Building the Mako Server with BAS

This document explains how to build the Mako Server from the Barracuda App Server (BAS) source tree. The Mako Server is the ready-to-run Lua application server built on BAS for high-level operating systems such as Linux, Windows, macOS, QNX, and VxWorks.

Use this page when you are compiling, porting, or customizing the Mako Server C code. Use Using the Mako Server for command-line options, mako.conf, application loading, modules, and runtime APIs. For downloads, tutorials, and product-level documentation, see makoserver.net.

Build Guide Roadmap

TaskWhere to Start
Use Mako Server without compiling itDownload a precompiled version from makoserver.net.
Build Mako Server from BASUse the make directory and its platform scripts, or include the required source files directly in your IDE or build system.
Build quickly on Linux with common optional modulesUse the Ansible build script.
Customize Lua resourcesBuild or provide mako.zip. Keep the embedded ZIP as a fallback unless your deployment always ships an external mako.zip.
Prepare a hardened buildReview the extension hooks, signed ZIP support, SharkTrustX settings, and softTPM configuration.

Compiling the Mako Server C Code

How to Compile the Mako Server C Code

The make directory contains the generic makefile and several ready-to-use build scripts that call it. See make/README.txt for the platform-specific details.

As an alternative to the makefile, include the required source files directly in your build system or IDE.

Quick Linux build with extended features:
If you are targeting embedded Linux or want to quickly test Mako Server on Linux, consider using the provided Ansible build script. It uses the amalgamated BAS library and compiles Mako with a set of optional plugins.

Source Files

FileRequiredPurpose
src/MakoMain.cYes Mako Server startup code. It creates the configurable standalone server using BAS.c.
../../amalgamation/BAS.cYes The Barracuda App Server library. See ../../amalgamation/README.txt for details.
src/SendError.cOptional Traps errors and optionally reports the errors, including asserts, if enabled. You may use another error handler or remove the call in MakoMain.c.
obj/LspZip.cOptional Internal fallback ZIP converted to a C array by bin2c and assembled by running BuildInternalZip. Exclude by compiling with USE_EMBEDDED_ZIP=0.
../../xrc/sql/ls_sqlite3.cOptional Lua SQLite Lua bindings.
../../xrc/sql/luasql.cOptional Lua SQLite Lua bindings.
../../xrc/sql/sqlite3.cOptional SQLite database.

When compiling for Windows, include all C files in the src/Windows subdirectory. These files enable the server to be installed as a Windows service.

Resource Files

The Mako Server requires Lua and web resource files. The make directory includes two scripts for assembling these resources:

ScriptOutputPurpose
BuildInternalZipobj/LspZip.cBuilds the minimum internal fallback resources and converts them to C. You can exclude this file by compiling with USE_EMBEDDED_ZIP=0.
BuildMakoZipmako.zipBuilds the external resource file used by the Mako Server at startup. This script requires a copy of the BAS-Resources repository in BAROOT/../BAS-Resources.

In most deployments, ship the external mako.zip file with the Mako executable. It includes resources used by components such as the TraceLogger and the File Manager. The internal ZIP is only a fallback if mako.zip is not found. If the server is compiled without the internal ZIP and cannot mount mako.zip, startup fails.

SQL Databases

The default build includes SQLite. You can also compile the Mako Server without built-in SQL support or with ITTIA database bindings.

MacroResult
USE_SQL=0No embedded database.
USE_SQL=1Embedded SQLite.
USE_SQL=2ITTIA database Lua bindings. You must also embed the ITTIA database.

Command-line Compile Example

The Mako Server can be compiled directly on the command line without using the makefile. The following example compiles the Mako Server for POSIX/Linux without SQLite and without the internal ZIP file (obj/LspZip.c).

