#################################################### # 2003-01-13 http://spfilter.sourceforge.net/ # http://mirror.openrbl.org/spfilter/code/Makefile #################################################### # # experimental spfilter Makefile # install and update public-key, xml-configuration and spfilter.pl # # - this file is all you need to get spfilter running on your box # - depends on wget, bunzip2, gpg, gpgv and perl in $PATH # # new install: copy into new empty directory and run 'make all' # update: copy into directory of spfilter and run 'make update' # #################################################### # # usage: make [ help | all | update | test | clean ] # # individual targets: (still experiental, may change any time) # # pubkey: fetch pubkey from keyserver (if not exists) # keyring: generate spfilter-keyring.gpg from public key # crypto: all of above # # hierarchy: create ./cache, ./outdir and ./publish # xmlconf: update ./spfilter-config.xml (unconditional) # config: all of above # # update: fetch new spfilter-config.pl and spfilter.pl # verify: verify spfilter-config.pl and spfilter.pl signatures # test: verify and build a small blacklist (RECOMMENDED!) # # help: display built-in manpage (RTFM!) # #################################################### ## need to get that into the fs-standard # prefix = /usr/local # bindir = ${prefix}/bin # exec_prefix = ${prefix} # mandir = ${prefix}/man8 ## datadir = ${prefix}/lib # datadir = ${prefix}/etc ## statedir = ${prefix}/lib # statedir = ./cache VERSION = 0.59 ## uncomment for additional output # VERBOSE = --verbose ## %ENV should look like: # PATH=/bin:/usr/bin:/usr/local/bin # SHELL=/bin/sh # LC_ALL=C # TZ=UTC PUBKEY = spfilter-pubkey.asc KEYID = 26BDCEF3 KEYFP = 984C 6100 1C0E 5813 4077 6C48 051F C28D 26BD CEF3 # URL_PUBKEY = http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x${KEYID} URL_PUBKEY = http://search.keyserver.net:11371/pks/lookup?op=get&search=0x${KEYID} KEYRING = spfilter-keyring.gpg GPG ?= gpg # GPG ?= gnupg GPG_ARGS = ${VERBOSE} --no-secmem-warning --no-options --no-default-keyring --keyring ./${KEYRING} GPG_IMPORT = --import ./${PUBKEY} # could as well use: ... --recv-keys --keyserver search.keyserver.net 0x${KEYID} GPGV = gpgv ${VERBOSE} --keyring ./${KEYRING} XMLCONF = spfilter-config.xml URL_XMLCONF = http://spfilter.openrbl.org/code/${XMLCONF}.bz2 # URL_XMLCONF = http://mirror.bliab.com/spfilter/${XMLCONF}.bz2 SPFILTER = spfilter.pl URL_SPFILTER = http://spfilter.openrbl.org/code/${SPFILTER}.bz2 # URL_SPFILTER = http://mirror.bliab.com/spfilter/${SPFILTER}.bz2 SUBDIRS = ./cache ./outdir # PUBDIRS = ./publish ./publish/input ./publish/diff ./publish/output WGET ?= wget -nv ${VERBOSE} -T 30 -U "${MAKE} (spfilter/${VERSION})" -O - # WGET ?= fetch -T 30 -o - BUNZIP ?