From beca9ece1b3a9f47d81b98f06fc4b0180704cabe Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Wed, 22 Jun 2016 15:34:57 -0400 Subject: First cut at release engineering for software that goes with the Alpha board. This may well end up merging with the firmware super-repository, but, having started down the road of making them separate, let's keep it that way while we get the initial stuff out of the way, then merge them if it still seems like a good idea when the basics are working. --- .gitmodules | 12 +++++++++ Makefile | 65 +++++++++++++++++++++++++++++++++++++++++++++ README.md | 31 +++++++++++++++++++++ reprepro-conf/distributions | 7 +++++ reprepro-conf/options | 4 +++ sw/Makefile | 17 ++++++++++++ sw/debian/compat | 1 + sw/debian/control | 14 ++++++++++ sw/debian/copyright | 27 +++++++++++++++++++ sw/debian/rules | 4 +++ sw/debian/source/format | 1 + sw/libhal | 1 + sw/pkcs11 | 1 + sw/thirdparty/libtfm | 1 + sw/thirdparty/sqlite3 | 1 + 15 files changed, 187 insertions(+) create mode 100644 .gitmodules create mode 100644 Makefile create mode 100644 README.md create mode 100644 reprepro-conf/distributions create mode 100644 reprepro-conf/options create mode 100644 sw/Makefile create mode 100644 sw/debian/compat create mode 100644 sw/debian/control create mode 100644 sw/debian/copyright create mode 100755 sw/debian/rules create mode 100644 sw/debian/source/format create mode 160000 sw/libhal create mode 160000 sw/pkcs11 create mode 160000 sw/thirdparty/libtfm create mode 160000 sw/thirdparty/sqlite3 diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..cb4501d --- /dev/null +++ b/.gitmodules @@ -0,0 +1,12 @@ +[submodule "sw/libhal"] + path = sw/libhal + url = https://git.cryptech.is/sw/libhal.git +[submodule "sw/pkcs11"] + path = sw/pkcs11 + url = https://git.cryptech.is/sw/pkcs11.git +[submodule "sw/thirdparty/libtfm"] + path = sw/thirdparty/libtfm + url = https://git.cryptech.is/sw/thirdparty/libtfm.git +[submodule "sw/thirdparty/sqlite3"] + path = sw/thirdparty/sqlite3 + url = https://git.cryptech.is/sw/thirdparty/sqlite3.git diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..8135639 --- /dev/null +++ b/Makefile @@ -0,0 +1,65 @@ +# Top-level build of software packages to work with Cryptech Alpha board. + +export CRYPTECH_VERSION := 2.0 + +HEAD_TIME := $(shell git show -s --format=%ct HEAD) +HEAD_HASH := $(shell git rev-parse HEAD) + +CRYPTECH_PACKAGE_VERSION := ${CRYPTECH_VERSION}~${HEAD_TIME}~${HEAD_HASH} + +# Command to generate a new changelog containing one entry. +# Does nothing if the changelog already exists. + +DCH = test -f debian/changelog || \ + EDITOR=true VISUAL=true TZ=UTC DEBEMAIL='APT Builder Robot ' \ + dch --create --package cryptech-alpha --newversion '${CRYPTECH_PACKAGE_VERSION}' \ + '$(strip Version ${CRYPTECH_VERSION} of software for Cryptech Alpha development board.)' + +REPOSITORY := /home/aptbot/alpha +GNUPGHOME := /home/aptbot/gnupg +CODENAME := wheezy +REPO_UMASK := 002 +UPLOAD_USER := aptbot +UPLOAD_URI := rsync://apt.cryptech.is/alpha/ + +export GNUPGHOME + + +all: init source pbuilder homebrew + +enchilada: all reprepro upload + +init: + git submodule update --init --recursive + +clean: + git clean -dfx + git submodule foreach --recursive git clean -dfx + +sandblast: clean + git submodule deinit -f . + +source: + cd sw; ${DCH} + cd sw; debuild -S -uc -us + +# Maybe use pdebuild here? Have full-blown multi-arch multi-dist +# pbuilder example for another project, but something simpler would be +# nice.... + +pbuilder: + cd sw; debuild -b -uc -us + +reprepro: ${REPOSITORY}/conf/distributions ${REPOSITORY}/conf/options + umask ${REPO_UMASK}; for f in *.changes; do reprepro -b ${REPOSITORY} include ${CODENAME} $$f; done + +${REPOSITORY}/conf/distributions ${REPOSITORY}/conf/options: + install -D reprepro-conf/$(notdir $@) ${REPOSITORY}/conf/$(notdir $@) + +RSYNC := rsync --rsh 'ssh -l ${UPLOAD_USER}' --archive --itemize-changes + +upload: + ${RSYNC} --ignore-existing ${REPOSITORY}/ ${UPLOAD_URI} + ${RSYNC} --delete --delete-delay ${REPOSITORY}/ ${UPLOAD_URI} + +.PHONY: all init clean source pbuilder homebrew reprepro upload enchilada sandblast diff --git a/README.md b/README.md new file mode 100644 index 0000000..15c1006 --- /dev/null +++ b/README.md @@ -0,0 +1,31 @@ +Preliminary release engineering super-repository for building software +to work with the Cryptech "Alpha" board. + +Primary task here is to build the PKCS #11 library and any needed +support tools for whichever platforms we support. This will involve +some packaging voodoo. + +Our first targets for this are Debian and Ubuntu, probably the Jessie +and Xenial releases, respectively. If we really need to support +multiple releases for each of these platforms, the packaging mechanics +become more complicated, so we