mirror of
https://github.com/gravitational/teleport
synced 2024-10-21 01:34:01 +00:00
9cfc25a390
When building binaries locally, they get linked against a local version of libc. This makes the resulting binary change based on which machine it was built on. By always building in docker, we use the libc version from the build container, so at least it's predictable. Ensure main Makefile dependencies are correctly spelled-out so that `make image` doesn't use stale local binaries. Binaries should always get rebuilt, with docker.
455 lines
13 KiB
Makefile
455 lines
13 KiB
Makefile
# Make targets:
|
|
#
|
|
# all : builds all binaries in development mode, without web assets (default)
|
|
# full : builds all binaries for PRODUCTION use
|
|
# release: prepares a release tarball
|
|
# clean : removes all buld artifacts
|
|
# test : runs tests
|
|
|
|
# To update the Teleport version, update VERSION variable:
|
|
# Naming convention:
|
|
# for stable releases we use "1.0.0" format
|
|
# for pre-releases, we use "1.0.0-beta.2" format
|
|
VERSION=4.2.2-alpha.1
|
|
|
|
DOCKER_IMAGE ?= quay.io/gravitational/teleport
|
|
|
|
# These are standard autotools variables, don't change them please
|
|
BUILDDIR ?= build
|
|
BINDIR ?= /usr/local/bin
|
|
DATADIR ?= /usr/local/share/teleport
|
|
ADDFLAGS ?=
|
|
PWD ?= `pwd`
|
|
GOPKGDIR ?= `go env GOPATH`/pkg/`go env GOHOSTOS`_`go env GOARCH`/github.com/gravitational/teleport*
|
|
TELEPORT_DEBUG ?= no
|
|
GITTAG=v$(VERSION)
|
|
BUILDFLAGS ?= $(ADDFLAGS) -ldflags '-w -s'
|
|
CGOFLAG ?= CGO_ENABLED=1
|
|
GO_LINTERS ?= "unused,govet,typecheck,deadcode,goimports,varcheck,structcheck,bodyclose"
|
|
|
|
OS ?= $(shell go env GOOS)
|
|
ARCH ?= $(shell go env GOARCH)
|
|
FIPS ?=
|
|
RELEASE=teleport-$(GITTAG)-$(OS)-$(ARCH)-bin
|
|
|
|
# FIPS support must be requested at build time.
|
|
FIPS_MESSAGE := "without FIPS support"
|
|
ifneq ("$(FIPS)","")
|
|
FIPS_TAG := fips
|
|
FIPS_MESSAGE := "with FIPS support"
|
|
endif
|
|
|
|
# PAM support will only be built into Teleport if headers exist at build time.
|
|
PAM_MESSAGE := "without PAM support"
|
|
ifneq ("$(wildcard /usr/include/security/pam_appl.h)","")
|
|
PAM_TAG := pam
|
|
PAM_MESSAGE := "with PAM support"
|
|
endif
|
|
|
|
# BPF support will only be built into Teleport if headers exist at build time.
|
|
BPF_MESSAGE := "without BPF support"
|
|
ifneq ("$(wildcard /usr/include/bcc/libbpf.h)","")
|
|
BPF_TAG := bpf
|
|
BPF_MESSAGE := "with BPF support"
|
|
endif
|
|
|
|
# On Windows only build tsh. On all other platforms build teleport, tctl,
|
|
# and tsh.
|
|
BINARIES=$(BUILDDIR)/teleport $(BUILDDIR)/tctl $(BUILDDIR)/tsh
|
|
RELEASE_MESSAGE := "Building with GOOS=$(OS) GOARCH=$(ARCH) and $(PAM_MESSAGE) and $(FIPS_MESSAGE) and $(BPF_MESSAGE)."
|
|
ifeq ("$(OS)","windows")
|
|
BINARIES=$(BUILDDIR)/tsh
|
|
endif
|
|
|
|
VERSRC = version.go gitref.go
|
|
|
|
KUBECONFIG ?=
|
|
TEST_KUBE ?=
|
|
export
|
|
|
|
#
|
|
# 'make all' builds all 3 executables and places them in the current directory.
|
|
#
|
|
# IMPORTANT: the binaries will not contain the web UI assets and `teleport`
|
|
# won't start without setting the environment variable DEBUG=1
|
|
# This is the default build target for convenience of working on
|
|
# a web UI.
|
|
.PHONY: all
|
|
all: $(VERSRC)
|
|
@echo "---> Building OSS binaries."
