# Top-level build of packages for Novena PVT-1.
#
# Author: Rob Austein
# Copyright (c) 2015, SUNET
#
# Redistribution and use in source and binary forms, with or
# without modification, are permitted provided that the following
# conditions are met:
#
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Building source and binary packages separately isn't strictly
# necessary, but simplifies fault isolation.
#
# This code optionally supports automatic generation of
# debian/changelog files. Whether this is useful or not depends on
# the intended purpose of the resulting packages: if we're doing
# snapshots under cron, automatic changelogs are useful; if we're
# doing real releases, not so much. Play this one by ear.
#
# We don't sign anything yet. This will need fixing.
# Version of the software in human terms (major.minor)
export CRYPTECH_VERSION := 1.0
# Version suffix to add to package names. The extra fields come from
# HEAD of the git superrepository. The date field is primarily to
# make sure that versions sort into the correct order when fed to
# reprepro; the commit hash uniquely identifies the (base) version of
# the superrepository that generated the packages. This won't help if
# somebody publishes packages generated with a modified version of the
# superrepository, so don't do that (add check for uncommitted # changes?)
HEAD_TIME := $(shell git show -s --format=%ct HEAD)
HEAD_HASH := $(shell git rev-parse HEAD)
CRYPTECH_PACKAGE_VERSION := ${CRYPTECH_VERSION}~${HEAD_TIME}~${HEAD_HASH}
# Command to generate a new changelog containing one entry.
# Does nothing if the changelog already exists.
DCH = test -f debian/changelog || \
EDITOR=true VISUAL=true TZ=UTC DEBEMAIL='APT Builder Robot <aptbot@cryptech.is>' \
dch --create --package cryptech-novena$(strip $(1)) --newversion '${CRYPTECH_PACKAGE_VERSION}' \
'$(strip Version ${CRYPTECH_VERSION} of Cryptech $(2) for Novena PVT-1 development board.)'
# Parameters controlling maintenance of the reprepro repository. The
# "reprepro" target initializes the repository if it doesn't exist.
#
# Support for multiple distributions (codenames) not implemented yet.
# Not sure if there's any way to do it without generating separate
# packages for each codename (which would be rather tedious,
# particularly for the RTL package).
#
# gpg whines about ownership of aptbot's home directory not matching
# the userid of the release engineer running this Makefile. We could
# suppress this with another reprepro configuration tweak, but all
# it's really telling us is that gpg doesn't trust group access. Fair
# enough, but in this case (dedicated build VM) the risk is lower than
# the risk of running builds as root or of trying to synchronize
# separate copies of the release tree for each release engineer.
#
# The alternative to would be to pull a fresh copy of the published
# tree via rsync each time, modify that, then rsync the changes back.
REPOSITORY := /home/aptbot/novena
GNUPGHOME := /home/aptbot/gnupg
CODENAME := wheezy
REPO_UMASK := 002
UPLOAD_USER := aptbot
UPLOAD_URI := rsync://apt.cryptech.is/novena/
export GNUPGHOME
all: init sw rtl meta
enchilada: all reprepro upload
init:
git submodule update --init --recursive
clean:
git clean -dfx
git submodule foreach --recursive 'git clean -dfx'
sandblast: clean
git submodule deinit -f .
sw:
cd sw; $(call DCH, -sw, software tools)
cd sw; debuild -S -uc -us
cd sw; debuild -b -uc -us -aarmhf
rtl:
cd core; $(call DCH, -rtl, RTL bitstream)
cd core; debuild -S -uc -us
cd core; debuild -b -uc -us -aarmhf
meta:
cd meta; $(call DCH, , meta package)
cd meta; debuild -S -uc -us
cd meta; debuild -b -uc -us -aarmhf
reprepro: ${REPOSITORY}/conf/distributions ${REPOSITORY}/conf/options
umask ${REPO_UMASK}; for f in *.changes; do reprepro -b ${REPOSITORY} include ${CODENAME} $$f; done
${REPOSITORY}/conf/distributions ${REPOSITORY}/conf/options:
install -D reprepro-conf/$(notdir $@) ${REPOSITORY}/conf/$(notdir $@)
RSYNC := rsync --rsh 'ssh -l ${UPLOAD_USER}' --archive --itemize-changes
upload:
${RSYNC} --ignore-existing ${REPOSITORY}/ ${UPLOAD_URI}
${RSYNC} --delete --delete-delay ${REPOSITORY}/ ${UPLOAD_URI}
.PHONY: all init clean sw rtl meta reprepro upload enchilada sandblast