blob: ca1bd2bb198b29565717f243835c7a79e2110e49 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
# Top-level package build for Cryptech Alpha board.
PACKAGE_NAME := cryptech-alpha
PACKAGE_VERSION := 2.0.$(shell git show -s --format=%ct HEAD)
export GNUPGHOME := /home/aptbot/gnupg
GPG_USER := APT Builder Robot <aptbot@cryptech.is>
GPG_KEYID := 37A8E93F5D7E7B9A
REPO_BASE := /home/aptbot
REPO_UMASK := 002
PBUILDER_BASE := ${HOME}/pbuilder
PBUILDER_TARGETS := debian/jessie/i386 debian/jessie/amd64 ubuntu/xenial/i386 ubuntu/xenial/amd64
REPO_UPLOAD_USER := aptbot
REPO_UPLOAD_HOST := bikeshed.cryptech.is
REPO_UPLOAD_DIRS := apt brew
# Yes, we really are putting the firmware tarball into the source package.
# We want to supply the firmware in both source and binary form, to save users
# the trouble of all the cross compilation and Verilog synthesis, and the Alpha
# firmware is the same regardless of the host platform, so including the firmware
# tarball in the source package lets us simplify installation for the user.
FIRMWARE_TARBALL := source/cryptech-alpha-firmware.tar.gz
BITSTREAM := build/core/platform/alpha/build/alpha_fmc.bit
ELVES := build/sw/stm32/projects/bootloader/bootloader.elf build/sw/stm32/projects/hsm/hsm.elf
TAMPER := build/user/ln5/tamper/tamper.hex
# Command to generate a new changelog containing one entry.
# Does nothing if the changelog already exists.
DCH = test -f debian/changelog || \
EDITOR=true VISUAL=true TZ=UTC DEBEMAIL='${GPG_USER}' \
dch --create --package ${PACKAGE_NAME} --newversion '${PACKAGE_VERSION}' \
'Software and firmware for Cryptech Alpha development board.'
all: init firmware dsc pbuilder homebrew expire
enchilada: all upload
init:
git submodule update --init --recursive
clean:
rm -rf tap
git clean -dfx
git submodule foreach --recursive git clean -dfx
sandblast: clean
git submodule deinit -f .
firmware: shadow ${FIRMWARE_TARBALL}
shadow:
./build-shadow-tree.py
${FIRMWARE_TARBALL}: ${BITSTREAM} $(sort ${ELVES} ${ELVES:.elf=.bin}) ${TAMPER}
fakeroot ./build-firmware-package.py $@ $^
bitstream: ${BITSTREAM}
${BITSTREAM}: $(shell find source/core -name .git -prune -o -type f -print)
${MAKE} -C build/core/platform/alpha/build
${ELVES:.elf=.bin}: shadow elves
elves:
${MAKE} -C build/sw/stm32 distclean bootloader hsm
${TAMPER}: tamper
tamper:
${MAKE} -C $(dir ${TAMPER})
dsc:
rm -f source/debian/changelog ${PACKAGE_NAME}_*.dsc ${PACKAGE_NAME}_*.tar.xz ${PACKAGE_NAME}_*_source.build ${PACKAGE_NAME}_*_source.changes
cd source; ${DCH}
cd source; debuild -S -uc -us
pbuilder:
rm -f ${PBUILDER_BASE}/*result/*
umask ${REPO_UMASK}; \
for target in ${PBUILDER_TARGETS}; do echo $$target | tr '/' ' '; done | \
while read dist code arch; do \
reprepro -b ${REPO_BASE}/apt/$$dist -A $$arch list $$code ${PACKAGE_NAME} | awk '{v = $$3} END {exit v != "${PACKAGE_VERSION}"}' && continue; \
pbuilder-dist $$code $$arch build ${PACKAGE_NAME}_${PACKAGE_VERSION}.dsc; \
cp -p ${PBUILDER_BASE}/$${code}-$${arch}_result/${PACKAGE_NAME}_${PACKAGE_VERSION}.tar.xz ${REPO_BASE}/brew/tarballs/; \
reprepro -b ${REPO_BASE}/apt/$$dist include $$code ${PBUILDER_BASE}/$${code}-$${arch}_result/${PACKAGE_NAME}_${PACKAGE_VERSION}_$${arch}.changes; \
done
homebrew:
rm -rf tap
umask ${REPO_UMASK}; \
git clone ${REPO_BASE}/brew/tap tap; \
cd tap; \
../build-homebrew-formula.py ${REPO_BASE}/brew/tarballs/${PACKAGE_NAME}_${PACKAGE_VERSION}.tar.xz ${PACKAGE_VERSION} ${PACKAGE_NAME}.rb; \
git add ${PACKAGE_NAME}.rb; \
git commit -S${GPG_KEYID} --author='${GPG_USER}' -m '${PACKAGE_NAME} ${PACKAGE_VERSION}'; \
git push
# rm -rf tap
# Still need:
#
# expire: target to expire old tarballs from .../brew/tarballs/, along the lines of download.rpki.net scripts
RSYNC := rsync --rsh 'ssh -l ${REPO_UPLOAD_USER}' --archive --itemize-changes
upload:
for dir in ${REPO_UPLOAD_DIRS}; do \
${RSYNC} --ignore-existing ${REPO_BASE}/$${dir}/ rsync://${REPO_UPLOAD_HOST}/$${dir}/; \
${RSYNC} --delete --delete-delay ${REPO_BASE}/$${dir}/ rsync://${REPO_UPLOAD_HOST}/$${dir}/; \
done
.PHONY: all init clean firmware shadow bitstream elves tamper dsc pbuilder homebrew expire upload enchilada sandblast
|