Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-ports
Path: blob/main/dns/dnsmasq/Makefile
18878 views
PORTNAME=	dnsmasq
DISTVERSION=	2.91
# Leave the PORTREVISION in even if 0 to avoid accidental PORTEPOCH bumps:
PORTREVISION=	2
PORTEPOCH=	1
CATEGORIES=	dns
MASTER_SITES=	https://www.thekelleys.org.uk/dnsmasq/ \
		LOCAL/mandree/

MAINTAINER=	[email protected]
COMMENT=	Lightweight DNS forwarder, DHCP, and TFTP server
WWW=		https://www.thekelleys.org.uk/dnsmasq/doc.html

LICENSE=	GPLv2

USES=		compiler cpe shebangfix tar:xz
CPE_VENDOR=	thekelleys

SHEBANG_FILES=	contrib/dnslist/dnslist.pl \
		contrib/dynamic-dnsmasq/dynamic-dnsmasq.pl

MAKE_ARGS=	CC="${CC}" \
		CFLAGS="${CFLAGS}" \
		COPTS="${CFLAGS}" \
		LIBS="${LDFLAGS}" \
		PREFIX="${PREFIX}" \
		RPM_OPT_FLAGS="${CPPFLAGS}"
CFLAGS+=	-Wall
# https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
# Note there are ${ARCH}-dependent options below after .include <bsd.port.pre.mk>
# Note that these are enforced for now (2025-09-16), and we can't subject them to PIE/FORTIFY/SSP_UNSAFE or WITHOUT_ options for now.
CFLAGS+=	-Wall -Wformat -Wformat=2 \
		-Werror=format-security \
		-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 \
		-fstrict-flex-arrays=3 \
		-fstack-clash-protection -fstack-protector-strong \
		-fno-delete-null-pointer-checks -fno-strict-overflow \
		-fno-strict-aliasing -ftrivial-auto-var-init=zero
LDFLAGS+=	-Wl,-z,nodlopen -Wl,-z,noexecstack \
		-Wl,-z,relro -Wl,-z,now \
		-Wl,--as-needed -Wl,--no-copy-dt-needed-entries
CFLAGS+=	-fPIE
LDFLAGS+=	-pie
# error on obsolete C constructs
CFLAGS+=	-Werror=implicit -Werror=incompatible-pointer-types \
		-Werror=int-conversion
# tune down harmless warnings due to coding style
CFLAGS+=	-Wno-unused-function -Wno-unused-parameter \
		-Wno-unused-value -Wno-unused-variable -Wno-format-nonliteral
CPPFLAGS+=	-I${LOCALBASE}/include

CONFLICTS_INSTALL=	dnsmasq-devel

SUB_FILES=	pkg-message

PORTDOCS=	CHANGELOG CHANGELOG.archive FAQ doc.html setup.html

OPTIONS_DEFINE=		DBUS DNSSEC DOCS IPSET IPV6 LUA
OPTIONS_DEFAULT=	DNSSEC IPSET
OPTIONS_RADIO=		INTL
OPTIONS_RADIO_INTL=	IDN NLS
OPTIONS_EXCLUDE+=	EXAMPLES

DNSSEC_DESC=	Enable DNSSEC caching and validation (needs nettle)
IDN_DESC=	IDN: Int'l Domain Names WITHOUT full NLS
INTL_DESC=	Internationalization Support Level
IPSET_DESC=	Dynamic firewall management of resolved names (needs PF)
LUA_DESC=	Support lease-change scripts written in Lua
NLS_DESC=	IDN+NLS: Int'l Domain Names & National Language support

IPSET_CFLAGS_OFF=	-DNO_IPSET
IPV6_CFLAGS_OFF=	-DNO_IPV6

.include <bsd.port.options.mk>

.if ${PORT_OPTIONS:MNLS}
USES+=		gettext gmake iconv pkgconfig
CFLAGS+=	-DHAVE_LIBIDN2
LIB_DEPENDS+=	libidn2.so:dns/libidn2
PLIST_SUB+=	NLS=""
ALL_TARGET=	all-i18n
_intllibs=	-lidn2 -lintl
.else
_intllibs=
PLIST_SUB+=	NLS="@comment "
.if ${PORT_OPTIONS:MIDN}
USES+=		iconv
CFLAGS+=	-DHAVE_LIBIDN2
LIB_DEPENDS+=	libidn2.so:dns/libidn2
_intllibs+=	-lidn2
.endif
.endif

