NAME := airgap
IMAGE := local/$(NAME):latest
TARGET := x86_64
DEVICES := librem_13v4 librem_15v4
GIT_REF := $(shell git log -1 --format=%H config)
GIT_AUTHOR := $(shell git log -1 --format=%an config)
GIT_KEY := $(shell git log -1 --format=%GP config)
GIT_EPOCH := $(shell git log -1 --format=%at config)
GIT_DATETIME := \
$(shell git log -1 --format=%cd --date=format:'%Y-%m-%d %H:%M:%S' config)
VERSION := "develop"
RELEASE_DIR := release/$(VERSION)
ifeq ($(strip $(shell git status --porcelain 2>/dev/null)),)
GIT_STATE=clean
else
GIT_STATE=dirty
endif
OUT_DIR := build/buildroot/output/images
docker = docker
executables = $(docker)
.DEFAULT_GOAL := all
## Primary Targets
.PHONY: all
all: image fetch build hash
.PHONY: build
build: build-os build-fw
.PHONY: image
image:
$(docker) build \
--tag $(IMAGE) \
--file $(PWD)/config/container/Dockerfile \
$(IMAGE_OPTIONS) \
$(PWD)
.PHONY: fetch
fetch:
mkdir -p build release
$(contain) fetch
.PHONY: clean
clean:
$(contain) clean
.PHONY: mrproper
mrproper:
docker image rm -f $(IMAGE)
rm -rf build
.PHONY: build-os
build-os:
$(contain) build-os
mkdir -p $(RELEASE_DIR)
cp $(OUT_DIR)/rootfs.iso9660 $(RELEASE_DIR)/airgap_$(TARGET).iso
.PHONY: build-fw
build-fw:
$(contain) build-fw
mkdir -p $(RELEASE_DIR)
for device in $(DEVICES); do \
cp \
build/heads/build/$${device}/pureboot*.rom \
$(RELEASE_DIR)/$${device}.rom ; \
done
## Release Targets
.PHONY: audit
audit:
mkdir -p build/audit
$(contain) audit
.PHONY: hash
hash:
if [ ! -f release/$(VERSION)/hashes.txt ]; then \
openssl sha256 -r release/$(VERSION)/*.rom \
> release/$(VERSION)/hashes.txt; \
openssl sha256 -r release/$(VERSION)/*.iso \
>> release/$(VERSION)/hashes.txt; \
fi
.PHONY: verify
verify:
mkdir -p build/audit/$(VERSION)
openssl sha256 -r $(RELEASE_DIR)/*.rom \
> build/audit/$(VERSION)/release_hashes.txt
openssl sha256 -r $(RELEASE_DIR)/*.iso \
>> build/audit/$(VERSION)/release_hashes.txt
diff -q build/audit/$(VERSION)/release_hashes.txt $(RELEASE_DIR)/hashes.txt;
.PHONY: sign
sign: $(RELEASE_DIR)/*.rom $(RELEASE_DIR)/*.iso
set -e; \
for file in $^; do \
gpg --armor --detach-sig "$${file}"; \
fingerprint=$$(\
gpg --list-packets $${file}.asc \
| grep "issuer key ID" \
| sed 's/.*\([A-Z0-9]\{16\}\).*/\1/g' \
); \
mv $${file}.asc $${file}.$${fingerprint}.asc; \
done
## Development Targets
.PHONY: shell
shell:
$(docker) inspect "$(NAME)" \
&& $(docker) exec --interactive --user=root --tty "$(NAME)" shell \
|| $(contain) shell
.PHONY: menuconfig
menuconfig:
$(contain) menuconfig
.PHONY: linux-menuconfig
linux-menuconfig:
$(contain) linux-menuconfig
.PHONY: vm
vm:
$(contain) vm
.PHONY: update-packages
update-packages:
docker rm -f "$(NAME)-update-packages" || :
docker run \
--rm \
--detach \
--name "$(NAME)-update-packages" \
--user $(userid):$(groupid) \
--env GIT_EPOCH="$(GIT_EPOCH)" \
--volume $(PWD)/config/container/packages.list:/etc/apt/packages-old.list \
--volume $(PWD)/config/container/apt.conf:/etc/apt/apt.conf \
--volume $(PWD)/scripts:/usr/local/bin \
debian tail -f /dev/null
docker exec -it --user=root "$(NAME)-update-packages" update-packages
docker cp \
"$(NAME)-update-packages:/etc/apt/packages.list" \
"$(PWD)/config/container/packages.list"
docker cp \
"$(NAME)-update-packages:/etc/apt/sources.list" \
"$(PWD)/config/container/sources.list"
docker cp \
"$(NAME)-update-packages:/etc/apt/package-hashes.txt" \
"$(PWD)/config/container/package-hashes.txt"
docker rm -f "$(NAME)-update-packages"
## Make Helpers
check_executables := $(foreach exec,$(executables),\$(if \
$(shell which $(exec)),some string,$(error "No $(exec) in PATH")))
userid = $(shell id -u)
groupid = $(shell id -g)
contain := \
$(docker) run \
--rm \
--tty \
--interactive \
--name "$(NAME)" \
--hostname "$(NAME)" \
--env TARGET="$(TARGET)" \
--env DEVICES="$(DEVICES)" \
--env GIT_DATETIME="$(GIT_DATETIME)" \
--env GIT_EPOCH="$(GIT_EPOCH)" \
--env GIT_REF="$(GIT_REF)" \
--env GIT_AUTHOR="$(GIT_AUTHOR)" \
--env GIT_KEY="$(GIT_KEY)" \
--env GIT_STATE="$(GIT_STATE)" \
--env UID="$(shell id -u)" \
--env GID="$(shell id -g)" \
--volume $(PWD)/build:/home/build/build \
--volume $(PWD)/config:/home/build/config \
--volume $(PWD)/release:/home/build/release \
--volume $(PWD)/scripts:/home/build/scripts \
$(IMAGE)