Makefile

#########################################################################
# Multiplatform build and packaging recipes for BitmaskVPN
# (c) LEAP Encryption Access Project, 2019-2021
#########################################################################

.PHONY: all get build icon locales generate_locales clean check_qtifw HAS-qtifw relink_vendor fmt

XBUILD ?= no
RELEASE ?= no
QMAKE ?= qmake
LRELEASE ?= lrelease
SKIP_CACHECK ?= no
VENDOR_PATH ?= providers
APPNAME ?= $(shell VENDOR_PATH=${VENDOR_PATH} PROVIDER=${PROVIDER} branding/scripts/getparam appname | tail -n 1)
TARGET ?= $(shell VENDOR_PATH=${VENDOR_PATH} PROVIDER=${PROVIDER} branding/scripts/getparam binname | tail -n 1)
PROVIDER ?= $(shell grep ^'provider =' ${VENDOR_PATH}/vendor.conf | cut -d '=' -f 2 | cut -d ',' -f 1 | tr -d "[:space:]")
VERSION ?= $(shell git describe 2> /dev/null)
ifeq ($(VERSION),)
    VERSION := "unknown"
endif
WINCERTPASS ?= pass
OSXAPPPASS  ?= pass
OSXMORDORUID ?= uid

# go paths
GOPATH = $(shell go env GOPATH)
TARGET_GOLIB=lib/libgoshim.a
SOURCE_GOLIB=gui/backend.go
SOURCE_DIRS_GO = pkg cmd gui

# detect OS
UNAME = $(shell uname -s)
ifeq ($(OS), Windows_NT)
PLATFORM = windows
else
PLATFORM ?= $(shell echo ${UNAME} | awk "{print tolower(\$$0)}")
endif

QTBUILD = build/qt
INSTALLER = build/installer

# See https://stackoverflow.com/a/65120256 if you have problems validating the cert.
OSX_CERT="Apple Distribution: LEAP Encryption Access Project"

MACDEPLOYQT_OPTS = -appstore-compliant -always-overwrite -codesign="${OSX_CERT}"

ifeq ($(PLATFORM), darwin)
INST_ROOT =${INSTALLER}/packages/bitmaskvpn/data/
INST_DATA = ${INST_ROOT}/${APPNAME}.app/
else
INST_DATA = ${INSTALLER}/packages/bitmaskvpn/data/
endif

SCRIPTS = branding/scripts
TEMPLATES = branding/templates

OPENVPN_WINDOWS_INSTALLER = https://build.openvpn.net/downloads/releases/OpenVPN-2.6.6-I001-amd64.msi

ifeq ($(PLATFORM), linux)
HAS_QTIFW :=
else
HAS_QTIFW := $(shell command -v binarycreator)
endif
OPENVPN_BIN = "$(HOME)/openvpn_build/sbin/$(shell grep OPENVPN branding/thirdparty/openvpn/build_openvpn.sh | head -n 1 | cut -d = -f 2 | tr -d '"')"


#########################################################################
# go build
#########################################################################

.PHONY: allinone
allinone: clean vendor build

depends:
	-@${MAKE} depends$(UNAME)

dependsLinux:
	# install build dependencies (from branding/templates/debian/control-template)
	@sudo apt-get install -y golang make pkg-config g++ git libqt6svg6-dev qt6-tools-dev qt6-tools-dev-tools qt6-base-dev libqt6qml6 qt6-declarative-dev dh-golang libgl-dev qt6-declarative-dev-tools qt6-l10n-tools
	# install runtime dependencies (from branding/templates/debian/control-template)
	@sudo apt-get install -y libqt6core6 libqt6gui6 libqt6qml6 libqt6widgets6 libstdc++6 libqt6svg6 qml6-module-qtquick qml6-module-qtquick-controls qml6-module-qtquick-dialogs qml6-module-qtquick-layouts qml6-module-qtqml-workerscript qml6-module-qtquick-templates qml6-module-qt-labs-settings qml6-module-qtquick-window qml6-module-qt-labs-platform qml6-module-qtcore qml6-module-qt5compat-graphicaleffects openvpn policykit-1-gnome python3 iptables
	# needed to build debian package
	@sudo apt-get install -y devscripts fakeroot
	@${MAKE} -C docker deps
	@# debian needs also: snap install snapcraft --classic; snap install  multipass --beta --classic

