VERSION := $(shell git describe --tags --always --match "[0-9][0-9][0-9][0-9].*.*") MSI_VERSION := $(shell git tag -l --sort=v:refname | grep "w" | tail -1 | cut -c2-) #MSI_VERSION expects the format of the tag to be: (wX.X.X). Starts with the w character to not break cfsetup. #e.g. w3.0.1 or w4.2.10. It trims off the w character when creating the MSI. ifeq ($(ORIGINAL_NAME), true) # Used for builds that want FIPS compilation but want the artifacts generated to still have the original name. BINARY_NAME := cloudflared else ifeq ($(FIPS), true) # Used for FIPS compliant builds that do not match the case above. BINARY_NAME := cloudflared-fips else # Used for all other (non-FIPS) builds. BINARY_NAME := cloudflared endif ifeq ($(NIGHTLY), true) DEB_PACKAGE_NAME := $(BINARY_NAME)-nightly NIGHTLY_FLAGS := --conflicts cloudflared --replaces cloudflared else DEB_PACKAGE_NAME := $(BINARY_NAME) endif DATE := $(shell date -u '+%Y-%m-%d-%H%M UTC') VERSION_FLAGS := -X "main.Version=$(VERSION)" -X "main.BuildTime=$(DATE)" ifdef PACKAGE_MANAGER VERSION_FLAGS := $(VERSION_FLAGS) -X "github.com/cloudflare/cloudflared/cmd/cloudflared/updater.BuiltForPackageManager=$(PACKAGE_MANAGER)" endif LINK_FLAGS := ifeq ($(FIPS), true) LINK_FLAGS := -linkmode=external -extldflags=-static $(LINK_FLAGS) # Prevent linking with libc regardless of CGO enabled or not. GO_BUILD_TAGS := $(GO_BUILD_TAGS) osusergo netgo fips VERSION_FLAGS := $(VERSION_FLAGS) -X "main.BuildType=FIPS" endif LDFLAGS := -ldflags='$(VERSION_FLAGS) $(LINK_FLAGS)' ifneq ($(GO_BUILD_TAGS),) GO_BUILD_TAGS := -tags "$(GO_BUILD_TAGS)" endif IMPORT_PATH := github.com/cloudflare/cloudflared PACKAGE_DIR := $(CURDIR)/packaging PREFIX := /usr INSTALL_BINDIR := $(PREFIX)/bin/ INSTALL_MANDIR := $(PREFIX)/share/man/man1/ LOCAL_ARCH ?= $(shell uname -m) ifneq ($(GOARCH),) TARGET_ARCH ?= $(GOARCH) else ifeq ($(LOCAL_ARCH),x86_64) TARGET_ARCH ?= amd64 else ifeq ($(LOCAL_ARCH),amd64) TARGET_ARCH ?= amd64 else ifeq ($(LOCAL_ARCH),i686) TARGET_ARCH ?= amd64 else ifeq ($(shell echo $(LOCAL_ARCH) | head -c 5),armv8) TARGET_ARCH ?= arm64 else ifeq ($(LOCAL_ARCH),aarch64) TARGET_ARCH ?= arm64 else ifeq ($(LOCAL_ARCH),arm64) TARGET_ARCH ?= arm64 else ifeq ($(shell echo $(LOCAL_ARCH) | head -c 4),armv) TARGET_ARCH ?= arm else ifeq ($(LOCAL_ARCH),s390x) TARGET_ARCH ?= s390x else $(error This system's architecture $(LOCAL_ARCH) isn't supported) endif LOCAL_OS ?= $(shell go env GOOS) ifeq ($(LOCAL_OS),linux) TARGET_OS ?= linux else ifeq ($(LOCAL_OS),darwin) TARGET_OS ?= darwin else ifeq ($(LOCAL_OS),windows) TARGET_OS ?= windows else ifeq ($(LOCAL_OS),freebsd) TARGET_OS ?= freebsd else $(error This system's OS $(LOCAL_OS) isn't supported) endif ifeq ($(TARGET_OS), windows) EXECUTABLE_PATH=./$(BINARY_NAME).exe else EXECUTABLE_PATH=./$(BINARY_NAME) endif ifeq ($(FLAVOR), centos-7) TARGET_PUBLIC_REPO ?= el7 else TARGET_PUBLIC_REPO ?