aboutsummaryrefslogtreecommitdiff
path: root/Makefile
blob: 67aa51bc2a575ca5cfff93bcc46057c12b976c67 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
# Top-level package build for Cryptech Alpha board.

# What we call the package before we start mucking with branches and revision numbers

PACKAGE_BASE_NAME    := cryptech-alpha
PACKAGE_BASE_VERSION := 2.0

# Git voodoo: plumbing commands to pull the current branch and list of
# all (local) branches, and to pull something we can use as a version
# number suffix.
#
# Using a timestamp here is not particularly friendly, but we're
# looking for something simple that all the packaging systems involved
# are willing to accept as a version number, so, at least for now, we
# avoid more interesting options such as git-describe.

GIT_VERSION	 := $(shell git show -s --format=%ct HEAD)
GIT_BRANCH	 := $(shell git rev-parse --abbrev-ref HEAD)
GIT_BRANCHES	 := $(filter-out HEAD,$(sort $(notdir $(shell git for-each-ref --format '%(refname)' refs/heads/ refs/remotes/))))

# Make voodoo: construct the package name, version number, and list of
# other package names (constructed on other branches) with which this
# one conflicts.

PACKAGE_BRANCH	  = ${PACKAGE_BASE_NAME}$(and $(filter-out master,$(1)),-$(1))
PACKAGE_NAME	 := $(call PACKAGE_BRANCH,${GIT_BRANCH})
PACKAGE_CONFLICT := $(foreach I,$(filter-out ${GIT_BRANCH},${GIT_BRANCHES}),$(call PACKAGE_BRANCH,${I}))
PACKAGE_VERSION  := ${PACKAGE_BASE_VERSION}.${GIT_VERSION}

# gpg setup, for signing packages and repositories

export GNUPGHOME := /home/aptbot/gnupg
GPG_USER	 := APT Builder Robot <aptbot@cryptech.is>
GPG_KEYID	 := 37A8E93F5D7E7B9A

# Package repository setup

REPO_BASE	 := /home/aptbot
REPO_UMASK	 := 002

# Debian clean-room package builder setup

PBUILDER_BASE	 := ${HOME}/pbuilder
PBUILDER_TARGETS := debian/jessie/i386 debian/jessie/amd64 ubuntu/xenial/i386 ubuntu/xenial/amd64

# Where we upload the final results (if we do)

REPO_UPLOAD_USER := aptbot
REPO_UPLOAD_HOST := bikeshed.cryptech.is
REPO_UPLOAD_DIRS := apt brew

# Yes, we really are putting the firmware tarball into the source package.
# We want to supply the firmware in both source and binary form, to save users
# the trouble of all the cross compilation and Verilog synthesis, and the Alpha
# firmware is the same regardless of the host platform, so including the firmware
# tarball in the source package lets us simplify installation for the user.

FIRMWARE_TARBALL := source/cryptech-alpha-firmware.tar.gz
BITSTREAM	 := build/core/platform/alpha/build/alpha_fmc.bit
ELVES		 := build/sw/stm32/projects/bootloader/bootloader.elf build/sw/stm32/projects/hsm/hsm.elf
TAMPER		 := build/sw/tamper/tamper.hex

all: init firmware dsc pbuilder homebrew expire

enchilada: all upload

init:
	git submodule update --init --recursive

tidy:
	rm -rf tap
	git clean -dfx -e build
	git submodule foreach --recursive git clean -dfx

clean: tidy
	git clean -dfx

sandblast: clean
	git submodule deinit -f .

firmware: shadow ${FIRMWARE_TARBALL}

shadow:
	./scripts/build-shadow-tree.py

${FIRMWARE_TARBALL}: ${BITSTREAM} $(sort ${ELVES} ${ELVES:.elf=.bin}) ${TAMPER}
	fakeroot ./scripts/build-firmware-package.py $@ $^

bitstream: ${BITSTREAM}

${BITSTREAM}: $(shell find source/core -name .git -prune -o -type f -print)
	${MAKE} -C build/core/platform/alpha/build