dependsDarwin:
	@brew install git golang make qt5
	#@brew install --default-names gnu-sed
	@brew link qt5

dependsCYGWIN_NT-10.0:
	@echo
	@echo "==================================WARNING=================================="
	@echo "You need to install all dependencies manually, please see README.md!"
	@echo "==================================WARNING=================================="
	@echo

ifeq ($(PLATFORM), darwin)
EXTRA_FLAGS = MACOSX_DEPLOYMENT_TARGET=10.10 GOOS=darwin CC=clang
else
EXTRA_FLAGS =
endif

ifeq ($(PLATFORM), windows)
EXTRA_GO_LDFLAGS = "-H=windowsgui"
endif

ifeq ($(PLATFORM), windows)
PKGFILES = $(wildcard "pkg/*") # syntax err in windows with find
else
PKGFILES = $(shell find pkg -type f -name '*.go')
endif

lib/%.a: $(PKGFILES)
	@XBUILD=no CC=${CC} VENDOR_PATH=${VENDOR_PATH} CXX=${CXX} MAKE=${MAKE} AR=${AR} LD=${LD} VERSION=${VERSION} ./gui/build.sh --just-golib

# FIXME move platform detection above! no place to uname here, just use $PLATFORM
#
MINGGW =
ifeq ($(UNAME), MINGW64_NT-10.0)
MINGW = yes
endif
ifeq ($(UNAME), MINGW64_NT-10.0-19042)
MINGW = yes
endif

relink_vendor:
	@echo "============RELINK VENDOR============="
	@echo "PLATFORM: ${PLATFORM} (${UNAME})"
	@echo "VENDOR_PATH: ${VENDOR_PATH}"
	@echo "PROVIDER: ${PROVIDER}"
ifeq ($(PLATFORM), windows)
	@rm -rf providers/assets
ifeq ($(VENDOR_PATH), providers)
	@cp -r providers/${PROVIDER}/assets providers/assets || true
endif # end windows
else # not windows: linux/osx
ifeq ($(VENDOR_PATH), providers)
	@-unlink providers/assets
	@ln -s ${PROVIDER}/assets providers/assets || true
endif
endif
	@echo "============RELINK VENDOR============="

build_golib: lib/libgoshim.a

build_gui: build_golib relink_vendor
	@echo "==============BUILD GUI==============="
	@echo "TARGET: ${TARGET}"
	@echo "VENDOR_PATH: ${VENDOR_PATH}"
	@XBUILD=no CC=${CC} CXX=${CXX} MAKE=${MAKE} AR=${AR} LD=${LD} LRELEASE=${LRELEASE} TARGET=${TARGET} VENDOR_PATH=${VENDOR_PATH} APPNAME=${APPNAME} gui/build.sh --skip-golib
	@echo "============BUILD GUI================="

build: build_helper build_gui

build_helper:
ifeq ($(PLATFORM), darwin)
	# no helper needed for linux, we use polkit/bitmask-root
	# no helper needed for windows, use openvpn interective service
	@echo "=============BUILDER HELPER==========="
	@echo "PLATFORM: ${PLATFORM}"
	@echo "APPNAME: ${APPNAME}"
	@echo "VERSION: ${VERSION}"
	@echo "EXTRA_GO_LDFLAGS: ${EXTRA_GO_LDFLAGS}"
	@mkdir -p build/bin/${PLATFORM}
	@go build -o build/bin/${PLATFORM}/bitmask-helper -ldflags "-X main.AppName=${APPNAME} -X main.Version=${VERSION} ${EXTRA_GO_LDFLAGS}" ./cmd/bitmask-helper/
	@echo "===========BUILDER HELPER============="
endif

