From 1c97dddc1d9236e82ceca98e6ef2206ab9c78a31 Mon Sep 17 00:00:00 2001 From: ftasnetamot Date: Sat, 27 Jul 2024 20:10:28 +0200 Subject: [PATCH] Enhance documentation about compiling; make disabling landlock in Makefile possible, as single point of configuration --- Makefile.in | 4 +++- doc/INSTALL.md | 16 ++++++++++++---- doc/config.md | 8 ++++---- 3 files changed, 19 insertions(+), 9 deletions(-) diff --git a/Makefile.in b/Makefile.in index 57cf591..344c94b 100644 --- a/Makefile.in +++ b/Makefile.in @@ -3,7 +3,9 @@ VERSION=$(shell ./genver.sh -r) # Configuration -- you probably need to `make clean` if you # change any of these -# landlock is checked by `configure` and set in config.h + +# uncomment the following line to disable landlock +# override undefine HAVE_LANDLOCK ENABLE_SANITIZER= # Enable ASAN/LSAN/UBSAN ENABLE_REGEX=1 # Enable regex probes USELIBCONFIG=1 # Use libconfig? (necessary to use configuration files) diff --git a/doc/INSTALL.md b/doc/INSTALL.md index f7d411a..b689daf 100644 --- a/doc/INSTALL.md +++ b/doc/INSTALL.md @@ -30,6 +30,8 @@ Dependencies * [libcap](http://packages.debian.org/source/unstable/libcap-dev), in package `libcap-dev`. You can compile with or without it using USELIBCAP in the Makefile +* [libconfig++-dev](https://packages.debian.org/bookworm/libconfig++-dev), in package `lìbconfig++-dev` + * libbsd, to enable to change the process name (as shown in `ps`, so each forked process shows what protocol and what connection it is serving), which requires `libbsd` at runtime, and `libbsd-dev` at compile-time. @@ -59,13 +61,16 @@ The test scripts are written in Perl, and will require Compilation ----------- - -After this, the Makefile should work: - - make install +First you have to run `./configure` in the _**./sslh**_ directory. After this, +the Makefile is created, and you can do your configuration changes in the Makefile. +After each run of ./configure, those changes are gone and the Makefile is recreated. There are a couple of configuration options at the beginning of the Makefile: +* `# override undefine HAVE_LANDLOCK` if you uncomment this line, sslh will be compiled + without landlock. As an alternative ./configure creates a config.h file, + which gives also the possibility, to comment that out. + * `USELIBWRAP` compiles support for host access control (see `hosts_access(3)`), you will need `libwrap` headers and library to compile (`libwrap0-dev` in Debian). @@ -77,6 +82,9 @@ There are a couple of configuration options at the beginning of the Makefile: * `USELIBBSD` compiles support for updating the process name (as shown by `ps`). +Now you can do either a plain `make` to create the binaries, or you can do an +`make install` to create the binaries and install them. + Generating the configuration parser ----------------------------------- diff --git a/doc/config.md b/doc/config.md index a9d7945..e712190 100644 --- a/doc/config.md +++ b/doc/config.md @@ -76,10 +76,10 @@ Configuration goes like this on the server side, using `stunnel3`: Capabilities support -------------------- -On Linux (only?), you can compile sslh with `USELIBCAP=1` to -make use of POSIX capabilities; this will save the required -capabilities needed for transparent proxying for unprivileged -processes. +On Linux (only?), you can compile sslh with `USELIBCAP=1` set +in the Makefile to make use of POSIX capabilities; this will +save the required capabilities needed for transparent proxying +for unprivileged processes. Alternatively, you may use filesystem capabilities instead of starting sslh as root and asking it to drop privileges.