prefix?=/usr/local cc_files=wait_for_files samizdat-pinentry krng-add-entropy cpp_files=dynmenu compiled_programs=${cc_files} ${cpp_files} CC=gcc -std=gnu99 CFLAGS=-Os SUBMODULES = fsmgr kiki openssh all: samizdat-paths.sh ${compiled_programs} ${SUBMODULES} .PHONY: stack install-stack install-stack: curl -sSL https://get.haskellstack.org/ | sh stack: @which stack >/dev/null || make install-stack build-deps: build-deps-stamp build-deps-stamp: build-deps.control sudo mk-build-deps --root-cmd sudo build-deps.control --install --remove touch $@ dynmenu: src/dynmenu.cpp | build-deps $(CXX) $(CFLAGS) $< -o $@ -lcurses samizdat-pinentry: src/samizdat-pinentry.c | build-deps $(CC) $(CFLAGS) $< -o $@ -lcurses krng-add-entropy: src/krng-add-entropy.c | build-deps $(CC) $(CFLAGS) $< -o $@ wait_for_files: src/wait_for_files.c | build-deps $(CC) $(CFLAGS) $< -o $@ dyndns_realprog = dyndns.ssh-rsa.cryptonomic.net dyndns_links = dyndns.ssh-dss.cryptonomic.net \ dyndns.ecdsa-sha2-nistp256.cryptonomic.net dyndns.ssh-ed25519.cryptonomic.net dyndns_progs = $(dyndns_realprog) $(dyndns_links) $(addprefix src/, $(dyndns_links)): ln -s $(dyndns_realprog) $@ src_bin_programs = xorriso-usb.sh btrfs-functions.sh btrfs-receive-root.sh \ btrfs-send-root.sh var.sh grub-efi.sh keygen.sh initrd.sh qemu.sh \ dnsmasq-dhcp-script.sh samizdat-password-agent samizdat-gpg-agent publish-ip.sh \ selfstrap samizdat-daily-snapshot-root samizdat-diff-root kiki-export-stdout \ kiki-import-stdin store-child-permanently $(dyndns_progs) bin_programs=$(addprefix src/, $(src_bin_programs)) samizdat-paths.sh ${cc_files} ${btrfs_utils} btrfs_utils=$(addprefix src/btrfs-utils/, btarfs btrfs-shrink with-btrfs-seed) initrd_files:=$(wildcard src/initrd/*) dynmenu samizdat-pinentry wait_for_files initramfs_conf_files:=$(wildcard initramfs-tools/*) isolinux_files:=$(wildcard isolinux/*) clean: rm -f samizdat-paths.sh ${compiled_programs} .PHONY: all clean samizdat-paths.sh: src/samizdat-paths.in @sed -e "s?PREFIX?$(prefix)?g" $< > $@ include samizdat-paths.sh install-nested-kvm: conf/kvm.conf install -m0644 conf/kvm.conf ${instdir}/etc/modprobe.d/ modprobe -r kvm-intel kvm-amd kvm; modprobe kvm; modprobe kvm-intel; modprobe kvm-amd; true network_filter := $(shell ./src/generate-network-filter.sh) conf_files_out = conf/br0 conf/dnsmasq.conf conf/network_if-up.d_samizdat conf_files_in = $(addsuffix .in, $(conf_files_out)) $(conf_files_out): $(conf_files_in) ./src/generate-network-filter.sh sed -e '$(network_filter)' < $@.in > $@ static_conf_files = conf/torrc conf/nbd-server conf/postfix_main.cf SUDO_MAKE = sudo MAKEFLAGS="$$MAKEFLAGS" $(MAKE) .PHONY: install-configuration install-bootserver start-bootserver install-bootserver: | rootfs/samizdat.btrfs sudo initrd.sh $(SUDO_MAKE) instdir=/ real-install-bootserver start-bootserver start-bootserver: ifup --force br0 service dnsmasq restart service nbd-server restart real-install-bootserver: $(conf_files_out) $(static_conf_files) ifndef instdir $(error "You must specify instdir, for safety.") else install -p -m0644 -DT conf/dnsmasq.conf ${instdir}/etc/dnsmasq.conf install -p -m0644 -DT conf/eth0 ${instdir}/etc/network/interfaces.d/eth0 install -p -m0644 -DT conf/br0 ${instdir}/etc/network/interfaces.d/br0 