH) isn't supported) |
| 60 | endif |
| 61 | |
| 62 | LOCAL_OS ?= $(shell go env GOOS) |
| 63 | ifeq ($(LOCAL_OS),linux) |
| 64 | TARGET_OS ?= linux |
| 65 | else ifeq ($(LOCAL_OS),darwin) |
| 66 | TARGET_OS ?= darwin |
| 67 | else ifeq ($(LOCAL_OS),windows) |
| 68 | TARGET_OS ?= windows |
| 69 | else ifeq ($(LOCAL_OS),freebsd) |
| 70 | TARGET_OS ?= freebsd |
| 71 | else |
| 72 | $(error This system's OS $(LOCAL_OS) isn't supported) |
| 73 | endif |
| 74 | |
| 75 | ifeq ($(TARGET_OS), windows) |
| 76 | EXECUTABLE_PATH=./$(BINARY_NAME).exe |
| 77 | else |
| 78 | EXECUTABLE_PATH=./$(BINARY_NAME) |
| 79 | endif |
| 80 | |
| 81 | ifeq ($(FLAVOR), centos-7) |
| 82 | TARGET_PUBLIC_REPO ?= el7 |
| 83 | else |
| 84 | TARGET_PUBLIC_REPO ?= $(FLAVOR) |
| 85 | endif |
| 86 | |
| 87 | .PHONY: all |
| 88 | all: cloudflared test |
| 89 | |
| 90 | .PHONY: clean |
| 91 | clean: |
| 92 | go clean |
| 93 | |
| 94 | .PHONY: cloudflared |
| 95 | cloudflared: |
| 96 | ifeq ($(FIPS), true) |
| 97 | $(info Building cloudflared with go-fips) |
| 98 | cp -f fips/fips.go.linux-amd64 cmd/cloudflared/fips.go |
| 99 | endif |
| 100 | GOOS=$(TARGET_OS) GOARCH=$(TARGET_ARCH) go build -v -mod=vendor $(GO_BUILD_TAGS) $(LDFLAGS) $(IMPORT_PATH)/cmd/cloudflared |
| 101 | ifeq ($(FIPS), true) |
| 102 | rm -f cmd/cloudflared/fips.go |
| 103 | ./check-fips.sh cloudflared |
| 104 | endif |
| 105 | |
| 106 | .PHONY: container |
| 107 | container: |
| 108 | docker build --build-arg=TARGET_ARCH=$(TARGET_ARCH) --build-arg=TARGET_OS=$(TARGET_OS) -t cloudflare/cloudflared-$(TARGET_OS)-$(TARGET_ARCH):"$(VERSION)" . |
| 109 | |
| 110 | .PHONY: test |
| 111 | test: vet |
| 112 | ifndef CI |
| 113 | go test -v -mod=vendor -race $(LDFLAGS) ./... |
| 114 | else |
| 115 | @mkdir -p .cover |
| 116 | go test -v -mod=vendor -race $(LDFLAGS) -coverprofile=".cover/c.out" ./... |
| 117 | go tool cover -html ".cover/c.out" -o .cover/all.html |
| 118 | endif |
| 119 | |
| 120 | .PHONY: test-ssh-server |
| 121 | test-ssh-server: |
| 122 | docker-compose -f ssh_server_tests/docker-compose.yml up |
| 123 | |
| 124 | define publish_package |
| 125 | chmod 664 $(BINARY_NAME)*.$(1); \ |
| 126 | for HOST in $(CF_PKG_HOSTS); do \ |
| 127 | ssh-keyscan -t ecdsa $$HOST >> ~/.ssh/known_hosts; \ |
| 128 | scp -p -4 $(BINARY_NAME)*.$(1) cfsync@$$HOST:/state/cf-pkg/staging/$(2)/$(TARGET_PUBLIC_REPO)/$(BINARY_NAME)/; \ |
| 129 | done |
| 130 | endef |
| 131 | |
| 132 | .PHONY: publish-deb |
| 133 | publish-deb: cloudflared-deb |
| 134 | $(call publish_package,deb,apt) |
| 135 | |
| 136 | .PHONY: publish-rpm |
| 137 | publish-rpm: cloudflared-rpm |
| 138 | $(call publish_package,rpm,yum) |
| 139 | |
| 140 | # When we build packages, the package name will be FIPS-aware. |
| 141 | # But we keep the binary installed by it to be named "cloudflared" regardless. |
| 142 | define build_package |
| 143 | mkdir -p $(PACKAGE_DIR) |
| 144 | cp cloudflared $(PACKAGE_DIR)/cloudflared |
| 145 | cat cloudflared_man_template | sed -e 's/\$${VERSION}/$(VERSION)/; s/\$${DATE}/$(DATE)/' > $(PACKAGE_DIR)/cloudflared.1 |
| 146 | fakeroot fpm -C $(PACKAGE_DIR) -s dir -t $(1) \ |
| 147 | --description 'Cloudflare Tunnel daemon' \ |
