add initial release/reproduction/signing targets
This commit is contained in:
parent
96ea9054f9
commit
24725ea630
GPG Key ID:
8E47A1EC35A1551D
92
Makefile
92
Makefile
|
|
@ -3,12 +3,37 @@ GIT_REF := $(shell git log -1 --format=%H)
|
|||
GIT_AUTHOR := $(shell git log -1 --format=%an)
|
||||
GIT_KEY := $(shell git log -1 --format=%GP)
|
||||
GIT_TIMESTAMP := $(shell git log -1 --format=%cd --date=iso)
|
||||
export
|
||||
|
||||
## Use env vars from latest release when reproducing
|
||||
ifeq ($(REPRODUCE),"TRUE")
|
||||
include dist/release.env
|
||||
export
|
||||
endif
|
||||
|
||||
.DEFAULT_GOAL :=
|
||||
.PHONY: default
|
||||
default: \
|
||||
out/release.env \
|
||||
out/manifest.txt \
|
||||
out/airgap.iso
|
||||
|
||||
## Primary targets
|
||||
|
||||
out/airgap.iso: Containerfile $(shell git ls-files rootfs)
|
||||
docker build \
|
||||
--progress=plain \
|
||||
--output type=local,dest=out \
|
||||
--build-arg VERSION="$(or $(VERSION),"development")" \
|
||||
--build-arg GIT_REF="$(GIT_REF)" \
|
||||
--build-arg GIT_AUTHOR="$(GIT_AUTHOR)" \
|
||||
--build-arg GIT_KEY="$(GIT_KEY)" \
|
||||
--build-arg GIT_TIMESTAMP="$(GIT_TIMESTAMP)" \
|
||||
-f Containerfile \
|
||||
.
|
||||
|
||||
## Development Targets
|
||||
|
||||
.PHONY: vm
|
||||
vm: vm-bios
|
||||
|
||||
|
|
@ -41,14 +66,59 @@ vm-efi: out/airgap.iso
|
|||
-display gtk,show-menubar=off,zoom-to-fit=on \
|
||||
-cdrom "out/airgap.iso"
|
||||
|
||||
out/airgap.iso: Containerfile $(shell git ls-files rootfs)
|
||||
docker build \
|
||||
--progress=plain \
|
||||
--output type=local,dest=out \
|
||||
--build-arg VERSION="$(or $(VERSION),"development")" \
|
||||
--build-arg GIT_REF="$(GIT_REF)" \
|
||||
--build-arg GIT_AUTHOR="$(GIT_AUTHOR)" \
|
||||
--build-arg GIT_KEY="$(GIT_KEY)" \
|
||||
--build-arg GIT_TIMESTAMP="$(GIT_TIMESTAMP)" \
|
||||
-f Containerfile \
|
||||
.
|
||||
## Signing, Verification, and Release Targets
|
||||
|
||||
.PHONY: clean
|
||||
clean:
|
||||
rm -rf out
|
||||
|
||||
.PHONY: release
|
||||
release: default
|
||||
rm -rf dist/*
|
||||
cp -R out/release.env out/airgap.iso out/manifest.txt dist/
|
||||
|
||||
.PHONY: sign
|
||||
sign:
|
||||
set -e; \
|
||||
git config --get user.signingkey 2>&1 >/dev/null || { \
|
||||
echo "Error: git user.signingkey is not defined"; \
|
||||
exit 1; \
|
||||
}; \
|
||||
fingerprint=$$(\
|
||||
git config --get user.signingkey \
|
||||
| sed 's/.*\([A-Z0-9]\{16\}\).*/\1/g' \
|
||||
); \
|
||||
gpg --armor \
|
||||
--detach-sig \
|
||||
--output dist/manifest.$${fingerprint}.asc \
|
||||
dist/manifest.txt
|
||||
|
||||
.PHONY: verify
|
||||
verify: | dist/manifest.txt
|
||||
set -e; \
|
||||
for file in dist/manifest.*.asc; do \
|
||||
echo "\nVerifying: $${file}\n"; \
|
||||
gpg --verify $${file} dist/manifest.txt; \
|
||||
done;
|
||||
|
||||
.PHONY: reproduce
|
||||
reproduce: clean | out
|
||||
$(MAKE)
|
||||
diff -q out/manifest.txt dist/manifest.txt;
|
||||
|
||||
out:
|
||||
mkdir -p $@
|
||||
|
||||
out/release.env: $(shell git ls-files)
|
||||
echo 'VERSION=$(VERSION)' > out/release.env
|
||||
echo 'GIT_REF=$(GIT_REF)' >> out/release.env
|
||||
echo 'GIT_AUTHOR=$(GIT_AUTHOR)' >> out/release.env
|
||||
echo 'GIT_KEY=$(GIT_KEY)' >> out/release.env
|
||||
echo 'GIT_TIMESTAMP=$(GIT_TIMESTAMP)' >> out/release.env
|
||||
|
||||
out/manifest.txt: out/airgap.iso out/release.env | out
|
||||
openssl sha256 -r \
|
||||
out/airgap.iso \
|
||||
out/release.env \
|
||||
| sed -e 's/ \*out\// /g' -e 's/ \.\// /g' \
|
||||
> $@
|
||||
|
|
|
|||
Loading…
Reference in New Issue