Start by setting the include path:

export INC="-I ../../inc/ -I../../inc/arch/Posix -I../../inc/arch/bsd/Posix"

Set the required C compiler flags:

export CFLAGS="-pthread -O3 -Os -DNDEBUG -DMAKO -DUSE_EMBEDDED_ZIP=0 -DUSE_SQL=0"

Add the following to CFLAGS when compiling for a 64-bit processor:

-DBA_64BIT -Wno-int-to-pointer-cast -Wno-pointer-to-int-cast

Compile and link:

gcc -o mako $CFLAGS $INC ../../amalgamation/BAS.c src/MakoMain.c src/SendError.c -lm

Using the Makefile

See make/README.txt for details.

Additional Configuration and Security Settings

The Mako Server is designed to allow customization and extension without requiring changes to MakoMain.c. Extension files are included at defined points in the startup code and let you add platform logic, product-specific Lua bindings, and security settings.

FilePurpose
MakoExt1.chEmpty extension point for custom macros, helper functions, or supporting logic.
MakoExt2.chPlatform and security extension point. It can enforce signed ZIP validation, set a global ZIP password, add Lua bindings through makoOpenAUX(), and initialize the softTPM. Search this file for USE_ZIPSIGNATURE and USE_ZIPBINPWD. See Signed and Encrypted ZIP Files.
MakoExtM1.ch, MakoExtM2.ch, MakoExtM3.ch, MakoExtM4.chEmpty extension points inserted into the main initialization function, runMako().
MakoWBC.chWhite-box cryptography logic used by the softTPM.

Note: When signed ZIP files are enabled, the Mako Server will only mount deployed ZIP applications. This means all ZIP files, including mako.zip, must be signed. If mako.zip is not signed or is signed with an incorrect signature, the following error will occur at server startup:

Mounting path/2/mako.zip
Fatal error: cannot mount mako.zip.

SharkTrustX and tokengen.c

The generated C file tokengen.c includes SharkTrustX settings for the demo portal local.makoserver.net. If you're using your own SharkTrustX portal, replace tokengen.c with the version generated by your portal. To exclude this code, compile with the NO_SHARKTRUST macro. Do not include tokengen.c in your build, as MakoMain.c includes it as a header file.

Software Trusted Platform Module

The Mako Server includes a softTPM implementation that, when properly configured, provides reasonable security. See the TPM API and How the TPM Works for details and an introduction to initializing the softTPM from C code.

Mako TPM Details and Required Configuration

The src/EncryptionKey.h file contains a binary random number of variable length the product designer (you) set. This number is consistent across all firmware copies and supplemented with additional per-device-specific entropy (DDUI). Instead of modifying EncryptionKey.h, you may create a new file called NewEncryptionKey.h and compile with the NewEncryptionKey macro.

To exclude the TPM functionality, compile with the NO_ENCRYPTIONKEY macro.

Device-Derived Unique Identifier (DDUI)

The softTPM relies on a Device-Derived Unique Identifier (DDUI) to function correctly. This identifier ensures that each device is truly unique. Without a DDUI, all devices would generate identical private keys for a given name handle, making the softTPM less secure.

The file PushUniqueKey.ch, included by MakoExt2.ch, provides a helper function, pushUniqueKey(), with platform-specific implementations for pushing the MAC address onto the Lua stack. If this code cannot derive a DDUI, it will print a warning message.

For best results, the DDUI should be derived from hardware-based uniqueness (e.g., CPU serial number, MAC address, or another hardware fingerprint). This guarantees that the identifier is both deterministic and device-specific.

The Embedded TPM Lua Code

For security reasons, the Lua-based TPM implementation, which is loaded and initialized by the C code, is embedded in the Mako Server binary. The file MakoTPM.lua has been renamed to .config, zipped, converted to a C code, and included in the Mako Server as tpm.h. The file MakoMain.c includes this file and initializes the TPM during startup. The Lua TPM code calculates a pre-master secret based on the data provided by the C code. This pre-master secret forms the basis for generating multiple unique secrets, instrumental in creating TPM keys. These keys are not stored but are regenerated with each system restart, significantly reducing the risk of key leakage.

Suggested release compile time macros:

In addition to NDEBUG, the following settings are recommended to secure the softTPM: do not define USE_DBGMON, and compile with NO_LDEBUG to disable the Lua debug API.