|
|
$(MAKE) $(BINARIES)
|
|
|
|
# By making these 3 targets below (tsh, tctl and teleport) PHONY we are solving
|
|
# several problems:
|
|
# * Build will rely on go build internal caching https://golang.org/doc/go1.10 at all times
|
|
# * Manual change detection was broken on a large dependency tree
|
|
# If you are considering changing this behavior, please consult with dev team first
|
|
.PHONY: $(BUILDDIR)/tctl
|
|
$(BUILDDIR)/tctl:
|
|
GOOS=$(OS) GOARCH=$(ARCH) $(CGOFLAG) go build -tags "$(PAM_TAG) $(FIPS_TAG) $(BPF_TAG)" -o $(BUILDDIR)/tctl $(BUILDFLAGS) ./tool/tctl
|
|
|
|
.PHONY: $(BUILDDIR)/teleport
|
|
$(BUILDDIR)/teleport: ensure-webassets
|
|
GOOS=$(OS) GOARCH=$(ARCH) $(CGOFLAG) go build -tags "$(PAM_TAG) $(FIPS_TAG) $(BPF_TAG)" -o $(BUILDDIR)/teleport $(BUILDFLAGS) ./tool/teleport
|
|
|
|
.PHONY: $(BUILDDIR)/tsh
|
|
$(BUILDDIR)/tsh:
|
|
GOOS=$(OS) GOARCH=$(ARCH) $(CGOFLAG) go build -tags "$(PAM_TAG) $(FIPS_TAG)" -o $(BUILDDIR)/tsh $(BUILDFLAGS) ./tool/tsh
|
|
|
|
#
|
|
# make full - Builds Teleport binaries with the built-in web assets and
|
|
# places them into $(BUILDDIR). On Windows, this target is skipped because
|
|
# only tsh is built.
|
|
#
|
|
.PHONY:full
|
|
full: all $(BUILDDIR)/webassets.zip
|
|
ifneq ("$(OS)", "windows")
|
|
@echo "---> Attaching OSS web assets."
|
|
cat $(BUILDDIR)/webassets.zip >> $(BUILDDIR)/teleport
|
|
rm -fr $(BUILDDIR)/webassets.zip
|
|
zip -q -A $(BUILDDIR)/teleport
|
|
endif
|
|
|
|
#
|
|
# make clean - Removed all build artifacts.
|
|
#
|
|
.PHONY: clean
|
|
clean:
|
|
@echo "---> Cleaning up OSS build artifacts."
|
|
rm -rf $(BUILDDIR)
|
|
-go clean -cache
|
|
rm -rf $(GOPKGDIR)
|
|
rm -rf teleport
|
|
rm -rf *.gz
|
|
rm -rf *.zip
|
|
rm -f gitref.go
|
|
|
|
#
|
|
# make release - Produces a binary release tarball.
|
|
#
|
|
.PHONY:
|
|
export
|
|
release:
|
|
@echo "---> $(RELEASE_MESSAGE)"
|
|
ifeq ("$(OS)", "windows")
|
|
$(MAKE) --no-print-directory release-windows
|
|
else
|
|
$(MAKE) --no-print-directory release-unix
|
|
endif
|
|
|
|
#
|
|
# make release-unix - Produces a binary release tarball containing teleport,
|
|
# tctl, and tsh.
|
|
#
|
|
.PHONY:
|
|
release-unix: clean full
|
|
@echo "---> Creating OSS release archive."
|
|
mkdir teleport
|
|
cp -rf $(BUILDDIR)/* \
|
|
examples \
|
|
build.assets/install\
|
|
README.md \
|
|
CHANGELOG.md \
|
|
teleport/
|
|
echo $(GITTAG) > teleport/VERSION
|
|
tar -czf $(RELEASE).tar.gz teleport
|
|
rm -rf teleport
|
|
@echo "---> Created $(RELEASE).tar.gz."
|
|
@if [ -f e/Makefile ]; then $(MAKE) -C e release; fi
|
|
|
|
#
|
|
# make release-windows - Produces a binary release tarball containing teleport,
|
|
# tctl, and tsh.
|
|
#
|
|
.PHONY:
|
|
release-windows: clean all
|
|
@echo "---> Creating OSS release archive."
|
|
mkdir teleport
|
|
cp -rf $(BUILDDIR)/* \
|
|
README.md \
|
|
CHANGELOG.md \
|
|
teleport/
|
|
mv teleport/tsh teleport/tsh.exe
|
|
echo $(GITTAG) > teleport/VERSION
|
|
zip -9 -y -r -q $(RELEASE).zip teleport/
|
|
rm -rf teleport/
|
|
@echo "---> Created $(RELEASE).zip."