= $(FLAVOR) endif .PHONY: all all: cloudflared test .PHONY: clean clean: go clean .PHONY: cloudflared cloudflared: ifeq ($(FIPS), true) $(info Building cloudflared with go-fips) cp -f fips/fips.go.linux-amd64 cmd/cloudflared/fips.go endif GOOS=$(TARGET_OS) GOARCH=$(TARGET_ARCH) go build -v -mod=vendor $(GO_BUILD_TAGS) $(LDFLAGS) $(IMPORT_PATH)/cmd/cloudflared ifeq ($(FIPS), true) rm -f cmd/cloudflared/fips.go ./check-fips.sh cloudflared endif .PHONY: container container: docker build --build-arg=TARGET_ARCH=$(TARGET_ARCH) --build-arg=TARGET_OS=$(TARGET_OS) -t cloudflare/cloudflared-$(TARGET_OS)-$(TARGET_ARCH):"$(VERSION)" . .PHONY: test test: vet ifndef CI go test -v -mod=vendor -race $(LDFLAGS) ./... else @mkdir -p .cover go test -v -mod=vendor -race $(LDFLAGS) -coverprofile=".cover/c.out" ./... go tool cover -html ".cover/c.out" -o .cover/all.html endif .PHONY: test-ssh-server test-ssh-server: docker-compose -f ssh_server_tests/docker-compose.yml up define publish_package chmod 664 $(BINARY_NAME)*.$(1); \ for HOST in $(CF_PKG_HOSTS); do \ ssh-keyscan -t ecdsa $$HOST >> ~/.ssh/known_hosts; \ scp -p -4 $(BINARY_NAME)*.$(1) cfsync@$$HOST:/state/cf-pkg/staging/$(2)/$(TARGET_PUBLIC_REPO)/$(BINARY_NAME)/; \ done endef .PHONY: publish-deb publish-deb: cloudflared-deb $(call publish_package,deb,apt) .PHONY: publish-rpm publish-rpm: cloudflared-rpm $(call publish_package,rpm,yum) cloudflared.1: cloudflared_man_template cat cloudflared_man_template | sed -e 's/\$${VERSION}/$(VERSION)/; s/\$${DATE}/$(DATE)/' > cloudflared.1 install: cloudflared cloudflared.1 mkdir -p $(DESTDIR)$(INSTALL_BINDIR) $(DESTDIR)$(INSTALL_MANDIR) install -m755 cloudflared $(DESTDIR)$(INSTALL_BINDIR)/cloudflared install -m644 cloudflared.1 $(DESTDIR)$(INSTALL_MANDIR)/cloudflared.1 # When we build packages, the package name will be FIPS-aware. # But we keep the binary installed by it to be named "cloudflared" regardless. define build_package mkdir -p $(PACKAGE_DIR) cp cloudflared $(PACKAGE_DIR)/cloudflared cp cloudflared.1 $(PACKAGE_DIR)/cloudflared.1 fakeroot fpm -C $(PACKAGE_DIR) -s dir -t $(1) \ --description 'Cloudflare Tunnel daemon' \ --vendor 'Cloudflare' \ --license 'Apache License Version 2.0' \ --url 'https://github.com/cloudflare/cloudflared' \ -m 'Cloudflare ' \ -a $(TARGET_ARCH) -v $(VERSION) -n $(DEB_PACKAGE_NAME) $(NIGHTLY_FLAGS) --after-install postinst.sh --after-remove postrm.sh \ cloudflared=$(INSTALL_BINDIR) cloudflared.1=$(INSTALL_MANDIR) endef .PHONY: cloudflared-deb cloudflared-deb: cloudflared cloudflared.1 $(call build_package,deb) .PHONY: cloudflared-rpm cloudflared-rpm: cloudflared cloudflared.1 $(call build_package,rpm) .PHONY: cloudflared-pkg cloudflared-pkg: cloudflared cloudflared.1 $(call build_package,osxpkg) .PHONY: cloudflared-msi cloudflared-msi: cloudflared wixl --define Version=$(VERSION) --define Path=$(EXECUTABLE_PATH) --output cloudflared-$(VERSION)-$(TARGET_ARCH).msi cloudflared.wxs .PHONY: cloudflared-darwin-amd64.tgz cloudflared-darwin-amd64.tgz: cloudflared tar czf cloudflared-darwin-amd64.tgz cloudflared rm cloudflared .PHONY: cloudflared-junos cloudflared-junos: cloudflared jetez-certificate.pem jetez-key.pem jetez --source . \ -j jet.yaml \ --key jetez-key.pem \ --cert jetez-certificate.pem \ --version $(VERSION) rm jetez-*.pem jetez-certificate.pem: ifndef JETEZ_CERT $(error JETEZ_CERT not defined) endif @echo "Writing JetEZ certificate" @echo "$$JETEZ_CERT" > jetez-certificate.pem jetez-key.pem: ifndef JETEZ_KEY $(error JETEZ_KEY not defined) endif @echo "Writing JetEZ key" @echo "$$JETEZ_KEY" > jetez-key.pem .PHONY: publish-cloudflared-junos publish-cloudflared-junos: cloudflared-junos cloudflared-x86-64.latest.s3 ifndef S3_ENDPOINT $(error S3_HOST