install -p -m0644 -DT conf/network_if-up.d_samizdat ${instdir}/etc/network/if-up.d/samizdat install -p -m0644 -DT conf/nbd-server ${instdir}/etc/nbd-server/conf.d/samizdat.conf endif install-configuration: real-install-bootserver $(conf_files_out) $(static_conf_files) ifndef instdir $(error "You must specify instdir, for safety.") else install -p -m0644 -DT conf/postfix_main.cf ${instdir}/etc/postfix/main.cf install -p -m0644 -DT conf/torrc ${instdir}/etc/tor/torrc ln -sf /var/cache/kiki/config/tor/hostname ${instdir}/etc/mailname ln -sf /var/cache/kiki/config/tor/hostname ${instdir}/etc/hostname endif include user.mk .PHONY: submodule $(SUBMODULES) $(SUBMODULES): stack [ -e $@/Makefile ] || git submodule update --init $(MAKE) -C $@ $(cmd) install-submodules: cmd=install install-submodules: $(SUBMODULES) rootfs = samizdat export rootfs .PHONY: rootfs rootfs: [ -e install-submodules-stamp ] || make install-submodules-stamp [ -e install-stamp ] || $(SUDO_MAKE) install-stamp $(MAKE) -C rootfs sudo mkdir -p /srv/nbd sudo ln -sf "$$PWD"/rootfs/$(rootfs).btrfs /srv/nbd/samizdat.btrfs boot: rootfs sudo SLOW_BOOT=y qemu.sh fastboot: rootfs sudo qemu.sh reuse_child := $(shell 2>/dev/null read child < reused-child && echo --reuse-child=$$child; true) samizdat.netinst.iso: | rootfs/samizdat.btrfs sudo initrd.sh sudo xorriso-usb.sh $(reuse_child) --bootloader --out $@ reused-child: sudo keygen.sh ${samizdat_child_dir}/child.$$$$ && \ sudo store-child-permanently $$$$ && \ echo $$$$ > $@ testclean: make -C kiki install sudo mv /root/.gnupg /root/.gnupg.$$(date -Im) || true sudo killall gpg-agent || true rm -f reused-child cleantest: make testclean make isotest isotest: samizdat.iso USE_ISO=y SLOW_BOOT=y NO_NET=y qemu.sh $^ isotest-netinst: samizdat.netinst.iso USE_ISO=y SLOW_BOOT=y qemu.sh $^ gpg_iso_path=gnupghome GPG_INPUT_DIR=${samizdat_child_dir}/child.$(shell cat reused-child)/root/.gnupg samizdat_btrfs_patch_size=256M get_loop_dev="$$(sudo losetup -n -O name -j $@~tmp)" get_backing_file="$$(sudo losetup -n -O back-file -j $@~tmp)" get_min_size="$$(btrfs inspect-internal min-dev-size --id 1 $@.mnt | (read b _; echo $$b))" %.btrfs.verity: %.btrfs sudo veritysetup format $< $@ > $@.log sudo chmod 644 $@ h=$$(sed -ne 's/^Root hash:[ \t]*//p' $@.log) && [ "$$h" ] %.btrfs.verity.log.asc: %.btrfs.verity.log sudo gpg --armor --detach-sign $^ rootfs/samizdat.seed.btrfs: rootfs/samizdat.btrfs ifneq ($(shell id -u),0) $(SUDO_MAKE) $@ else @while umount $$PWD/$@~tmp; do continue; done cp --reflink $< $@~tmp btrfstune -f -S0 $@~tmp test -d $@.mnt || mkdir $@.mnt mount -t btrfs -o rw $@~tmp $@.mnt #bash -c "time btrfs fi defrag -c -r $@.mnt" s=$(get_min_size) && (set -x; btrfs fi resize 1:$$s $@.mnt && truncate -s "$$s" $@~tmp) umount $@.mnt losetup -f $< btrfstune -S1 $@~tmp mv $@~tmp $@ endif FORCE: debian_dist := $(shell lsb_release -cs) apt_list_files = $(addprefix /./var/lib/apt/lists/, \ *$(debian_dist)_main_binary* \ *$(debian_dist)_main_i18n_Translation-en \ *$(debian_dist)_updates_main_binary* \ *$(debian_dist)_updates_main_i18n_Translation-en \ *dists_$(debian_dist)_*Release*) stale = [ ! -e $@ ] || [ $$(( $$(date +%s) - $$(date -r $@ +%s) )) -gt 36000 ] apt-get-update-stamp: FORCE @if $(stale); then