forked from ComplianceAsCode/content
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathMakefile
339 lines (274 loc) · 11.3 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
include VERSION
# Define RHEL6 / JBossEAP5 specific variables below
ROOT_DIR ?= $(CURDIR)
RPMBUILD ?= $(ROOT_DIR)/rpmbuild
RPM_SPEC := $(ROOT_DIR)/scap-security-guide.spec
PKGNAME := $(SSG_PROJECT_NAME)
OS_DIST := $(shell rpm --eval '%{dist}')
ARCH := noarch
RPMBUILD_ARGS := --define '_topdir $(RPMBUILD)' --define '_tmppath $(RPMBUILD)'
DATESTR:=$(shell date -u +'%Y%m%d%H%M')
RPM_DATESTR := $(shell date -u +'%a %b %d %Y')
ifeq ($(SSG_VERSION_IS_GIT_SNAPSHOT),"yes")
GIT_VERSION:=$(shell git show --pretty=format:"%h" --stat HEAD 2>/dev/null|head -1)
ifneq ($(GIT_VERSION),)
SSG_VERSION=$(SSG_MAJOR_VERSION).$(SSG_MINOR_VERSION).$(SSG_RELEASE_VERSION).$(DATESTR)GIT$(GIT_VERSION)
endif # in a git tree and git returned a version
endif # git
ifndef SSG_VERSION
SSG_VERSION=$(SSG_MAJOR_VERSION).$(SSG_MINOR_VERSION)
endif
PKG := $(PKGNAME)-$(SSG_VERSION)
TARBALL = $(RPMBUILD)/SOURCES/$(PKG).tar.gz
PREFIX=$(DESTDIR)/usr
DATADIR=share
MANDIR=$(DATADIR)/man
DOCDIR=$(DATADIR)/doc
# Define custom canned sequences / macros below
# Define Makefile targets below
all: validate-buildsystem fedora rhel5 rhel6 rhel7 rhel-osp7 rhevm3 webmin firefox jre chromium debian8 wrlinux
dist: chromium-dist firefox-dist fedora-dist jre-dist rhel6-dist rhel7-dist rhel-osp7-dist debian8-dist wrlinux-dist
jenkins: all validate dist
fedora:
cd Fedora/ && $(MAKE)
fedora-dist:
cd Fedora/ && $(MAKE) dist
rhel5:
cd RHEL/5/ && $(MAKE)
rhel6:
cd RHEL/6/ && $(MAKE)
rhel6-dist:
cd RHEL/6/ && $(MAKE) dist
rhel7:
cd RHEL/7/ && $(MAKE)
rhel7-dist:
cd RHEL/7/ && $(MAKE) dist
debian8:
cd Debian/8/ && $(MAKE)
debian8-dist:
cd Debian/8/ && $(MAKE) dist
wrlinux:
cd WRLinux/ && $(MAKE)
wrlinux-dist:
cd WRLinux/ && $(MAKE) dist
rhel-osp7:
cd OpenStack/RHEL-OSP/7 && $(MAKE)
rhel-osp7-dist:
cd OpenStack/RHEL-OSP/7 && $(MAKE) dist
rhevm3:
cd RHEVM3 && $(MAKE)
jre:
cd JRE/ && $(MAKE)
jre-dist:
cd JRE/ && $(MAKE) dist
firefox:
cd Firefox/ && $(MAKE)
firefox-dist:
cd Firefox/ && $(MAKE) dist
webmin:
cd Webmin/ && $(MAKE)
chromium:
cd Chromium/ && $(MAKE)
chromium-dist:
cd Chromium/ && $(MAKE) dist
opensuse:
cd OpenSUSE/ && $(MAKE)
opensuse-dist:
cd OpenSUSE && $(MAKE) dist
suse11:
cd SUSE/11 && $(MAKE)
suse11-dist:
cd SUSE/11 && $(MAKE) dist
suse12:
cd SUSE/12 && $(MAKE)
suse12-dist:
cd SUSE/12 && $(MAKE) dist
validate-buildsystem:
for makefile in `find -name Makefile`; do \
if grep '[[:space:]]\+$$' $$makefile; then \
echo "Trailing Whitespace in $$makefile"; \
exit 1; \
fi \
done
validate-wrlinux: wrlinux
# Enable below when content validates correctly
# cd WRLinux/ && $(MAKE) validate
validate-fedora: fedora
cd Fedora/ && $(MAKE) validate
validate-rhel5: rhel5
# Enable below when content validates correctly
#cd RHEL/5/ && $(MAKE) validate
