toolchain/Makefile

NAME := $(shell basename $(shell git rev-parse --show-toplevel))
IMAGE := local/$(NAME):latest
ARCH := x86_64
TARGET := $(ARCH)
USER := $(shell id -u):$(shell id -g)
CPUS := $(shell docker run -it debian nproc)
GIT_REF := $(shell git log -1 --format=%H config)
GIT_AUTHOR := $(shell git log -1 --format=%an config)
GIT_KEY := $(shell git log -1 --format=%GP config)
GIT_EPOCH := $(shell git log -1 --format=%at config)
GIT_DATETIME := \
	$(shell git log -1 --format=%cd --date=format:'%Y-%m-%d %H:%M:%S' config)
ifeq ($(strip $(shell git status --porcelain 2>/dev/null)),)
	GIT_STATE=clean
else
	GIT_STATE=dirty
endif
VERSION := $(shell TZ=UTC0 git show --quiet --date='format-local:%Y%m%dT%H%M%SZ' --format="%cd")
RELEASE_DIR := release/$(VERSION)
CONFIG_DIR := config
CACHE_DIR := cache
SRC_DIR := src
OUT_DIR := out
docker = docker

include $(CONFIG_DIR)/global.env
export $(shell sed 's/=.*//' $(CONFIG_DIR)/global.env)

## Use env vars from existing release if present
ifneq (,$(wildcard $(RELEASE_DIR)/release.env))
    include $(RELEASE_DIR)/release.env
    export
endif

executables = $(docker) git patch

.PHONY: toolchain
toolchain: $(CACHE_DIR)/toolchain.tar $(CACHE_DIR)/toolchain.env

# Launch a shell inside the toolchain container
.PHONY: toolchain-shell
toolchain-shell: toolchain
	$(call toolchain,$(USER),"bash --norc")

# Pin all packages in toolchain container to latest versions
.PHONY: toolchain-update
toolchain-update:
	docker run \
		--rm \
		--env LOCAL_USER=$(USER) \
		--platform=linux/$(ARCH) \
		--volume $(PWD)/$(CONFIG_DIR):/config \
		--volume $(PWD)/$(SRC_DIR)/toolchain/scripts:/usr/local/bin \
		--env ARCH=$(ARCH) \
		--interactive \
		--tty \
		debian@sha256:$(DEBIAN_HASH) \
		bash -c /usr/local/bin/packages-update

.PHONY: attest
attest:
	rm -rf $(CACHE_DIR) $(OUT_DIR)
	$(MAKE)
	diff -q $(OUT_DIR)/manifest.txt release/$(VERSION)/manifest.txt;

$(RELEASE_DIR):
	mkdir -p $@

$(CACHE_DIR):
	mkdir -p $@

$(OUT_DIR):
	mkdir -p $@

.ONESHELL:
$(CACHE_DIR)/toolchain.env: $(CACHE_DIR)
	cat <<- EOF > $@
		HOME=/home/build
		PS1=$(NAME)-toolchain
		GNUPGHOME=/cache/.gnupg
		ARCH=$(ARCH)
		TARGET=$(ARCH)
		GIT_REF=$(GIT_REF)
		GIT_AUTHOR=$(GIT_AUTHOR)
		GIT_KEY=$(GIT_KEY)
		GIT_DATETIME=$(GIT_DATETIME)
		GIT_EPOCH=$(GIT_EPOCH)
		FAKETIME_FMT="%s"
		FAKETIME="1"
		SOURCE_DATE_EPOCH=1
		KBUILD_BUILD_TIMESTAMP="1970-01-01 00:00:00 UTC"
		KCONFIG_NOTIMESTAMP=1
		KBUILD_BUILD_USER=root
		KBUILD_BUILD_HOST=$(NAME)
		KBUILD_BUILD_VERSION=1
		UID=$(shell id -u)
		GID=$(shell id -g)
		RELEASE_DIR=release/$(VERSION)
		CONFIG_DIR=/home/build/$(CONFIG_DIR)
		CACHE_DIR=/home/build/$(CACHE_DIR)
		SRC_DIR=/home/build/$(SRC_DIR)
		OUT_DIR=/home/build/$(OUT_DIR)
	EOF