|
|
|
|
#
|
|
# Builds docs using containerized mkdocs
|
|
#
|
|
.PHONY:docs
|
|
docs:
|
|
$(MAKE) -C build.assets docs
|
|
|
|
#
|
|
# Runs the documentation site inside a container on localhost with live updates
|
|
# Convenient for editing documentation.
|
|
#
|
|
.PHONY:run-docs
|
|
run-docs:
|
|
$(MAKE) -C build.assets run-docs
|
|
|
|
#
|
|
# tests everything: called by Jenkins
|
|
#
|
|
.PHONY: test
|
|
test: ensure-webassets
|
|
test: FLAGS ?= '-race'
|
|
test: PACKAGES := $(shell go list ./... | grep -v integration)
|
|
test: $(VERSRC)
|
|
go test -tags "$(PAM_TAG) $(FIPS_TAG) $(BPF_TAG)" $(PACKAGES) $(FLAGS) $(ADDFLAGS)
|
|
|
|
#
|
|
# Integration tests. Need a TTY to work.
|
|
#
|
|
.PHONY: integration
|
|
integration: FLAGS ?= -v -race
|
|
integration:
|
|
@echo KUBECONFIG is: $(KUBECONFIG), TEST_KUBE: $(TEST_KUBE)
|
|
go test -tags "$(PAM_TAG) $(FIPS_TAG) $(BPF_TAG)" ./integration/... $(FLAGS)
|
|
|
|
#
|
|
# Lint the Go code.
|
|
# By default lint scans the entire repo. Pass FLAGS='--new' to only scan local
|
|
# changes (or last commit).
|
|
#
|
|
.PHONY: lint
|
|
lint: FLAGS ?=
|
|
lint:
|
|
golangci-lint run \
|
|
--disable-all \
|
|
--exclude-use-default \
|
|
--skip-dirs vendor \
|
|
--uniq-by-line=false \
|
|
--max-same-issues=0 \
|
|
--max-issues-per-linter 0 \
|
|
--timeout=5m \
|
|
--enable $(GO_LINTERS) \
|
|
$(FLAGS)
|
|
|
|
# This rule triggers re-generation of version.go and gitref.go if Makefile changes
|
|
$(VERSRC): Makefile
|
|
VERSION=$(VERSION) $(MAKE) -f version.mk setver
|
|
|
|
# make tag - prints a tag to use with git for the current version
|
|
# To put a new release on Github:
|
|
# - bump VERSION variable
|
|
# - run make setver
|
|
# - commit changes to git
|
|
# - build binaries with 'make release'
|
|
# - run `make tag` and use its output to 'git tag' and 'git push --tags'
|
|
.PHONY: tag
|
|
tag:
|
|
@echo "Run this:\n> git tag $(GITTAG)\n> git push --tags"
|
|
|
|
|
|
# build/webassets.zip archive contains the web assets (UI) which gets
|
|
# appended to teleport binary
|
|
$(BUILDDIR)/webassets.zip:
|
|
ifneq ("$(OS)", "windows")
|
|
@echo "---> Building OSS web assets."
|
|
cd webassets/teleport/ ; zip -qr ../../$(BUILDDIR)/webassets.zip .
