From 4e745ec22b4ff3f481a1dfb1a2dc322130c73d33 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Sun, 3 Jul 2016 15:15:51 -0400 Subject: Simplify version numbering, add preliminary Homebrew support. --- Makefile | 48 ++++++++++++++++++++++++++------------- build-homebrew-formula.py | 57 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 89 insertions(+), 16 deletions(-) create mode 100755 build-homebrew-formula.py diff --git a/Makefile b/Makefile index 98378ce..1e15c3d 100644 --- a/Makefile +++ b/Makefile @@ -1,23 +1,21 @@ # Top-level package build for Cryptech Alpha board. -export CRYPTECH_VERSION := 2.0 - -HEAD_TIME := $(shell git show -s --format=%ct HEAD) -HEAD_HASH := $(shell git rev-parse HEAD) - PACKAGE_NAME := cryptech-alpha -PACKAGE_VERSION := ${CRYPTECH_VERSION}~${HEAD_TIME}~${HEAD_HASH} +PACKAGE_VERSION := 2.0.$(shell git show -s --format=%ct HEAD) export GNUPGHOME := /home/aptbot/gnupg +GPG_USER := APT Builder Robot +GPG_KEYID := 37A8E93F5D7E7B9A -REPO_BASE := /home/aptbot/alpha +REPO_BASE := /home/aptbot REPO_UMASK := 002 PBUILDER_BASE := ${HOME}/pbuilder PBUILDER_TARGETS := debian/jessie/i386 debian/jessie/amd64 ubuntu/xenial/i386 ubuntu/xenial/amd64 REPO_UPLOAD_USER := aptbot -REPO_UPLOAD_URI := rsync://apt.cryptech.is/alpha/ +REPO_UPLOAD_HOST := bikeshed.cryptech.is +REPO_UPLOAD_DIRS := apt brew # Yes, we really are putting the firmware tarball into the source package. # We want to supply the firmware in both source and binary form, to save users @@ -34,11 +32,11 @@ TAMPER := build/user/ln5/tamper/tamper.hex # Does nothing if the changelog already exists. DCH = test -f debian/changelog || \ - EDITOR=true VISUAL=true TZ=UTC DEBEMAIL='APT Builder Robot ' \ + EDITOR=true VISUAL=true TZ=UTC DEBEMAIL='${GPG_USER}' \ dch --create --package ${PACKAGE_NAME} --newversion '${PACKAGE_VERSION}' \ - '$(strip Version ${CRYPTECH_VERSION} package for Cryptech Alpha development board.)' + 'Software and firmware for Cryptech Alpha development board.' -all: init firmware dsc pbuilder homebrew +all: init firmware dsc pbuilder homebrew expire enchilada: all upload @@ -85,15 +83,33 @@ pbuilder: umask ${REPO_UMASK}; \ for target in ${PBUILDER_TARGETS}; do echo $$target | tr '/' ' '; done | \ while read dist code arch; do \ - reprepro -b ${REPO_BASE}/$$dist -A $$arch list $$code ${PACKAGE_NAME} | awk '{v = $$3} END {exit v != "${PACKAGE_VERSION}"}' && continue; \ + reprepro -b ${REPO_BASE}/apt/$$dist -A $$arch list $$code ${PACKAGE_NAME} | awk '{v = $$3} END {exit v != "${PACKAGE_VERSION}"}' && continue; \ pbuilder-dist $$code $$arch build ${PACKAGE_NAME}_${PACKAGE_VERSION}.dsc; \ - reprepro -b ${REPO_BASE}/$$dist include $$code ${PBUILDER_BASE}/$${code}-$${arch}_result/${PACKAGE_NAME}_${PACKAGE_VERSION}_$${arch}.changes; \ + cp -p ${PBUILDER_BASE}/$${code}-$${arch}_result/${PACKAGE_NAME}_${PACKAGE_VERSION}.tar.xz ${REPO_BASE}/brew/tarballs/; \ + reprepro -b ${REPO_BASE}/apt/$$dist include $$code ${PBUILDER_BASE}/$${code}-$${arch}_result/${PACKAGE_NAME}_${PACKAGE_VERSION}_$${arch}.changes; \ done +homebrew: + rm -rf tap + umask ${REPO_UMASK}; \ + git clone ${REPO_BASE}/brew/tap tap; \ + cd tap; \ + ../build-homebrew-formula.py ${REPO_BASE}/brew/tarballs/${PACKAGE_NAME}_${PACKAGE_VERSION}.tar.xz ${PACKAGE_VERSION} ${PACKAGE_NAME}.rb; \ + git add ${PACKAGE_NAME}.rb; \ + git commit -S${GPG_KEYID} --author='${GPG_USER}' -m '${PACKAGE_NAME} ${PACKAGE_VERSION}'; \ + git push +# rm -rf tap + +# Still need: +# +# expire: target to expire old tarballs from .../brew/tarballs/, along the lines of download.rpki.net scripts + RSYNC := rsync --rsh 'ssh -l ${REPO_UPLOAD_USER}' --archive --itemize-changes upload: - ${RSYNC} --ignore-existing ${REPO_BASE}/ ${REPO_UPLOAD_URI} - ${RSYNC} --delete --delete-delay ${REPO_BASE}/ ${REPO_UPLOAD_URI} + for dir in ${REPO_UPLOAD_DIRS}; do \ + ${RSYNC} --ignore-existing ${REPO_BASE}/$${dir}/ rsync://${REPO_UPLOAD_HOST}/$${dir}/ \ + ${RSYNC} --delete --delete-delay ${REPO_BASE}/$${dir}/ rsync://${REPO_UPLOAD_HOST}/$${dir}/ \ + done -.PHONY: all init clean firmware shadow bitstream elves tamper dsc pbuilder homebrew upload enchilada sandblast +.PHONY: all init clean firmware shadow bitstream elves tamper dsc pbuilder homebrew expire upload enchilada sandblast diff --git a/build-homebrew-formula.py b/build-homebrew-formula.py new file mode 100755 index 0000000..8f29720 --- /dev/null +++ b/build-homebrew-formula.py @@ -0,0 +1,57 @@ +#!/usr/bin/env python + +# Yes, this is a Python program writing a Ruby program. + +import argparse +import hashlib +import sys +import os + +parser = argparse.ArgumentParser() +parser.add_argument("--url-base", default = "https://brew.cryptech.is/tarballs/") +parser.add_argument("tarball") +parser.add_argument("version") +parser.add_argument("formula", type = argparse.FileType("w"), nargs = "?", default = sys.stdout) +args = parser.parse_args() + +template = '''\ +# This Homebrew forumula was automatically generated by a script. +# You might not want to edit it manually. + +class CryptechAlpha < Formula + + desc "Software for working with Cryptech Alpha board HSM" + homepage "https://cryptech.is/" + version "{version}" + url "{url}" + sha256 "{sha256}" + + # Eventually we'll want resource clauses here to pull in stuff we + # need from pypi, see brew doc for that, but skip it initially. + + # We should also specify a dependency on sqlite3, and perhaps other + # packages. Skip that for now too. + + # If we get really ambitous, it would be nice to have "bottled" + # (precompiled binary) versions, but that requires either a build + # farm or some kind of cross-compilation. + + def install + ENV.deparallelize + system "make", "-C", "sw/pkcs11" + share.install "cryptech-alpha-firmware.tar.gz" + lib.install "sw/pkcs11/libpkcs11.dylib" + sbin.install "sw/pkcs11/p11util" + sbin.install "sw/stm32/projects/hsm/cryptech_upload" + end + +end +''' + +with open(args.tarball, "rb") as f: + digest = hashlib.sha256(f.read()).hexdigest() + +args.formula.write(template.format( + version = args.version, + url = os.path.join(args.url_base, os.path.basename(args.tarball)), + sha256 = digest)) -- cgit v1.2.3