1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
# Top-level build of packages for Novena PVT-1.
#
# Author: Rob Austein
# Copyright (c) 2015, SUNET
#
# Redistribution and use in source and binary forms, with or
# without modification, are permitted provided that the following
# conditions are met:
#
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Building source and binary packages separately isn't strictly
# necessary, but simplifies fault isolation.
#
# This code optionally supports automatic generation of
# debian/changelog files. Whether this is useful or not depends on
# the intended purpose of the resulting packages: if we're doing
# snapshots under cron, automatic changelogs are useful; if we're
# doing real releases, not so much. Play this one by ear.
#
# We don't sign anything yet. This will need fixing.
# Version of the software in human terms (major.minor)
export CRYPTECH_VERSION := 1.0
# Version suffix to add to package names. The extra fields come from
# HEAD of the git superrepository. The date field is primarily to
# make sure that versions sort into the correct order when fed to
# reprepro; the commit hash uniquely identifies the (base) version of
# the superrepository that generated the packages. This won't help if
# somebody publishes packages generated with a modified version of the
# superrepository, so don't do that (add check for uncommitted # changes?)
HEAD_TIME := $(shell git show -s --format=%ct HEAD)
HEAD_HASH := $(shell git rev-parse HEAD)
CRYPTECH_PACKAGE_VERSION := ${CRYPTECH_VERSION}~${HEAD_TIME}~${HEAD_HASH}
# Command to generate a new changelog containing one entry.
# Does nothing if the changelog already exists.
DCH = test -f debian/changelog || \
EDITOR=true VISUAL=true TZ=UTC DEBEMAIL='APT Builder Robot <aptbot@cryptech.is>' \
dch --create --package cryptech-novena$(strip $(1)) --newversion '${CRYPTECH_PACKAGE_VERSION}' \
'$(strip Version ${CRYPTECH_VERSION} of Cryptech $(2) for Novena PVT-1 development board.)'
# Parameters controlling maintenance of the reprepro repository. The
# "reprepro" target initializes the repository if it doesn't exist.
#
# Support for multiple distributions (codenames) not implemented yet.
# Not sure if there's any way to do it without generating separate
# packages for each codename (which would be rather tedious,
# particularly for the RTL package).
#
# gpg whines about ownership of aptbot's home directory not matching
# the userid of the release engineer running this Makefile. We could
# suppress this with another reprepro configuration tweak, but all
# it's really telling us is that gpg doesn't trust group access. Fair
# enough, but in this case (dedicated build VM) the risk is lower than
# the risk of running builds as root or of trying to synchronize
# separate copies of the release tree for each release engineer.
#
# The alternative to would be to pull a fresh copy of the published
# tree via rsync each time, modify that, then rsync the changes back.
REPOSITORY := /home/aptbot/novena
GNUPGHOME := /home/aptbot/gnupg
CODENAME := wheezy
REPO_UMASK := 002
UPLOAD_USER := aptbot
UPLOAD_URI := rsync://apt.cryptech.is/novena/
export GNUPGHOME
all: init sw rtl meta
enchilada: all reprepro upload
init:
git submodule update --init --recursive
clean:
git clean -dfx
git submodule foreach --recursive 'git clean -dfx'
sw:
cd sw; $(call DCH, -sw, software tools)
cd sw; debuild -S -uc -us
cd sw; debuild -b -uc -us -aarmhf
rtl:
cd core; $(call DCH, -rtl, RTL bitstream)
cd core; debuild -S -uc -us
cd core; debuild -b -uc -us -aarmhf
meta:
cd meta; $(call DCH, , meta package)
cd meta; debuild -S -uc -us
cd meta; debuild -b -uc -us -aarmhf
reprepro: ${REPOSITORY}/conf/distributions ${REPOSITORY}/conf/options
umask ${REPO_UMASK}; for f in *.changes; do reprepro -b ${REPOSITORY} include ${CODENAME} $$f; done
${REPOSITORY}/conf/distributions ${REPOSITORY}/conf/options:
install -D reprepro-conf/$(notdir $@) ${REPOSITORY}/conf/$(notdir $@)
RSYNC := rsync --rsh 'ssh -l ${UPLOAD_USER}' --archive --itemize-changes
upload:
${RSYNC} --ignore-existing ${REPOSITORY}/ ${UPLOAD_URI}
${RSYNC} --delete --delete-delay ${REPOSITORY}/ ${UPLOAD_URI}
.PHONY: all init clean sw rtl meta reprepro upload enchilada
|
