Compare commits

..

5 Commits

Author SHA1 Message Date
Lance Vick dc8515ea02
release: 2024.8.0 2024-08-04 14:17:11 -07:00
Lance Vick 3cb460b72e
GIT_KEY GIT_PUBKEY 2024-08-04 13:29:39 -07:00
Lance Vick f1c0f2f8b5
working reproduction 2024-08-04 13:11:28 -07:00
Lance Vick 1f2ce99275
ignore additional folders 2024-08-04 13:10:24 -07:00
Lance Vick 721ffad1f0
cache/determinism fixes and doc updates 2024-08-03 15:52:30 -07:00
7 changed files with 65 additions and 47 deletions

1
.gitignore vendored
View File

@ -1,3 +1,4 @@
cache/ cache/
out/ out/
out*/
.* .*

View File

@ -22,7 +22,6 @@ FROM stagex/libgcrypt:sx2024.08.0@sha256:ea1906215d18688d96fc5329301af649834fe96
FROM stagex/jq:sx2024.08.0@sha256:0297a099ae95eed13d48bce2d4d624544857680095b6201e9919e1d5da45a6cd AS jq FROM stagex/jq:sx2024.08.0@sha256:0297a099ae95eed13d48bce2d4d624544857680095b6201e9919e1d5da45a6cd AS jq
FROM stagex/yq:sx2024.08.0@sha256:10e80bd7cec3c6e0a7fd36c65bac13600368bff993ad42b03e3b787d2125e5f0 AS yq FROM stagex/yq:sx2024.08.0@sha256:10e80bd7cec3c6e0a7fd36c65bac13600368bff993ad42b03e3b787d2125e5f0 AS yq
FROM stagex/bc:sx2024.08.0@sha256:1ecf6029ceed91dd62b08c64e49f00518edcf6c10ac4ab2fe7e8f71943607eef AS bc FROM stagex/bc:sx2024.08.0@sha256:1ecf6029ceed91dd62b08c64e49f00518edcf6c10ac4ab2fe7e8f71943607eef AS bc
FROM stagex/git:sx2024.08.0@sha256:d177bde1f1ca0f20f74502af4da17b89628683f21116573ada69f38b46d367a6 AS git
FROM stagex/zlib:sx2024.08.0@sha256:d0d6eef463a410191e086448c710441109ae72693cb074fe2b795ee033aa6c9d AS zlib FROM stagex/zlib:sx2024.08.0@sha256:d0d6eef463a410191e086448c710441109ae72693cb074fe2b795ee033aa6c9d AS zlib
FROM stagex/tpm2-tools:sx2024.08.0@sha256:1693d4ef7e0b7df3e9bd60088588d94b7f5bf755fde0c1be695f3c2f00ec2897 AS tpm2-tools FROM stagex/tpm2-tools:sx2024.08.0@sha256:1693d4ef7e0b7df3e9bd60088588d94b7f5bf755fde0c1be695f3c2f00ec2897 AS tpm2-tools
FROM stagex/tpm2-tss:sx2024.08.0@sha256:5e362f43a5e0c49f774605a0e3e1b7523dc6bc775f537c206a3aaa8b8b733c93 AS tpm2-tss FROM stagex/tpm2-tss:sx2024.08.0@sha256:5e362f43a5e0c49f774605a0e3e1b7523dc6bc775f537c206a3aaa8b8b733c93 AS tpm2-tss
@ -40,7 +39,7 @@ ARG VERSION development
ARG GIT_TIMESTAMP null ARG GIT_TIMESTAMP null
ARG GIT_AUTHOR null ARG GIT_AUTHOR null
ARG GIT_REF null ARG GIT_REF null
ARG GIT_KEY null ARG GIT_PUBKEY null
COPY --from=busybox . / COPY --from=busybox . /
COPY --from=musl . / COPY --from=musl . /
COPY --from=xorriso . / COPY --from=xorriso . /
@ -70,7 +69,6 @@ COPY --from=gpg . initramfs