${ELVES:.elf=.bin}: shadow elves

elves:
	${MAKE} -C build/sw/stm32 distclean bootloader hsm

${TAMPER}: tamper

tamper:
	${MAKE} -C $(dir ${TAMPER})

dsc:
	rm -f source/debian/changelog ${PACKAGE_NAME}_*.dsc ${PACKAGE_NAME}_*.tar.xz ${PACKAGE_NAME}_*_source.build ${PACKAGE_NAME}_*_source.changes
	cd source; ../scripts/build-debian-control-files.py --debemail='${GPG_USER}' --package ${PACKAGE_NAME} --newversion '${PACKAGE_VERSION}' --conflicts='${PACKAGE_CONFLICT}'
	cd source; debuild -S -uc -us

pbuilder:
	rm -f ${PBUILDER_BASE}/*result/*
	umask ${REPO_UMASK}; \
	for target in ${PBUILDER_TARGETS}; do echo $$target | tr '/' ' '; done | \
	while read dist code arch; do \
		reprepro -b ${REPO_BASE}/apt/$$dist -A $$arch list $$code ${PACKAGE_NAME} | awk '{v = $$3} END {exit v != "${PACKAGE_VERSION}"}' && continue; \
		pbuilder-dist $$code $$arch build ${PACKAGE_NAME}_${PACKAGE_VERSION}.dsc; \
		cp -p ${PBUILDER_BASE}/$${code}-$${arch}_result/${PACKAGE_NAME}_${PACKAGE_VERSION}.tar.xz ${REPO_BASE}/brew/tarballs/; \
		reprepro -b ${REPO_BASE}/apt/$$dist include $$code ${PBUILDER_BASE}/$${code}-$${arch}_result/${PACKAGE_NAME}_${PACKAGE_VERSION}_$${arch}.changes; \
	done

homebrew:
	rm -rf tap
	umask ${REPO_UMASK}; \
	git clone ${REPO_BASE}/brew/tap tap; \
	cd tap; \
	../scripts/build-homebrew-formula.py --tarball ${REPO_BASE}/brew/tarballs/${PACKAGE_NAME}_${PACKAGE_VERSION}.tar.xz --formula ${PACKAGE_NAME}.rb \
		--package ${PACKAGE_NAME} --version ${PACKAGE_VERSION} --conflicts ${PACKAGE_CONFLICT}; \
	git add ${PACKAGE_NAME}.rb; \
	git commit -S${GPG_KEYID} --author='${GPG_USER}' -m '${PACKAGE_NAME} ${PACKAGE_VERSION}'; \
	git push
#	rm -rf tap

expire:
	find ${REPO_BASE}/brew/tarballs \
		-name '${PACKAGE_NAME}_*.tar.xz' \
	      ! -name '${PACKAGE_NAME}_${PACKAGE_VERSION}.tar.xz' \
		-mtime +7 -ls -delete

RSYNC	:= rsync --rsh 'ssh -l ${REPO_UPLOAD_USER}' --archive --itemize-changes

upload:
	for dir in ${REPO_UPLOAD_DIRS}; do \
		${RSYNC} --ignore-existing       ${REPO_BASE}/$${dir}/	rsync://${REPO_UPLOAD_HOST}/$${dir}/; \
		${RSYNC} --delete --delete-delay ${REPO_BASE}/$${dir}/	rsync://${REPO_UPLOAD_HOST}/$${dir}/; \
	done

bother:
	for dir in ${REPO_UPLOAD_DIRS}; do \
		${RSYNC} --delete rsync://${REPO_UPLOAD_HOST}/$${dir}/ ${REPO_BASE}/$${dir}/; \
	done

happy:
	git pull

.PHONY: all init clean firmware shadow bitstream elves tamper dsc pbuilder homebrew expire upload enchilada sandblast happy bother