forked from public/airgap
add release verification and signing
This commit is contained in:
parent
4904c3f8d1
commit
d48965252a
|
@ -0,0 +1,5 @@
|
||||||
|
.*
|
||||||
|
build/
|
||||||
|
release/develop
|
||||||
|
release/*/*.iso
|
||||||
|
release/*/*.rom
|
68
Makefile
68
Makefile
|
@ -1,12 +1,15 @@
|
||||||
NAME := airgap
|
NAME := airgap
|
||||||
IMAGE := local/$(NAME):latest
|
IMAGE := local/$(NAME):latest
|
||||||
TARGET := librem13v4
|
TARGET := x86_64
|
||||||
GIT_DATETIME := \
|
DEVICES := librem13v4 librem15v4
|
||||||
$(shell git log -1 --format=%cd --date=format:'%Y-%m-%d %H:%M:%S' config)
|
|
||||||
GIT_REF := $(shell git log -1 --format=%H config)
|
GIT_REF := $(shell git log -1 --format=%H config)
|
||||||
GIT_AUTHOR := $(shell git log -1 --format=%an config)
|
GIT_AUTHOR := $(shell git log -1 --format=%an config)
|
||||||
GIT_KEY := $(shell git log -1 --format=%GP config)
|
GIT_KEY := $(shell git log -1 --format=%GP config)
|
||||||
GIT_EPOCH := $(shell git log -1 --format=%at config)
|
GIT_EPOCH := $(shell git log -1 --format=%at config)
|
||||||
|
GIT_DATETIME := \
|
||||||
|
$(shell git log -1 --format=%cd --date=format:'%Y-%m-%d %H:%M:%S' config)
|
||||||
|
VERSION := "develop"
|
||||||
|
RELEASE_DIR := release/$(VERSION)
|
||||||
ifeq ($(strip $(shell git status --porcelain 2>/dev/null)),)
|
ifeq ($(strip $(shell git status --porcelain 2>/dev/null)),)
|
||||||
GIT_STATE=clean
|
GIT_STATE=clean
|
||||||
else
|
else
|
||||||
|
@ -21,7 +24,23 @@ executables = $(docker)
|
||||||
## Primary Targets
|
## Primary Targets
|
||||||
|
|
||||||
.PHONY: all
|
.PHONY: all
|
||||||
all: fetch build
|
all: image fetch build hash
|
||||||
|
|
||||||
|
.PHONY: build
|
||||||
|
build: build-os build-fw
|
||||||
|
|
||||||
|
.PHONY: verify
|
||||||
|
verify:
|
||||||
|
mkdir -p build/verify/$(VERSION)
|
||||||
|
openssl sha256 $(RELEASE_DIR)/*.rom > build/verify/$(VERSION)/hashes.txt
|
||||||
|
openssl sha256 $(RELEASE_DIR)/*.iso >> build/verify/$(VERSION)/hashes.txt
|
||||||
|
diff -q build/verify/$(VERSION)/hashes.txt $(RELEASE_DIR)/hashes.txt;
|
||||||
|
|
||||||
|
.PHONY: sign
|
||||||
|
sign: $(RELEASE_DIR)/*.rom $(RELEASE_DIR)/*.iso
|
||||||
|
for file in $^; do \
|
||||||
|
gpg --armor --detach-sig "$${file}"; \
|
||||||
|
done
|
||||||
|
|
||||||
.PHONY: image
|
.PHONY: image
|
||||||
image:
|
image:
|
||||||
|
@ -31,14 +50,6 @@ image:
|
||||||
$(IMAGE_OPTIONS) \
|
$(IMAGE_OPTIONS) \
|
||||||
$(PWD)
|
$(PWD)
|
||||||
|
|
||||||
.PHONY: build
|
|
||||||
build:
|
|
||||||
$(contain) build
|
|
||||||
mkdir -p release/$(TARGET)
|
|
||||||
cp $(OUT_DIR)/rootfs.iso9660 release/$(TARGET)/airgap.iso
|
|
||||||
cp $(OUT_DIR)/rootfs.cpio release/$(TARGET)/initrd
|
|
||||||
cp $(OUT_DIR)/bzImage release/$(TARGET)/bzImage
|
|
||||||
|
|
||||||
.PHONY: fetch
|
.PHONY: fetch
|
||||||
fetch:
|
fetch:
|
||||||
mkdir -p build release
|
mkdir -p build release
|
||||||
|
@ -48,6 +59,36 @@ fetch:
|
||||||
clean:
|
clean:
|
||||||
$(contain) clean
|
$(contain) clean
|
||||||
|
|
||||||
|
.PHONY: mrproper
|
||||||
|
mrproper:
|
||||||
|
rm -rf build
|
||||||
|
|
||||||
|
.PHONY: build-os
|
||||||
|
build-os:
|
||||||
|
$(contain) build-os
|
||||||
|
mkdir -p $(RELEASE_DIR)
|
||||||
|
cp $(OUT_DIR)/rootfs.iso9660 $(RELEASE_DIR)/airgap_$(TARGET).iso
|
||||||
|
|
||||||
|
.PHONY: build-fw
|
||||||
|
build-fw:
|
||||||
|
$(contain) build-fw
|
||||||
|
mkdir -p $(RELEASE_DIR)
|
||||||
|
for device in $(DEVICES); do \
|
||||||
|
cp \
|
||||||
|
build/heads/build/$${device}/coreboot.rom \
|
||||||
|
$(RELEASE_DIR)/$${device}.rom ; \
|
||||||
|
done
|
||||||
|
|
||||||
|
.PHONY: hash
|
||||||
|
hash:
|
||||||
|
if [ ! -f release/$(VERSION)/hashes.txt ]; then \
|
||||||
|
openssl sha256 release/$(VERSION)/*.rom \
|
||||||
|
> release/$(VERSION)/hashes.txt; \
|
||||||
|
openssl sha256 release/$(VERSION)/*.iso \
|
||||||
|
>> release/$(VERSION)/hashes.txt; \
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
## Development Targets
|
## Development Targets
|
||||||
|
|
||||||
.PHONY: shell
|
.PHONY: shell
|
||||||
|
@ -100,7 +141,8 @@ contain := \
|
||||||
--name "$(NAME)" \
|
--name "$(NAME)" \
|
||||||
--hostname "$(NAME)" \
|
--hostname "$(NAME)" \
|
||||||
--user $(userid):$(groupid) \
|
--user $(userid):$(groupid) \
|
||||||
--env TARGET=$(TARGET) \
|
--env TARGET="$(TARGET)" \
|
||||||
|
--env DEVICES="$(DEVICES)" \
|
||||||
--env GIT_DATETIME="$(GIT_DATETIME)" \
|
--env GIT_DATETIME="$(GIT_DATETIME)" \
|
||||||
--env GIT_EPOCH="$(GIT_EPOCH)" \
|
--env GIT_EPOCH="$(GIT_EPOCH)" \
|
||||||
--env GIT_REF="$(GIT_REF)" \
|
--env GIT_REF="$(GIT_REF)" \
|
||||||
|
|
Loading…
Reference in New Issue