$(CACHE_DIR)/toolchain.tar:
	mkdir -p $(CACHE_DIR)
	DOCKER_BUILDKIT=1 \
	docker build \
		--tag $(IMAGE) \
		--build-arg DEBIAN_HASH=$(DEBIAN_HASH) \
		--build-arg CONFIG_DIR=$(CONFIG_DIR) \
		--build-arg SCRIPTS_DIR=$(SRC_DIR)/toolchain/scripts \
		--platform=linux/$(ARCH) \
		-f $(SRC_DIR)/toolchain/Dockerfile \
		.
	docker save "$(IMAGE)" -o "$@"

$(RELEASE_DIR)/release.env: \
	$(RELEASE_DIR) \
	$(OUT_DIR)/release.env
	cp $(OUT_DIR)/release.env $(RELEASE_DIR)/release.env

$(RELEASE_DIR)/manifest.txt: \
	$(RELEASE_DIR) \
	$(OUT_DIR)/manifest.txt
	cp $(OUT_DIR)/manifest.txt $(RELEASE_DIR)/manifest.txt

$(OUT_DIR)/release.env: | $(OUT_DIR)
	echo 'VERSION=$(VERSION)'            > $(OUT_DIR)/release.env
	echo 'GIT_REF=$(GIT_REF)'           >> $(OUT_DIR)/release.env
	echo 'GIT_AUTHOR=$(GIT_AUTHOR)'     >> $(OUT_DIR)/release.env
	echo 'GIT_KEY=$(GIT_KEY)'           >> $(OUT_DIR)/release.env
	echo 'GIT_DATETIME=$(GIT_DATETIME)' >> $(OUT_DIR)/release.env

$(OUT_DIR)/manifest.txt: | $(OUT_DIR)
	find $(OUT_DIR) \
		-type f \
		-not -path "$(OUT_DIR)/manifest.txt" \
		-exec openssl sha256 -r {} \; \
	| sed -e 's/ \*/ /g' -e 's/ \.\// /g' \
	| LC_ALL=C sort -k2 \
	> $@

check_executables := $(foreach exec,$(executables),\$(if \
	$(shell which $(exec)),some string,$(error "No $(exec) in PATH")))

define git_clone
	[ -d $(CACHE_DIR)/$(1) ] || git clone $(2) $(CACHE_DIR)/$(1)
	git -C $(CACHE_DIR)/$(1) checkout $(3)
	git -C $(CACHE_DIR)/$(1) rev-parse --verify HEAD | grep -q $(3) || { \
		echo 'Error: Git ref/branch collision.'; exit 1; \
	};
endef

define apply_patches
	[ -d $(2) ] && $(call toolchain,$(USER)," \
		cd $(1); \
		git restore .; \
		find /$(2) -type f -iname '*.patch' -print0 \
		| xargs -t -0 -n 1 patch -p1 --no-backup-if-mismatch -i ; \
	")
endef

define toolchain
	docker load -i $(CACHE_DIR)/toolchain.tar
	docker run \
		--rm \
		--tty \
		--interactive \
		--user=$(1) \
		--platform=linux/$(ARCH) \
		--cpus $(CPUS) \
		--volume $(PWD):/home/build \
		--workdir /home/build \
		--env-file=$(CONFIG_DIR)/global.env \
		--env-file=$(CACHE_DIR)/toolchain.env \
		$(IMAGE) \
		bash -c $(2)
endef
initial commit 2023-01-28 00:05:03 +00:00			`NAME := $(shell basename $(shell git rev-parse --show-toplevel))`
			`IMAGE := local/$(NAME):latest`
			`ARCH := x86_64`
			`TARGET := $(ARCH)`
			`USER := $(shell id -u):$(shell id -g)`
			`CPUS := $(shell docker run -it debian nproc)`
			`GIT_REF := $(shell git log -1 --format=%H config)`
			`GIT_AUTHOR := $(shell git log -1 --format=%an config)`
			`GIT_KEY := $(shell git log -1 --format=%GP config)`
			`GIT_EPOCH := $(shell git log -1 --format=%at config)`
			`GIT_DATETIME := \`
			`$(shell git log -1 --format=%cd --date=format:'%Y-%m-%d %H:%M:%S' config)`
			`ifeq ($(strip $(shell git status --porcelain 2>/dev/null)),)`
			`GIT_STATE=clean`
			`else`
			`GIT_STATE=dirty`
			`endif`
			`VERSION := $(shell TZ=UTC0 git show --quiet --date='format-local:%Y%m%dT%H%M%SZ' --format="%cd")`
			`RELEASE_DIR := release/$(VERSION)`
			`CONFIG_DIR := config`
			`CACHE_DIR := cache`
			`SRC_DIR := src`
			`OUT_DIR := out`
			`docker = docker`