set -x; sudo apt-get update && touch $@; fi rootfs/samizdat.patch.btrfs: rootfs/samizdat.seed.btrfs \ $(if $(INTERACTIVE_CHROOT),FORCE,patchroot.sh) ifneq ($(shell id -u),0) $(SUDO_MAKE) $@ else rm -f $@~tmp touch $@~tmp fallocate -l $(samizdat_btrfs_patch_size) $@~tmp test -d $@.mnt || mkdir $@.mnt ! mountpoint -q $@.mnt || umount $@.mnt mount -o compress,ro -t btrfs $< $@.mnt a=$(get_loop_dev); [ -z "$$a" ] || losetup -d $$a losetup -f $@~tmp btrfs device add $(get_loop_dev) $@.mnt mount -o compress,rw,remount $@.mnt $(SUDO_MAKE) apt-get-update-stamp rsync -Ra $(apt_list_files) $@.mnt/ ifdef INTERACTIVE_CHROOT chroot $@.mnt bash -i else chroot $@.mnt sh < patchroot.sh endif umount $@.mnt losetup -f $< btrfstune -S1 $@~tmp mv $@~tmp $@ endif samizdat.iso: patched.iso cp --reflink $< $@ patched.iso: gold.iso rootfs/samizdat.patch.btrfs rm -f $@~tmp cp --reflink $< $@~tmp sudo xorrisofs -iso-level 3 -- \ -indev $@~tmp \ -outdev $@~tmp \ -return_with FAILURE 32 \ -pathspecs on \ -follow link \ -add /rootfs/z00.btrfs=rootfs/samizdat.patch.btrfs -- \ -follow default \ -as mkisofs -graft-points \ -b grub/i386-pc/eltorito.img \ -no-emul-boot -boot-info-table \ --embedded-boot "${samizdat_grub_efi_dir}"/embedded.img \ --protective-msdos-label mv $@~tmp $@ gold.iso: rootfs/seed.iso reused-child sudo grub-efi.sh ! grep 'vmlinuz.*nbdroot' -r ${samizdat_grub_efi_dir} rm -f $@~tmp cp --reflink $< $@~tmp sudo xorrisofs -iso-level 3 -- \ -indev $@~tmp \ -outdev $@~tmp \ -return_with FAILURE 32 \ -pathspecs on \ -rm_r linux -- \ -add linux="${samizdat_linux_dir}" -- \ -rm_r "${gpg_iso_path}" -- \ -add "${gpg_iso_path}=${GPG_INPUT_DIR}" -- \ -rm_r grub -- \ -add grub="${samizdat_grub_efi_dir}"/grub -- \ -chown_r 0 / -- \ -chgrp_r 0 / -- \ -chmod_r go-rwx "${gpg_iso_path}" -- \ -as mkisofs -graft-points \ -b grub/i386-pc/eltorito.img \ -no-emul-boot -boot-info-table \ --embedded-boot "${samizdat_grub_efi_dir}"/embedded.img \ --protective-msdos-label mv $@~tmp $@ rootfs/seed.iso: $(addprefix rootfs/samizdat.seed.btrf, s \ $(if $(VERITY), s.verity s.verity.log $(if $(VERITY_SIGN), s.verity.log.asc))) rm -f $@~tmp touch $@~tmp fallocate -n -l 10G $@~tmp xorrisofs -iso-level 3 -- \ -outdev $@~tmp \ $${SILENT:+ -report_about mishap} \ -return_with FAILURE 32 \ -volid SamizdatLive \ -pathspecs on \ -follow link \ -add $^ -- \ -follow default mv $@~tmp $@ rootfs/samizdat.btrfs: make -C rootfs .PHONY: install install: [ -e install-submodules-stamp ] || make install-submodules-stamp $(SUDO_MAKE) install-stamp install-submodules-stamp: install-submodules touch $@ install-bin-programs: ${bin_programs} install -p ${bin_programs} ${instdir}${samizdat_bindir} CP=cp --preserve=timestamps -r install-stamp: install-bin-programs samizdat-paths.sh ${compiled_programs} mkdir -p ${instdir}${samizdat_initrd_files_dir} mkdir -p ${instdir}${samizdat_child_dir} mkdir -p ${instdir}${samizdat_grub_efi_dir} mkdir -p ${instdir}${samizdat_initramfs_conf_dir} mkdir -p ${instdir}${samizdat_isolinux_dir} mkdir -p ${instdir}${samizdat_linux_dir} $(CP) ${initrd_files} ${instdir}${samizdat_initrd_files_dir} $(CP) ${initramfs_conf_files} ${instdir}${samizdat_initramfs_conf_dir} $(CP) ${isolinux_files} ${instdir}${samizdat_isolinux_dir} touch $@