qubes-linux-kernel/Makefile
Frédéric Pierret (fepitre) 9ec407116a
Update WireGuard to 0.0.20190702
2019-07-27 14:34:03 +02:00

155 lines
4.0 KiB
Makefile

NAME := kernel
SPECFILE := kernel.spec
WORKDIR := $(shell pwd)
SPECDIR ?= $(WORKDIR)
SRCRPMDIR ?= $(WORKDIR)/srpm
BUILDDIR ?= $(WORKDIR)
RPMDIR ?= $(WORKDIR)/rpm
SOURCEDIR := $(WORKDIR)
NO_OF_CPUS := $(shell grep -c ^processor /proc/cpuinfo)
BUILD_FLAVOR := pvops
RPM_DEFINES := --define "_sourcedir $(SOURCEDIR)" \
--define "_specdir $(SPECDIR)" \
--define "_builddir $(BUILDDIR)" \
--define "_srcrpmdir $(SRCRPMDIR)" \
--define "_rpmdir $(RPMDIR)" \
--define "build_flavor $(BUILD_FLAVOR)"
ifndef NAME
$(error "You can not run this Makefile without having NAME defined")
endif
ifndef VERSION
VERSION := $(shell cat version)
endif
ifndef RELEASE
RELEASE := $(shell cat rel)
endif
all: help
MIRROR := cdn.kernel.org
ifeq (,$(DISTFILES_MIRROR))
SRC_BASEURL := https://${MIRROR}/pub/linux/kernel/v$(shell echo $(VERSION) | sed 's/^\(2\.[0-9]*\).*/\1/;s/^3\..*/3.x/;s/^4\..*/4.x/;s/^5\..*/5.x/')
else
SRC_BASEURL := $(DISTFILES_MIRROR)
endif
SRC_FILE := linux-${VERSION}.tar.xz
ifeq ($(BUILD_FLAVOR),pvops)
SIGN_FILE := linux-${VERSION}.tar.sign
else
SIGN_FILE := linux-${VERSION}.tar.bz2.sign
endif
HASH_FILE :=${SRC_FILE}.sha1sum
WG_BASE_URL := https://git.zx2c4.com/WireGuard/snapshot
WG_SRC_FILE := WireGuard-0.0.20190702.tar.xz
WG_SRC_URL := $(WG_BASE_URL)/$(WG_SRC_FILE)
WG_SIG_FILE := $(WG_SRC_FILE:%.xz=%.asc)
WG_SIG_URL := $(WG_BASE_URL)/$(WG_SIG_FILE)
URL := $(SRC_BASEURL)/$(SRC_FILE)
URL_SIGN := $(SRC_BASEURL)/$(SIGN_FILE)
get-sources: $(SRC_FILE) $(SIGN_FILE) $(WG_SRC_FILE) $(WG_SIG_FILE)
$(SRC_FILE):
@wget -q -N $(URL)
$(SIGN_FILE):
@wget -q -N $(URL_SIGN)
$(WG_SRC_FILE):
@wget -q -N $(WG_SRC_URL)
$(WG_SIG_FILE):
@wget -q -N $(WG_SIG_URL)
import-keys:
@if [ -n "$$GNUPGHOME" ]; then rm -f "$$GNUPGHOME/linux-kernel-trustedkeys.gpg"; fi
@gpg --no-auto-check-trustdb --no-default-keyring --keyring linux-kernel-trustedkeys.gpg -q --import kernel*-key.asc
@if [ -n "$$GNUPGHOME" ]; then rm -f "$$GNUPGHOME/wireguard-trustedkeys.gpg"; fi
@gpg --no-auto-check-trustdb --no-default-keyring --keyring wireguard-trustedkeys.gpg -q --import wireguard*-key.asc
verify-sources: import-keys
@xzcat $(WG_SRC_FILE) | gpgv --keyring wireguard-trustedkeys.gpg $(WG_SIG_FILE) - 2>/dev/null
ifeq ($(BUILD_FLAVOR),pvops)
@xzcat $(SRC_FILE) | gpgv --keyring linux-kernel-trustedkeys.gpg $(SIGN_FILE) - 2>/dev/null
else
# @gpg --verify $(SIGN_FILE) $(SRC_FILE)
# The key has been compromised
# and kernel.org decided not to release signature
# with a new key... oh, well...
sha1sum --quiet -c ${HASH_FILE}
endif
.PHONY: clean-sources
clean-sources:
ifneq ($(SRC_FILE), None)
-rm $(SRC_FILE) $(SIGN_FILE)
endif
ifneq ($(WG_SRC_FILE), None)
-rm $(WG_SRC_FILE) $(WG_SIG_FILE)
endif
#RPM := rpmbuild --buildroot=/dev/shm/buildroot/
RPM := rpmbuild
RPM_WITH_DIRS = $(RPM) $(RPM_DEFINES)
rpms: rpms-dom0
rpms-vm:
rpms-dom0: get-sources $(SPECFILE)
$(RPM_WITH_DIRS) -bb $(SPECFILE)
rpm --addsign $(RPMDIR)/x86_64/*$(VERSION)-$(RELEASE)*.rpm
rpms-nobuild:
$(RPM_WITH_DIRS) --nobuild -bb $(SPECFILE)
rpms-just-build:
$(RPM_WITH_DIRS) --short-circuit -bc $(SPECFILE)
rpms-install:
$(RPM_WITH_DIRS) -bi $(SPECFILE)
prep: get-sources $(SPECFILE)
$(RPM_WITH_DIRS) -bp $(SPECFILE)
srpm: get-sources $(SPECFILE)
$(RPM_WITH_DIRS) -bs $(SPECFILE)
verrel:
@echo $(NAME)-$(VERSION)-$(RELEASE)
# mop up, printing out exactly what was mopped.
.PHONY : clean
clean ::
@echo "Running the %clean script of the rpmbuild..."
$(RPM_WITH_DIRS) --clean --nodeps $(SPECFILE)
help:
@echo "Usage: make <target>"
@echo
@echo "get-sources Download kernel sources from kernel.org"
@echo "verify-sources"
@echo
@echo "prep Just do the prep"
@echo "rpms Build rpms"
@echo "rpms-nobuild Skip the build stage (for testing)"
@echo "rpms-just-build Skip packaging (just test compilation)"
@echo "srpm Create an srpm"
@echo
@echo "make update-repo-current -- copy newly generated rpms to qubes yum repo"
@echo "make update-repo-current-testing -- same, but to -current-testing"
@echo "make update-repo-unstable -- same, but to -unstable repo"