validate-rhel6: rhel6
cd RHEL/6/ && $(MAKE) validate
validate-rhel7: rhel7
cd RHEL/7/ && $(MAKE) validate
validate-debian8: debian8
# Enable below when content validates correctly
#cd Debian/8/ && $(MAKE) validate
validate-rhel-osp7: rhel-osp7
cd OpenStack/RHEL-OSP/7/ && $(MAKE) validate
validate-rhevm3: rhevm3
# Enable below when content validates correctly
#cd RHEVM3 && $(MAKE) validate
validate-chromium: chromium
cd Chromium/ && $(MAKE) validate
validate-firefox: firefox
cd Firefox/ && $(MAKE) validate
validate-jre: jre
cd JRE/ && $(MAKE) validate
validate-opensuse: opensuse
# Enable below when content validates correctly
#cd OpenSUSE/ && $(MAKE) validate
validate-suse11: suse11
# Enable below when content validates correctly
#cd SUSE/11 && $(MAKE) validate
validate-suse12: suse12
# Enable below when content validates correctly
#cd SUSE/12 && $(MAKE) validate
validate: validate-fedora validate-rhel5 validate-rhel6 validate-rhel7 validate-debian8 validate-wrlinux validate-rhel-osp7 validate-rhevm3 validate-chromium validate-firefox validate-jre
rpmroot:
mkdir -p $(RPMBUILD)/BUILD
mkdir -p $(RPMBUILD)/RPMS
mkdir -p $(RPMBUILD)/SOURCES
mkdir -p $(RPMBUILD)/SPECS
mkdir -p $(RPMBUILD)/SRPMS
mkdir -p $(RPMBUILD)/ZIPS
mkdir -p $(RPMBUILD)/BUILDROOT
tarball: rpmroot
# Copy in the source trees for both RHEL
# and JBossEAP5 content
mkdir -p $(RPMBUILD)/$(PKG)
cp BUILD.md Contributors.md LICENSE VERSION README.md $(RPMBUILD)/$(PKG)/
cp -r config/ $(RPMBUILD)/$(PKG)
cp -r docs/ $(RPMBUILD)/$(PKG)
cp -r shared/ $(RPMBUILD)/$(PKG)
cp -r --preserve=links --parents RHEL/5/ $(RPMBUILD)/$(PKG)
cp -r --preserve=links --parents RHEL/6/ $(RPMBUILD)/$(PKG)
cp -r --preserve=links --parents RHEL/7/ $(RPMBUILD)/$(PKG)
cp -r --preserve=links --parents Debian/8/ $(RPMBUILD)/$(PKG)
cp -r --preserve=links --parents WRLinux/ $(RPMBUILD)/$(PKG)
cp -r --preserve=links --parents Fedora/ $(RPMBUILD)/$(PKG)
cp -r --preserve=links --parents JRE/ $(RPMBUILD)/$(PKG)
cp -r --preserve=links --parents Firefox/ $(RPMBUILD)/$(PKG)
cp -r --preserve=links --parents Webmin/ $(RPMBUILD)/$(PKG)
cp -r --preserve=links --parents Chromium $(RPMBUILD)/$(PKG)
cp -r JBossEAP5 $(RPMBUILD)/$(PKG)
# Don't trust the developers, clean out the build
# environment before packaging
(cd $(RPMBUILD)/$(PKG)/RHEL/5/ && $(MAKE) clean)
(cd $(RPMBUILD)/$(PKG)/RHEL/6/ && $(MAKE) clean)
(cd $(RPMBUILD)/$(PKG)/RHEL/7/ && $(MAKE) clean)
(cd $(RPMBUILD)/$(PKG)/Debian/8/ && $(MAKE) clean)
(cd $(RPMBUILD)/$(PKG)/WRLinux/ && $(MAKE) clean)
(cd $(RPMBUILD)/$(PKG)/Fedora/ && $(MAKE) clean)
(cd $(RPMBUILD)/$(PKG)/Chromium/ && $(MAKE) clean)
(cd $(RPMBUILD)/$(PKG)/JRE/ && $(MAKE) clean)
(cd $(RPMBUILD)/$(PKG)/Firefox/ && $(MAKE) clean)
(cd $(RPMBUILD)/$(PKG)/Webmin/ && $(MAKE) clean)
# Create the source tar, copy it to TARBALL
# (e.g. somewhere in the SOURCES directory)
cd $(RPMBUILD) && tar -czf $(PKG).tar.gz $(PKG)
cp $(RPMBUILD)/$(PKG).tar.gz $(TARBALL)