build_openvpn:
	@[ -f $(OPENVPN_BIN) ] && echo "OpenVPN already built at" $(OPENVPN_BIN) || ./branding/thirdparty/openvpn/build_openvpn.sh

dosign:
ifeq (${PLATFORM}, windows)
	"c:\windows\system32\rcedit.exe" ${QTBUILD}/release/${TARGET}.exe --set-file-version ${VERSION}
	"c:\windows\system32\rcedit.exe" ${QTBUILD}/release/${TARGET}.exe --set-product-version ${VERSION}
	"c:\windows\system32\rcedit.exe" ${QTBUILD}/release/${TARGET}.exe --set-version-string CompanyName "LEAP Encryption Access Project"
	"c:\windows\system32\rcedit.exe" ${QTBUILD}/release/${TARGET}.exe --set-version-string FileDescription "${APPNAME}"
	"c:\windows\system32\signtool.exe" sign -debug -f "z:\leap\LEAP.pfx" -p ${WINCERTPASS} ${QTBUILD}/release/${TARGET}.exe
endif

checksign:
ifeq (${PLATFORM}, windows)
ifeq (${RELEASE}, yes)
	@sigcheck.exe ${QTBUILD}/release/${TARGET}.exe
endif
endif

installer: check_qtifw checksign
	@mkdir -p ${INST_DATA}
	@cp -r ${TEMPLATES}/qtinstaller/packages ${INSTALLER}
	@cp LICENSE ${INSTALLER}/packages/bitmaskvpn/meta/LICENSE.txt
	@cp -r ${TEMPLATES}/qtinstaller/installer.pro ${INSTALLER}
	@cp -r ${TEMPLATES}/qtinstaller/config ${INSTALLER}
	@cp ${VENDOR_PATH}/assets/icon.ico ${INSTALLER}/config/installer-icon.ico
	@cp ${VENDOR_PATH}/assets/icon.icns ${INSTALLER}/config/installer-icon.icns
	@cp ${VENDOR_PATH}/assets/installer-logo.png ${INSTALLER}/config/installer-logo.png
ifeq (${PLATFORM}, darwin)
	@mkdir -p ${INST_DATA}/helper
	@VERSION=${VERSION} VENDOR_PATH=${VENDOR_PATH} ${SCRIPTS}/gen-qtinstaller osx ${INSTALLER}
	@cp "${TEMPLATES}/osx/bitmask.pf.conf" ${INST_DATA}helper/bitmask.pf.conf
	@cp "${TEMPLATES}/osx/client.up.sh" ${INST_DATA}/
	@cp "${TEMPLATES}/osx/client.down.sh" ${INST_DATA}/
	@go build -ldflags='-w -s' -o "${INST_ROOT}/post-install" "${TEMPLATES}/qtinstaller/osx-data/post-install.go"
	@[ -f $(OPENVPN_BIN) ] && echo "OpenVPN already built at" $(OPENVPN_BIN) || ./branding/thirdparty/openvpn/build_openvpn.sh
	@cp $(OPENVPN_BIN) ${INST_DATA}/openvpn.leap
	@cp build/bin/${PLATFORM}/bitmask-helper ${INST_DATA}/
ifeq (${RELEASE}, yes)
	@echo "[+] Running macdeployqt (release mode)"
	@macdeployqt ${QTBUILD}/release/${PROVIDER}-vpn.app -qmldir=gui/components ${MACDEPLOYQT_OPTS}
else
	@echo "[+] Running macdeployqt (debug mode)"
	@macdeployqt ${QTBUILD}/release/${PROVIDER}-vpn.app -qmldir=gui/components
endif
	@cp -r "${QTBUILD}/release/${TARGET}.app"/ ${INST_DATA}/
endif
ifeq (${PLATFORM}, windows)
	@wget ${OPENVPN_WINDOWS_INSTALLER} -O ${INST_DATA}/openvpn-installer.msi
	@VERSION=${VERSION} VENDOR_PATH=${VENDOR_PATH} ${SCRIPTS}/gen-qtinstaller windows ${INSTALLER}
ifeq (${VENDOR_PATH}, providers)
	@cp ${VENDOR_PATH}/${PROVIDER}/assets/icon.ico ${INST_DATA}/icon.ico
else
	@cp ${VENDOR_PATH}/assets/icon.ico ${INST_DATA}/icon.ico
endif
	@cp ${QTBUILD}/release/${TARGET}.exe ${INST_DATA}${TARGET}.exe
ifeq (${RELEASE}, yes)
	@windeployqt --qmldir gui/components ${INST_DATA}${TARGET}.exe
else
	@windeployqt --qmldir gui/components ${INST_DATA}${TARGET}.exe
endif
	# XXX this is a workaround for missing libs after windeployqt ---
	@cp $(shell cygpath $(shell ${QMAKE} -query 'QT_INSTALL_BINS'))/libgcc_s_seh-1.dll ${INST_DATA}
	@cp $(shell cygpath $(shell ${QMAKE} -query 'QT_INSTALL_BINS'))/libstdc++-6.dll ${INST_DATA}
	@cp $(shell cygpath $(shell ${QMAKE} -query 'QT_INSTALL_BINS'))/libwinpthread-1.dll ${INST_DATA}
	@cp -r $(shell cygpath $(shell ${QMAKE} -query 'QT_INSTALL_QML')) ${INST_DATA}
endif
ifeq (${PLATFORM}, linux)
	@VERSION=${VERSION} ${SCRIPTS}/gen-qtinstaller linux ${INSTALLER}
endif
	@echo "[+] All templates, binaries and libraries copied to build/installer."
	@echo "[+] Now building the installer."
	@cd build/installer && ${QMAKE} VENDOR_PATH=${VENDOR_PATH} INSTALLER=${APPNAME}-installer-${VERSION} && ${MAKE}

