aboutsummaryrefslogtreecommitdiff
path: root/Makefile
blob: ca1bd2bb198b29565717f243835c7a79e2110e49 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# Top-level package build for Cryptech Alpha board.

PACKAGE_NAME	 := cryptech-alpha
PACKAGE_VERSION  := 2.0.$(shell git show -s --format=%ct HEAD)

export GNUPGHOME := /home/aptbot/gnupg
GPG_USER	 := APT Builder Robot <aptbot@cryptech.is>
GPG_KEYID	 := 37A8E93F5D7E7B9A

REPO_BASE	 := /home/aptbot
REPO_UMASK	 := 002

PBUILDER_BASE	 := ${HOME}/pbuilder
PBUILDER_TARGETS := debian/jessie/i386 debian/jessie/amd64 ubuntu/xenial/i386 ubuntu/xenial/amd64

REPO_UPLOAD_USER := aptbot
REPO_UPLOAD_HOST := bikeshed.cryptech.is
REPO_UPLOAD_DIRS := apt brew

# Yes, we really are putting the firmware tarball into the source package.
# We want to supply the firmware in both source and binary form, to save users
# the trouble of all the cross compilation and Verilog synthesis, and the Alpha
# firmware is the same regardless of the host platform, so including the firmware
# tarball in the source package lets us simplify installation for the user.

FIRMWARE_TARBALL := source/cryptech-alpha-firmware.tar.gz
BITSTREAM	 := build/core/platform/alpha/build/alpha_fmc.bit
ELVES		 := build/sw/stm32/projects/bootloader/bootloader.elf build/sw/stm32/projects/hsm/hsm.elf
TAMPER		 := build/user/ln5/tamper/tamper.hex

# Command to generate a new changelog containing one entry.
# Does nothing if the changelog already exists.

DCH =	test -f debian/changelog || \
	EDITOR=true VISUAL=true TZ=UTC DEBEMAIL='${GPG_USER}' \
	dch --create --package ${PACKAGE_NAME} --newversion '${PACKAGE_VERSION}' \
	'Software and firmware for Cryptech Alpha development board.'

all: init firmware dsc pbuilder homebrew expire

enchilada: all upload

init:
	git submodule update --init --recursive

clean:
	rm -rf tap
	git clean -dfx
	git submodule foreach --recursive git clean -dfx

sandblast: clean
	git submodule deinit -f .

firmware: shadow ${FIRMWARE_TARBALL}

shadow:
	./build-shadow-tree.py

${FIRMWARE_TARBALL}: ${BITSTREAM} $(sort ${ELVES} ${ELVES:.elf=.bin}) ${TAMPER}
	fakeroot ./build-firmware-package.py $@ $^

bitstream: ${BITSTREAM}

${BITSTREAM}: $(shell find source/core -name .git -prune -o -type f -print)
	${MAKE} -C build/core/platform/alpha/build

${ELVES:.elf=.bin}: shadow elves

elves:
	${MAKE} -C build/sw/stm32 distclean bootloader hsm

${TAMPER}: tamper

tamper:
	${MAKE} -C $(dir ${TAMPER})

dsc:
	rm -f source/debian/changelog ${PACKAGE_NAME}_*.dsc ${PACKAGE_NAME}_*.tar.xz ${PACKAGE_NAME}_*_source.build ${PACKAGE_NAME}_*_source.changes
	cd source; ${DCH}
	cd source; debuild -S -uc -us

pbuilder:
	rm -f ${PBUILDER_BASE}/*result/*
	umask ${REPO_UMASK}; \
	for target in ${PBUILDER_TARGETS}; do echo $$target | tr '/' ' '; done | \
	while read dist code arch; do \
		reprepro -b ${REPO_BASE}/apt/$$dist -A $$arch list $$code ${PACKAGE_NAME} | awk '{v = $$3} END {exit v != "${PACKAGE_VERSION}"}' && continue; \
		pbuilder-dist $$code $$arch build ${PACKAGE_NAME}_${PACKAGE_VERSION}.dsc; \
		cp -p ${PBUILDER_BASE}/$${code}-$${arch}_result/${PACKAGE_NAME}_${PACKAGE_VERSION}.tar.xz ${REPO_BASE}/brew/tarballs/; \
		reprepro -b ${REPO_BASE}/apt/$$dist include $$code ${PBUILDER_BASE}/$${code}-$${arch}_result/${PACKAGE_NAME}_${PACKAGE_VERSION}_$${arch}.changes; \
	done

homebrew:
	rm -rf tap
	umask ${REPO_UMASK}; \
	git clone ${REPO_BASE}/brew/tap tap; \
	cd tap; \
	../build-homebrew-formula.py ${REPO_BASE}/brew/tarballs/${PACKAGE_NAME}_${PACKAGE_VERSION}.tar.xz ${PACKAGE_VERSION} ${PACKAGE_NAME}.rb; \
	git add ${PACKAGE_NAME}.rb; \
	git commit -S${GPG_KEYID} --author='${GPG_USER}' -m '${PACKAGE_NAME} ${PACKAGE_VERSION}'; \
	git push
#	rm -rf tap

# Still need:
#
# expire:   target to expire old tarballs from .../brew/tarballs/, along the lines of download.rpki.net scripts

RSYNC	:= rsync --rsh 'ssh -l ${REPO_UPLOAD_USER}' --archive --itemize-changes

upload:
	for dir in ${REPO_UPLOAD_DIRS}; do \
		${RSYNC} --ignore-existing       ${REPO_BASE}/$${dir}/	rsync://${REPO_UPLOAD_HOST}/$${dir}/; \
		${RSYNC} --delete --delete-delay ${REPO_BASE}/$${dir}/	rsync://${REPO_UPLOAD_HOST}/$${dir}/; \
	done

.PHONY: all init clean firmware shadow bitstream elves tamper dsc pbuilder homebrew expire upload enchilada sandblast