COPY --from=jq . initramfs COPY --from=jq . initramfs
COPY --from=yq . initramfs COPY --from=yq . initramfs
COPY --from=bc . initramfs COPY --from=bc . initramfs
COPY --from=git . initramfs
COPY --from=flashtools . initramfs COPY --from=flashtools . initramfs
COPY --from=tpm2-tools . initramfs COPY --from=tpm2-tools . initramfs
COPY --from=tpm2-tss . initramfs COPY --from=tpm2-tss . initramfs
@ -90,13 +88,22 @@ COPY <<-EOF initramfs/etc/environment
export GIT_TIMESTAMP="$GIT_TIMESTAMP" export GIT_TIMESTAMP="$GIT_TIMESTAMP"
export GIT_AUTHOR="$GIT_AUTHOR" export GIT_AUTHOR="$GIT_AUTHOR"
export GIT_REF="$GIT_REF" export GIT_REF="$GIT_REF"
export GIT_KEY="$GIT_KEY" export GIT_PUBKEY="$GIT_PUBKEY"
EOF EOF
RUN <<-EOF RUN <<-EOF
set -eux
cd initramfs cd initramfs
find . -exec touch -hcd "@0" "{}" +
find . -print0 \ find . -print0 \
| cpio --null --create --verbose --format=newc \ | sort -z \
| gzip --best > ../iso/boot/initramfs | cpio \
--null \
--create \
--verbose \
--reproducible \
--format=newc \
| gzip --best \
> ../iso/boot/initramfs
EOF EOF
## Grub (EFI Boot) ## Grub (EFI Boot)
@ -126,8 +133,9 @@ RUN <<-EOF
gzio \ gzio \
serial \ serial \
terminal terminal
find efi -exec touch -hcd "@0" "{}" +
mformat -i iso/boot/grub/efi.img -C -f 1440 -N 0 :: mformat -i iso/boot/grub/efi.img -C -f 1440 -N 0 ::
mcopy -i iso/boot/grub/efi.img -s efi :: mcopy -i iso/boot/grub/efi.img -ms efi ::
touch -md "@0" iso/boot/grub/efi.img touch -md "@0" iso/boot/grub/efi.img
EOF EOF
@ -144,7 +152,13 @@ COPY --from=syslinux \
## Build Hybrid EFI/BIOS ISO ## Build Hybrid EFI/BIOS ISO
FROM build AS install FROM build AS install
RUN xorrisofs \ ENV SOURCE_DATE_EPOCH=1
# --set_all_file_dates='1'
# --modification-date='1970010100000000' \
RUN <<-EOF
set -eux
find iso -exec touch -hcd "@0" "{}" +
xorrisofs \
-output airgap.iso \ -output airgap.iso \
-full-iso9660-filenames \ -full-iso9660-filenames \
-joliet \ -joliet \
@ -163,6 +177,7 @@ RUN xorrisofs \
-isohybrid-gpt-basdat \ -isohybrid-gpt-basdat \
-follow-links \ -follow-links \
iso/ iso/
EOF
## Minimal Autorun SD card image ## Minimal Autorun SD card image
COPY sdcard sdcard COPY sdcard sdcard
@ -174,7 +189,5 @@ RUN <<-EOF
EOF EOF
FROM scratch AS package FROM scratch AS package
COPY --from=install /iso /iso
COPY --from=install /initramfs /initramfs
COPY --from=install /sdcard.img / COPY --from=install /sdcard.img /
COPY --from=install /airgap.iso / COPY --from=install /airgap.iso /