may just stop here for these platforms +and assume we can fill any odd corners using the associated source +package. + +Our next target for this is likely to be Mac OS X. This should be +relatively straightforward so long as we only have to support Homebrew +and we don't have to produce Homebrew "bottles" (binary packages). If +we do need to bottle, we either need one or more Mac build machines or +we need some kind of cross-compilation scheme (eg, +https://github.com/tpoechtrager/osxcross). + +Supporting Homebrew at all requires a bit of extra voodoo on top of +supporting Debian packaging, but none of it looks particularly +difficult, and the Debian packaging will produce the source tarball we +need for the Homebrew formula, so integrating production of these two +kinds of packaging makes some sense. + +Windoze is not currently on the radar. In theory, MinGW would suffice +as a cross compiler if and when we have to do something about it. + +This README is probably obsolete by the time you're reading it. diff --git a/reprepro-conf/distributions b/reprepro-conf/distributions new file mode 100644 index 0000000..57c1afc --- /dev/null +++ b/reprepro-conf/distributions @@ -0,0 +1,7 @@ +Origin: cryptech.is +Label: cryptech.is APT repository +Codename: jessie +Architectures: i386 amd64 source +Components: main +Description: cryptech.is APT Repository +SignWith: yes diff --git a/reprepro-conf/options b/reprepro-conf/options new file mode 100644 index 0000000..f5ad660 --- /dev/null +++ b/reprepro-conf/options @@ -0,0 +1,4 @@ +verbose +ask-passphrase +basedir . +ignore wrongdistribution diff --git a/sw/Makefile b/sw/Makefile new file mode 100644 index 0000000..4b494a6 --- /dev/null +++ b/sw/Makefile @@ -0,0 +1,17 @@ +# Makefile to build Debian package for Cryptech Alpha board software + +all: + cd thirdparty/sqlite3; ${MAKE} + cd thirdparty/libtfm; ${MAKE} + cd libhal; ${MAKE} daemon + cd pkcs11; ${MAKE} + +clean distclean: + for d in thirdparty/libtfm libhal thirdparty/sqlite3 pkcs11; do (cd $$d && ${MAKE} $@); done + +install: all + install -m 644 -D pkcs11/libpkcs11.so ${DESTDIR}/usr/lib/libpkcs11.so + install -D pkcs11/p11util ${DESTDIR}/usr/sbin/p11util + install -D libhal/cryptech_rpcd ${DESTDIR}/usr/sbin/cryptech_rpcd + +# Might also want to install the firmware tarball, scripts to use it, .... diff --git a/sw/debian/compat b/sw/debian/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/sw/debian/compat @@ -0,0 +1 @@ +9 diff --git a/sw/debian/control b/sw/debian/control new file mode 100644 index 0000000..d7440f8 --- /dev/null +++ b/sw/debian/control @@ -0,0 +1,14 @@ +Source: cryptech-alpha +Maintainer: APT Builder Robot +Section: misc +Priority: optional +Standards-Version: 3.9.6 +Build-Depends: debhelper (>= 9) +Homepage: http://trac.cryptech.is/wiki + +Package: cryptech-alpha +Architecture: any +Depends: libc6 (>= 2.13), ${misc:Depends} +Description: Cryptech open-source crypto software + "cryptech-alpha" contains software for use with the Cryptech Project + "Alpha" development board. diff --git a/sw/debian/copyright b/sw/debian/copyright new file mode 100644 index 0000000..ec25460 --- /dev/null +++ b/sw/debian/copyright @@ -0,0 +1,27 @@ +Copyright (c) 2015-2016, NORDUnet A/S All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: +- Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + +- Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +- Neither the name of the NORDUnet nor the names of its contributors may + be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS +IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED +TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/sw/debian/rules b/sw/debian/rules new file mode 100755 index 0000000..2d33f6a --- /dev/null +++ b/sw/debian/rules @@ -0,0 +1,4 @@ +#!/usr/bin/make -f + +%: + dh $@ diff --git a/sw/debian/source/format b/sw/debian/source/format new file mode 100644 index 0000000..89ae9db --- /dev/null +++ b/sw/debian/source/format @@ -0,0 +1 @@ +3.0 (native) diff --git a/sw/libhal b/sw/libhal new file mode 160000 index 0000000..52f1eb5 --- /dev/null +++ b/sw/libhal @@ -0,0 +1 @@ +Subproject commit 52f1eb5c3dccd47d2434e0c7a302c23363790e1d diff --git a/sw/pkcs11 b/sw/pkcs11 new file mode 160000 index 0000000..6e7aabc --- /dev/null +++ b/sw/pkcs11 @@ -0,0 +1 @@ +Subproject commit 6e7aabc780ff9f70bf05d41b97cc973451e0b2ee diff --git a/sw/thirdparty/libtfm b/sw/thirdparty/libtfm new file mode 160000 index 0000000..357ca59 --- /dev/null +++ b/sw/thirdparty/libtfm @@ -0,0 +1 @@ +Subproject commit 357ca59060848fb72367b67ccae137d66de6fe34 diff --git a/sw/thirdparty/sqlite3 b/sw/thirdparty/sqlite3 new file mode 160000 index 0000000..be705c3 --- /dev/null +++ b/sw/thirdparty/sqlite3 @@ -0,0 +1 @@ +Subproject commit be705c3aecaf201b7f9c649cfed01e38e73c8f68 -- cgit v1.2.3