|
|
endif
|
|
|
|
.PHONY: test-package
|
|
test-package: remove-temp-files
|
|
go test -v ./$(p)
|
|
|
|
.PHONY: test-grep-package
|
|
test-grep-package: remove-temp-files
|
|
go test -v ./$(p) -check.f=$(e)
|
|
|
|
.PHONY: cover-package
|
|
cover-package: remove-temp-files
|
|
go test -v ./$(p) -coverprofile=/tmp/coverage.out
|
|
go tool cover -html=/tmp/coverage.out
|
|
|
|
.PHONY: profile
|
|
profile:
|
|
go tool pprof http://localhost:6060/debug/pprof/profile
|
|
|
|
.PHONY: sloccount
|
|
sloccount:
|
|
find . -path ./vendor -prune -o -name "*.go" -print0 | xargs -0 wc -l
|
|
|
|
.PHONY: remove-temp-files
|
|
remove-temp-files:
|
|
find . -name flymake_* -delete
|
|
|
|
# Dockerized build: useful for making Linux releases on OSX
|
|
.PHONY:docker
|
|
docker:
|
|
make -C build.assets build
|
|
|
|
# Dockerized build: useful for making Linux binaries on OSX
|
|
.PHONY:docker-binaries
|
|
docker-binaries:
|
|
make -C build.assets build-binaries
|
|
|
|
# Interactively enters a Docker container (which you can build and run Teleport inside of)
|
|
.PHONY:enter
|
|
enter:
|
|
make -C build.assets enter
|
|
|
|
PROTOC_VER ?= 3.6.1
|
|
GOGO_PROTO_TAG ?= v1.1.1
|
|
PLATFORM := linux-x86_64
|
|
BUILDBOX_TAG := teleport-grpc-buildbox:0.0.1
|
|
|
|
# buildbox builds docker buildbox image used to compile binaries and generate GRPc stuff
|
|
.PHONY: buildbox
|
|
buildbox:
|
|
cd build.assets/grpc && docker build \
|
|
--build-arg PROTOC_VER=$(PROTOC_VER) \
|
|
--build-arg GOGO_PROTO_TAG=$(GOGO_PROTO_TAG) \
|
|
--build-arg PLATFORM=$(PLATFORM) \
|
|
-t $(BUILDBOX_TAG) .
|
|
|
|
# proto generates GRPC defs from service definitions
|
|
.PHONY: grpc
|
|
grpc: buildbox
|
|
docker run -v $(shell pwd):/go/src/github.com/gravitational/teleport $(BUILDBOX_TAG) make -C /go/src/github.com/gravitational/teleport buildbox-grpc
|
|
|
|
# proto generates GRPC stuff inside buildbox
|
|
.PHONY: buildbox-grpc
|
|
buildbox-grpc:
|
|
# standard GRPC output
|
|
echo $$PROTO_INCLUDE
|
|
find lib/ -iname *.proto | xargs clang-format -i -style='{ColumnLimit: 100, IndentWidth: 4, Language: Proto}'
|
|
|
|
cd lib/events && protoc -I=.:$$PROTO_INCLUDE \
|
|
--gofast_out=plugins=grpc:.\
|
|
*.proto
|
|
|
|
cd lib/services && protoc -I=.:$$PROTO_INCLUDE \
|
|
--gofast_out=plugins=grpc:.\
|
|
*.proto
|
|
|
|
cd lib/auth/proto && protoc -I=.:$$PROTO_INCLUDE \
|
|
--gofast_out=plugins=grpc:.\
|
|
*.proto
|
|
|
|
cd lib/wrappers && protoc -I=.:$$PROTO_INCLUDE \
|
|
--gofast_out=plugins=grpc:.\
|
|
*.proto
|
|
|
|
.PHONY: goinstall
|
|
goinstall:
|
|
go install $(BUILDFLAGS) \
|
|
github.com/gravitational/teleport/tool/tsh \
|
|
github.com/gravitational/teleport/tool/teleport \
|
|
github.com/gravitational/teleport/tool/tctl
|
|
|
|
# make install will installs system-wide teleport
|
|
.PHONY: install
|
|
install: build
|
|
@echo "\n** Make sure to run 'make install' as root! **\n"
|
|
cp -f $(BUILDDIR)/tctl $(BINDIR)/
|
|
cp -f $(BUILDDIR)/tsh $(BINDIR)/
|
|
cp -f $(BUILDDIR)/teleport $(BINDIR)/
|
|
mkdir -p $(DATADIR)
