prefix?=/usr/local cc_files=wait_for_files samizdat-pinentry krng-add-entropy cpp_files=dynmenu compiled_programs=${cc_files} ${cpp_files} CC=gcc -std=gnu99 CFLAGS=-Os INSTALL_SUBMODULES = fsmgr kiki openssh NO_INSTALL_SUBMODULES = cryptonomic-dyndns-server SUBMODULES = $(INSTALL_SUBMODULES) $(NO_INSTALL_SUBMODULES) all: samizdat-paths.sh ${compiled_programs} ${SUBMODULES} .PHONY: stack install-stack install-stack: curl -sSL https://get.haskellstack.org/ | sh stack: @which stack >/dev/null || make install-stack build-deps: build-deps-stamp build-deps-stamp: build-deps.control sudo apt --no-upgrade install equivs libdpkg-perl sudo ./src/mk-build-deps --root-cmd sudo build-deps.control --install --remove touch $@ dynmenu: src/dynmenu.cpp | build-deps $(CXX) $(CFLAGS) $< -o $@ -lcurses samizdat-pinentry: src/samizdat-pinentry.c | build-deps $(CC) $(CFLAGS) $< -o $@ -lcurses krng-add-entropy: src/krng-add-entropy.c | build-deps $(CC) $(CFLAGS) $< -o $@ wait_for_files: src/wait_for_files.c | build-deps $(CC) $(CFLAGS) $< -o $@ dyndns_realprog = dyndns.ssh-rsa.cryptonomic.net dyndns_links = dyndns.ssh-dss.cryptonomic.net \ dyndns.ecdsa-sha2-nistp256.cryptonomic.net dyndns.ssh-ed25519.cryptonomic.net dyndns_progs = $(dyndns_realprog) $(dyndns_links) $(addprefix src/, $(dyndns_links)): ln -s $(dyndns_realprog) $@ src_bin_programs = xorriso-usb.sh btrfs-functions.sh btrfs-receive-root.sh \ btrfs-send-root.sh var.sh grub-efi.sh keygen.sh initrd.sh qemu.sh \ dnsmasq-dhcp-script.sh samizdat-password-agent samizdat-gpg-agent publish-ip.sh \ selfstrap samizdat-daily-snapshot-root samizdat-diff-root kiki-export-stdout \ kiki-import-stdin store-child-permanently git-ll-remote \ hostname.cryptonomic.net ${dyndns_progs} bin_programs=$(addprefix src/, $(src_bin_programs)) samizdat-paths.sh ${cc_files} ${btrfs_utils} dyndns_programs = cryptonomic-dyndns-command samizdat-ssh-command samizdat-ssh-uid dyndns_program_paths=$(addprefix cryptonomic-dyndns-server/bin/, $(dyndns_programs)) bin_programs += $(dyndns_program_paths) btrfs_utils=$(addprefix src/btrfs-utils/, btarfs btrfs-shrink with-btrfs-seed) initrd_files:=$(wildcard src/initrd/*) dynmenu samizdat-pinentry wait_for_files initramfs_conf_files:=$(wildcard initramfs-tools/*) isolinux_files:=$(wildcard isolinux/*) clean: rm -f samizdat-paths.sh ${compiled_programs} .PHONY: all clean samizdat-paths.sh: src/samizdat-paths.in @sed -e "s?PREFIX?$(prefix)?g" $< > $@ include samizdat-paths.sh install-nested-kvm: conf/kvm.conf install -m0644 conf/kvm.conf ${instdir}/etc/modprobe.d/ modprobe -r kvm-intel kvm-amd kvm; modprobe kvm; modprobe kvm-intel; modprobe kvm-amd; true network_filter := $(shell ./src/generate-network-filter.sh) conf_files_out = conf/br0 conf/dnsmasq.conf conf/network_if-up.d_samizdat conf_files_in = $(addsuffix .in, $(conf_files_out)) $(conf_files_out): $(conf_files_in) ./src/generate-network-filter.sh sed -e '$(network_filter)' < $@.in > $@ static_conf_files = conf/torrc conf/nbd-server conf/postfix_main.cf SUDO_MAKE = sudo MAKEFLAGS="$$MAKEFLAGS" $(MAKE) .PHONY: install-configuration install-bootserver install-boot-server start-bootserver install-boot-server: install-bootserver install-bootserver: | rootfs/samizdat.btrfs sudo initrd.sh $(SUDO_MAKE) instdir=/ real-install-bootserver start-bootserver start-bootserver: ifup --force br0 service dnsmasq restart service nbd-server restart