forked from public/airgap
184 lines
4.3 KiB
Makefile
184 lines
4.3 KiB
Makefile
NAME := airgap
|
|
IMAGE := local/$(NAME):latest
|
|
TARGET := x86_64
|
|
DEVICES := librem_13v4 librem_15v4
|
|
GIT_REF := $(shell git log -1 --format=%H config)
|
|
GIT_AUTHOR := $(shell git log -1 --format=%an config)
|
|
GIT_KEY := $(shell git log -1 --format=%GP config)
|
|
GIT_EPOCH := $(shell git log -1 --format=%at config)
|
|
GIT_DATETIME := \
|
|
$(shell git log -1 --format=%cd --date=format:'%Y-%m-%d %H:%M:%S' config)
|
|
VERSION := "develop"
|
|
RELEASE_DIR := release/$(VERSION)
|
|
ifeq ($(strip $(shell git status --porcelain 2>/dev/null)),)
|
|
GIT_STATE=clean
|
|
else
|
|
GIT_STATE=dirty
|
|
endif
|
|
OUT_DIR := build/buildroot/output/images
|
|
docker = docker
|
|
executables = $(docker)
|
|
|
|
.DEFAULT_GOAL := all
|
|
|
|
## Primary Targets
|
|
|
|
.PHONY: all
|
|
all: image fetch build hash
|
|
|
|
.PHONY: build
|
|
build: build-os build-fw
|
|
|
|
.PHONY: image
|
|
image:
|
|
$(docker) build \
|
|
--tag $(IMAGE) \
|
|
--file $(PWD)/config/container/Dockerfile \
|
|
$(IMAGE_OPTIONS) \
|
|
$(PWD)
|
|
|
|
.PHONY: fetch
|
|
fetch:
|
|
mkdir -p build release
|
|
$(contain) fetch
|
|
|
|
.PHONY: clean
|
|
clean:
|
|
$(contain) clean
|
|
|
|
.PHONY: mrproper
|
|
mrproper:
|
|
docker image rm -f $(IMAGE)
|
|
rm -rf build
|
|
|
|
.PHONY: build-os
|
|
build-os:
|
|
$(contain) build-os
|
|
mkdir -p $(RELEASE_DIR)
|
|
cp $(OUT_DIR)/rootfs.iso9660 $(RELEASE_DIR)/airgap_$(TARGET).iso
|
|
|
|
.PHONY: build-fw
|
|
build-fw:
|
|
$(contain) build-fw
|
|
mkdir -p $(RELEASE_DIR)
|
|
for device in $(DEVICES); do \
|
|
cp \
|
|
build/heads/build/$${device}/coreboot.rom \
|
|
$(RELEASE_DIR)/$${device}.rom ; \
|
|
done
|
|
|
|
## Release Targets
|
|
|
|
.PHONY: audit
|
|
audit:
|
|
mkdir -p build/audit
|
|
$(contain) audit
|
|
|
|
.PHONY: hash
|
|
hash:
|
|
if [ ! -f release/$(VERSION)/hashes.txt ]; then \
|
|
openssl sha256 -r release/$(VERSION)/*.rom \
|
|
> release/$(VERSION)/hashes.txt; \
|
|
openssl sha256 -r release/$(VERSION)/*.iso \
|
|
>> release/$(VERSION)/hashes.txt; \
|
|
fi
|
|
|
|
.PHONY: verify
|
|
verify:
|
|
mkdir -p build/audit/$(VERSION)
|
|
openssl sha256 -r $(RELEASE_DIR)/*.rom \
|
|
> build/audit/$(VERSION)/release_hashes.txt
|
|
openssl sha256 -r $(RELEASE_DIR)/*.iso \
|
|
>> build/audit/$(VERSION)/release_hashes.txt
|
|
diff -q build/audit/$(VERSION)/release_hashes.txt $(RELEASE_DIR)/hashes.txt;
|
|
|
|
.PHONY: sign
|
|
sign: $(RELEASE_DIR)/*.rom $(RELEASE_DIR)/*.iso
|
|
set -e; \
|
