forked from kolide/launcher
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMakefile
231 lines (174 loc) · 6.85 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
all: build
.PHONY: build
ifndef ($(GOPATH))
GOPATH = $(HOME)/go
endif
PATH := $(GOPATH)/bin:$(PATH)
export GO111MODULE=on
# If on macOS, set the shell to bash explicitly
ifneq ($(OS), Windows_NT)
ifeq ($(shell uname), Darwin)
SHELL := /bin/bash
endif
endif
fake-launcher: .pre-build
go run cmd/make/make.go -targets=launcher -linkstamp -fakedata
-rm build/darwin/launcher
mv build/launcher build/launcher-fake
all: build
build: launcher extension
.pre-build: ${BUILD_DIR}
${BUILD_DIR}:
ifeq ($(OS), Windows_NT)
powershell New-Item -Type Directory -Force -Path ${BUILD_DIR} | powershell Out-Null
else
mkdir -p ${BUILD_DIR}
endif
# Simple things, pointers into our build
launcher: .pre-build
go run cmd/make/make.go -targets=launcher -linkstamp
table.ext: .pre-build
go run cmd/make/make.go -targets=table-extension -linkstamp
table.ext-windows: .pre-build deps
go run cmd/make/make.go -targets=table-extension -linkstamp --os windows
extension: .pre-build
go run cmd/make/make.go -targets=extension
grpc-extension: .pre-build
go run cmd/make/make.go -targets=grpc-extension
# Convenience tools
osqueryi-tables: table.ext
osqueryd -S --allow-unsafe --verbose --extension ./build/darwin/tables.ext
osqueryi-tables-linux: table.ext
osqueryd -S --allow-unsafe --verbose --extension ./build/linux/tables.ext
osqueryi-tables-windows: table.ext
osqueryd.exe -S --allow-unsafe --verbose --extension .\build\windows\tables.exe
sudo-osqueryi-tables: table.ext
sudo osqueryd -S --allow-unsafe --verbose --extension ./build/darwin/tables.ext
launchas-osqueryi-tables: table.ext
sudo launchctl asuser 0 osqueryd -S --allow-unsafe --verbose --extension ./build/darwin/tables.ext
xp: xp-launcher xp-extension xp-grpc-extension
xp-%: darwin-xp-% windows-xp-% linux-xp-%
@true # make needs something here for the pattern rule
darwin-xp-%: .pre-build deps
go run cmd/make/make.go -targets=$* -linkstamp -os=darwin
linux-xp-%: .pre-build deps
go run cmd/make/make.go -targets=$* -linkstamp -os=linux
windows-xp-%: .pre-build deps
go run cmd/make/make.go -targets=$* -linkstamp -os=windows
# `-o runtime` should be enough, however there was a catalina bug that
# required we add `library`. This was fixed in 10.15.4. (from
# macadmins slack)
codesign-darwin: xp
codesign --force -s "${CODESIGN_IDENTITY}" -v --options runtime,library --timestamp ./build/darwin/*
notarize-darwin: codesign-darwin
rm -f build/notarization-upload.zip
zip -r build/notarization-upload.zip ./build/darwin/*
xcrun altool \
--username "${NOTARIZE_APPLE_ID}" \
--password @env:NOTARIZE_APP_PASSWD \
--asc-provider "${NOTARIZE_ACCOUNT_ID}" \
--notarize-app --file build/notarization-upload.zip \
--primary-bundle-id com.kolide.launcher
# notarize-check is a helper for checking uuids
notarize-check:
@echo "Usage: make notarize-check-<uuid>"
notarize-check-%:
xcrun altool \
--username "${NOTARIZE_APPLE_ID}" \
--password @env:NOTARIZE_APP_PASSWD \
--asc-provider "${NOTARIZE_ACCOUNT_ID}" \
--notarization-info "$*"