| 148 | --vendor 'Cloudflare' \ |
| 149 | --license 'Cloudflare Service Agreement' \ |
| 150 | --url 'https://github.com/cloudflare/cloudflared' \ |
| 151 | -m 'Cloudflare <support@cloudflare.com>' \ |
| 152 | -a $(TARGET_ARCH) -v $(VERSION) -n $(DEB_PACKAGE_NAME) $(NIGHTLY_FLAGS) --after-install postinst.sh --after-remove postrm.sh \ |
| 153 | cloudflared=$(INSTALL_BINDIR) cloudflared.1=$(MAN_DIR) |
| 154 | endef |
| 155 | |
| 156 | .PHONY: cloudflared-deb |
| 157 | cloudflared-deb: cloudflared |
| 158 | $(call build_package,deb) |
| 159 | |
| 160 | .PHONY: cloudflared-internal-deb |
| 161 | cloudflared-internal-deb: cloudflared-deb |
| 162 | bash -c 'for f in cloudflared-fips_*.deb; do mv -- "$$f" "$${f/-fips/}"; done' |
| 163 | |
| 164 | .PHONY: cloudflared-rpm |
| 165 | cloudflared-rpm: cloudflared |
| 166 | $(call build_package,rpm) |
| 167 | |
| 168 | .PHONY: cloudflared-pkg |
| 169 | cloudflared-pkg: cloudflared |
| 170 | $(call build_package,osxpkg) |
| 171 | |
| 172 | .PHONY: cloudflared-msi |
| 173 | cloudflared-msi: cloudflared |
| 174 | wixl --define Version=$(VERSION) --define Path=$(EXECUTABLE_PATH) --output cloudflared-$(VERSION)-$(TARGET_ARCH).msi cloudflared.wxs |
| 175 | |
| 176 | .PHONY: cloudflared-darwin-amd64.tgz |
| 177 | cloudflared-darwin-amd64.tgz: cloudflared |
| 178 | tar czf cloudflared-darwin-amd64.tgz cloudflared |
| 179 | rm cloudflared |
| 180 | |
| 181 | .PHONY: cloudflared-junos |
| 182 | cloudflared-junos: cloudflared jetez-certificate.pem jetez-key.pem |
| 183 | jetez --source . \ |
| 184 | -j jet.yaml \ |
| 185 | --key jetez-key.pem \ |
| 186 | --cert jetez-certificate.pem \ |
| 187 | --version $(VERSION) |
| 188 | rm jetez-*.pem |
| 189 | |
| 190 | jetez-certificate.pem: |
| 191 | ifndef JETEZ_CERT |
| 192 | $(error JETEZ_CERT not defined) |
| 193 | endif |
| 194 | @echo "Writing JetEZ certificate" |
| 195 | @echo "$$JETEZ_CERT" > jetez-certificate.pem |
| 196 | |
| 197 | jetez-key.pem: |
| 198 | ifndef JETEZ_KEY |
| 199 | $(error JETEZ_KEY not defined) |
| 200 | endif |
| 201 | @echo "Writing JetEZ key" |
| 202 | @echo "$$JETEZ_KEY" > jetez-key.pem |
| 203 | |
| 204 | .PHONY: publish-cloudflared-junos |
| 205 | publish-cloudflared-junos: cloudflared-junos cloudflared-x86-64.latest.s3 |
| 206 | ifndef S3_ENDPOINT |
| 207 | $(error S3_HOST not defined) |
| 208 | endif |
| 209 | ifndef S3_URI |
| 210 | $(error S3_URI not defined) |
| 211 | endif |
| 212 | ifndef S3_ACCESS_KEY |
| 213 | $(error S3_ACCESS_KEY not defined) |
| 214 | endif |
| 215 | ifndef S3_SECRET_KEY |
| 216 | $(error S3_SECRET_KEY not defined) |
| 217 | endif |
| 218 | sha256sum cloudflared-x86-64-$(VERSION).tgz | awk '{printf $$1}' > cloudflared-x86-64-$(VERSION).tgz.shasum |
| 219 | s4cmd --endpoint-url $(S3_ENDPOINT) --force --API-GrantRead=uri=http://acs.amazonaws.com/groups/global/AllUsers \ |
| 220 | put cloudflared-x86-64-$(VERSION).tgz $(S3_URI)/cloudflared-x86-64-$(VERSION).tgz |
| 221 | s4cmd --endpoint-url $(S3_ENDPOINT) --force --API-GrantRead=uri=http://acs.amazonaws.com/groups/global/AllUsers \ |
| 222 | put cloudflared-x86-64-$(VERSION).tgz.shasum $(S3_URI)/cloudflared-x86-64-$(VERSION).tgz.shasum |
