add initial release/reproduction/signing targets

This commit is contained in:
Lance Vick 2024-08-02 21:39:15 -07:00
parent 96ea9054f9
commit 24725ea630
Signed by: lrvick
GPG Key ID: 8E47A1EC35A1551D
1 changed files with 81 additions and 11 deletions

View File

@ -3,12 +3,37 @@ GIT_REF := $(shell git log -1 --format=%H)
GIT_AUTHOR := $(shell git log -1 --format=%an) GIT_AUTHOR := $(shell git log -1 --format=%an)
GIT_KEY := $(shell git log -1 --format=%GP) GIT_KEY := $(shell git log -1 --format=%GP)
GIT_TIMESTAMP := $(shell git log -1 --format=%cd --date=iso) GIT_TIMESTAMP := $(shell git log -1 --format=%cd --date=iso)
export
## Use env vars from latest release when reproducing
ifeq ($(REPRODUCE),"TRUE")
include dist/release.env
export
endif
.DEFAULT_GOAL := .DEFAULT_GOAL :=
.PHONY: default .PHONY: default
default: \ default: \
out/release.env \
out/manifest.txt \
out/airgap.iso out/airgap.iso
## Primary targets
out/airgap.iso: Containerfile $(shell git ls-files rootfs)
docker build \
--progress=plain \
--output type=local,dest=out \
--build-arg VERSION="$(or $(VERSION),"development")" \
--build-arg GIT_REF="$(GIT_REF)" \
--build-arg GIT_AUTHOR="$(GIT_AUTHOR)" \
--build-arg GIT_KEY="$(GIT_KEY)" \
--build-arg GIT_TIMESTAMP="$(GIT_TIMESTAMP)" \
-f Containerfile \
.
## Development Targets
.PHONY: vm .PHONY: vm
vm: vm-bios vm: vm-bios
@ -41,14 +66,59 @@ vm-efi: out/airgap.iso
-display gtk,show-menubar=off,zoom-to-fit=on \ -display gtk,show-menubar=off,zoom-to-fit=on \
-cdrom "out/airgap.iso" -cdrom "out/airgap.iso"
out/airgap.iso: Containerfile $(shell git ls-files rootfs) ## Signing, Verification, and Release Targets
docker build \
--progress=plain \ .PHONY: clean
--output type=local,dest=out \ clean:
--build-arg VERSION="$(or $(VERSION),"development")" \ rm -rf out
--build-arg GIT_REF="$(GIT_REF)" \
--build-arg GIT_AUTHOR="$(GIT_AUTHOR)" \ .PHONY: release
--build-arg GIT_KEY="$(GIT_KEY)" \ release: default
--build-arg GIT_TIMESTAMP="$(GIT_TIMESTAMP)" \ rm -rf dist/*
-f Containerfile \ cp -R out/release.env out/airgap.iso out/manifest.txt dist/
.
.PHONY: sign
sign:
set -e; \
git config --get user.signingkey 2>&1 >/dev/null || { \
echo "Error: git user.signingkey is not defined"; \
exit 1; \
}; \
fingerprint=$$(\
git config --get user.signingkey \
| sed 's/.*\([A-Z0-9]\{16\}\).*/\1/g' \
); \
gpg --armor \
--detach-sig \
--output dist/manifest.$${fingerprint}.asc \
dist/manifest.txt
.PHONY: verify
verify: | dist/manifest.txt
set -e; \
for file in dist/manifest.*.asc; do \
echo "\nVerifying: $${file}\n"; \
gpg --verify $${file} dist/manifest.txt; \
done;
.PHONY: reproduce
reproduce: clean | out
$(MAKE)
diff -q out/manifest.txt dist/manifest.txt;
out:
mkdir -p $@
out/release.env: $(shell git ls-files)
echo 'VERSION=$(VERSION)' > out/release.env
echo 'GIT_REF=$(GIT_REF)' >> out/release.env
echo 'GIT_AUTHOR=$(GIT_AUTHOR)' >> out/release.env
echo 'GIT_KEY=$(GIT_KEY)' >> out/release.env
echo 'GIT_TIMESTAMP=$(GIT_TIMESTAMP)' >> out/release.env
out/manifest.txt: out/airgap.iso out/release.env | out
openssl sha256 -r \
out/airgap.iso \
out/release.env \
| sed -e 's/ \*out\// /g' -e 's/ \.\// /g' \
> $@