.if ${PORT_OPTIONS:MDBUS}
LIB_DEPENDS+=	libdbus-1.so:devel/dbus
USES+=		pkgconfig
CPPFLAGS+=	`pkg-config --cflags dbus-1`
CFLAGS+=	-DHAVE_DBUS
LDFLAGS+=	`pkg-config --libs dbus-1`
.endif

.if ${PORT_OPTIONS:MLUA}
CPPFLAGS+=	-I${LUA_INCDIR}
CFLAGS+=	-DHAVE_LUASCRIPT
LDFLAGS+=	-L${LUA_LIBDIR} -llua-${LUA_VER}
USES+=		lua pkgconfig
.endif

.if ${PORT_OPTIONS:MDNSSEC}
CFLAGS+=	-DHAVE_DNSSEC -I${LOCALBASE}/include
USES+=		pkgconfig
LIB_DEPENDS+=	libgmp.so:math/gmp \
		libnettle.so:security/nettle
.endif

USE_RC_SUBR=	dnsmasq

.include <bsd.port.pre.mk>

# https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
.if ${ARCH} == "amd64"
CFLAGS+=	-fcf-protection=full
.endif
.if ${ARCH} == "aarch64"
CFLAGS+=	-mbranch-protection=standard
.endif
.if ${CHOSEN_COMPILER_TYPE} == "gcc"
CFLAGS+=	-Wtrampolines
.endif

LDFLAGS+=	-L${LOCALBASE}/lib ${_intllibs} ${ICONV_LIB}

post-patch:
	${REINPLACE_CMD} -e '/^LUA /s/lua/lua-${LUA_VER}/' ${WRKSRC}/Makefile

pre-configure: pretty-print-config
.if ${PORT_OPTIONS:MIDN}
.if empty(PORT_OPTIONS:MNLS)
	@if ${READELF} -d ${LOCALBASE}/lib/libidn2.so \
		| ${EGREP} -q '\<NEEDED\>.*\[libintl\.so' ; \
	then ${ECHO} ; ${ECHO} 'WARNING: dns/libidn2 was compiled with NLS support!' ; \
	${ECHO} 'Recompile libidn2 WITHOUT_NLS to get rid of NLS dependencies.' ; ${ECHO} ; \
	fi
.else
	@${ECHO} 'WARNING: IDN and NLS enabled, building IDN WITH NLS.'
.endif
.endif

do-install:
	${INSTALL_PROGRAM} ${WRKSRC}/src/dnsmasq ${STAGEDIR}${PREFIX}/sbin
	${INSTALL_DATA} ${WRKSRC}/dnsmasq.conf.example ${STAGEDIR}${PREFIX}/etc/dnsmasq.conf.sample
	${REINPLACE_CMD} -i '' 's}%%PREFIX%%}${PREFIX}}' ${STAGEDIR}${PREFIX}/etc/dnsmasq.conf.sample
	${INSTALL_MAN} ${WRKSRC}/man/${PORTNAME}.8 ${STAGEDIR}${PREFIX}/share/man/man8
	${MKDIR} ${STAGEDIR}${DATADIR}
	${INSTALL_DATA} ${WRKSRC}/trust-anchors.conf ${STAGEDIR}${DATADIR}/
.if ${PORT_OPTIONS:MDOCS}
	@${MKDIR} ${STAGEDIR}${DOCSDIR}
	cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR}
.endif
.if ${PORT_OPTIONS:MNLS}
.for i in de es fi fr id it no pl pt_BR ro
	${MKDIR} ${STAGEDIR}${PREFIX}/share/locale/${i}/LC_MESSAGES
	${INSTALL_DATA} ${WRKSRC}/src/${i}.mo \
		${STAGEDIR}${PREFIX}/share/locale/${i}/LC_MESSAGES/${PORTNAME}.mo
.endfor
.endif
	${MKDIR} ${STAGEDIR}${EXAMPLESDIR}/dynamic-dnsmasq ${STAGEDIR}${EXAMPLESDIR}/dnslist
	${INSTALL_SCRIPT} ${WRKSRC}/contrib/dynamic-dnsmasq/dynamic-dnsmasq.pl ${STAGEDIR}${EXAMPLESDIR}/dynamic-dnsmasq/
	${INSTALL_SCRIPT} ${WRKSRC}/contrib/dnslist/dnslist.pl ${STAGEDIR}${EXAMPLESDIR}/dnslist/
	${INSTALL_DATA} ${WRKSRC}/contrib/dnslist/dhcp.css ${STAGEDIR}${EXAMPLESDIR}/dnslist/
	${INSTALL_DATA} ${WRKSRC}/contrib/dnslist/dnslist.tt2 ${STAGEDIR}${EXAMPLESDIR}/dnslist/

.include <bsd.port.post.mk>