diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | Makefile | 52 | ||||
| -rwxr-xr-x | scripts/build-debian-control-files.py | 58 | ||||
| -rwxr-xr-x | scripts/build-firmware-package.py (renamed from build-firmware-package.py) | 0 | ||||
| -rwxr-xr-x | scripts/build-homebrew-formula.py (renamed from build-homebrew-formula.py) | 10 | ||||
| -rwxr-xr-x | scripts/build-shadow-tree.py (renamed from build-shadow-tree.py) | 0 | ||||
| -rw-r--r-- | source/debian/control | 22 | ||||
| m--------- | source/sw/libhal | 0 | ||||
| m--------- | source/sw/stm32 | 0 |
9 files changed, 104 insertions, 39 deletions
@@ -6,4 +6,5 @@ cryptech-alpha_*_source.changes screenlog.* source/cryptech-alpha-firmware.tar.gz source/debian/changelog +source/debian/control tap @@ -1,18 +1,50 @@ # Top-level package build for Cryptech Alpha board. -PACKAGE_NAME := cryptech-alpha -PACKAGE_VERSION := 2.0.$(shell git show -s --format=%ct HEAD) +# What we call the package before we start mucking with branches and revision numbers + +PACKAGE_BASE_NAME := cryptech-alpha +PACKAGE_BASE_VERSION := 2.0 + +# Git voodoo: plumbing commands to pull the current branch and list of +# all (local) branches, and to pull something we can use as a version +# number suffix. +# +# Using a timestamp here is not particularly friendly, but we're +# looking for something simple that all the packaging systems involved +# are willing to accept as a version number, so, at least for now, we +# avoid more interesting options such as git-describe. + +GIT_VERSION := $(shell git show -s --format=%ct HEAD) +GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD) +GIT_BRANCHES := $(notdir $(shell git for-each-ref --format '%(refname)' refs/heads/)) + +# Make voodoo: construct the package name, version number, and list of +# other package names (constructed on other branches) with which this +# one conflicts. + +PACKAGE_BRANCH = ${PACKAGE_BASE_NAME}$(and $(filter-out master,$(1)),-$(1)) +PACKAGE_NAME := $(call PACKAGE_BRANCH,${GIT_BRANCH}) +PACKAGE_CONFLICT := $(foreach I,$(filter-out ${GIT_BRANCH},${GIT_BRANCHES}),$(call PACKAGE_BRANCH,${I})) +PACKAGE_VERSION := ${PACKAGE_BASE_VERSION}.${GIT_VERSION} + +# gpg setup, for signing packages and repositories export GNUPGHOME := /home/aptbot/gnupg GPG_USER := APT Builder Robot <aptbot@cryptech.is> GPG_KEYID := 37A8E93F5D7E7B9A +# Package repository setup + REPO_BASE := /home/aptbot REPO_UMASK := 002 +# Debian clean-room package builder setup + PBUILDER_BASE := ${HOME}/pbuilder PBUILDER_TARGETS := debian/jessie/i386 debian/jessie/amd64 ubuntu/xenial/i386 ubuntu/xenial/amd64 +# Where we upload the final results (if we do) + REPO_UPLOAD_USER := aptbot REPO_UPLOAD_HOST := bikeshed.cryptech.is REPO_UPLOAD_DIRS := apt brew @@ -28,14 +60,6 @@ BITSTREAM := build/core/platform/alpha/build/alpha_fmc.bit ELVES := build/sw/stm32/projects/bootloader/bootloader.elf build/sw/stm32/projects/hsm/hsm.elf TAMPER := build/sw/tamper/tamper.hex -# Command to generate a new changelog containing one entry. -# Does nothing if the changelog already exists. - -DCH = test -f debian/changelog || \ - EDITOR=true VISUAL=true TZ=UTC DEBEMAIL='${GPG_USER}' \ - dch --create --package ${PACKAGE_NAME} --newversion '${PACKAGE_VERSION}' \ - 'Software and firmware for Cryptech Alpha development board.' - all: init firmware dsc pbuilder homebrew expire enchilada: all upload @@ -54,10 +78,10 @@ sandblast: clean firmware: shadow ${FIRMWARE_TARBALL} shadow: - ./build-shadow-tree.py + ./scripts/build-shadow-tree.py ${FIRMWARE_TARBALL}: ${BITSTREAM} $(sort ${ELVES} ${ELVES:.elf=.bin}) ${TAMPER} - fakeroot ./build-firmware-package.py $@ $^ + fakeroot ./scripts/build-firmware-package.py $@ $^ bitstream: ${BITSTREAM} @@ -76,7 +100,7 @@ tamper: dsc: rm -f source/debian/changelog ${PACKAGE_NAME}_*.dsc ${PACKAGE_NAME}_*.tar.xz ${PACKAGE_NAME}_*_source.build ${PACKAGE_NAME}_*_source.changes - cd source; ${DCH} + cd source; ../scripts/build-debian-control-files.py --debemail='${GPG_USER}' --package ${PACKAGE_NAME} --newversion '${PACKAGE_VERSION}' --conflicts='${PACKAGE_CONFLICT}' cd source; debuild -S -uc -us pbuilder: @@ -95,7 +119,7 @@ homebrew: umask ${REPO_UMASK}; \ git clone ${REPO_BASE}/brew/tap tap; \ cd tap; \ - ../build-homebrew-formula.py ${REPO_BASE}/brew/tarballs/${PACKAGE_NAME}_${PACKAGE_VERSION}.tar.xz ${PACKAGE_VERSION} ${PACKAGE_NAME}.rb; \ + ../scripts/build-homebrew-formula.py ${REPO_BASE}/brew/tarballs/${PACKAGE_NAME}_${PACKAGE_VERSION}.tar.xz ${PACKAGE_VERSION} ${PACKAGE_NAME}.rb ${PACKAGE_CONFLICT}; \ git add ${PACKAGE_NAME}.rb; \ git commit -S${GPG_KEYID} --author='${GPG_USER}' -m '${PACKAGE_NAME} ${PACKAGE_VERSION}'; \ git push diff --git a/scripts/build-debian-control-files.py b/scripts/build-debian-control-files.py new file mode 100755 index 0000000..1177049 --- /dev/null +++ b/scripts/build-debian-control-files.py @@ -0,0 +1,58 @@ +#!