This document explains how to build the Mako Server. Using the Mako Server is explained in a separate document.
The make directory contains a generic makefile. You may use the makefile for building the server. The make directory also contains a few ready-to-use build scripts, which calls the makefile. See the README file in the make directory for details.
As an option to using the makefile, you may include the source files directly in your build-process and/or IDE.
Mako Server Source Files:
| src/makoMain.c | Required | The Mako Server startup code sets up a configurable standalone server using BAS.c. |
| ../../amalgamation/BAS.c | Required | The Barracuda App Server library. See ../../amalgamation/README.txt for details. |
| src/SendError.c | Optional | Traps errors and optionally reports the errors, including asserts, if enabled. You may use another error handler or remove the call in makoMain.c. |
| obj/LspZip.c | Optional | Zip file converted to C array by bin2c and assembled by running BuildInternalZip. Exclude by compiling with macro USE_EMBEDDED_ZIP=0. |
| ../../xrc/sql/ls_sqlite3.c | Optional | Lua SQLite Lua bindings. |
| ../../xrc/sql/luasql.c | Optional | Lua SQLite Lua bindings. |
| ../../xrc/sql/sqlite3.c | Optional | SQLite database. |
* When compiled for Windows, include all C files in the src/Windows subdirectory. These files enable the server to be installed as a Windows service.
In general, you should always include the external resource file mako.zip with the Mako Server executable since this resource file includes additional resources that make components such as the TraceLogger and the File Manager work. The internal ZIP file, which may be removed, should only be used as a fallback if mako.zip is not found. The server aborts if the Mako Server is compiled without the internal ZIP file and if the Mako Server fails to mount mako.zip.
The default is to include SQLite, however, you may compile the Mako Server with no built-in SQL support. You may also include the ITTIA embeddable database.
The Mako Server can be compiled directly on the command line without using the makefile. The following example compiles the Mako Server for POSIX/Linux without using SQLite and without using the internal ZIP file (obj/LspZip.c).
Start by setting the include path:
Set the required C compiler flags:
The following must be added to CFLAGS if compiled for a 64 bit processor:
Compile and link:
See the following file for details: make/README.txt
The C header file MakoExt.ch allows custom modifications without altering the core components. This file supports configuration for non-standard POSIX platforms. Additionally, it provides functionality for enforcing security features, such as signed ZIP file validation and setting a global password for all ZIP files loaded by the server. For more details on these features, refer to Signed and Encrypted ZIP Files. Open MakoExt.ch and search for the macros USE_ZIPSIGNATURE and USE_ZIPBINPWD.
Note: When signed ZIP files are enabled, the Mako Server will only mount deployed ZIP applications. This means all ZIP files, including mako.zip, must be signed. If mako.zip is not signed or is signed with an incorrect signature, the following error will occur at server startup:
Mounting path/2/mako.zip Fatal error: cannot mount mako.zip.
The generated C file tokengen.c includes SharkTrustX settings for the demo portal local.makoserver.net. If you're using your own SharkTrustX portal, replace tokengen.c with the version generated by your portal. To exclude this code, compile with the NO_SHARKTRUST macro. Do not include tokengen.c in your build, as MakoMain.c includes it as a header file.
The server includes a soft TPM (Trusted Platform Module), as detailed below. To exclude the TPM functionality, compile with the NO_ENCRYPTIONKEY macro.
A Trusted Platform Module (TPM) is a security chip used for storing encryption keys and ensuring system integrity, offering enhanced security through hardware-based encryption and system checks.
The Mako Server incorporates a soft TPM implementation that, when properly configured, provides reasonably good security. The Mako Server's soft TPM simplifies security processes by eliminating the need for additional hardware. However, it focuses exclusively on managing Elliptic Curve Cryptography (ECC) keys, specializing in this advanced cryptographic system.
See the TPM API for details.
TPM details and required configuration:
The src/EncryptionKey.h file contains a binary random number of variable lengths the product designer (you) sets. This number is consistent across all firmware copies and supplemented with additional per-device-specific entropy. The per-device-specific entropy is platform-dependent and may require custom code. Instead of modifying EncryptionKey.h, you may create a new file called NewEncryptionKey.h and compile with the NewEncryptionKey macro.
For security reasons, the Lua-based TPM implementation, which is loaded and initialized by the C code, is embedded in the Mako Server binary. The file MakoTPM.lua has been renamed to .config, zipped, converted to a C code, and included in the Mako Server as tpm.h. The file MakoMain.c includes this file and initializes the TPM during startup. The Lua TPM code calculates a pre-master secret based on the data provided by the C code. This pre-master secret forms the basis for generating multiple unique secrets, instrumental in creating TPM keys. These keys are not stored but are regenerated with each system restart, significantly reducing the risk of key leakage.
Suggested compile time macros:
The following is recommended to secure the pre-master key. The Macro USE_DBGMON should not be set, and the code should be compiled with macro NO_LDEBUG set to disable the Lua debug API.