prefix?=/usr/local cc_files=wait_for_files samizdat-pinentry krng-add-entropy cpp_files=dynmenu compiled_programs=${cc_files} ${cpp_files} CC=gcc -std=gnu99 CFLAGS=-Os SUBMODULES = fsmgr kiki openssh all: samizdat-paths.sh ${compiled_programs} ${SUBMODULES} .PHONY: stack install-stack install-stack: curl -sSL https://get.haskellstack.org/ | sh stack: @which stack >/dev/null || make install-stack build-deps: build-deps-stamp build-deps-stamp: build-deps.control sudo mk-build-deps --root-cmd sudo build-deps.control --install --remove touch $@ dynmenu: src/dynmenu.cpp | build-deps $(CXX) $(CFLAGS) $< -o $@ -lcurses samizdat-pinentry: src/samizdat-pinentry.c | build-deps $(CC) $(CFLAGS) $< -o $@ -lcurses krng-add-entropy: src/krng-add-entropy.c | build-deps $(CC) $(CFLAGS) $< -o $@ wait_for_files: src/wait_for_files.c | build-deps $(CC) $(CFLAGS) $< -o $@ dyndns_realprog = dyndns.ssh-rsa.cryptonomic.net dyndns_links = dyndns.ssh-dss.cryptonomic.net \ dyndns.ecdsa-sha2-nistp256.cryptonomic.net dyndns.ssh-ed25519.cryptonomic.net dyndns_progs = $(dyndns_realprog) $(dyndns_links) $(addprefix src/, $(dyndns_links)): ln -s $(dyndns_realprog) $@ src_bin_programs = xorriso-usb.sh btrfs-functions.sh btrfs-receive-root.sh \ btrfs-send-root.sh var.sh grub-efi.sh keygen.sh initrd.sh qemu.sh \ dnsmasq-dhcp-script.sh samizdat-password-agent samizdat-gpg-agent publish-ip.sh \ selfstrap samizdat-daily-snapshot-root samizdat-diff-root kiki-export-stdout \ kiki-import-stdin store-child-permanently $(dyndns_progs) bin_programs=$(addprefix src/, $(src_bin_programs)) samizdat-paths.sh ${cc_files} ${btrfs_utils} btrfs_utils=$(addprefix src/btrfs-utils/, btarfs btrfs-shrink with-btrfs-seed) initrd_files:=$(wildcard src/initrd/*) dynmenu samizdat-pinentry wait_for_files initramfs_conf_files:=$(wildcard initramfs-tools/*) isolinux_files:=$(wildcard isolinux/*) clean: rm -f samizdat-paths.sh ${compiled_programs} .PHONY: all clean samizdat-paths.sh: src/samizdat-paths.in @sed -e "s?PREFIX?$(prefix)?g" $< > $@ include samizdat-paths.sh install-nested-kvm: conf/kvm.conf install -m0644 conf/kvm.conf ${instdir}/etc/modprobe.d/ modprobe -r kvm-intel kvm-amd kvm; modprobe kvm; modprobe kvm-intel; modprobe kvm-amd; true network_filter := $(shell ./src/generate-network-filter.sh) conf_files_out = conf/br0 conf/dnsmasq.conf conf/network_if-up.d_samizdat conf_files_in = $(addsuffix .in, $(conf_files_out)) $(conf_files_out): $(conf_files_in) ./src/generate-network-filter.sh sed -e '$(network_filter)' < $@.in > $@ static_conf_files = conf/torrc conf/nbd-server conf/postfix_main.cf .PHONY: install-configuration install-bootserver start-bootserver install-bootserver: sudo initrd.sh sudo -E $(MAKE) instdir=/ real-install-bootserver start-bootserver start-bootserver: ifup --force br0 service dnsmasq restart service nbd-server restart real-install-bootserver: $(conf_files_out) $(static_conf_files) ifndef