# Top-level build of packages for Novena PVT-1. # # Author: Rob Austein # Copyright (c) 2015, SUNET # # Redistribution and use in source and binary forms, with or # without modification, are permitted provided that the following # conditions are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS # FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE # COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # Building source and binary packages separately isn't strictly # necessary, but simplifies fault isolation. # # This code optionally supports automatic generation of # debian/changelog files. Whether this is useful or not depends on # the intended purpose of the resulting packages: if we're doing # snapshots under cron, automatic changelogs are useful; if we're # doing real releases, not so much. Play this one by ear. # # We don't sign anything yet. This will need fixing. # Version of the software in human terms (major.minor) export CRYPTECH_VERSION := 1.0 # Version suffix to add to package names. The extra fields come from # HEAD of the git superrepository. The date field is primarily to # make sure that versions sort into the correct order when fed to # reprepro; the commit hash uniquely identifies the (base) version of # the superrepository that generated the packages. This won't help if # somebody publishes packages generated with a modified version of the # superrepository, so don't do that (add check for uncommitted # changes?) HEAD_TIME := $(shell git show -s --format=%ct HEAD) HEAD_HASH := $(shell git rev-parse HEAD) CRYPTECH_PACKAGE_VERSION := ${CRYPTECH_VERSION}~${HEAD_TIME}~${HEAD_HASH} # Command to generate a new changelog containing one entry. # Does nothing if the changelog already exists. DCH = test -f debian/changelog || \ EDITOR=true VISUAL=true TZ=UTC DEBEMAIL='APT Builder Robot ' \ dch --create --package cryptech-novena$(strip $(1)) --newversion '${CRYPTECH_PACKAGE_VERSION}' \ '$(strip Version ${CRYPTECH_VERSION} of Cryptech $(2) for Novena PVT-1 development board.)' # Parameters controlling maintenance of the reprepro repository. The # "reprepro" target initializes the repository if it doesn't exist. # # Support for multiple distributions (codenames) not implemented yet. # Not sure if there's any way to do it without generating separate # packages for each codename (which would be rather tedious, # particularly for the RTL package). # # gpg whines about ownership of aptbot's home directory not matching # the userid of the release engineer running this Makefile. We could # suppress this with another reprepro configuration tweak, but all # it's really telling us is that gpg doesn't trust group access. Fair # enough, but in this case (dedicated build VM) the risk is lower than # the risk of running builds as root or of trying to synchronize # separate copies of the release tree for each release engineer. # # The alternative to would be to pull a fresh copy of the published # tree via rsync each time, modify that, then rsync the changes back. REPOSITORY := /home/aptbot/novena GNUPGHOME := /home/aptbot/gnupg CODENAME := wheezy REPO_UMASK := 002 UPLOAD_USER := aptbot UPLOAD_URI := rsync://apt.cryptech.is/novena/ export GNUPGHOME all: init sw rtl meta enchilada: all reprepro upload init: git submodule update --init --recursive clean: git clean -dfx git submodule foreach --recursive 'git clean -dfx' sandblast: clean git submodule deinit -f . sw: cd sw; $(call DCH, -sw, software tools) cd sw; debuild -S -uc -us cd sw; debuild -b -uc -us -aarmhf rtl: cd core; $(call DCH, -rtl, RTL bitstream) cd core; debuild -S -uc -us cd core; debuild -b -uc -us -aarmhf meta: cd meta; $(call DCH, , meta package) cd meta; debuild -S -uc -us cd meta; debuild -b -uc -us -aarmhf reprepro: ${REPOSITORY}/conf/distributions ${REPOSITORY}/conf/options umask ${REPO_UMASK}; for f in *.changes; do reprepro -b ${REPOSITORY} include ${CODENAME} $$f; done ${REPOSITORY}/conf/distributions ${REPOSITORY}/conf/options: install -D reprepro-conf/$(notdir $@) ${REPOSITORY}/conf/$(notdir $@) RSYNC := rsync --rsh 'ssh -l ${UPLOAD_USER}' --archive --itemize-changes upload: ${RSYNC} --ignore-existing ${REPOSITORY}/ ${UPLOAD_URI} ${RSYNC} --delete --delete-delay ${REPOSITORY}/ ${UPLOAD_URI} .PHONY: all init clean sw rtl meta reprepro upload enchilada sandblast