zipfile: dist
# ZIP only contains source datastreams and kickstarts, people who
# want sources to build from should get the tarball instead.
rm -rf $(PKG)
mkdir $(PKG)
cp README.md $(PKG)/
cp Contributors.md $(PKG)/
cp LICENSE $(PKG)/
cp */dist/content/*-ds.xml $(PKG)/
cp */*/dist/content/*-ds.xml $(PKG)/
cp */*/*/dist/content/*-ds.xml $(PKG)/
mkdir $(PKG)/kickstart
cp RHEL/{6,7}/kickstart/*-ks.cfg $(PKG)/kickstart/
zip -r $(PKG).zip $(PKG)/
rm -r $(PKG)/
version-update:
@echo -e "\nUpdating $(RPM_SPEC) version, release, and changelog..."
sed -e s/__NAME__/$(PKGNAME)/ \
$(RPM_SPEC).in > $(RPM_SPEC)
sed -i s/__VERSION__/$(SSG_VERSION)/ \
$(RPM_SPEC)
sed -i s/__RELEASE__/$(SSG_RELEASE_VERSION)/ \
$(RPM_SPEC)
sed -i 's/__DATE__/$(SSG_RELEASE_DATE)/' \
$(RPM_SPEC)
sed -i 's/__REL_MANAGER__/$(SSG_REL_MANAGER)/' \
$(RPM_SPEC)
sed -i 's/__REL_MANAGER_MAIL__/$(SSG_REL_MANAGER_MAIL)/' \
$(RPM_SPEC)
srpm: tarball version-update
cat $(RPM_SPEC) > $(RPMBUILD)/SPECS/$(notdir $(RPM_SPEC))
@echo -e "\nBuilding $(PKGNAME) SRPM..."
cd $(RPMBUILD) && rpmbuild $(RPMBUILD_ARGS) --target=$(ARCH) -bs SPECS/$(notdir $(RPM_SPEC)) --nodeps
rpm: srpm
@echo -e "\nBuilding $(PKGNAME) RPM..."
cd $(RPMBUILD)/SRPMS && rpmbuild --rebuild --target=$(ARCH) $(RPMBUILD_ARGS) --buildroot $(RPMBUILD)/BUILDROOT -bb $(PKG)-$(SSG_RELEASE_VERSION)$(OS_DIST).src.rpm
git-tag:
@echo -e "\nUpdating $(RPM_SPEC) changelog to reflect new release"
sed -i '/\%changelog/{n;s/__DATE__/$(RPM_DATESTR)/}' $(RPM_SPEC).in
sed -i '/\%changelog/{n;s/__REL_MANAGER__/$(SSG_REL_MANAGER)/}' $(RPM_SPEC).in
sed -i '/\%changelog/{n;s/__REL_MANAGER_MAIL__/$(SSG_REL_MANAGER_MAIL)/}' $(RPM_SPEC).in
sed -i '/\%changelog/{n;s/__VERSION__/$(SSG_VERSION)/}' $(RPM_SPEC).in
sed -i '/\%changelog/{n;s/__RELEASE__/$(SSG_RELEASE_VERSION)/}' $(RPM_SPEC).in
sed -i '/new/{s/__VERSION__/$(SSG_VERSION)/}' $(RPM_SPEC).in
sed -i '/\%changelog/a\* __DATE__ __REL_MANAGER__ <__REL_MANAGER_MAIL__> __VERSION__-__RELEASE__\n- Make new __VERSION__ release\n' $(RPM_SPEC).in
@echo -e "\nTagging $(PKGNAME) to new release $(NEW_RELEASE)"
$(eval NEW_RELEASE:=$(shell git describe $(git rev-list --tags --max-count=1) | awk -F . '{printf "%s.%i.%i", $$1, $$2, $$3 + 1}' | sed 's/^.//'))
$(eval NEW_MINOR_RELEASE:=$(shell echo $(NEW_RELEASE) | awk -F . '{printf "%i", $$3}'))
@echo -e "\nUpdating VERSION to new minor release $(NEW_RELEASE)"
sed -i 's/SSG_MINOR_VERSION.*/SSG_MINOR_VERSION = $(NEW_MINOR_RELEASE)/' $(ROOT_DIR)/VERSION
sed -i 's/SSG_RELEASE_DATE.*/SSG_RELEASE_DATE = $(RPM_DATESTR)/' $(ROOT_DIR)/VERSION
@echo -e "\nTagging to new release $(NEW_RELEASE)"
git add $(RPM_SPEC).in $(ROOT_DIR)/VERSION
git commit -m "Make new $(NEW_RELEASE) release"
git tag -a -m "Version $(NEW_RELEASE)" v$(NEW_RELEASE)
clean:
rm -rf $(RPMBUILD)
rm -rf shared/output
