diff options
-rw-r--r-- | .gitmodules | 12 | ||||
-rw-r--r-- | Makefile | 65 | ||||
-rw-r--r-- | README.md | 31 | ||||
-rw-r--r-- | reprepro-conf/distributions | 7 | ||||
-rw-r--r-- | reprepro-conf/options | 4 | ||||
-rw-r--r-- | sw/Makefile | 17 | ||||
-rw-r--r-- | sw/debian/compat | 1 | ||||
-rw-r--r-- | sw/debian/control | 14 | ||||
-rw-r--r-- | sw/debian/copyright | 27 | ||||
-rwxr-xr-x | sw/debian/rules | 4 | ||||
-rw-r--r-- | sw/debian/source/format | 1 | ||||
m--------- | sw/libhal | 0 | ||||
m--------- | sw/pkcs11 | 0 | ||||
m--------- | sw/thirdparty/libtfm | 0 | ||||
m--------- | sw/thirdparty/sqlite3 | 0 |
15 files changed, 183 insertions, 0 deletions
diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..cb4501d --- /dev/null +++ b/.gitmodules @@ -0,0 +1,12 @@ +[submodule "sw/libhal"] + path = sw/libhal + url = https://git.cryptech.is/sw/libhal.git +[submodule "sw/pkcs11"] + path = sw/pkcs11 + url = https://git.cryptech.is/sw/pkcs11.git +[submodule "sw/thirdparty/libtfm"] + path = sw/thirdparty/libtfm + url = https://git.cryptech.is/sw/thirdparty/libtfm.git +[submodule "sw/thirdparty/sqlite3"] + path = sw/thirdparty/sqlite3 + url = https://git.cryptech.is/sw/thirdparty/sqlite3.git diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..8135639 --- /dev/null +++ b/Makefile @@ -0,0 +1,65 @@ +# Top-level build of software packages to work with Cryptech Alpha board. + +export CRYPTECH_VERSION := 2.0 + +HEAD_TIME := $(shell git show -s --format=%ct HEAD) +HEAD_HASH := $(shell git rev-parse HEAD) + +CRYPTECH_PACKAGE_VERSION := ${CRYPTECH_VERSION}~${HEAD_TIME}~${HEAD_HASH} + +# Command to generate a new changelog containing one entry. +# Does nothing if the changelog already exists. + +DCH = test -f debian/changelog || \ + EDITOR=true VISUAL=true TZ=UTC DEBEMAIL='APT Builder Robot <aptbot@cryptech.is>' \ + dch --create --package cryptech-alpha --newversion '${CRYPTECH_PACKAGE_VERSION}' \ + '$(strip Version ${CRYPTECH_VERSION} of software for Cryptech Alpha development board.)' + +REPOSITORY := /home/aptbot/alpha +GNUPGHOME := /home/aptbot/gnupg +CODENAME := wheezy +REPO_UMASK := 002 +UPLOAD_USER := aptbot +UPLOAD_URI := rsync://apt.cryptech.is/alpha/ + +export GNUPGHOME + + +all: init source pbuilder homebrew + +enchilada: all reprepro upload + +init: + git submodule update --init --recursive + +clean: + git clean -dfx + git submodule foreach --recursive git clean -dfx + +sandblast: clean + git submodule deinit -f . + +source: + cd sw; ${DCH} + cd sw; debuild -S -uc -us + +# Maybe use pdebuild here? Have full-blown multi-arch multi-dist +# pbuilder example for another project, but something simpler would be +# nice.... + +pbuilder: + cd sw; debuild -b -uc -us + +reprepro: ${REPOSITORY}/conf/distributions ${REPOSITORY}/conf/options + umask ${REPO_UMASK}; for f in *.changes; do reprepro -b ${REPOSITORY} include ${CODENAME} $$f; done + +${REPOSITORY}/conf/distributions ${REPOSITORY}/conf/options: + install -D reprepro-conf/$(notdir $@) ${REPOSITORY}/conf/$(notdir $@) + +RSYNC := rsync --rsh 'ssh -l ${UPLOAD_USER}' --archive --itemize-changes + +upload: + ${RSYNC} --ignore-existing ${REPOSITORY}/ ${UPLOAD_URI} + ${RSYNC} --delete --delete-delay ${REPOSITORY}/ ${UPLOAD_URI} + +.PHONY: all init clean source pbuilder homebrew reprepro upload enchilada sandblast diff --git a/README.md b/README.md new file mode 100644 index 0000000..15c1006 --- /dev/null +++ b/README.md @@ -0,0 +1,31 @@ +Preliminary release engineering super-repository for building software +to work with the Cryptech "Alpha" board. + +Primary task here is to build the PKCS #11 library and any needed +support tools for whichever platforms we support. This will involve +some packaging voodoo. + +Our first targets for this are Debian and Ubuntu, probably the Jessie +and Xenial releases, respectively. If we really need to support +multiple releases for each of these platforms, the packaging mechanics +become more complicated, so we may just stop here for these platforms +and assume we can fill any odd corners using the associated source +package. + +Our next target for this is likely to be Mac OS X. This should be +relatively straightforward so long as we only have