airgap/Makefile

130 lines
3.2 KiB
Makefile
Raw Normal View History

2024-08-04 20:11:28 +00:00
VERSION := development
2024-06-18 08:45:21 +00:00
GIT_REF := $(shell git log -1 --format=%H)
GIT_AUTHOR := $(shell git log -1 --format=%an)
GIT_PUBKEY := $(shell git log -1 --format=%GK)
2024-06-18 08:45:21 +00:00
GIT_TIMESTAMP := $(shell git log -1 --format=%cd --date=iso)
export
## Use env vars from latest release when reproducing
2024-08-03 04:58:30 +00:00
ifdef REPRODUCE
include dist/release.env
export
endif
2024-08-04 20:11:28 +00:00
ifdef NOCACHE
NO_CACHE := --no-cache
endif
2024-06-18 08:45:21 +00:00
2023-02-12 12:40:54 +00:00
.DEFAULT_GOAL :=
.PHONY: default
default: \
out/release.env \
out/manifest.txt \
out/airgap.iso
## Primary targets
out/airgap.iso: Containerfile $(shell git ls-files rootfs)
2024-08-04 20:11:28 +00:00
SOURCE_DATE_EPOCH=1 \
docker build \
--progress=plain \
--output type=local,rewrite-timestamp=true,dest=out \
2024-08-04 20:11:28 +00:00
--build-arg SOURCE_DATE_EPOCH=1 \
2024-08-03 05:05:27 +00:00
--build-arg VERSION="$(VERSION)" \
--build-arg GIT_REF="$(GIT_REF)" \
--build-arg GIT_AUTHOR="$(GIT_AUTHOR)" \
2024-08-04 20:29:39 +00:00
--build-arg GIT_PUBKEY="$(GIT_PUBKEY)" \
--build-arg GIT_TIMESTAMP="$(GIT_TIMESTAMP)" \
$(NO_CACHE) \
-f Containerfile \
.
## Development Targets
2024-10-02 19:51:23 +00:00
out/dev-shell.digest: Containerfile | out
2024-09-28 11:52:27 +00:00
docker build --target dev -f Containerfile -q . > $@
2024-06-17 18:56:18 +00:00
2024-09-28 11:52:27 +00:00
.PHONY: shell
shell: out/dev-shell.digest
docker run -it $(shell cat $<) /bin/sh
2020-07-24 10:07:39 +00:00
2024-09-28 11:52:27 +00:00
.PHONY: vm
vm: out/dev-shell.digest out/airgap.iso out/sdcard.img
2024-09-28 19:25:12 +00:00
docker run -it -v ./out:/out $(shell cat $<) sh -c "\
swtpm socket \
--tpmstate dir=. \
--ctrl type=unixio,path=vtpm-sock \
--tpm2 & \
qemu-system-x86_64 \
-m 4G \
-machine pc \
-chardev socket,id=chrtpm,path=vtpm-sock \
-tpmdev emulator,id=tpm0,chardev=chrtpm \
-device tpm-tis,tpmdev=tpm0 \
-usb \
-device sdhci-pci \
-device sd-card,drive=external \
-drive id=external,if=none,format=raw,file=out/sdcard.img \
-device usb-storage,drive=usbdrive \
-drive id=usbdrive,if=none,format=raw,file=out/airgap.iso \
-boot order=c \
-nographic; \
"
## Signing, Verification, and Release Targets
.PHONY: clean
clean:
rm -rf out
.PHONY: release
2024-08-04 20:11:28 +00:00
release: clean
$(MAKE) NOCACHE=1 VERSION=$(VERSION)
2024-10-02 20:12:10 +00:00
rm -rf dist/*
cp -R out/release.env out/airgap.iso out/manifest.txt dist/
.PHONY: sign
sign:
set -e; \
git config --get user.signingkey 2>&1 >/dev/null || { \
echo "Error: git user.signingkey is not defined"; \
exit 1; \
}; \
fingerprint=$$(\
git config --get user.signingkey \
| sed 's/.*\([A-Z0-9]\{16\}\).*/\1/g' \
); \
gpg --armor \
--detach-sig \
--output dist/manifest.$${fingerprint}.asc \
dist/manifest.txt
.PHONY: verify
verify: | dist/manifest.txt
set -e; \
for file in dist/manifest.*.asc; do \
echo "\nVerifying: $${file}\n"; \
gpg --verify $${file} dist/manifest.txt; \
done;
.PHONY: reproduce
reproduce: clean | out
2024-08-04 20:11:28 +00:00
$(MAKE) REPRODUCE=true NOCACHE=1
diff -q out/manifest.txt dist/manifest.txt;
out:
mkdir -p $@
2024-08-03 04:44:19 +00:00
out/release.env: $(shell git ls-files) | out
echo 'VERSION=$(VERSION)' > out/release.env
echo 'GIT_REF=$(GIT_REF)' >> out/release.env
echo 'GIT_AUTHOR=$(GIT_AUTHOR)' >> out/release.env
2024-10-02 20:12:10 +00:00
echo 'GIT_PUBKEY=$(GIT_PUBKEY)' >> out/release.env
echo 'GIT_TIMESTAMP=$(GIT_TIMESTAMP)' >> out/release.env
out/manifest.txt: out/airgap.iso out/release.env | out
openssl sha256 -r \
out/airgap.iso \
out/release.env \
| sed -e 's/ \*out\// /g' -e 's/ \.\// /g' \
> $@