From 13143a84e45f06728db7f6a0722098eb01b3a236 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Wed, 29 Jun 2016 12:54:17 -0400
Subject: Add tamper.hex to firmware tarball; start adding support scripts;
 more minor build process cleanup.

---
 .gitmodules               |  3 +++
 Makefile                  | 21 +++++++++++----------
 build-firmware-package.py |  5 ++++-
 source/Makefile           |  3 ++-
 source/user/ln5/tamper    |  1 +
 5 files changed, 21 insertions(+), 12 deletions(-)
 create mode 160000 source/user/ln5/tamper

diff --git a/.gitmodules b/.gitmodules
index 6b5d092..5736430 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -55,3 +55,6 @@
 [submodule "source/user/ft/libcli"]
 	path = source/user/ft/libcli
 	url = https://git.cryptech.is/user/ft/libcli.git
+[submodule "source/user/ln5/tamper"]
+	path = source/user/ln5/tamper
+	url = https://git.cryptech.is/user/ln5/tamper.git
diff --git a/Makefile b/Makefile
index 0ff5e25..4d3900b 100644
--- a/Makefile
+++ b/Makefile
@@ -28,11 +28,7 @@ REPO_UPLOAD_URI	 := rsync://apt.cryptech.is/alpha/
 FIRMWARE_TARBALL := source/cryptech-alpha-firmware.tar.gz
 BITSTREAM	 := build/core/platform/alpha/build/alpha_fmc.bit
 ELVES		 := build/sw/stm32/projects/bootloader/bootloader.elf build/sw/stm32/projects/hsm/hsm.elf
-FIRMWARE_BINARY	 := ${ELVES} ${ELVES:.elf=.bin}
-FIRMWARE_ALL	 := ${BITSTREAM} ${FIRMWARE_BINARY}
-
-RTL_SOURCE	 := $(shell find source/core -name .git -prune -o -type f -print)
-SW_SOURCE	 := $(shell find source/sw source/user -name .git -prune -o -type f -print)
+TAMPER		 := build/user/ln5/tamper/tamper.hex
 
 # Command to generate a new changelog containing one entry.
 # Does nothing if the changelog already exists.
@@ -61,13 +57,12 @@ firmware: shadow ${FIRMWARE_TARBALL}
 shadow:
 	./build-shadow-tree.py
 
-${FIRMWARE_TARBALL}: ${BITSTREAM} $(sort ${ELVES} ${ELVES:.elf=.bin})
-	./build-firmware-package.py $(basename $@) $^
-	gzip -9f $(basename $@)
+${FIRMWARE_TARBALL}: ${BITSTREAM} $(sort ${ELVES} ${ELVES:.elf=.bin}) ${TAMPER}
+	./build-firmware-package.py $@ $^
 
 bitstream: ${BITSTREAM}
 
-${BITSTREAM}: ${RTL_SOURCE}
+${BITSTREAM}: $(shell find source/core -name .git -prune -o -type f -print)
 	${MAKE} -C build/core/platform/alpha/build
 
 ${ELVES:.elf=.bin}: shadow elves
@@ -75,7 +70,13 @@ ${ELVES:.elf=.bin}: shadow elves
 elves:
 	${MAKE} -C build/sw/stm32 distclean bootloader hsm
 
+${TAMPER}: tamper
+
+tamper:
+	${MAKE} -C $(dir ${TAMPER})
+
 dsc:
+	rm -f ${PACKAGE_NAME}_*.dsc ${PACKAGE_NAME}_*.tar.xz ${PACKAGE_NAME}_*_source.build ${PACKAGE_NAME}_*_source.changes
 	cd source; ${DCH}
 	cd source; debuild -S -uc -us
 
@@ -95,4 +96,4 @@ upload:
 	${RSYNC} --ignore-existing       ${REPO_BASE}/ ${REPO_UPLOAD_URI}
 	${RSYNC} --delete --delete-delay ${REPO_BASE}/ ${REPO_UPLOAD_URI}
 
-.PHONY: all init clean firmware shadow bitstream elves dsc pbuilder homebrew upload enchilada sandblast
+.PHONY: all init clean firmware shadow bitstream elves tamper dsc pbuilder homebrew upload enchilada sandblast
diff --git a/build-firmware-package.py b/build-firmware-package.py
index 0df116b..de77243 100755
--- a/build-firmware-package.py
+++ b/build-firmware-package.py
@@ -13,7 +13,7 @@ parser.add_argument("tarfile", type = argparse.FileType("wb"),  help = "tarball
 parser.add_argument("firmware", nargs = "+",                    help = "firmware files to stuff into tarball")
 args = parser.parse_args()
 
-tar     = tarfile.TarFile(mode = "w", fileobj = args.tarfile)
+tar     = tarfile.TarFile.open(fileobj = args.tarfile, mode = "w|gz")
 head    = subprocess.check_output(("git", "rev-parse", "HEAD")).strip()
 time    = subprocess.check_output(("git", "show", "-s", "--format=%ct", "HEAD")).strip()
 commits = [line.split() for line in subprocess.check_output(("git", "submodule", "status")).splitlines()]
@@ -32,3 +32,6 @@ with tempfile.NamedTemporaryFile() as f:
     if gpg.wait():
         raise subprocess.CalledProcessError(gpg.returncode, "gpg")
     tar.add(f.name, "MANIFEST")
+
+tar.close()
+args.tarfile.close()
diff --git a/source/Makefile b/source/Makefile
index 18462a8..173efac 100644
--- a/source/Makefile
+++ b/source/Makefile
@@ -17,8 +17,9 @@ clean distclean:
 install: all
 	install -D -m 644 cryptech-alpha-firmware.tar.gz	${DESTDIR}/usr/share/cryptech-alpha-firmware.tar.gz
 	install -D -m 644 sw/pkcs11/libpkcs11.so		${DESTDIR}/usr/lib/libpkcs11.so
+	ln	-s	            libpkcs11.so		${DESTDIR}/usr/lib/libpkcs11.so.0
 	install -D	  sw/pkcs11/p11util			${DESTDIR}/usr/sbin/p11util
 	install -D	  sw/pkcs11/libhal/cryptech_rpcd	${DESTDIR}/usr/sbin/cryptech_rpcd
-	ln	-s	  libpkcs11.so				${DESTDIR}/usr/lib/libpkcs11.so.0
+	install -D	  sw/stm32/projects/hsm/cryptech_upload ${DESTDIR}/usr/sbin/cryptech_upload
 
 # Still need scripts to do something useful with the firmware tarball
diff --git a/source/user/ln5/tamper b/source/user/ln5/tamper
new file mode 160000
index 0000000..54cd4de
--- /dev/null
+++ b/source/user/ln5/tamper
@@ -0,0 +1 @@
+Subproject commit 54cd4de78da2534b61c26a7f07abf45907e582d0
-- 
cgit v1.2.3