/usr/bin/env python + +import subprocess +import argparse +import sys +import os + +parser = argparse.ArgumentParser() +parser.add_argument("--debemail", required = True) +parser.add_argument("--package", required = True) +parser.add_argument("--newversion", required = True) +parser.add_argument("--description", default = "Software and firmware for Cryptech Alpha development board.") +parser.add_argument("--conflicts", nargs = "*") + +args = parser.parse_args() + +if os.path.exists("debian/control") and os.path.exists("debian/changelog"): + sys.exit(0) + +control_template= '''\ +Source: {args.package} +Maintainer: {args.debemail} +Section: misc +Priority: optional +Standards-Version: 3.9.6 +Build-Depends: debhelper (>= 9), + dh-python, + libsqlite3-dev, + python (>= 2.7), + python-yaml +Homepage: http://trac.cryptech.is/wiki + +Package: cryptech-alpha +Architecture: any +Depends: python, + python-serial (>= 3.0), + ${{misc:Depends}}, + ${{python:Depends}}, + ${{shlibs:Depends}} +{conflicts}\ +Description: Cryptech Project open-source cryptographic software and firmware. + {args.description} +''' + +if args.conflicts: + conflicts = "Conflicts: {}\n".format(" ".join(args.conflicts)) +else: + conflicts = "" + +subprocess.check_call(("dch", "--create", "--package", args.package, "--newversion", args.newversion, args.description), + env = dict(os.environ, + EDITOR = "/bin/true", + VISUAL = "/bin/true", + TZ = "UTC", + DEBEMAIL = args.debemail)) + +with open("debian/control", "w") as f: + f.write(control_template.format(args = args, conflicts = conflicts)) diff --git a/build-firmware-package.py b/scripts/build-firmware-package.py index c44b8bd..c44b8bd 100755 --- a/build-firmware-package.py +++ b/scripts/build-firmware-package.py diff --git a/build-homebrew-formula.py b/scripts/build-homebrew-formula.py index f8adb7b..6d43b45 100755 --- a/build-homebrew-formula.py +++ b/scripts/build-homebrew-formula.py @@ -12,6 +12,7 @@ parser.add_argument("--url-base", default = "https://brew.cryptech.is/tarballs/" parser.add_argument("tarball") parser.add_argument("version") parser.add_argument("formula", type = argparse.FileType("w"), nargs = "?", default = sys.stdout) +parser.add_argument("conflicts", nargs = "*") args = parser.parse_args() template = '''\ @@ -26,6 +27,8 @@ class CryptechAlpha < Formula url "{url}" sha256 "{sha256}" +{conflicts} + # See https://github.com/Homebrew/brew/blob/master/share/doc/homebrew/Formula-Cookbook.md#specifying-other-formulae-as-dependencies # for details on handling dependencies on other homebrew packages (eg, sqlite3). @@ -90,6 +93,7 @@ with open(args.tarball, "rb") as f: digest = hashlib.sha256(f.read()).hexdigest() args.formula.write(template.format( - version = args.version, - url = os.path.join(args.url_base, os.path.basename(args.tarball)), - sha256 = digest)) + version = args.version, + url = os.path.join(args.url_base, os.path.basename(args.tarball)), + sha256 = digest, + conflicts = "".join("conflicts_with \"{}\", :because => \"firmware and pkcs11 library must match\"\n".format(i) for i in args.conflicts))) diff --git a/build-shadow-tree.py b/scripts/build-shadow-tree.py index 378797f..378797f 100755 --- a/build-shadow-tree.py +++ b/scripts/build-shadow-tree.py diff --git a/source/debian/control b/source/debian/control deleted file mode 100644 index fcca634..0000000 --- a/source/debian/control +++ /dev/null @@ -1,22 +0,0 @@ -Source: cryptech-alpha -Maintainer: APT Builder Robot <aptbot@cryptech.is> -Section: misc -Priority: optional -Standards-Version: 3.9.6 -Build-Depends: debhelper (>= 9), - dh-python, - libsqlite3-dev, - python (>= 2.7), - python-yaml -Homepage: http://trac.cryptech.is/wiki - -Package: cryptech-alpha -Architecture: any -Depends: python, - python-serial (>= 3.0), - ${misc:Depends}, - ${python:Depends}, - ${shlibs:Depends} -Description: Cryptech open-source crypto software - "cryptech-alpha" contains software for use with the Cryptech Project - "Alpha" development board. diff --git a/source/sw/libhal b/source/sw/libhal -Subproject 0166b1b370862ab34335af3d5710304dc354649 +Subproject 1295f7ebbfaff3ad098fe9d4cafa32a1f375056 diff --git a/source/sw/stm32 b/source/sw/stm32 -Subproject 057c2bd09138dfd626289b27929427021f1b1c2 +Subproject d172acba926b72c57c47697bd640c51c0fcb038 |