sign_installer:
ifeq (${PLATFORM}, windows)
	# TODO add flag to skip signing for regular builds
	"c:\windows\system32\signtool.exe" sign -f "z:\leap\LEAP.pfx" -p ${WINCERTPASS} build/installer/${APPNAME}-installer-${VERSION}.exe
endif
ifeq (${PLATFORM}, darwin)
	gsed -i "s/com.yourcompany.installerbase/se.leap.bitmask.${TARGET}/g" build/installer/${APPNAME}-installer-${VERSION}.app/Contents/Info.plist
	codesign -s ${OSX_CERT} --options "runtime" build/installer/${APPNAME}-installer-${VERSION}.app
	ditto -ck --rsrc --sequesterRsrc build/installer/${APPNAME}-installer-${VERSION}.app build/installer/${APPNAME}-installer-${VERSION}.zip
endif

notarize_all:
	APPNAME=${APPNAME} VERSION=${VERSION} TARGET=${TARGET} OSXAPPPASS=${OSXAPPPASS} branding/scripts/osx-stapler.sh

# --------------------
# TODO test and remove

notarize_installer:
# courtesy of https://skyronic.com/2019/07/app-notarization-for-qt-applications/
ifeq (${PLATFORM}, darwin)
	xcrun altool --notarize-app -t osx -f build/installer/${APPNAME}-installer-${VERSION}.zip --primary-bundle-id="se.leap.bitmask.${TARGET}" -u "info@leap.se" -p ${OSXAPPPASS}
endif

notarize_check:
ifeq (${PLATFORM}, darwin)
	xcrun altool --notarization-info ${OSXMORDORUID} -u "info@leap.se" -p ${OSXAPPPASS}
endif

notarize_staple:
ifeq (${PLATFORM}, darwin)
	xcrun stapler staple build/installer/${APPNAME}-installer-${VERSION}.app
endif

create_dmg:
ifeq (${PLATFORM}, darwin)
	@create-dmg deploy/${APPNAME}-${VERSION}.dmg build/installer/${APPNAME}-installer-${VERSION}.app
endif
# --------------------



check_qtifw:
ifdef HAS_QTIFW
	@echo "[+] Found QTIFW"
else
	$(error "[!] Cannot find QTIFW. Please install it and add it to your PATH")
endif

clean:
	@rm -rf lib/*
	@rm -rf build/
ifeq ($(PLATFORM), windows)
	# Need to use unlink on Windows for permission reasons
	@-unlink branding/assets/default
else
	@rm -rf branding/assets/default
endif
	@cd ArchLinux && rm -rf bitmask-vpn pkg src *.tar.zst


