forked from public/airgap
158 lines
3.5 KiB
Makefile
158 lines
3.5 KiB
Makefile
NAME := airgap
|
|
IMAGE := local/$(NAME):latest
|
|
TARGET := x86_64
|
|
DEVICES := librem13v4 librem15v4
|
|
GIT_REF := $(shell git log -1 --format=%H config)
|
|
GIT_AUTHOR := $(shell git log -1 --format=%an config)
|
|
GIT_KEY := $(shell git log -1 --format=%GP config)
|
|
GIT_EPOCH := $(shell git log -1 --format=%at config)
|
|
GIT_DATETIME := \
|
|
$(shell git log -1 --format=%cd --date=format:'%Y-%m-%d %H:%M:%S' config)
|
|
VERSION := "develop"
|
|
RELEASE_DIR := release/$(VERSION)
|
|
ifeq ($(strip $(shell git status --porcelain 2>/dev/null)),)
|
|
GIT_STATE=clean
|
|
else
|
|
GIT_STATE=dirty
|
|
endif
|
|
OUT_DIR := build/buildroot/output/images
|
|
docker = docker
|
|
executables = $(docker)
|
|
|
|
.DEFAULT_GOAL := all
|
|
|
|
## Primary Targets
|
|
|
|
.PHONY: all
|
|
all: image fetch build hash
|
|
|
|
.PHONY: build
|
|
build: build-os build-fw
|
|
|
|
.PHONY: verify
|
|
verify:
|
|
mkdir -p build/verify/$(VERSION)
|
|
openssl sha256 $(RELEASE_DIR)/*.rom > build/verify/$(VERSION)/hashes.txt
|
|
openssl sha256 $(RELEASE_DIR)/*.iso >> build/verify/$(VERSION)/hashes.txt
|
|
diff -q build/verify/$(VERSION)/hashes.txt $(RELEASE_DIR)/hashes.txt;
|
|
|
|
.PHONY: sign
|
|
sign: $(RELEASE_DIR)/*.rom $(RELEASE_DIR)/*.iso
|
|
for file in $^; do \
|
|
gpg --armor --detach-sig "$${file}"; \
|
|
done
|
|
|
|
.PHONY: image
|
|
image:
|
|
$(docker) build \
|
|
--tag $(IMAGE) \
|
|
--file $(PWD)/config/container/Dockerfile \
|
|
$(IMAGE_OPTIONS) \
|
|
$(PWD)
|
|
|
|
.PHONY: fetch
|
|
fetch:
|
|
mkdir -p build release
|
|
$(contain) fetch
|
|
|
|
.PHONY: clean
|
|
clean:
|
|
$(contain) clean
|
|
|
|
.PHONY: mrproper
|
|
mrproper:
|
|
rm -rf build
|
|
|
|
.PHONY: build-os
|
|
build-os:
|
|
$(contain) build-os
|
|
mkdir -p $(RELEASE_DIR)
|
|
cp $(OUT_DIR)/rootfs.iso9660 $(RELEASE_DIR)/airgap_$(TARGET).iso
|
|
|
|
.PHONY: build-fw
|
|
build-fw:
|
|
$(contain) build-fw
|
|
mkdir -p $(RELEASE_DIR)
|
|
for device in $(DEVICES); do \
|
|
cp \
|
|
build/heads/build/$${device}/coreboot.rom \
|
|
$(RELEASE_DIR)/$${device}.rom ; \
|
|
done
|
|
|
|
.PHONY: hash
|
|
hash:
|
|
if [ ! -f release/$(VERSION)/hashes.txt ]; then \
|
|
openssl sha256 release/$(VERSION)/*.rom \
|
|
> release/$(VERSION)/hashes.txt; \
|
|
openssl sha256 release/$(VERSION)/*.iso \
|
|
>> release/$(VERSION)/hashes.txt; \
|
|
fi
|
|
|
|
|
|
## Development Targets
|
|
|
|
.PHONY: shell
|
|
shell:
|
|
$(docker) inspect "$(NAME)" \
|
|
&& $(docker) exec --interactive --tty "$(NAME)" shell \
|
|
|| $(contain) shell
|
|
|
|
|
|
.PHONY: menuconfig
|
|
menuconfig:
|
|
$(contain) menuconfig
|
|
|
|
.PHONY: menuconfig
|
|
linux-menuconfig:
|
|
$(contain) linux-menuconfig
|
|
|
|
.PHONY: vm
|
|
vm:
|
|
$(contain) vm
|
|
|
|
.PHONY: update-packages
|
|
update-packages:
|
|
$(docker) run \
|
|
--rm \
|
|
--detach \
|
|
--name "$(NAME)" \
|
|
--user $(userid):$(groupid) \
|
|
--volume $(PWD)/config:/home/build/config \
|
|
--volume $(PWD)/scripts:/home/build/scripts \
|
|
$(IMAGE) tail -f /dev/null
|
|
$(docker) exec -it --user=root "$(NAME)" update-packages
|
|
$(docker) cp \
|
|
"$(NAME):/etc/apt/packages.list" \
|
|
"$(PWD)/config/container/packages.list"
|
|
$(docker) rm -f "$(NAME)"
|
|
|
|
## Make Helpers
|
|
|
|
check_executables := $(foreach exec,$(executables),\$(if \
|
|
$(shell which $(exec)),some string,$(error "No $(exec) in PATH")))
|
|
|
|
userid = $(shell id -u)
|
|
groupid = $(shell id -g)
|
|
contain := \
|
|
$(docker) run \
|
|
--rm \
|
|
--tty \
|
|
--interactive \
|
|
--name "$(NAME)" \
|
|
--hostname "$(NAME)" \
|
|
--user $(userid):$(groupid) \
|
|
--env TARGET="$(TARGET)" \
|
|
--env DEVICES="$(DEVICES)" \
|
|
--env GIT_DATETIME="$(GIT_DATETIME)" \
|
|
--env GIT_EPOCH="$(GIT_EPOCH)" \
|
|
--env GIT_REF="$(GIT_REF)" \
|
|
--env GIT_AUTHOR="$(GIT_AUTHOR)" \
|
|
--env GIT_KEY="$(GIT_KEY)" \
|
|
--env GIT_STATE="$(GIT_STATE)" \
|
|
--security-opt seccomp=unconfined \
|
|
--volume $(PWD)/build:/home/build/build \
|
|
--volume $(PWD)/config:/home/build/config \
|
|
--volume $(PWD)/release:/home/build/release \
|
|
--volume $(PWD)/scripts:/home/build/scripts \
|
|
$(IMAGE)
|