| 223 | dpkg --compare-versions "$(VERSION)" gt "$(shell cat cloudflared-x86-64.latest.s3)" && \ |
| 224 | echo -n "$(VERSION)" > cloudflared-x86-64.latest && \ |
| 225 | s4cmd --endpoint-url $(S3_ENDPOINT) --force --API-GrantRead=uri=http://acs.amazonaws.com/groups/global/AllUsers \ |
| 226 | put cloudflared-x86-64.latest $(S3_URI)/cloudflared-x86-64.latest || \ |
| 227 | echo "Latest version not updated" |
| 228 | |
| 229 | cloudflared-x86-64.latest.s3: |
| 230 | s4cmd --endpoint-url $(S3_ENDPOINT) --force \ |
| 231 | get $(S3_URI)/cloudflared-x86-64.latest cloudflared-x86-64.latest.s3 |
| 232 | |
| 233 | .PHONY: homebrew-upload |
| 234 | homebrew-upload: cloudflared-darwin-amd64.tgz |
| 235 | aws s3 --endpoint-url $(S3_ENDPOINT) cp --acl public-read $$^ $(S3_URI)/cloudflared-$$(VERSION)-$1.tgz |
| 236 | aws s3 --endpoint-url $(S3_ENDPOINT) cp --acl public-read $(S3_URI)/cloudflared-$$(VERSION)-$1.tgz $(S3_URI)/cloudflared-stable-$1.tgz |
| 237 | |
| 238 | .PHONY: homebrew-release |
| 239 | homebrew-release: homebrew-upload |
| 240 | ./publish-homebrew-formula.sh cloudflared-darwin-amd64.tgz $(VERSION) homebrew-cloudflare |
| 241 | |
| 242 | .PHONY: github-release |
| 243 | github-release: cloudflared |
| 244 | python3 github_release.py --path $(EXECUTABLE_PATH) --release-version $(VERSION) |
| 245 | |
| 246 | .PHONY: github-release-built-pkgs |
| 247 | github-release-built-pkgs: |
| 248 | python3 github_release.py --path $(PWD)/built_artifacts --release-version $(VERSION) |
| 249 | |
| 250 | .PHONY: github-message |
| 251 | github-message: |
| 252 | python3 github_message.py --release-version $(VERSION) |
| 253 | |
| 254 | .PHONY: github-mac-upload |
| 255 | github-mac-upload: |
| 256 | python3 github_release.py --path artifacts/cloudflared-darwin-amd64.tgz --release-version $(VERSION) --name cloudflared-darwin-amd64.tgz |
| 257 | python3 github_release.py --path artifacts/cloudflared-amd64.pkg --release-version $(VERSION) --name cloudflared-amd64.pkg |
| 258 | |
| 259 | .PHONY: tunnelrpc-deps |
| 260 | tunnelrpc-deps: |
| 261 | which capnp # https://capnproto.org/install.html |
| 262 | which capnpc-go # go get zombiezen.com/go/capnproto2/capnpc-go |
| 263 | capnp compile -ogo tunnelrpc/tunnelrpc.capnp |
| 264 | |
| 265 | .PHONY: quic-deps |
| 266 | quic-deps: |
| 267 | which capnp |
| 268 | which capnpc-go |
| 269 | capnp compile -ogo quic/schema/quic_metadata_protocol.capnp |
| 270 | |
| 271 | .PHONY: vet |
| 272 | vet: |
| 273 | go vet -mod=vendor ./... |
| 274 | # go get github.com/sudarshan-reddy/go-sumtype (don't do this in build directory or this will cause vendor issues) |
| 275 | # Note: If you have github.com/BurntSushi/go-sumtype then you might have to use the repo above instead |
| 276 | # for now because it uses an older version of golang.org/x/tools. |
| 277 | which go-sumtype |
| 278 | go-sumtype $$(go list -mod=vendor ./...) |
| 279 | |
| 280 | .PHONY: goimports |
| 281 | goimports: |
| 282 | for d in $$(go list -mod=readonly -f '{{.Dir}}' -a ./... | fgrep -v tunnelrpc) ; do goimports -format-only -local github.com/cloudflare/cloudflared -w $$d ; done |