########################################################################
# tests
#########################################################################

qmllint:
	@qmllint gui/*.qml
	@qmllint gui/components/*.qml

qmlfmt:
	# needs https://github.com/jesperhh/qmlfmt in your path
	@qmlfmt -w gui/qml/*.qml

test:
	@go test -tags "integration $(TAGS)" ./pkg/...

fmt:
	@gofmt -s -w $(SOURCE_DIRS_GO)

.PHONY: lint
lint:
	golangci-lint run  --timeout=5m

test_ui: build_golib
	@${QMAKE} -o tests/Makefile test.pro
	@${MAKE} -C tests clean
	@${MAKE} -C tests
ifeq ($(PLATFORM), windows)
	@./tests/build/test_ui.exe
else
	@./tests/build/test_ui
endif


#########################################################################
# packaging templates
#########################################################################

bump_snap:
	@sed -i 's/^version:.*$$/version: ${VERSION}/' snap/snapcraft.yaml
	@sed -i 's/^.*echo .*version.txt$$/        echo ${VERSION} > $$SNAPCRAFT_PRIME\/snap\/version.txt/' snap/snapcraft.yaml

local_snap:
	# just to be able to debug stuff locally in the same way as it's really built @canonical
	# but multipass is the way to go, nowadays
	@snapcraft --debug --use-lxd

vendor_init:
	@VENDOR_PATH=${VENDOR_PATH} ./branding/scripts/init

vendor_check:
	@VENDOR_PATH=${VENDOR_PATH} ./branding/scripts/check ${PROVIDER}
ifeq (${SKIP_CACHECK}, no)
	@VENDOR_PATH=${VENDOR_PATH} ${SCRIPTS}/check-ca-crt ${PROVIDER}
endif

vendor: gen_providers_json prepare_templates gen_pkg_snap gen_pkg_deb

gen_providers_json:
	@VENDOR_PATH=${VENDOR_PATH} branding/scripts/gen-providers-json gui/providers/providers.json

prepare_templates: tgz
	@mkdir -p build/${PROVIDER}/bin/ deploy
	@cp ${TEMPLATES}/makefile/Makefile build/${PROVIDER}/Makefile
	@VERSION=${VERSION} VENDOR_PATH=${VENDOR_PATH} ${SCRIPTS}/generate-vendor-make build/${PROVIDER}/vendor.mk

TGZ_NAME = bitmask-vpn_${VERSION}-src
TGZ_PATH = ./build/${TGZ_NAME}
tgz:
	@mkdir -p $(TGZ_PATH)
	git archive HEAD | tar -x -C $(TGZ_PATH)
	@cd build/ && tar czf bitmask-vpn_$(VERSION).tgz ${TGZ_NAME} && cd ..
	@rm -rf $(TGZ_PATH)


gen_pkg_deb:
ifeq (${PLATFORM}, linux)
	@mkdir -p build/${PROVIDER}/
	@cp -r ${TEMPLATES}/debian build/${PROVIDER}
	@VERSION=${VERSION} VENDOR_PATH=${VENDOR_PATH} ${SCRIPTS}/generate-debian build/${PROVIDER}/debian/data.json
ifeq (${VENDOR_PATH}, providers)
	@mkdir -p build/${PROVIDER}/debian/icons/scalable && cp ${VENDOR_PATH}/${PROVIDER}/assets/icon.png build/${PROVIDER}/debian/icons/scalable/${TARGET}.png
else
	@mkdir -p build/${PROVIDER}/debian/icons/scalable && cp ${VENDOR_PATH}/assets/icon.png build/${PROVIDER}/debian/icons/scalable/${TARGET}.png
endif
	@cd build/${PROVIDER}/debian && python3 generate.py
	@cd build/${PROVIDER}/debian && rm app.desktop-template changelog-template rules-template control-template generate.py data.json && chmod +x rules
	@cd build/${PROVIDER}/debian && mv app.desktop ${TARGET}.desktop && mv app.install ${TARGET}.install && rm -f app.install-template && \
	rm -rf source/include-binaries-template
endif

