aboutsummaryrefslogtreecommitdiff
path: root/Makefile
blob: f960bad6d4d5cfa11d275692bba00f79b0c054fd (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# Top-level build of packages for Novena PVT-1.
#
# Author: Rob Austein
# Copyright (c) 2015, SUNET
#
# Redistribution and use in source and binary forms, with or
# without modification, are permitted provided that the following
# conditions are met:
#
# 1. Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer in
#    the documentation and/or other materials provided with the
#    distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

# Building source and binary packages separately isn't strictly
# necessary, but simplifies fault isolation.
#
# This code optionally supports automatic generation of
# debian/changelog files.  Whether this is useful or not depends on
# the intended purpose of the resulting packages: if we're doing
# snapshots under cron, automatic changelogs are useful; if we're
# doing real releases, not so much.  Play this one by ear.
#
# We don't sign anything yet.  This will need fixing.

# Version of the software in human terms (major.minor)

export CRYPTECH_VERSION := 1.0

# Version suffix to add to package names.  The extra fields come from
# HEAD of the git superrepository.  The date field is primarily to
# make sure that versions sort into the correct order when fed to
# reprepro; the commit hash uniquely identifies the (base) version of
# the superrepository that generated the packages.  This won't help if
# somebody publishes packages generated with a modified version of the
# superrepository, so don't do that (add check for uncommitted # changes?)

HEAD_TIME := $(shell git show -s --format=%ct HEAD)
HEAD_HASH := $(shell git rev-parse HEAD)

CRYPTECH_PACKAGE_VERSION := ${CRYPTECH_VERSION}~${HEAD_TIME}~${HEAD_HASH}

# Command to generate a new changelog containing one entry.
# Does nothing if the changelog already exists.

DCH =	test -f debian/changelog || \
	EDITOR=true VISUAL=true TZ=UTC DEBEMAIL='APT Builder Robot <aptbot@cryptech.is>' \
	dch --create --package cryptech-novena-$(1) --newversion '${CRYPTECH_PACKAGE_VERSION}' \
	'Version ${CRYPTECH_VERSION} of Cryptech $(2) for the Novena PVT-1 development board.'

# Parameters controlling maintenance of the reprepro repository.  The
# "reprepro" target initializes the repository if it doesn't exist.
#
# Support for multiple distributions (codenames) not implemented yet.
# Not sure if there's any way to do it without generating separate
# packages for each codename (which would be rather tedious,
# particularly for the RTL package).
#
# gpg whines about ownership of aptbot's home directory not matching
# the userid of the release engineer running this Makefile.  We could
# suppress this with another reprepro configuration tweak, but all
# it's really telling us is that gpg doesn't trust group access.  Fair
# enough, but in this case (dedicated build VM) the risk is lower than
# the risk of running builds as root or of trying to synchronize
# separate copies of the release tree for each release engineer.
#
# The alternative to would be to pull a fresh copy of the published
# tree via rsync each time, modify that, then rsync the changes back.

REPOSITORY  := /home/aptbot/novena
GNUPGHOME   := /home/aptbot/gnupg
CODENAME    := wheezy
REPO_UMASK  := 002
UPLOAD_USER := aptbot
UPLOAD_URI  := rsync://apt.cryptech.is/novena/

export GNUPGHOME


all: init sw rtl

enchilada: all reprepro upload

init:
	git submodule update --init --recursive

clean:
	git clean -dfx
	git submodule foreach 'git clean -dfx'

sw:
	cd sw; $(call DCH,sw,software tools)
	cd sw; debuild -S -uc -us
	cd sw; debuild -b -uc -us -aarmhf

rtl:
	cd core; $(call DCH,rtl,RTL bitstream)
	cd core; debuild -S -uc -us
	cd core; debuild -b -uc -us -aarmhf

reprepro: ${REPOSITORY}/conf/distributions ${REPOSITORY}/conf/options
	umask ${REPO_UMASK}; for f in *.changes; do reprepro -b ${REPOSITORY} include ${CODENAME} $$f; done

${REPOSITORY}/conf/distributions ${REPOSITORY}/conf/options:
	install -D reprepro-conf/$(notdir $@) ${REPOSITORY}/conf/$(notdir $@)

RSYNC	:= rsync --rsh 'ssh -l ${UPLOAD_USER}' --archive --itemize-changes

upload:
	${RSYNC} --ignore-existing       ${REPOSITORY}/ ${UPLOAD_URI}
	${RSYNC} --delete --delete-delay ${REPOSITORY}/ ${UPLOAD_URI}

.PHONY: all init clean sw rtl reprepro upload enchilada