-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathMakefile
149 lines (121 loc) · 4.98 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
CHANNEL ?= unstable
OSTREE_BRANCH ?= $(shell uname -m)/os/$(CHANNEL)
OSTREE_REPO ?= ostree-repo
OSTREE_GPG ?= ostree-gpg
VERSION ?= 2.0
IGNITE ?= build/ignite
CACHE_PATH ?= build/
DESTDIR ?= checkout/
APPMARKET_PATH ?= appmarket/
KEY_TYPES := PK KEK DB VENDOR linux-module-cert
ALL_CERTS = $(foreach KEY,$(KEY_TYPES),assets/sign-keys/$(KEY).crt)
ALL_KEYS = $(foreach KEY,$(KEY_TYPES),assets/sign-keys/$(KEY).key)
BOOT_KEYS = $(ALL_KEYS) $(ALL_CERTS) assets/sign-keys/extra-db/.keep assets/sign-keys/extra-kek/.keep assets/sign-keys/modules/linux-module-cert.crt
EXTENSIONS = $(wildcard external/extensions/*.yml)
-include config.mk
define OSTREE_GPG_CONFIG
Key-Type: DSA
Key-Length: 1024
Subkey-Type: ELG-E
Subkey-Length: 1024
Name-Real: RLXOS
Expire-Date: 0
%no-protection
%commit
%echo finished
endef
export OSTREE_GPG_CONFIG
export IGNITE
export CACHE_PATH
.PHONY: clean all docs version.yml channel.yml ostree-branch.yml apps TODO.ELEMENTS
all: $(IGNITE) version.yml ostree-branch.yml channel.yml
ifdef ELEMENT
$(IGNITE) build -cache-path $(CACHE_PATH) $(ELEMENT)
endif
status: $(IGNITE) version.yml ostree-branch.yml channel.yml
ifdef ELEMENT
$(IGNITE) status -cache-path $(CACHE_PATH) $(ELEMENT)
else
@echo "no ELEMENT specified"
exit 1
endif
cache-path: $(IGNITE) version.yml ostree-branch.yml channel.yml
ifdef ELEMENT
@IGNITE_NO_MESSAGE=1 $(IGNITE) cache-path -cache-path $(CACHE_PATH) $(ELEMENT)
else
@echo "no ELEMENT specified"
exit 1
endif
checkout: $(IGNITE) version.yml ostree-branch.yml channel.yml
ifdef ELEMENT
$(IGNITE) checkout -cache-path $(CACHE_PATH) $(ELEMENT) $(DESTDIR)
else
@echo "no ELEMENT specified"
exit 1
endif
define BUILD_EXTENSION
OSTREE_BRANCH="x86_64/extension/$(shell basename $(ext:external/%.yml=%))/$(CHANNEL)" \
$(MAKE) update-ostree ELEMENT=$(ext:external/%=%);
endef
extensions: $(IGNITE)
$(foreach ext,$(EXTENSIONS),$(BUILD_EXTENSION))
build/build.ninja: CMakeLists.txt
cmake -B build -S tools/ignite
$(IGNITE): build/build.ninja version.yml ostree-branch.yml channel.yml
@cmake --build build --target ignite
clean:
rm -rf $(DOCS_DIR)
TODO.ELEMENTS:
grep -R "# TODO:" elements | sed 's/# TODO://g' | sed 's#elements/##g' > $@
$(OSTREE_GPG)/key-config:
rm -rf ostree-gpg.tmp
mkdir ostree-gpg.tmp
chmod 0700 ostree-gpg.tmp
echo "$${OSTREE_GPG_CONFIG}" >ostree-gpg.tmp/key-config
gpg --batch --homedir=ostree-gpg.tmp --generate-key ostree-gpg.tmp/key-config
gpg --homedir=ostree-gpg.tmp -k --with-colons | sed '/^fpr:/q;d' | cut -d: -f10 >ostree-gpg.tmp/default-id
mv ostree-gpg.tmp $(OSTREE_GPG)
assets/rlxos.gpg: $(OSTREE_GPG)/key-config
gpg --homedir=$(OSTREE_GPG) --export --armor >"$@"
update-app-market: $(IGNITE) version.yml ostree-branch.yml channel.yml
$(IGNITE) meta -cache-path $(CACHE_PATH) $(APPMARKET_PATH)/$(CHANNEL)
./scripts/extract-icons.sh $(APPMARKET_PATH)/$(CHANNEL)/apps/ $(APPMARKET_PATH)/$(CHANNEL)/icons/
update-ostree: $(IGNITE) version.yml ostree-branch.yml channel.yml assets/rlxos.gpg
ifndef ELEMENT
@echo "no ELEMENT specified"
@exit 1
endif
scripts/commit-ostree.sh \
--gpg-homedir=$(OSTREE_GPG) \
--gpg-sign=$$(cat $(OSTREE_GPG)/default-id) \
--collection-id=dev.rlxos.System \
--version=$(VERSION) \
$(OSTREE_REPO) $(ELEMENT) \
$(OSTREE_BRANCH)
version.yml:
@echo "version: ${VERSION}" > $@
@echo "variables:" >> $@
@echo " channel: ${CHANNEL}" >> $@
ostree-branch.yml:
@echo "variables:" > $@
@echo " ostree-branch: ${OSTREE_BRANCH}" >> $@
channel.yml:
@echo "variables:" > $@
@echo " channel: ${CHANNEL}" >> $@
generate-keys: $(BOOT_KEYS)
assets/sign-keys/extra-db/.keep assets/sign-keys/extra-kek/.keep:
[ -d $(dir $@) ] || mkdir -p $(dir $@)
touch $@
assets/sign-keys/modules/linux-module-cert.crt: assets/sign-keys/linux-module-cert.crt
mkdir -p assets/sign-keys/modules
cp $< $@
assets/sign-keys/%.crt assets/sign-keys/%.key:
[ -d assets/sign-keys ] || mkdir -p assets/sign-keys
openssl req -new -x509 -newkey rsa:2048 -subj "/CN=RLXOS $(basename $(notdir $@)) key/" -keyout "$(basename $@).key" -out "$(basename $@).crt" -days 3650 -nodes -sha256
download-microsoft-keys: assets/sign-keys/extra-db/.keep assets/sign-keys/extra-kek/.keep
curl https://www.microsoft.com/pkiops/certs/MicCorUEFCA2011_2011-06-27.crt | openssl x509 -inform der -outform pem >assets/sign-keys/extra-kek/mic-kek.crt
echo 77fa9abd-0359-4d32-bd60-28f4e78f784b >assets/sign-keys/extra-kek/mic-kek.owner
curl https://www.microsoft.com/pkiops/certs/MicCorUEFCA2011_2011-06-27.crt | openssl x509 -inform der -outform pem >assets/sign-keys/extra-db/mic-other.crt
echo 77fa9abd-0359-4d32-bd60-28f4e78f784b >assets/sign-keys/extra-db/mic-other.owner
curl https://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt | openssl x509 -inform der -outform pem >assets/sign-keys/extra-db/mic-win.crt
echo 77fa9abd-0359-4d32-bd60-28f4e78f784b >assets/sign-keys/extra-db/mic-win.owner