real-install-bootserver: $(conf_files_out) $(static_conf_files) ifndef instdir $(error "You must specify instdir, for safety.") else install -p -m0644 -DT conf/dnsmasq.conf ${instdir}/etc/dnsmasq.conf install -p -m0644 -DT conf/eth0 ${instdir}/etc/network/interfaces.d/eth0 install -p -m0644 -DT conf/br0 ${instdir}/etc/network/interfaces.d/br0 install -p -m0644 -DT conf/network_if-up.d_samizdat ${instdir}/etc/network/if-up.d/samizdat install -p -m0644 -DT conf/nbd-server ${instdir}/etc/nbd-server/conf.d/samizdat.conf endif install-configuration: real-install-bootserver $(conf_files_out) $(static_conf_files) ifndef instdir $(error "You must specify instdir, for safety.") else install -p -m0644 -DT conf/postfix_main.cf ${instdir}/etc/postfix/main.cf install -p -m0644 -DT conf/torrc ${instdir}/etc/tor/torrc ln -sf /var/cache/kiki/config/tor/hostname ${instdir}/etc/mailname ln -sf /var/cache/kiki/config/tor/hostname ${instdir}/etc/hostname endif include user.mk .PHONY: submodules build-submodules $(SUBMODULES) $(SUBMODULES): stack @a=$$(cd $@ && git status -uno -s) && (if test -z "$$a"; then set -x; git submodule update --init $@/; fi) $(MAKE) -C $@ $(cmd) submodules: build-submodules build-submodules: cmd= build-submodules: $(SUBMODULES) .PHONY: update-submodules update-submodules: git submodule update --init install-submodules: cmd=install install-submodules: update-submodules $(INSTALL_SUBMODULES) rootfs = samizdat.btrfs patchfs = $(patsubst %.btrfs,%.patch.btrfs,$(rootfs)) rootfs_verity = rootfs/$(rootfs).verity .PHONY: rootfs rootfs-deps rootfs-deps: [ -e install-submodules-stamp ] || make install-submodules-stamp [ -e install-stamp ] || $(SUDO_MAKE) install-stamp btrfs_images = $(addprefix rootfs/, $(rootfs) $(patchfs)) rootfs: rootfs-deps $(btrfs_images) $(rootfs_verity) sudo mkdir -p /srv/nbd sudo ln -sf "$$PWD"/rootfs/$(rootfs) /srv/nbd/samizdat.btrfs ifneq (,$(patchfs)) sudo ln -sf "$$PWD"/rootfs/$(patchfs) /srv/nbd/samizdat.patch.btrfs endif FORCE: $(btrfs_images): FORCE $(MAKE) -C rootfs $(notdir $@) boot: rootfs sudo SLOW_BOOT=y qemu.sh fastboot: rootfs sudo qemu.sh reuse_child := $(shell 2>/dev/null read child < reused-child && echo --reuse-child=$$child; true) samizdat.netinst.iso: | rootfs/samizdat.btrfs sudo initrd.sh sudo xorriso-usb.sh $(reuse_child) --bootloader --out $@ reused-child: sudo keygen.sh ${samizdat_child_dir}/child.$$$$ && \ sudo store-child-permanently $$$$ && \ echo $$$$ > $@ testclean: make -C kiki install sudo mv /root/.gnupg /root/.gnupg.$$(date -Im) || true sudo killall gpg-agent || true rm -f reused-child cleantest: make testclean make isotest isotest: samizdat.iso USE_ISO=y SLOW_BOOT=y NO_NET=y qemu.sh $^ isotest-netinst: samizdat.netinst.iso USE_ISO=y SLOW_BOOT=y qemu.sh $^ gpg_iso_path=gnupghome GPG_INPUT_DIR=${samizdat_child_dir}/child.$(shell cat reused-child)/root/.gnupg samizdat_btrfs_patch_size=256M get_loop_dev="$$(sudo losetup -n -O name -j $@~tmp)" get_backing_file="$$(sudo losetup -n -O back-file -j $@~tmp)" get_min_size="$$(btrfs inspect-internal min-dev-size --id 1 $@.mnt | (read b _; echo $$b))" %.verity: % sudo veritysetup format $< $@~tmp > $@.log~tmp mv $@.log~tmp $@.log mv $@~tmp $@ sudo chmod 644 $@ h=$$(sed -ne 's/^Root hash:[ \t]*//p' $@.log) && [ "$$h" ] %.verity.log.asc: %.verity.log sudo gpg --armor --detach-sign $^ rootfs/samizdat.seed.btrfs: rootfs/samizdat.btrfs ifneq ($(shell id -u),0) $(SUDO_MAKE) $@ else @while umount $$PWD/$@~tmp; do continue; done cp --reflink $< $@~tmp btrfstune -f -S0 $@~tmp test -d $@.mnt || mkdir $@.mnt mount -t btrfs -o rw $@~tmp $@.mnt #bash -c "time btrfs fi defrag -c -r $@.mnt" s=$(get_min_size) && (set -x; btrfs fi resize 1:$$s $@.mnt && truncate -s "$$s" $@~tmp) umount $@.mnt losetup -f $< btrfstune -S1 $@~tmp mv $@~tmp $@ endif debian_dist := $(shell lsb_release -cs) apt_list_files = $(addprefix /./var/lib/apt/lists/, \ *$(debian_dist)_main_binary* \ *$(debian_dist)_main_i18n_Translation-en \ *$(debian_dist)_updates_main_binary* \ *$(debian_dist)_updates_main_i18n_Translation-en \ *dists_$(debian_dist)_*Release*) stale = [ ! -e $@ ] || [ $$(( $$(date +%s) - $$(date -r $@ +%s) )) -gt 36000 ] .PHONY: apt-get-update-stamp apt-get-update-stamp: @if $(stale); then set -x; sudo apt-get update && touch $@; fi samizdat.iso: patched.iso cp --reflink $< $@ patched.iso: gold.iso rootfs/samizdat.patch.btrfs rm -f $@~tmp cp --reflink $< $@~tmp sudo xorrisofs -iso-level 3 -- \ -indev $@~tmp \ -outdev $@~tmp \ -return_with FAILURE 32 \ -pathspecs on \ -follow link \ -add /rootfs/z00.btrfs=rootfs/samizdat.patch.btrfs -- \ -follow default \ -as mkisofs -graft-points \ -b grub/i386-pc/eltorito.img \ -no-emul-boot -boot-info-table \ --embedded-boot "${samizdat_grub_efi_dir}"/embedded.img \ --protective-msdos-label mv $@~tmp $@ gold.iso: rootfs/seed.iso reused-child sudo grub-efi.sh ! grep 'vmlinuz.*nbdroot' -r ${samizdat_grub_efi_dir} initrd.sh rm -f $@~tmp cp --reflink $< $@~tmp sudo xorrisofs -iso-level 3 -- \ -indev $@~tmp \ -outdev $@~tmp \ -return_with FAILURE 32 \ -pathspecs on \ -rm_r linux -- \ -add linux="${samizdat_linux_dir}" -- \ -rm_r "${gpg_iso_path}" -- \ -add "${gpg_iso_path}=${GPG_INPUT_DIR}" -- \ -rm_r grub -- \ -add grub="${samizdat_grub_efi_dir}"/grub -- \ -chown_r 0 / -- \ -chgrp_r 0 / -- \ -chmod_r go-rwx "${gpg_iso_path}" -- \ -as mkisofs -graft-points \ -b grub/i386-pc/eltorito.img \ -no-emul-boot -boot-info-table \ --embedded-boot "${samizdat_grub_efi_dir}"/embedded.img \ --protective-msdos-label mv $@~tmp $@ rootfs/seed.iso: $(addprefix rootfs/samizdat.seed.btrf, s \ $(if $(VERITY), s.verity s.verity.log $(if $(VERITY_SIGN), s.verity.log.asc))) rm -f $@~tmp touch $@~tmp fallocate -n -l 10G $@~tmp xorrisofs -iso-level 3 -- \ -outdev $@~tmp \ $${SILENT:+ -report_about mishap} \ -return_with FAILURE 32 \ -volid SamizdatLive \ -pathspecs on \ -follow link \ -add $^ -- \ -follow default mv $@~tmp $@ .PHONY: install install: [ -e install-submodules-stamp ] || make install-submodules-stamp $(SUDO_MAKE) install-stamp build-submodules-stamp: build-submodules touch $@ install-submodules-stamp: install-submodules touch $@ install-bin-programs: ${bin_programs} install -D -p -t ${instdir}${samizdat_bindir} ${bin_programs} CP=cp --preserve=timestamps -r install-stamp: install-bin-programs samizdat-paths.sh ${compiled_programs} mkdir -p ${instdir}${samizdat_initrd_files_dir} mkdir -p ${instdir}${samizdat_child_dir} mkdir -p ${instdir}${samizdat_grub_efi_dir} mkdir -p ${instdir}${samizdat_initramfs_conf_dir} mkdir -p ${instdir}${samizdat_isolinux_dir} mkdir -p ${instdir}${samizdat_linux_dir} $(CP) ${initrd_files} ${instdir}${samizdat_initrd_files_dir} $(CP) ${initramfs_conf_files} ${instdir}${samizdat_initramfs_conf_dir} $(CP) ${isolinux_files} ${instdir}${samizdat_isolinux_dir} touch $@