path: root/Makefile


                                               
# Top-level build of packages for Novena PVT-1.
#
# Author: Rob Austein
# Copyright (c) 2015, SUNET
#
# Redistribution and use in source and binary forms, with or
# without modification, are permitted provided that the following
# conditions are met:
#
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in
#    the documentation and/or other materials provided with the
#    distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

# Building source and binary packages separately isn't strictly
# necessary, but simplifies fault isolation.
#
# This code optionally supports automatic generation of
# debian/changelog files.  Whether this is useful or not depends on
# the intended purpose of the resulting packages: if we're doing
# snapshots under cron, automatic changelogs are useful; if we're
# doing real releases, not so much.  Play this one by ear.
#
# We don't sign anything yet.  This will need fixing.

# Version of the software in human terms (major.minor)

export CRYPTECH_VERSION := 1.0

# Version suffix to add to package names.  The extra fields come from
# HEAD of the git superrepository.  The date field is primarily to
# make sure that versions sort into the correct order when fed to
# reprepro; the commit hash uniquely identifies the (base) version of
# the superrepository that generated the packages.  This won't help if
# somebody publishes packages generated with a modified version of the
# superrepository, so don't do that (add check for uncommitted # changes?)

HEAD_TIME := $(shell git show -s --format=%ct HEAD)
HEAD_HASH := $(shell git rev-parse HEAD)

CRYPTECH_PACKAGE_VERSION := ${CRYPTECH_VERSION}~${HEAD_TIME}~${HEAD_HASH}

# Command to generate a new changelog containing one entry.
# Does nothing if the changelog already exists.

DCH =	test -f debian/changelog || \
	EDITOR=true VISUAL=true TZ=UTC DEBEMAIL='APT Builder Robot <aptbot@cryptech.is>' \
	dch --create --package cryptech-novena$(strip $(1)) --newversion '${CRYPTECH_PACKAGE_VERSION}' \
	'$(strip Version ${CRYPTECH_VERSION} of Cryptech $(2) for Novena PVT-1 development board.)'

# Parameters controlling maintenance of the reprepro repository.  The
# "reprepro" target initializes the repository if it doesn't exist.
#
# Support for multiple distributions (codenames) not implemented yet.
# Not sure if there's any way to do it without generating separate
# packages for each codename (which would be rather tedious,
# particularly for the RTL package).
#
# gpg whines about ownership of aptbot's home directory not matching
# the userid of the release engineer running this Makefile.  We could
# suppress this with another reprepro configuration tweak, but all
# it's really telling us is that gpg doesn't trust group access.  Fair
# enough, but in this case (dedicated build VM) the risk is lower than
# the risk of running builds as root or of trying to synchronize
# separate copies of the release tree for each release engineer.
#
# The alternative to would be to pull a fresh copy of the published
# tree via rsync each time, modify that, then rsync the changes back.

REPOSITORY  := /home/aptbot/novena
GNUPGHOME   := /home/aptbot/gnupg
CODENAME    := wheezy
REPO_UMASK  := 002
UPLOAD_USER := aptbot
UPLOAD_URI  := rsync://apt.cryptech.is/novena/

export GNUPGHOME


all: init sw rtl meta

enchilada: all reprepro upload

init:
	git submodule update --init --recursive

clean:
	git clean -dfx
	git submodule foreach --recursive 'git clean -dfx'

sw:
	cd sw; $(call DCH, -sw, software tools)
	cd sw; debuild -S -uc -us
	cd sw; debuild -b -uc -us -aarmhf

rtl:
	cd core; $(call DCH, -rtl, RTL bitstream)
	cd core; debuild -S -uc -us
	cd core; debuild -b -uc -us -aarmhf

meta:
	cd meta; $(call DCH, , meta package)
	cd meta; debuild -S -uc -us
	cd meta; debuild -b -uc -us -aarmhf
	

reprepro: ${REPOSITORY}/conf/distributions ${REPOSITORY}/conf/options
	umask ${REPO_UMASK}; for f in *.changes; do reprepro -b ${REPOSITORY} include ${CODENAME} $$f; done

${REPOSITORY}/conf/distributions ${REPOSITORY}/conf/options:
	install -D reprepro-conf/$(notdir $@) ${REPOSITORY}/conf/$(notdir $@)

RSYNC	:= rsync --rsh 'ssh -l ${UPLOAD_USER}' --archive --itemize-changes

upload:
	${RSYNC} --ignore-existing       ${REPOSITORY}/ ${UPLOAD_URI}
	${RSYNC} --delete --delete-delay ${REPOSITORY}/ ${UPLOAD_URI}