cd RHEL/5 && $(MAKE) clean
cd RHEL/6 && $(MAKE) clean
cd RHEL/7 && $(MAKE) clean
cd Debian/8 && $(MAKE) clean
cd WRLinux && $(MAKE) clean
cd OpenStack/RHEL-OSP/7 && $(MAKE) clean
cd RHEVM3 && $(MAKE) clean
cd Fedora && $(MAKE) clean
cd JRE && $(MAKE) clean
cd Firefox && $(MAKE) clean
cd Webmin && $(MAKE) clean
cd Chromium && $(MAKE) clean
rm -f scap-security-guide.spec
install: dist
install -d $(PREFIX)/$(DATADIR)/xml/scap/ssg/content/
install -d $(PREFIX)/$(DATADIR)/scap-security-guide
install -d $(PREFIX)/$(DATADIR)/scap-security-guide/kickstart
install -d $(PREFIX)/$(MANDIR)/en/man8/
install -d $(PREFIX)/$(DOCDIR)/scap-security-guide/guides
install -m 0644 Fedora/dist/content/* $(PREFIX)/$(DATADIR)/xml/scap/ssg/content/
install -m 0644 Fedora/dist/guide/* $(PREFIX)/$(DOCDIR)/scap-security-guide/guides
install -m 0644 RHEL/6/dist/content/* $(PREFIX)/$(DATADIR)/xml/scap/ssg/content/
install -m 0644 shared/remediations/bash/templates/remediation_functions $(PREFIX)/$(DATADIR)/scap-security-guide/
install -m 0644 RHEL/6/kickstart/*-ks.cfg $(PREFIX)/$(DATADIR)/scap-security-guide/kickstart
install -m 0644 RHEL/7/kickstart/*-ks.cfg $(PREFIX)/$(DATADIR)/scap-security-guide/kickstart
install -m 0644 RHEL/6/dist/guide/* $(PREFIX)/$(DOCDIR)/scap-security-guide/guides
install -m 0644 RHEL/7/dist/content/* $(PREFIX)/$(DATADIR)/xml/scap/ssg/content/
install -m 0644 RHEL/7/dist/guide/* $(PREFIX)/$(DOCDIR)/scap-security-guide/guides
install -m 0644 OpenStack/RHEL-OSP/7/dist/content/* $(PREFIX)/$(DATADIR)/xml/scap/ssg/content/
install -m 0644 OpenStack/RHEL-OSP/7/dist/guide/* $(PREFIX)/$(DOCDIR)/scap-security-guide/guides
install -m 0644 Chromium/dist/content/* $(PREFIX)/$(DATADIR)/xml/scap/ssg/content/
install -m 0644 Chromium/dist/guide/* $(PREFIX)/$(DOCDIR)/scap-security-guide/guides
install -m 0644 Firefox/dist/content/* $(PREFIX)/$(DATADIR)/xml/scap/ssg/content/
install -m 0644 Firefox/dist/guide/* $(PREFIX)/$(DOCDIR)/scap-security-guide/guides
install -m 0644 JRE/dist/content/* $(PREFIX)/$(DATADIR)/xml/scap/ssg/content/
install -m 0644 JRE/dist/guide/* $(PREFIX)/$(DOCDIR)/scap-security-guide/guides
install -m 0644 Debian/8/dist/content/* $(PREFIX)/$(DATADIR)/xml/scap/ssg/content/
install -m 0644 Debian/8/dist/guide/* $(PREFIX)/$(DOCDIR)/scap-security-guide/guides
install -m 0644 WRLinux/dist/content/* $(PREFIX)/$(DATADIR)/xml/scap/ssg/content/
install -m 0644 WRLinux/dist/guide/* $(PREFIX)/$(DOCDIR)/scap-security-guide/guides
install -m 0644 docs/scap-security-guide.8 $(PREFIX)/$(MANDIR)/en/man8/
install -m 0644 LICENSE $(PREFIX)/$(DOCDIR)/scap-security-guide
install -m 0644 README.md $(PREFIX)/$(DOCDIR)/scap-security-guide
.PHONY: rhel5 rhel6 rhel7 rhel-osp7 debian8 wrlinux jre firefox webmin tarball srpm rpm clean all
rm -f scap-security-guide.spec