			`include $(CONFIG_DIR)/global.env`
			`export $(shell sed 's/=.*//' $(CONFIG_DIR)/global.env)`

			`## Use env vars from existing release if present`
			`ifneq (,$(wildcard $(RELEASE_DIR)/release.env))`
			`include $(RELEASE_DIR)/release.env`
			`export`
			`endif`

			`executables = $(docker) git patch`

			`.PHONY: toolchain`
			`toolchain: $(CACHE_DIR)/toolchain.tar $(CACHE_DIR)/toolchain.env`

			`# Launch a shell inside the toolchain container`
			`.PHONY: toolchain-shell`
			`toolchain-shell: toolchain`
			`$(call toolchain,$(USER),"bash --norc")`

			`# Pin all packages in toolchain container to latest versions`
			`.PHONY: toolchain-update`
			`toolchain-update:`
			`docker run \`
			`--rm \`
			`--env LOCAL_USER=$(USER) \`
			`--platform=linux/$(ARCH) \`
			`--volume $(PWD)/$(CONFIG_DIR):/config \`
			`--volume $(PWD)/$(SRC_DIR)/toolchain/scripts:/usr/local/bin \`
			`--env ARCH=$(ARCH) \`
			`--interactive \`
			`--tty \`
			`debian@sha256:$(DEBIAN_HASH) \`
			`bash -c /usr/local/bin/packages-update`

			`.PHONY: attest`
			`attest:`
			`rm -rf $(CACHE_DIR) $(OUT_DIR)`
			`$(MAKE)`
			`diff -q $(OUT_DIR)/manifest.txt release/$(VERSION)/manifest.txt;`

			`$(RELEASE_DIR):`
			`mkdir -p $@`

			`$(CACHE_DIR):`
			`mkdir -p $@`

			`$(OUT_DIR):`
			`mkdir -p $@`

			`.ONESHELL:`
			`$(CACHE_DIR)/toolchain.env: $(CACHE_DIR)`
			`cat <<- EOF > $@`
			`HOME=/home/build`
			`PS1=$(NAME)-toolchain`
			`GNUPGHOME=/cache/.gnupg`
			`ARCH=$(ARCH)`
			`TARGET=$(ARCH)`
			`GIT_REF=$(GIT_REF)`
			`GIT_AUTHOR=$(GIT_AUTHOR)`
			`GIT_KEY=$(GIT_KEY)`
			`GIT_DATETIME=$(GIT_DATETIME)`
			`GIT_EPOCH=$(GIT_EPOCH)`
			`FAKETIME_FMT="%s"`
			`FAKETIME="1"`
			`SOURCE_DATE_EPOCH=1`
			`KBUILD_BUILD_TIMESTAMP="1970-01-01 00:00:00 UTC"`
			`KCONFIG_NOTIMESTAMP=1`
			`KBUILD_BUILD_USER=root`
			`KBUILD_BUILD_HOST=$(NAME)`
			`KBUILD_BUILD_VERSION=1`
			`UID=$(shell id -u)`
			`GID=$(shell id -g)`
			`RELEASE_DIR=release/$(VERSION)`
			`CONFIG_DIR=/home/build/$(CONFIG_DIR)`
			`CACHE_DIR=/home/build/$(CACHE_DIR)`
			`SRC_DIR=/home/build/$(SRC_DIR)`
			`OUT_DIR=/home/build/$(OUT_DIR)`
			`EOF`