instdir $(error "You must specify instdir, for safety.") else install -p -m0644 -DT conf/dnsmasq.conf ${instdir}/etc/dnsmasq.conf install -p -m0644 -DT conf/eth0 ${instdir}/etc/network/interfaces.d/eth0 install -p -m0644 -DT conf/br0 ${instdir}/etc/network/interfaces.d/br0 install -p -m0644 -DT conf/network_if-up.d_samizdat ${instdir}/etc/network/if-up.d/samizdat install -p -m0644 -DT conf/nbd-server ${instdir}/etc/nbd-server/conf.d/samizdat.conf endif install-configuration: real-install-bootserver $(conf_files_out) $(static_conf_files) ifndef instdir $(error "You must specify instdir, for safety.") else install -p -m0644 -DT conf/postfix_main.cf ${instdir}/etc/postfix/main.cf install -p -m0644 -DT conf/torrc ${instdir}/etc/tor/torrc ln -sf /var/cache/kiki/config/tor/hostname ${instdir}/etc/mailname ln -sf /var/cache/kiki/config/tor/hostname ${instdir}/etc/hostname endif include user.mk .PHONY: submodule $(SUBMODULES) $(SUBMODULES): stack [ -e $@/Makefile ] || git submodule update --init $(MAKE) -C $@ $(cmd) install-submodules: cmd=install install-submodules: $(SUBMODULES) rootfs = samizdat export rootfs .PHONY: rootfs rootfs: [ -e install-submodules-stamp ] || make install-submodules-stamp [ -e install-stamp ] || sudo make install-stamp $(MAKE) -C rootfs sudo mkdir -p /srv/nbd sudo ln -sf "$$PWD"/rootfs/$(rootfs).btrfs /srv/nbd/samizdat.btrfs boot: rootfs sudo SLOW_BOOT=y qemu.sh fastboot: rootfs sudo qemu.sh reuse_child := $(shell 2>/dev/null read child < reused-child && echo --reuse-child=$$child; true) samizdat.netinst.iso: sudo initrd.sh sudo xorriso-usb.sh $(reuse_child) --bootloader --out $@ reused-child: sudo keygen.sh ${samizdat_child_dir}/child.$$$$ && \ sudo store-child-permanently $$$$ && \ echo $$$$ > $@ testclean: make -C kiki install sudo mv /root/.gnupg /root/.gnupg.$$(date -Im) || true sudo killall gpg-agent || true rm -f reused-child cleantest: make testclean make isotest isotest: samizdat.iso USE_ISO=y SLOW_BOOT=y NO_NET=y qemu.sh $^ isotest-netinst: samizdat.netinst.iso USE_ISO=y SLOW_BOOT=y qemu.sh $^ gpg_iso_path=gnupghome GPG_INPUT_DIR=${samizdat_child_dir}/child.$(shell cat reused-child)/root/.gnupg samizdat_btrfs_patch_size=256M get_loop_dev="$$(sudo losetup -n -O name -j $@~tmp)" get_backing_file="$$(sudo losetup -n -O back-file -j $@~tmp)" get_min_size="$$(btrfs inspect-internal min-dev-size --id 1 $@.mnt | (read b _; echo $$b))" rootfs/samizdat.seed.btrfs: rootfs/samizdat.btrfs ifneq ($(shell id -u),0) sudo make $@ else cp --reflink $< $@~tmp btrfstune -f -S0 $@~tmp test -d $@.mnt || mkdir $@.mnt mount -t btrfs -o rw $@~tmp $@.mnt btrfs fi defrag -c -r $@.mnt s=$(get_min_size) && (set -x; btrfs fi resize 1:$$s $@.mnt && truncate -s "$$s" $@~tmp) umount $@.mnt losetup -f $< btrfstune -S1 $@~tmp mv $@~tmp $@ endif rootfs/samizdat.patch.btrfs: rootfs/samizdat.seed.btrfs ifneq ($(shell id -u),0) sudo