代码拉取完成,页面将自动刷新
同步操作将从 openEuler/safeguard 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
SHELL := /bin/bash -o pipefail
KERNEL_ARCH := $(shell uname -m | sed 's/x86_64/x86/')
BPF_BUILDDIR := pkg/bpf/bytecode
INCLUDES :=
BASEDIR = $(abspath)
OUTPUT = ./output
LIBBPF_SRC = $(abspath libbpf/src)
LIBBPF_OBJ = $(abspath $(OUTPUT)/libbpf.a)
LIBBPF_OBJDIR = $(abspath ./$(OUTPUT)/libbpf)
LIBBPF_DESTDIR = $(abspath ./$(OUTPUT))
LLVM_STRIP ?= $(shell which llvm-strip || which llvm-strip-12)
CLANG_BPF_SYS_INCLUDES := `shell $(CLANG) -v -E - </dev/null 2>&1 | sed -n '/<...> search starts here:/,/End of search list./{ s| \(/.*\)|-idirafter \1|p }'`
CGOFLAG = CGO_CFLAGS="-I$(abspath $(OUTPUT))" CGO_LDFLAGS="-lelf -lz $(LIBBPF_OBJ)"
.PHONY: libbpf-static
libbpf-static: $(LIBBPF_SRC) $(wildcard $(LIBBPF_SRC)/*.[ch])
cp -r libbpf output/
CC="gcc" CFLAGS="-g -O2 -Wall -fpie" \
$(MAKE) -C $(LIBBPF_SRC) \
BUILD_STATIC_ONLY=1 \
OBJDIR=$(LIBBPF_OBJDIR) \
DESTDIR=$(LIBBPF_DESTDIR) \
INCLUDEDIR= LIBDIR= UAPIDIR= install
$(BPF_BUILDDIR):
mkdir -p $(BPF_BUILDDIR)
$(BPF_BUILDDIR)/%.bpf.o: pkg/bpf/c/%.bpf.c $(wildcard bpf/*.h) | $(BPF_BUILDDIR)
clang -g -O2 -target bpf -D__TARGET_ARCH_$(KERNEL_ARCH) $(INCLUDES) $(CLANG_BPF_SYS_INCLUDES) -c $(filter %.c,$^) -o $@
$(LLVM_STRIP) -g $@ # strip useless DWARF info
.PHONY: bpf-restricted-network
bpf-restricted-network: $(BPF_BUILDDIR)/restricted-network.bpf.o
.PHONY: bpf-restricted-file
bpf-restricted-file: $(BPF_BUILDDIR)/restricted-file.bpf.o
.PHONY: bpf-restricted-mount
bpf-restricted-mount: $(BPF_BUILDDIR)/restricted-mount.bpf.o
.PHONY: bpf-restricted-process
bpf-restricted-process: $(BPF_BUILDDIR)/restricted-process.bpf.o
.PHONY: vmlinux
vmlinux:
$(shell bpftool btf dump file /sys/kernel/btf/vmlinux format c > vmlinux.h)
.PHONY: build
build: bpf-restricted-network bpf-restricted-file bpf-restricted-mount bpf-restricted-process
mkdir -p build
$(CGOFLAG) go build -tags netgo -ldflags '-w -s -extldflags "-static"' -o build/safeguard cmd/safeguard/safeguard.go
.PHONY: build/docker
build/docker:
sudo docker build -t ghcr.io/mrtc0/bouheki:latest .
.PHONY: test/unit
test/unit: bpf-restricted-network bpf-restricted-file bpf-restricted-mount bpf-restricted-process
which gotestsum || go install gotest.tools/gotestsum@latest
$(CGOFLAG) sudo -E gotestsum -- --mod=vendor -bench=^$$ -race ./...
.PHONY: test
test: bpf-restricted-network bpf-restricted-file bpf-restricted-mount bpf-restricted-process
which gotestsum || go install gotest.tools/gotestsum@latest
$(CGOFLAG) sudo -E gotestsum -- --tags=integration --mod=vendor -bench=^$$ -race ./...
.PHONY: test/integration/specify
test/integration/specify: bpf-restricted-network bpf-restricted-file bpf-restricted-mount bpf-restricted-process
which gotestsum || go install gotest.tools/gotestsum@latest
$(CGOFLAG) sudo -E go test -tags integration -run ${NAME} ./...
.PHONY: release/local
release/local: build build/docker
CGO_CFLAGS="-I$(abspath $(OUTPUT))" CGO_LDFLAGS="-lelf -lz $(LIBBPF_OBJ)" goreleaser release --snapshot --rm-dist
.PHONY: release
release: build build/docker
CGO_CFLAGS="-I$(abspath $(OUTPUT))" CGO_LDFLAGS="-lelf -lz $(LIBBPF_OBJ)" goreleaser release --rm-dist
sudo docker push ghcr.io/mrtc0/bouheki:latest
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手