|
|
|
|
|
|
# Docker image build. Always build the binaries themselves within docker (see
|
|
# the "docker" rule) to avoid dependencies on the host libc version.
|
|
.PHONY: image
|
|
image: docker-binaries
|
|
cp ./build.assets/charts/Dockerfile $(BUILDDIR)/
|
|
cd $(BUILDDIR) && docker build --no-cache . -t $(DOCKER_IMAGE):$(VERSION)
|
|
if [ -f e/Makefile ]; then $(MAKE) -C e image; fi
|
|
|
|
.PHONY: publish
|
|
publish: image
|
|
docker push $(DOCKER_IMAGE):$(VERSION)
|
|
if [ -f e/Makefile ]; then $(MAKE) -C e publish; fi
|
|
|
|
.PHONY: print-version
|
|
print-version:
|
|
@echo $(VERSION)
|
|
|
|
.PHONY: chart-ent
|
|
chart-ent:
|
|
$(MAKE) -C e chart
|
|
|
|
RUNTIME_SECTION ?=
|
|
TARBALL_PATH_SECTION ?=
|
|
|
|
ifneq ("$(RUNTIME)", "")
|
|
RUNTIME_SECTION := -r $(RUNTIME)
|
|
endif
|
|
ifneq ("$(OSS_TARBALL_PATH)", "")
|
|
TARBALL_PATH_SECTION := -s $(OSS_TARBALL_PATH)
|
|
endif
|
|
|
|
# build .pkg
|
|
.PHONY: pkg
|
|
pkg:
|
|
cp ./build.assets/build-package.sh $(BUILDDIR)/
|
|
chmod +x $(BUILDDIR)/build-package.sh
|
|
# arch and runtime are currently ignored on OS X
|
|
# we pass them through for consistency - they will be dropped by the build script
|
|
cd $(BUILDDIR) && ./build-package.sh -t oss -v $(VERSION) -p pkg -a $(ARCH) $(RUNTIME_SECTION) $(TARBALL_PATH_SECTION)
|
|
if [ -f e/Makefile ]; then $(MAKE) -C e pkg; fi
|
|
|
|
# build tsh client-only .pkg
|
|
.PHONY: pkg-tsh
|
|
pkg-tsh:
|
|
cp ./build.assets/build-package.sh $(BUILDDIR)/
|
|
chmod +x $(BUILDDIR)/build-package.sh
|
|
# arch and runtime are currently ignored on OS X
|
|
# we pass them through for consistency - they will be dropped by the build script
|
|
cd $(BUILDDIR) && ./build-package.sh -t oss -v $(VERSION) -p pkg -a $(ARCH) -m tsh $(RUNTIME_SECTION) $(TARBALL_PATH_SECTION)
|
|
|
|
# build .rpm
|
|
.PHONY: rpm
|
|
rpm:
|
|
cp ./build.assets/build-package.sh $(BUILDDIR)/
|
|
chmod +x $(BUILDDIR)/build-package.sh
|
|
cd $(BUILDDIR) && ./build-package.sh -t oss -v $(VERSION) -p rpm -a $(ARCH) $(RUNTIME_SECTION) $(TARBALL_PATH_SECTION)
|
|
if [ -f e/Makefile ]; then $(MAKE) -C e rpm; fi
|
|
|
|
# build .deb
|
|
.PHONY: deb
|
|
deb:
|
|
cp ./build.assets/build-package.sh $(BUILDDIR)/
|
|
chmod +x $(BUILDDIR)/build-package.sh
|
|
cd $(BUILDDIR) && ./build-package.sh -t oss -v $(VERSION) -p deb -a $(ARCH) $(RUNTIME_SECTION) $(TARBALL_PATH_SECTION)
|
|
if [ -f e/Makefile ]; then $(MAKE) -C e deb; fi
|
|
|
|
# update Helm chart versions
|
|
# this isn't a 'proper' semver regex but should cover most cases
|
|
# the order of parameters in sed's extended regex mode matters; the
|
|
# dash (-) must be the last character for this to work as expected
|
|
.PHONY: update-helm-charts
|
|
update-helm-charts:
|
|
sed -i -E "s/^ tag: [a-z0-9.-]+$$/ tag: $(VERSION)/" examples/chart/teleport/values.yaml
|
|
sed -i -E "s/^teleportVersion: [a-z0-9.-]+$$/teleportVersion: $(VERSION)/" examples/chart/teleport-demo/values.yaml
|
|
|
|
.PHONY: ensure-webassets
|
|
ensure-webassets:
|
|
@if [ ! -d $(shell pwd)/webassets/teleport/ ]; then \
|
|
$(MAKE) init-webapps-submodules; \
|
|
fi;
|
|
|
|
.PHONY: ensure-webassets-e
|
|
ensure-webassets-e:
|
|
@if [ ! -d $(shell pwd)/webassets/e/teleport ]; then \
|
|
$(MAKE) init-webapps-submodules-e; \
|
|
fi;
|
|
|
|
.PHONY: init-webapps-submodules
|
|
init-webapps-submodules:
|
|
echo "init webassets submodule"
|
|
git submodule update --init webassets
|
|
|
|
.PHONY: init-webapps-submodules-e
|
|
init-webapps-submodules-e:
|
|
echo "init webassets oss and enterprise submodules"
|
|
git submodule update --init --recursive webassets
|
|
|
|
.PHONY: init-submodules-e
|
|
init-submodules-e: init-webapps-submodules-e
|
|
git submodule init e
|
|
git submodule update
|