# Using the `osslsigncode` we can sign windows binaries from
# non-windows platforms.
codesign-windows: codesign-windows-launcher.exe codesign-windows-osquery-extension.exe
codesign-windows-%: xp
@if [ -z "${AUTHENTICODE_PASSPHRASE}" ]; then echo "Missing AUTHENTICODE_PASSPHRASE"; exit 1; fi
osslsigncode -in build/windows/$* -out build/windows/$* -i https://kolide.com -h sha1 -t http://timestamp.verisign.com/scripts/timstamp.dll -pkcs12 ~/Documents/kolide-codesigning-2020.p12 -pass "${AUTHENTICODE_PASSPHRASE}"
osslsigncode -in build/windows/$* -out build/windows/$* -i https://kolide.com -h sha256 -nest -ts http://sha256timestamp.ws.symantec.com/sha256/timestamp -pkcs12 ~/Documents/kolide-codesigning-2020.p12 -pass "${AUTHENTICODE_PASSPHRASE}"
codesign: notarize-darwin codesign-windows
package-builder: .pre-build deps
go run cmd/make/make.go -targets=package-builder -linkstamp
package-builder-windows: .pre-build deps
go run cmd/make/make.go -targets=package-builder -linkstamp --os windows
launcher-pummel:
go run cmd/make/make.go -targets=launcher-pummel
deps-go:
go run cmd/make/make.go -targets=deps-go,install-tools
deps: deps-go generate
.PHONY: generate
generate:
go generate ./pkg/packagekit/... ./pkg/packaging/...
go run cmd/make/make.go -targets=generate-tuf
.PHONY: proto
proto:
@(cd pkg/pb/launcher; go generate)
@(cd pkg/pb/querytarget; go generate)
@echo "Generated code from proto definitions."
test: generate
go test -cover -coverprofile=coverage.out -race $(shell go list ./... | grep -v /vendor/)
##
## Lint
##
# These are escape newlines, looks super weird. Allows these to run in
# parallel with `make -j`
lint: \
lint-go-deadcode \
lint-misspell \
lint-go-vet \
lint-go-nakedret \
lint-go-fmt
lint-go-deadcode: deps-go
deadcode cmd/ pkg/
lint-misspell: deps-go
git ls-files \
| grep -v pkg/simulator/testdata/bad_symlink \
| grep -v assets.go$ \
| xargs misspell -error -f 'misspell: {{ .Filename }}:{{ .Line }}:{{ .Column }}:corrected {{ printf "%q" .Original }} to {{ printf "%q" .Corrected }}'
lint-go-vet:
go vet ./cmd/... ./pkg/...
lint-go-nakedret: deps-go
nakedret ./...
# This is ugly. since go-fmt doesn't have a simple exit code, we use
# some make trickery to handle failing if there;s output.
lint-go-fmt: $(foreach c,$(shell gofmt -l ./pkg/ ./cmd/ | grep -vE 'assets.go|bindata.go'),fmt-fail/$(c))
lint-go-fmt: deps-go
fmt-fail/%:
@echo fmt failure in: $*
@false
##
## Release Process Stuff
##
release: binary-bundle containers-push
binary-bundle: VERSION = $(shell git describe --tags --always --dirty)
binary-bundle: codesign
rm -rf build/binary-bundle
$(MAKE) -j $(foreach p, darwin linux windows, build/binary-bundle/$(p))
cd build/binary-bundle && zip -r "launcher_${VERSION}.zip" *
build/binary-bundle/%:
mkdir -p $@
cp build/$*/launcher* $@/
cp build/$*/osquery-extension* $@/
go run ./tools/download-osquery.go --platform=$* --output=$@/osqueryd
##
## Docker Tooling
##
CONTAINER_OSES = ubuntu16 ubuntu18 centos6 centos7 distroless
.PHONY: containers
containers: $(foreach c,$(CONTAINER_OSES),docker-$(c) dockerfake-$(c))
containers-push: $(foreach c,$(CONTAINER_OSES),dockerpush-$(c) dockerfakepush-$(c))
build-docker:
docker build -t launcher-build .
build-dockerfake:
docker build -t launcher-fakedata-build --build-arg FAKE=-fakedata .
dockerfake-%: #build-dockerfake
@echo '#### Starting to build target: $@'
docker build -t gcr.io/kolide-public-containers/launcher-fakedata-$* --build-arg FAKE=-fakedata docker/$*
docker-%: #build-docker
@echo '#### Starting to build target: $@'
docker build -t gcr.io/kolide-public-containers/launcher-$* docker/$*
dockerpush-%: docker-%
@echo '#### Starting to push target: $@'
docker push gcr.io/kolide-public-containers/launcher-$*
dockerfakepush-%: dockerfake-%
@echo '#### Starting to push target: $@'
docker push gcr.io/kolide-public-containers/launcher-fakedata-$*