make $@ else rm -f $@~tmp touch $@~tmp fallocate -l $(samizdat_btrfs_patch_size) $@~tmp test -d $@.mnt || mkdir $@.mnt ! mountpoint -q $@.mnt || umount $@.mnt mount -o ro -t btrfs $< $@.mnt a=$(get_loop_dev); [ -z "$$a" ] || losetup -d $$a losetup -f $@~tmp btrfs device add $(get_loop_dev) $@.mnt mount -o rw,remount $@.mnt chroot $@.mnt /bin/sh -c 'echo samizdat > /etc/hostname' chroot $@.mnt bash -i umount $@.mnt losetup -f $< btrfstune -S1 $@~tmp mv $@~tmp $@ endif samizdat.iso: patched.iso cp --reflink $< $@ patched.iso: gold.iso rootfs/samizdat.patch.btrfs rm -f $@~tmp cp --reflink $< $@~tmp sudo xorrisofs -iso-level 3 -- \ -indev $@~tmp \ -outdev $@~tmp \ -return_with FAILURE 32 \ -pathspecs on \ -follow link \ -add /rootfs/z00.btrfs=rootfs/samizdat.patch.btrfs -- \ -follow default \ -as mkisofs -graft-points \ -b grub/i386-pc/eltorito.img \ -no-emul-boot -boot-info-table \ --embedded-boot "${samizdat_grub_efi_dir}"/embedded.img \ --protective-msdos-label mv $@~tmp $@ gold.iso: rootfs/seed.iso reused-child sudo grub-efi.sh ! grep 'vmlinuz.*nbdroot' -r ${samizdat_grub_efi_dir} rm -f $@~tmp cp --reflink $< $@~tmp sudo xorrisofs -iso-level 3 -- \ -indev $@~tmp \ -outdev $@~tmp \ -return_with FAILURE 32 \ -pathspecs on \ -rm_r linux -- \ -add linux="${samizdat_linux_dir}" -- \ -rm_r "${gpg_iso_path}" -- \ -add "${gpg_iso_path}=${GPG_INPUT_DIR}" -- \ -rm_r grub -- \ -add grub="${samizdat_grub_efi_dir}"/grub -- \ -chown_r 0 / -- \ -chgrp_r 0 / -- \ -chmod_r go-rwx "${gpg_iso_path}" -- \ -as mkisofs -graft-points \ -b grub/i386-pc/eltorito.img \ -no-emul-boot -boot-info-table \ --embedded-boot "${samizdat_grub_efi_dir}"/embedded.img \ --protective-msdos-label mv $@~tmp $@ rootfs/seed.iso: rootfs/samizdat.seed.btrfs rm -f $@~tmp touch $@~tmp fallocate -n -l 10G $@~tmp xorrisofs -iso-level 3 -- \ -outdev $@~tmp \ $${SILENT:+ -report_about mishap} \ -return_with FAILURE 32 \ -volid SamizdatLive \ -pathspecs on \ -follow link \ -add /rootfs/samizdat.btrfs=$< -- \ -follow default mv $@~tmp $@ rootfs/samizdat.btrfs: make -C rootfs .PHONY: install install: [ -e install-submodules-stamp ] || make install-submodules-stamp sudo make install-stamp install-submodules-stamp: install-submodules touch $@ install-bin-programs: ${bin_programs} install -p ${bin_programs} ${instdir}${samizdat_bindir} CP=cp --preserve=timestamps -r install-stamp: install-bin-programs samizdat-paths.sh ${compiled_programs} mkdir -p ${instdir}${samizdat_initrd_files_dir} mkdir -p ${instdir}${samizdat_child_dir} mkdir -p ${instdir}${samizdat_grub_efi_dir} mkdir -p ${instdir}${samizdat_initramfs_conf_dir} mkdir -p ${instdir}${samizdat_isolinux_dir} mkdir -p ${instdir}${samizdat_linux_dir} $(CP) ${initrd_files} ${instdir}${samizdat_initrd_files_dir} $(CP) ${initramfs_conf_files} ${instdir}${samizdat_initramfs_conf_dir} $(CP) ${isolinux_files} ${instdir}${samizdat_isolinux_dir} touch $@