gen_pkg_snap:
ifeq (${PLATFORM}, linux)
	@mkdir -p build/${PROVIDER}
	@cp -r ${TEMPLATES}/snap build/${PROVIDER}
	@VERSION=${VERSION} VENDOR_PATH=${VENDOR_PATH} ${SCRIPTS}/generate-snap build/${PROVIDER}/snap/data.json
	@cp pkg/pickle/helpers/se.leap.bitmask.snap.policy build/${PROVIDER}/snap/local/pre/
	@cp pkg/pickle/helpers/bitmask-root build/${PROVIDER}/snap/local/pre/
	@cd build/${PROVIDER}/snap && python3 generate.py
	@rm build/${PROVIDER}/snap/data.json build/${PROVIDER}/snap/snapcraft-template.yaml
	@mkdir -p build/${PROVIDER}/snap/gui
ifeq (${VENDOR_PATH}, providers)
	@cp ${VENDOR_PATH}/${PROVIDER}/assets/icon.svg build/${PROVIDER}/snap/gui/icon.svg
	@cp ${VENDOR_PATH}/${PROVIDER}/assets/icon.png build/${PROVIDER}/snap/gui/${PROVIDER}-vpn.png
else
	@cp ${VENDOR_PATH}/assets/icon.svg build/${PROVIDER}/snap/gui/icon.svg
	@cp ${VENDOR_PATH}/assets/icon.png build/${PROVIDER}/snap/gui/${PROVIDER}-vpn.png
endif
	@rm build/${PROVIDER}/snap/generate.py
endif


#########################################################################
# packaging action
#########################################################################
run:
	./build/qt/release/riseup-vpn

builder_image:
	@${MAKE} -C docker build

packages: package_deb package_snap package_osx package_win

package_win_release: build dosign installer sign_installer

package_win: build installer

package_snap_in_docker:
	@${MAKE} -C docker package_snap

package_snap:
	@-unlink snap
	@cp build/${PROVIDER}/snap/local/${TARGET}.desktop build/${PROVIDER}/snap/gui/
	@ln -s build/${PROVIDER}/snap snap
	@${MAKE} -C build/${PROVIDER} pkg_snap

prepare_deb:
	@${MAKE} -C build/${PROVIDER} prepare_deb

package_deb:
	@${MAKE} -C build/${PROVIDER} pkg_deb

package_arch:
	grep -q "Arch Linux" /etc/os-release || (echo "Arch Linux system is required to build the Arch Linux package" && exit 1)
	# at least the makepkg binary is mandatory, makepkg is part pacman package
	(cd ArchLinux && makepkg --syncdeps --noconfirm)

sign_artifact:
	@find ${FILE} -type f -not -name "*.asc" -print0 | xargs -0 -n1 -I{} sha256sum -b "{}" | sed 's/*deploy\///' > ${FILE}.sha256
	@gpg --clear-sign --armor ${FILE}.sha256

upload_artifact:
	scp ${FILE} downloads.leap.se:./
	scp ${FILE}.sha256.asc downloads.leap.se:./


#########################################################################
# icons & locales
#########################################################################

icon:
	@${MAKE} -C icon


LANGS ?= $(foreach path,$(wildcard gui/i18n/main_*.ts),$(patsubst gui/i18n/main_%.ts,%,$(path)))

locales: $(foreach lang,$(LANGS),get_$(lang))

generate_locales:
	@lupdate bitmask.pro

get_%:
	@curl -L -X GET --user "api:${API_TOKEN}" "https://www.transifex.com/api/2/project/bitmask/resource/bitmask-desktop/translation/${subst -,_,$*}/?file" > gui/i18n/main_$*.ts