View File

@ -1,17 +1,18 @@
VERSION := $(shell git tag --points-at HEAD) VERSION := development
GIT_REF := $(shell git log -1 --format=%H) GIT_REF := $(shell git log -1 --format=%H)
GIT_AUTHOR := $(shell git log -1 --format=%an) GIT_AUTHOR := $(shell git log -1 --format=%an)
GIT_KEY := $(shell git log -1 --format=%GP) GIT_PUBKEY := $(shell git log -1 --format=%GP)
GIT_TIMESTAMP := $(shell git log -1 --format=%cd --date=iso) GIT_TIMESTAMP := $(shell git log -1 --format=%cd --date=iso)
VERSION := development
export export
## Use env vars from latest release when reproducing ## Use env vars from latest release when reproducing
ifdef REPRODUCE ifdef REPRODUCE
include dist/release.env include dist/release.env
NO_CACHE := --no-cache
export export
endif endif
ifdef NOCACHE
NO_CACHE := --no-cache
endif
.DEFAULT_GOAL := .DEFAULT_GOAL :=
.PHONY: default .PHONY: default
@ -23,13 +24,15 @@ default: \
## Primary targets ## Primary targets
out/airgap.iso: Containerfile $(shell git ls-files rootfs) out/airgap.iso: Containerfile $(shell git ls-files rootfs)
SOURCE_DATE_EPOCH=1 \
docker build \ docker build \
--progress=plain \ --progress=plain \
--output type=local,dest=out \ --output type=local,rewrite-timestamp=true,dest=out \
--build-arg SOURCE_DATE_EPOCH=1 \
--build-arg VERSION="$(VERSION)" \ --build-arg VERSION="$(VERSION)" \
--build-arg GIT_REF="$(GIT_REF)" \ --build-arg GIT_REF="$(GIT_REF)" \
--build-arg GIT_AUTHOR="$(GIT_AUTHOR)" \ --build-arg GIT_AUTHOR="$(GIT_AUTHOR)" \
--build-arg GIT_KEY="$(GIT_KEY)" \ --build-arg GIT_PUBKEY="$(GIT_PUBKEY)" \
--build-arg GIT_TIMESTAMP="$(GIT_TIMESTAMP)" \ --build-arg GIT_TIMESTAMP="$(GIT_TIMESTAMP)" \
$(NO_CACHE) \ $(NO_CACHE) \
-f Containerfile \ -f Containerfile \
@ -76,8 +79,9 @@ clean:
rm -rf out rm -rf out
.PHONY: release .PHONY: release
release: default release: clean
rm -rf dist/* rm -rf dist/*
$(MAKE) NOCACHE=1 VERSION=$(VERSION)
cp -R out/release.env out/airgap.iso out/manifest.txt dist/ cp -R out/release.env out/airgap.iso out/manifest.txt dist/
.PHONY: sign .PHONY: sign
@ -106,7 +110,7 @@ verify: | dist/manifest.txt
.PHONY: reproduce .PHONY: reproduce
reproduce: clean | out reproduce: clean | out
$(MAKE) REPRODUCE=true $(MAKE) REPRODUCE=true NOCACHE=1
diff -q out/manifest.txt dist/manifest.txt; diff -q out/manifest.txt dist/manifest.txt;
out: out:
@ -116,7 +120,7 @@ out/release.env: $(shell git ls-files) | out
echo 'VERSION=$(VERSION)' > out/release.env echo 'VERSION=$(VERSION)' > out/release.env
echo 'GIT_REF=$(GIT_REF)' >> out/release.env echo 'GIT_REF=$(GIT_REF)' >> out/release.env
echo 'GIT_AUTHOR=$(GIT_AUTHOR)' >> out/release.env echo 'GIT_AUTHOR=$(GIT_AUTHOR)' >> out/release.env
echo 'GIT_KEY=$(GIT_KEY)' >> out/release.env echo 'GIT_PUBKEY=$(GIT_PUBKEY)' >> out/release.env
echo 'GIT_TIMESTAMP=$(GIT_TIMESTAMP)' >> out/release.env echo 'GIT_TIMESTAMP=$(GIT_TIMESTAMP)' >> out/release.env
out/manifest.txt: out/airgap.iso out/release.env | out out/manifest.txt: out/airgap.iso out/release.env | out

BIN
dist/airgap.iso (Stored with Git LFS) vendored

Binary file not shown.

4
dist/manifest.txt vendored
View File

@ -1,2 +1,2 @@
18df33fc5e787057004f0783cbd40f9a808c67943d7a53b7c20cd7b92f6bf2bf airgap.iso a78a023a9532927f0e7af7ce1177b8286fdfa425670d166932f46ee90abcafe8 airgap.iso
ec5912ec6bafc7c9a61e3ecee440485c249a57dca1aa1cc2ac15dc13e682875b release.env bc742e2b08089bb2e685a71a45e1ab28d7bf6151bf06417e1bc729eb60353e0d release.env

6
dist/release.env vendored
View File

@ -1,5 +1,5 @@
VERSION=2024.8.0 VERSION=2024.8.0
GIT_REF=74bf27bc6601d4f3f0d22c0f854594b854e893d0 GIT_REF=3cb460b72ed3fb03ac98c737852e19a154e58a7c
GIT_AUTHOR=Lance R. Vick GIT_AUTHOR=Lance R. Vick
GIT_KEY=6B61ECD76088748C70590D55E90A401336C8AAA9 GIT_PUBKEY=6B61ECD76088748C70590D55E90A401336C8AAA9
GIT_TIMESTAMP=2024-08-02 22:15:34 -0700 GIT_TIMESTAMP=2024-08-04 13:29:39 -0700

View File

@ -18,5 +18,5 @@ echo " - Version: $VERSION"
echo " - Date: $GIT_TIMESTAMP" echo " - Date: $GIT_TIMESTAMP"
echo " - Committer: $GIT_AUTHOR" echo " - Committer: $GIT_AUTHOR"
echo " - Commit: $GIT_REF" echo " - Commit: $GIT_REF"
echo " - Key: $GIT_KEY" echo " - Key: $GIT_PUBKEY"
echo "" echo ""