not defined) endif ifndef S3_URI $(error S3_URI not defined) endif ifndef S3_ACCESS_KEY $(error S3_ACCESS_KEY not defined) endif ifndef S3_SECRET_KEY $(error S3_SECRET_KEY not defined) endif sha256sum cloudflared-x86-64-$(VERSION).tgz | awk '{printf $$1}' > cloudflared-x86-64-$(VERSION).tgz.shasum s4cmd --endpoint-url $(S3_ENDPOINT) --force --API-GrantRead=uri=http://acs.amazonaws.com/groups/global/AllUsers \ put cloudflared-x86-64-$(VERSION).tgz $(S3_URI)/cloudflared-x86-64-$(VERSION).tgz s4cmd --endpoint-url $(S3_ENDPOINT) --force --API-GrantRead=uri=http://acs.amazonaws.com/groups/global/AllUsers \ put cloudflared-x86-64-$(VERSION).tgz.shasum $(S3_URI)/cloudflared-x86-64-$(VERSION).tgz.shasum dpkg --compare-versions "$(VERSION)" gt "$(shell cat cloudflared-x86-64.latest.s3)" && \ echo -n "$(VERSION)" > cloudflared-x86-64.latest && \ s4cmd --endpoint-url $(S3_ENDPOINT) --force --API-GrantRead=uri=http://acs.amazonaws.com/groups/global/AllUsers \ put cloudflared-x86-64.latest $(S3_URI)/cloudflared-x86-64.latest || \ echo "Latest version not updated" cloudflared-x86-64.latest.s3: s4cmd --endpoint-url $(S3_ENDPOINT) --force \ get $(S3_URI)/cloudflared-x86-64.latest cloudflared-x86-64.latest.s3 .PHONY: homebrew-upload homebrew-upload: cloudflared-darwin-amd64.tgz aws s3 --endpoint-url $(S3_ENDPOINT) cp --acl public-read $$^ $(S3_URI)/cloudflared-$$(VERSION)-$1.tgz aws s3 --endpoint-url $(S3_ENDPOINT) cp --acl public-read $(S3_URI)/cloudflared-$$(VERSION)-$1.tgz $(S3_URI)/cloudflared-stable-$1.tgz .PHONY: homebrew-release homebrew-release: homebrew-upload ./publish-homebrew-formula.sh cloudflared-darwin-amd64.tgz $(VERSION) homebrew-cloudflare .PHONY: github-release github-release: cloudflared python3 github_release.py --path $(EXECUTABLE_PATH) --release-version $(VERSION) .PHONY: github-release-built-pkgs github-release-built-pkgs: python3 github_release.py --path $(PWD)/built_artifacts --release-version $(VERSION) .PHONY: release-pkgs-linux release-pkgs-linux: python3 ./release_pkgs.py .PHONY: github-message github-message: python3 github_message.py --release-version $(VERSION) .PHONY: github-mac-upload github-mac-upload: python3 github_release.py --path artifacts/cloudflared-darwin-amd64.tgz --release-version $(VERSION) --name cloudflared-darwin-amd64.tgz python3 github_release.py --path artifacts/cloudflared-amd64.pkg --release-version $(VERSION) --name cloudflared-amd64.pkg .PHONY: tunnelrpc-deps tunnelrpc-deps: which capnp # https://capnproto.org/install.html which capnpc-go # go get zombiezen.com/go/capnproto2/capnpc-go capnp compile -ogo tunnelrpc/tunnelrpc.capnp .PHONY: quic-deps quic-deps: which capnp which capnpc-go capnp compile -ogo quic/schema/quic_metadata_protocol.capnp .PHONY: vet vet: go vet -mod=vendor ./... # go get github.com/sudarshan-reddy/go-sumtype (don't do this in build directory or this will cause vendor issues) # Note: If you have github.com/BurntSushi/go-sumtype then you might have to use the repo above instead # for now because it uses an older version of golang.org/x/tools. which go-sumtype go-sumtype $$(go list -mod=vendor ./...) .PHONY: goimports goimports: for d in $$(go list -mod=readonly -f '{{.Dir}}' -a ./... | fgrep -v tunnelrpc) ; do goimports -format-only -local github.com/cloudflare/cloudflared -w $$d ; done