= bunzip2 ${VERBOSE} -f # backup-extension, comment out to disable (should be safe) BAK = bak .MAIN : usage .PATH : /bin /usr/bin /usr/local/bin # .PHONY : all xmlconf spfilter update verify all : hierarchy crypto config spfilter pubkey : ${PUBKEY} keyring : ${KEYRING} crypto : ${PUBKEY} ${KEYRING} config : ${KEYRING} ${XMLCONF} verify-config spfilter: ${KEYRING} ${SPFILTER} verify-spfilter update : ${KEYRING} update-backup ${XMLCONF} verify-config ${SPFILTER} verify-spfilter verify : ${KEYRING} verify-config verify-spfilter test : verify blacklist ######################################## usage : @echo "*" @echo "* spfilter Makefile usage:" @echo "*" @echo "* make all: fetch, build and verify public-key and spfilter" @echo "* make update: fetch new spfilter-config.xml and spfilter.pl" @echo "* make test: verify signatures and build small blacklist" @echo "* make help: display built-in manpage, authors welcome" @echo "*" help : ${SPFILTER} perldoc ./${SPFILTER} ######################################## hierarchy : - mkdir ${SUBDIRS} ${XMLCONF} : @if [ "${BAK}" -a -s ${XMLCONF} ]; then cp -fpv ${XMLCONF} ${XMLCONF}.${BAK}; fi @${WGET} "${URL_XMLCONF}" >${XMLCONF}.bz2 && ${BUNZIP} ${XMLCONF}.bz2 ${SPFILTER} : ${XMLCONF} @if [ "${BAK}" -a -s ${SPFILTER} ]; then cp -fpv ${SPFILTER} ${SPFILTER}.${BAK}; fi @${WGET} "${URL_SPFILTER}" >${SPFILTER}.bz2 && ${BUNZIP} ${SPFILTER}.bz2 blacklist : @echo "try building small blacklist" perl ./${SPFILTER} -v -k ./${KEYRING} -f octets,bind TEST_LIST @echo "* TEST_LIST build successful, check ./chache and ./outdir" ######################################## # crypto stuff, fetch pubkey from keyserver, build local keyring ${PUBKEY} : @if [ "${BAK}" -a -s ${PUBKEY} ]; then cp -fpv ${PUBKEY} ${PUBKEY}.${BAK}; fi # ${WGET} "${URL_PUBKEY}" | grep -a -v '<' >${PUBKEY} ${WGET} "${URL_PUBKEY}" >${PUBKEY}.tmp || (echo "fetching ${PUBKEY} failed"; exit 1) grep -a -v '<' ${PUBKEY}.tmp >${PUBKEY} && rm ${PUBKEY}.tmp ${KEYRING} : ${PUBKEY} @if [ "${BAK}" -a -s /${KEYRING} ]; then mv -f -v ${KEYRING} ${KEYRING}.${BAK}; fi ${GPG} ${GPG_ARGS} ${GPG_IMPORT} @if [ -f ${KEYRING}~ -a ! -s ${KEYRING}~ ]; then rm ${KEYRING}~; fi chmod 0600 ${KEYRING} && touch ${KEYRING} @${GPG} ${GPG_ARGS} --fingerprint @echo "* public key successful imported , please compare id: ${KEYID}" @echo "* and fingerprint: ${KEYFP}" ######################################## # verify not complete, might have bad code in the first two lines verify-config : ${XMLCONF} @if [ ! -s ${XMLCONF} ]; then echo "* please run 'make config' or 'make all' first"; exit 1; fi @head -n 3 ${XMLCONF} | grep --line-regexp -e "-----BEGIN PGP SIGNED MESSAGE-----" @tail -n 9 ${XMLCONF} | grep --line-regexp -e "-----BEGIN PGP SIGNATURE-----" @tail -n 3 ${XMLCONF} | grep --line-regexp -e "-----END PGP SIGNATURE-----" ${GPGV} ${XMLCONF} @echo "* ${XMLCONF} verified, please compare id: ${KEYID}" verify-spfilter : ${SPFILTER} @if [ ! -s ${SPFILTER} ]; then echo "* please run 'make spfilter' or 'make all' first"; exit 1; fi @head -n 3 ${SPFILTER} | grep --line-regexp -e "-----BEGIN PGP SIGNED MESSAGE-----" @tail -n 8 ${SPFILTER} | grep --line-regexp -e "-----BEGIN PGP SIGNATURE-----" @tail -n 2 ${SPFILTER} | grep --line-regexp -e "-----END PGP SIGNATURE-----" ${GPGV} ${SPFILTER} @echo "* ${SPFILTER} verified, please compare id: ${KEYID}" ######################################## # move files out of the way for update update-backup : @echo "* moving files to *.bak" @if [ -f ${XMLCONF} ]; then mv ${XMLCONF} ${XMLCONF}.bak; fi @if [ -f ${SPFILTER} ]; then mv ${SPFILTER} ${SPFILTER}.bak; fi ########################################