|
for file in $^; do \
|
|
gpg --armor --detach-sig "$${file}"; \
|
|
fingerprint=$$(\
|
|
gpg --list-packets $${file}.asc \
|
|
| grep "issuer key ID" \
|
|
| sed 's/.*\([A-Z0-9]\{16\}\).*/\1/g' \
|
|
); \
|
|
mv $${file}.asc $${file}.$${fingerprint}.asc; \
|
|
done
|
|
|
|
|
|
## Development Targets
|
|
|
|
.PHONY: shell
|
|
shell:
|
|
$(docker) inspect "$(NAME)" \
|
|
&& $(docker) exec --interactive --user=root --tty "$(NAME)" shell \
|
|
|| $(contain) shell
|
|
|
|
|
|
.PHONY: menuconfig
|
|
menuconfig:
|
|
$(contain) menuconfig
|
|
|
|
.PHONY: linux-menuconfig
|
|
linux-menuconfig:
|
|
$(contain) linux-menuconfig
|
|
|
|
.PHONY: vm
|
|
vm:
|
|
$(contain) vm
|
|
|
|
.PHONY: update-packages
|
|
update-packages:
|
|
docker rm -f "$(NAME)-update-packages" || :
|
|
docker run \
|
|
--rm \
|
|
--detach \
|
|
--name "$(NAME)-update-packages" \
|
|
--user $(userid):$(groupid) \
|
|
--env GIT_EPOCH="$(GIT_EPOCH)" \
|
|
--volume $(PWD)/config/container/packages.list:/etc/apt/packages-old.list \
|
|
--volume $(PWD)/config/container/apt.conf:/etc/apt/apt.conf \
|
|
--volume $(PWD)/scripts:/usr/local/bin \
|
|
debian tail -f /dev/null
|
|
docker exec -it --user=root "$(NAME)-update-packages" update-packages
|
|
docker cp \
|
|
"$(NAME)-update-packages:/etc/apt/packages.list" \
|
|
"$(PWD)/config/container/packages.list"
|
|
docker cp \
|
|
"$(NAME)-update-packages:/etc/apt/sources.list" \
|
|
"$(PWD)/config/container/sources.list"
|
|
docker cp \
|
|
"$(NAME)-update-packages:/etc/apt/package-hashes.txt" \
|
|
"$(PWD)/config/container/package-hashes.txt"
|
|
docker rm -f "$(NAME)-update-packages"
|
|
|
|
## Make Helpers
|
|
|
|
check_executables := $(foreach exec,$(executables),\$(if \
|
|
$(shell which $(exec)),some string,$(error "No $(exec) in PATH")))
|
|
|
|
userid = $(shell id -u)
|
|
groupid = $(shell id -g)
|
|
contain := \
|
|
$(docker) run \
|
|
--rm \
|
|
--tty \
|
|
--interactive \
|
|
--name "$(NAME)" \
|
|
--hostname "$(NAME)" \
|
|
--env TARGET="$(TARGET)" \
|
|
--env DEVICES="$(DEVICES)" \
|
|
--env GIT_DATETIME="$(GIT_DATETIME)" \
|
|
--env GIT_EPOCH="$(GIT_EPOCH)" \
|
|
--env GIT_REF="$(GIT_REF)" \
|
|
--env GIT_AUTHOR="$(GIT_AUTHOR)" \
|
|
--env GIT_KEY="$(GIT_KEY)" \
|
|
--env GIT_STATE="$(GIT_STATE)" \
|
|
--env UID="$(shell id -u)" \
|
|
--env GID="$(shell id -g)" \
|
|
--volume $(PWD)/build:/home/build/build \
|
|
--volume $(PWD)/config:/home/build/config \
|
|
--volume $(PWD)/release:/home/build/release \
|
|
--volume $(PWD)/scripts:/home/build/scripts \
|
|
$(IMAGE)
|