to support Homebrew +and we don't have to produce Homebrew "bottles" (binary packages). If +we do need to bottle, we either need one or more Mac build machines or +we need some kind of cross-compilation scheme (eg, +https://github.com/tpoechtrager/osxcross). + +Supporting Homebrew at all requires a bit of extra voodoo on top of +supporting Debian packaging, but none of it looks particularly +difficult, and the Debian packaging will produce the source tarball we +need for the Homebrew formula, so integrating production of these two +kinds of packaging makes some sense. + +Windoze is not currently on the radar. In theory, MinGW would suffice +as a cross compiler if and when we have to do something about it. + +This README is probably obsolete by the time you're reading it. diff --git a/reprepro-conf/distributions b/reprepro-conf/distributions new file mode 100644 index 0000000..57c1afc --- /dev/null +++ b/reprepro-conf/distributions @@ -0,0 +1,7 @@ +Origin: cryptech.is +Label: cryptech.is APT repository +Codename: jessie +Architectures: i386 amd64 source +Components: main +Description: cryptech.is APT Repository +SignWith: yes diff --git a/reprepro-conf/options b/reprepro-conf/options new file mode 100644 index 0000000..f5ad660 --- /dev/null +++ b/reprepro-conf/options @@ -0,0 +1,4 @@ +verbose +ask-passphrase +basedir . +ignore wrongdistribution diff --git a/sw/Makefile b/sw/Makefile new file mode 100644 index 0000000..4b494a6 --- /dev/null +++ b/sw/Makefile @@ -0,0 +1,17 @@ +# Makefile to build Debian package for Cryptech Alpha board software + +all: + cd thirdparty/sqlite3; ${MAKE} + cd thirdparty/libtfm; ${MAKE} + cd libhal; ${MAKE} daemon + cd pkcs11; ${MAKE} + +clean distclean: + for d in thirdparty/libtfm libhal thirdparty/sqlite3 pkcs11; do (cd $$d && ${MAKE} $@); done + +install: all + install -m 644 -D pkcs11/libpkcs11.so ${DESTDIR}/usr/lib/libpkcs11.so + install -D pkcs11/p11util ${DESTDIR}/usr/sbin/p11util + install -D libhal/cryptech_rpcd ${DESTDIR}/usr/sbin/cryptech_rpcd + +# Might also want to install the firmware tarball, scripts to use it, .... diff --git a/sw/debian/compat b/sw/debian/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/sw/debian/compat @@ -0,0 +1 @@ +9 diff --git a/sw/debian/control b/sw/debian/control new file mode 100644 index 0000000..d7440f8 --- /dev/null +++ b/sw/debian/control @@ -0,0 +1,14 @@ +Source: cryptech-alpha +Maintainer: APT Builder Robot <aptbot@cryptech.is> +Section: misc +Priority: optional +Standards-Version: 3.9.6 +Build-Depends: debhelper (>= 9) +Homepage: http://trac.cryptech.is/wiki + +Package: cryptech-alpha +Architecture: any +Depends: libc6 (>= 2.13), ${misc:Depends} +Description: Cryptech open-source crypto software + "cryptech-alpha" contains software for use with the Cryptech Project + "Alpha" development board. diff --git a/sw/debian/copyright b/sw/debian/copyright new file mode 100644 index 0000000..ec25460 --- /dev/null +++ b/sw/debian/copyright @@ -0,0 +1,27 @@ +Copyright (c) 2015-2016, NORDUnet A/S All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: +- Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + +- Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +- Neither the name of the NORDUnet nor the names of its contributors may + be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS +IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/sw/debian/rules b/sw/debian/rules new file mode 100755 index 0000000..2d33f6a --- /dev/null +++ b/sw/debian/rules @@ -0,0 +1,4 @@ +#!/usr/bin/make -f + +%: + dh $@ diff --git a/sw/debian/source/format b/sw/debian/source/format new file mode 100644 index 0000000..89ae9db --- /dev/null +++ b/sw/debian/source/format @@ -0,0 +1 @@ +3.0 (native) diff --git a/sw/libhal b/sw/libhal new file mode 160000 +Subproject 52f1eb5c3dccd47d2434e0c7a302c23363790e1 diff --git a/sw/pkcs11 b/sw/pkcs11 new file mode 160000 +Subproject 6e7aabc780ff9f70bf05d41b97cc973451e0b2e diff --git a/sw/thirdparty/libtfm b/sw/thirdparty/libtfm new file mode 160000 +Subproject 357ca59060848fb72367b67ccae137d66de6fe3 diff --git a/sw/thirdparty/sqlite3 b/sw/thirdparty/sqlite3 new file mode 160000 +Subproject be705c3aecaf201b7f9c649cfed01e38e73c8f6 |