.PHONY: all init clean sw rtl meta reprepro upload enchilada
# Top-level build of packages for Novena PVT-1.
#
# Author: Rob Austein
# Copyright (c) 2015, SUNET
#
# Redistribution and use in source and binary forms, with or
# without modification, are permitted provided that the following
# conditions are met:
#
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in
#    the documentation and/or other materials provided with the
#    distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

# Building source and binary packages separately isn't strictly
# necessary, but simplifies fault isolation.
#
# This code optionally supports automatic generation of
# debian/changelog files.  Whether this is useful or not depends on
# the intended purpose of the resulting packages: if we're doing
# snapshots under cron, automatic changelogs are useful; if we're
# doing real releases, not so much.  Play this one by ear.
#
# We don't sign anything yet.  This will need fixing.

# Version of the software in human terms (major.minor)

export CRYPTECH_VERSION := 1.0

# Version suffix to add to package names.  The extra fields come from
# HEAD of the git superrepository.  The date field is primarily to
# make sure that versions sort into the correct order when fed to
# reprepro; the commit hash uniquely identifies the (base) version of
# the superrepository that generated the packages.  This won't help if
# somebody publishes packages generated with a modified version of the
# superrepository, so don't do that (add check for uncommitted # changes?)

HEAD_TIME := $(shell git show -s --format=%ct HEAD)
HEAD_HASH := $(shell git rev-parse HEAD)

CRYPTECH_PACKAGE_VERSION := ${CRYPTECH_VERSION}~${HEAD_TIME}~${HEAD_HASH}

# Command to generate a new changelog containing one entry.
# Does nothing if the changelog already exists.

DCH =	test -f debian/changelog || \
	EDITOR=true VISUAL=true TZ=UTC DEBEMAIL='APT Builder Robot <aptbot@cryptech.is>' \
	dch --create --package cryptech-novena$(strip $(1)) --newversion '${CRYPTECH_PACKAGE_VERSION}' \
	'$(strip Version ${CRYPTECH_VERSION} of Cryptech $(2) for Novena PVT-1 development board.)'

# Parameters controlling maintenance of the reprepro repository.  The
# "reprepro" target initializes the repository if it doesn't exist.
#
# Support for multiple distributions (codenames) not implemented yet.
# Not sure if there's any way to do it without generating separate
# packages for each codename (which would be rather tedious,
# particularly for the RTL package).
#
# gpg whines about ownership of aptbot's home directory not matching
# the userid of the release engineer running this Makefile.  We could
# suppress this with another reprepro configuration tweak, but all
# it's really telling us is that gpg doesn't trust group access.  Fair
# enough, but in this case (dedicated build VM) the risk is lower than
# the risk of running builds as root or of trying to synchronize
# separate copies of the release tree for each release engineer.
#
# The alternative to would be to pull a fresh copy of the published
# tree via rsync each time, modify that, then rsync the changes back.

REPOSITORY  := /home/aptbot/novena
GNUPGHOME   := /home/aptbot/gnupg
CODENAME    := wheezy
REPO_UMASK  := 002
UPLOAD_USER := aptbot
UPLOAD_URI  := rsync://apt.cryptech.is/novena/

export GNUPGHOME


all: init sw rtl meta

enchilada: all reprepro upload

init:
	git submodule update --init --recursive

clean:
	git clean -dfx
	git submodule foreach --recursive 'git clean -dfx'

sw:
	cd sw; $(call DCH, -sw, software tools)
	cd sw; debuild -S -uc -us
	cd sw; debuild -b -uc -us -aarmhf

rtl:
	cd core; $(call DCH, -rtl, RTL bitstream)
	cd core; debuild -S -uc -us
	cd core; debuild -b -uc -us -aarmhf

meta:
	cd meta; $(call DCH, , meta package)
	cd meta; debuild -S -uc -us
	cd meta; debuild -b -uc -us -aarmhf
	

reprepro: ${REPOSITORY}/conf/distributions ${REPOSITORY}/conf/options
	umask ${REPO_UMASK}; for f in *.changes; do reprepro -b ${REPOSITORY} include ${CODENAME} $$f; done

${REPOSITORY}/conf/distributions ${REPOSITORY}/conf/options:
	install -D reprepro-conf/$(notdir $@) ${REPOSITORY}/conf/$(notdir $@)

RSYNC	:= rsync --rsh 'ssh -l ${UPLOAD_USER}' --archive --itemize-changes

upload:
	${RSYNC} --ignore-existing       ${REPOSITORY}/ ${UPLOAD_URI}
	${RSYNC} --delete --delete-delay ${REPOSITORY}/ ${UPLOAD_URI}

.PHONY: all init clean sw rtl meta reprepro upload enchilada