			`$(CACHE_DIR)/toolchain.tar:`
			`mkdir -p $(CACHE_DIR)`
			`DOCKER_BUILDKIT=1 \`
			`docker build \`
			`--tag $(IMAGE) \`
			`--build-arg DEBIAN_HASH=$(DEBIAN_HASH) \`
			`--build-arg CONFIG_DIR=$(CONFIG_DIR) \`
			`--build-arg SCRIPTS_DIR=$(SRC_DIR)/toolchain/scripts \`
			`--platform=linux/$(ARCH) \`
			`-f $(SRC_DIR)/toolchain/Dockerfile \`
			`.`
			`docker save "$(IMAGE)" -o "$@"`

			`$(RELEASE_DIR)/release.env: \`
			`$(RELEASE_DIR) \`
			`$(OUT_DIR)/release.env`
			`cp $(OUT_DIR)/release.env $(RELEASE_DIR)/release.env`

			`$(RELEASE_DIR)/manifest.txt: \`
			`$(RELEASE_DIR) \`
			`$(OUT_DIR)/manifest.txt`
			`cp $(OUT_DIR)/manifest.txt $(RELEASE_DIR)/manifest.txt`

			`$(OUT_DIR)/release.env: \| $(OUT_DIR)`
			`echo 'VERSION=$(VERSION)' > $(OUT_DIR)/release.env`
			`echo 'GIT_REF=$(GIT_REF)' >> $(OUT_DIR)/release.env`
			`echo 'GIT_AUTHOR=$(GIT_AUTHOR)' >> $(OUT_DIR)/release.env`
			`echo 'GIT_KEY=$(GIT_KEY)' >> $(OUT_DIR)/release.env`
			`echo 'GIT_DATETIME=$(GIT_DATETIME)' >> $(OUT_DIR)/release.env`

			`$(OUT_DIR)/manifest.txt: \| $(OUT_DIR)`
			`find $(OUT_DIR) \`
			`-type f \`
			`-not -path "$(OUT_DIR)/manifest.txt" \`
			`-exec openssl sha256 -r {} \; \`
			`\| sed -e 's/ \*/ /g' -e 's/ \.\// /g' \`
			`\| LC_ALL=C sort -k2 \`
			`> $@`

			`check_executables := $(foreach exec,$(executables),\$(if \`
			`$(shell which $(exec)),some string,$(error "No $(exec) in PATH")))`

			`define git_clone`
			`[ -d $(CACHE_DIR)/$(1) ] \|\| git clone $(2) $(CACHE_DIR)/$(1)`
			`git -C $(CACHE_DIR)/$(1) checkout $(3)`
			`git -C $(CACHE_DIR)/$(1) rev-parse --verify HEAD \| grep -q $(3) \|\| { \`
			`echo 'Error: Git ref/branch collision.'; exit 1; \`
			`};`
			`endef`

			`define apply_patches`
			`[ -d $(2) ] && $(call toolchain,$(USER)," \`
			`cd $(1); \`
			`git restore .; \`
			`find /$(2) -type f -iname '*.patch' -print0 \`
			`\| xargs -t -0 -n 1 patch -p1 --no-backup-if-mismatch -i ; \`
			`")`
			`endef`

			`define toolchain`
			`docker load -i $(CACHE_DIR)/toolchain.tar`
			`docker run \`
			`--rm \`
			`--tty \`
			`--interactive \`
			`--user=$(1) \`
			`--platform=linux/$(ARCH) \`
			`--cpus $(CPUS) \`
			`--volume $(PWD):/home/build \`
			`--workdir /home/build \`
			`--env-file=$(CONFIG_DIR)/global.env \`
			`--env-file=$(CACHE_DIR)/toolchain.env \`
			`$(IMAGE) \`
			`bash -c $(2)`
			`endef`