-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMakefile
More file actions
95 lines (73 loc) · 3.1 KB
/
Copy pathMakefile
File metadata and controls
95 lines (73 loc) · 3.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# dezhban build matrix.
#
# Each OS backend is isolated behind build tags (pf/darwin, nftables/linux,
# wf/windows), so every target compiles only its own backend. The version is
# stamped into the binary via -ldflags; nothing else is linked in (macOS still
# shells out to the system `pfctl` at runtime).
BINARY := dezhban
PKG := ./cmd/dezhban
DIST := dist
VERSION ?= $(shell git describe --tags --always --dirty 2>/dev/null || echo dev)
LDFLAGS := -ldflags "-X main.version=$(VERSION)"
# Build matrix: GOOS/GOARCH pairs -> output name.
PLATFORMS := \
darwin/arm64 \
darwin/amd64 \
linux/amd64 \
linux/arm64 \
windows/amd64
# Config used by the dev-loop targets. Override on the command line, e.g.
# make rules CONFIG=configs/dezhban.vpn-guard.json
CONFIG ?= configs/dezhban.local.json
MODE ?= guard
.PHONY: build vet test build-all clean lint \
run-dry validate rules doctor \
install-local reinstall uninstall-local panic \
gui-macos
build: ## Build for the host platform into ./$(BINARY)
go build $(LDFLAGS) -o $(BINARY) $(PKG)
vet: ## Static checks
go vet ./...
test: ## Run all tests
go test ./...
lint: ## golangci-lint if installed, else gofmt + vet
@if command -v golangci-lint >/dev/null 2>&1; then \
golangci-lint run; \
else \
echo "golangci-lint not found; running gofmt + go vet"; \
test -z "$$(gofmt -l .)" || { echo "gofmt needed:"; gofmt -l .; exit 1; }; \
go vet ./...; \
fi
# --- dev loop (no root) -----------------------------------------------------
run-dry: ## Build + run the monitor in dry-run (no firewall touch)
CONFIG=$(CONFIG) sh scripts/dev.sh
validate: ## Load + validate CONFIG without side effects
go run $(PKG) validate --config $(CONFIG)
rules: ## Print the ruleset for MODE (guard|fullblock|legacy) without applying
go run $(PKG) print-rules --mode $(MODE) --config $(CONFIG)
doctor: ## Diagnose VPN guard config (add ARGS=--discover on macOS)
go run $(PKG) doctor --config $(CONFIG) $(ARGS)
# --- service lifecycle (sudo) ----------------------------------------------
install-local: ## Validate, build, install config + service, start it
CONFIG=$(CONFIG) sh scripts/install-local.sh
reinstall: ## Tear down then install fresh
CONFIG=$(CONFIG) sh scripts/reinstall.sh
uninstall-local: ## Panic-teardown rules, unregister service, remove config (KEEP_CONFIG=1 to keep)
sh scripts/uninstall-local.sh
panic: ## Force-remove dezhban's rules (lockout escape hatch)
sh scripts/panic.sh
build-all: ## Cross-compile every platform into ./$(DIST)
@mkdir -p $(DIST)
@for p in $(PLATFORMS); do \
os=$${p%/*}; arch=$${p#*/}; \
ext=; [ "$$os" = windows ] && ext=.exe; \
out=$(DIST)/$(BINARY)-$$os-$$arch$$ext; \
echo "building $$out ($(VERSION))"; \
GOOS=$$os GOARCH=$$arch CGO_ENABLED=0 go build $(LDFLAGS) -o $$out $(PKG) || exit 1; \
done
@echo "done -> $(DIST)/"
# --- macOS menubar GUI (separate Swift toolchain; not part of build-all) -----
gui-macos: ## Build the macOS menubar app into ./$(DIST)/Dezhban.app (macOS only)
sh macos-gui/build-app.sh $(abspath $(DIST))
clean: ## Remove build artifacts
rm -rf $(DIST) $(BINARY) macos-gui/.build