prefix?=/usr/local bindir = $(prefix)/bin initrd_bindir = $(prefix)/lib/samizdat/initrd/bin cc_files=wait_for_files samizdat-pinentry krng-add-entropy samizdat-ficlonerange cpp_files=dynmenu compiled_programs = $(addprefix _build/, ${cc_files} ${cpp_files}) CC=gcc -std=gnu99 CFLAGS=-Os INSTALL_SUBMODULES = fsmgr NO_INSTALL_SUBMODULES = cryptonomic-dyndns-server SUBMODULES = $(INSTALL_SUBMODULES) $(NO_INSTALL_SUBMODULES) all: ${compiled_programs} ${SUBMODULES} .PHONY: stack install-stack install-stack: curl -sSL https://get.haskellstack.org/ | sh stack: @command -v stack >/dev/null || make install-stack build-deps: build-deps-stamp | _build build-deps-stamp: build-deps.control sudo apt --no-upgrade install equivs libdpkg-perl (set -ex; w=$$PWD; cd $$TMP; mk-build-deps --root-cmd sudo "$$w"/build-deps.control --install --remove) touch $@ _build/dynmenu: src/dynmenu.cpp | build-deps $(CXX) $(CFLAGS) $< -o $@ -lcurses _build/samizdat-pinentry: src/samizdat-pinentry.c | build-deps $(CC) $(CFLAGS) $< -o $@ -lcurses _build/%: src/%.c | build-deps $(CC) $(CFLAGS) $< -o $@ src_bin_programs = btrfs-functions.sh var.sh usb partvi bin_programs=$(addprefix src/, $(src_bin_programs)) ${btrfs_utils} btrfs_utils=$(addprefix src/btrfs-utils/, btarfs with-btrfs-seed) initrd_files = $(addprefix src/initrd/,btrfs-create.sh common.sh firstboot.service grok-block \ loop-layer.sh make-total-destroy mdadm-dup.sh menu-select patchroot.sh samizdat-eject.sh) initrd_files += $(addprefix _build/, dynmenu wait_for_files) isolinux_files:=$(wildcard isolinux/*) clean: rm -f ${compiled_programs} .PHONY: all clean install-nested-kvm: conf/kvm.conf install -m0644 conf/kvm.conf ${instdir}/etc/modprobe.d/ modprobe -r kvm-intel kvm-amd kvm; modprobe kvm; modprobe kvm-intel; modprobe kvm-amd; true # network_filter := $(shell ./src/generate-network-filter.sh) conf_files_out = conf/br0 conf/dnsmasq.conf conf/network_if-up.d_samizdat conf_files_in = $(addsuffix .in, $(conf_files_out)) $(conf_files_out): $(conf_files_in) ./src/generate-network-filter.sh sed -e '$(network_filter)' < $@.in > $@ static_conf_files = conf/torrc conf/nbd-server conf/postfix_main.cf SUDO_MAKE = sudo MAKEFLAGS="$$MAKEFLAGS" $(MAKE) .PHONY: install-configuration install-bootserver install-boot-server start-bootserver install-boot-server: install-bootserver install-bootserver: | $(rootfs) exit 1; sudo initrd.sh $(SUDO_MAKE) instdir=/ real-install-bootserver start-bootserver start-bootserver: ifup --force br0 service dnsmasq restart service nbd-server restart real-install-bootserver: $(conf_files_out) $(static_conf_files) ifndef instdir $(error "You must specify instdir, for safety.") else install -p -m0644 -DT conf/dnsmasq.conf ${instdir}/etc/dnsmasq.conf install -p -m0644 -DT conf/eth0 ${instdir}/etc/network/interfaces.d/eth0 install -p -m0644 -DT conf/br0 ${instdir}/etc/network/interfaces.d/br0 install -p -m0644 -DT conf/network_if-up.d_samizdat ${instdir}/etc/network/if-up.d/samizdat install -p -m0644 -DT conf/nbd-server ${instdir}/etc/nbd-server/conf.d/samizdat.conf endif install-configuration: real-install-bootserver $(conf_files_out) $(static_conf_files) ifndef instdir $(error "You must specify instdir, for safety.") else install -p -m0644 -DT conf/postfix_main.cf ${instdir}/etc/postfix/main.cf install -p -m0644 -DT conf/torrc ${instdir}/etc/tor/torrc endif .PHONY: submodules build-submodules $(SUBMODULES) $(SUBMODULES): stack @a=$$(cd $@ && (exec 3>&1; exec >&2; if test -z "$$(git ls-files)"; then git reset; fi; git status -uno -s >&3)) && (if test -z "$$a"; then set -x; git submodule update --init --recursive $@/; fi) $(MAKE) -C $@ $(cmd) submodules: build-submodules build-submodules: cmd= build-submodules: $(SUBMODULES) .PHONY: update-submodules update-submodules: git submodule update --init --recursive install-submodules: cmd=install install-submodules: update-submodules $(INSTALL_SUBMODULES) rootfsdir = rootfs/_filesystem rootfs = $(rootfsdir)/samizdat.seed.btrfs patchfs = $(rootfsdir)/samizdat.patch.btrfs rootfs_verity = $(addprefix _build/,$(addsuffix .verity,$(notdir $(rootfs) $(patchfs)))) .PHONY: rootfs rootfs-deps rootfs-deps: [ -e install-submodules-stamp ] || make install-submodules-stamp [ -e install-stamp ] || make install btrfs_images = $(rootfs) $(patchfs) rootfs-clean: make -C rootfs clean rootfs: rootfs-deps $(btrfs_images) $(rootfs_verity) sudo mkdir -p /srv/nbd sudo ln -sf "$$PWD"/$(rootfs) /srv/nbd/samizdat.btrfs ifneq (,$(patchfs)) sudo ln -sf "$$PWD"/$(patchfs) /srv/nbd/samizdat.patch.btrfs endif rootfs/%.btrfs: $(MAKE) -C rootfs $(@:rootfs/%=%) boot: rootfs sudo update-initramfs -u sudo ROOTFS=$(rootfs) ./src/parted-usb.sh samizdat_btrfs_patch_size=256M get_loop_dev="$$(sudo losetup -n -O name -j $@~tmp)" get_backing_file="$$(sudo losetup -n -O back-file -j $@~tmp)" get_min_size="$$(btrfs inspect-internal min-dev-size --id 1 $@.mnt | (read b _; echo $$b))" verity_root_hash = $(shell sed -ne 's/^Root hash:[ \t]*//p' $<) _build: mkdir $@ _build/%.verity: rootfs/_filesystem/% | _build rm -f $@~tmp sudo veritysetup format $^ $@~tmp > $@.log~tmp sudo chmod 644 $@~tmp mv -f $@.log~tmp $@.log mv -f $@~tmp $@ # root_hash = $(shell sed -ne 's/^Root hash: *//p' < $<.log) veritymount: _build/$(notdir $(rootfs)).verity.log @sudo veritysetup remove samizverity >/dev/null 2>&1 || true sudo veritysetup create samizverity $(basename $(basename $<)) \ $(basename $<) \ $(verity_root_hash) sudo veritysetup remove samizverity # debian_dist := $(shell . /etc/os-release && printf %s $$VERSION_CODENAME) stale = [ ! -e $@ ] || [ $$(( $$(date +%s) - $$(date -r $@ +%s) )) -gt 36000 ] apt = $(shell which apt || which apt-get) .PHONY: apt-get-update-stamp apt-get-update-stamp: @if $(stale); \ then \ set -x; \ sudo dpkg --add-architecture i386; \ sudo $(apt) update && touch $@; \ fi rootfs/seed.iso: $(rootfs) $(if $(VERITY),$(addprefix $(rootfs),.verity .verity.log)) rm -f $@~tmp touch $@~tmp fallocate -n -l 10G $@~tmp xorrisofs -iso-level 3 -- \ -outdev $@~tmp \ $${SILENT:+ -report_about mishap} \ -return_with FAILURE 32 \ -volid SamizdatLive \ -pathspecs on \ -follow link \ -add $^ -- \ -follow default mv $@~tmp $@ .PHONY: install install-real update-initramfs initrd-install install: install-stamp initrd-install-stamp build-submodules-stamp: build-submodules touch $@ install-submodules-stamp: install-submodules touch $@ initrd_deps = $(initrd_conf_files) $(initrd_files) initrd-install-stamp: $(initrd_deps) $(SUDO_MAKE) initrd-install touch $@ update-initramfs: update-initramfs -u update-initramfs-stamp: initrd-install-stamp $(SUDO_MAKE) update-initramfs touch $@ initrd-install: $(initrd_deps) install -D -t $(initrd_bindir) -- $(initrd_files) install -D -t /etc/initramfs-tools/hooks -- initramfs-tools/hooks/samizdat install -D -t /etc/initramfs-tools/scripts -- initramfs-tools/scripts/samizdat conf_files = $(addprefix conf/, bookworm.list eschew-unstable.pref grub.default) initrd_conf_files = $(addprefix initramfs-tools/, hooks/samizdat scripts/samizdat) install-stamp: $(conf_files) ${bin_programs} $(SUDO_MAKE) install-real touch $@ install-real: install -D -p -t ${instdir}${bindir} -- ${bin_programs} rm -f /etc/apt/apt.conf.d/default-release install -m644 -t /etc/apt/preferences.d -- conf/eschew-unstable.pref install -m644 -t /etc/apt/sources.list.d -- conf/bookworm.list install -m644 --backup=t -T -- conf/grub.default /etc/default/grub .PHONY: update upgrade up upgrade-key initrd initrd: update-initramfs-stamp update: apt-get-update-stamp git pull --ff-only --recurse-submodules upgrade: install-submodules install update-initramfs initrd-stamp: sudo update-initramfs -u upgrade-key: upgrade key .PHONY: usb key emu testinitrdkey testinitrd total-destroy persist PERSIST_FILE = partitions/_liveboot/persist.img persist: | $(PERSIST_FILE) $(PERSIST_FILE): $(MAKE) -C partitions $(@:partitions/%=%) usb emu efi: initrd rootfs key keymu emu-key: initrd cleanmu: rootfs-clean total-destroy emu up: update upgrade mu: up cleanmu usb emu key keymu emu-key total-destroy efi: $(MAKE) -C partitions clean $@ testinitrdkey: keymu testinitrd: emu