[Cryptech-Commits] [user/sra/alpha-releng/omnibus] branch master updated: Simplify version numbering, add preliminary Homebrew support.

git at cryptech.is git at cryptech.is
Sun Jul 3 19:15:44 UTC 2016


This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch master
in repository user/sra/alpha-releng/omnibus.

The following commit(s) were added to refs/heads/master by this push:
       new  4e745ec   Simplify version numbering, add preliminary Homebrew support.
4e745ec is described below

commit 4e745ec22b4ff3f481a1dfb1a2dc322130c73d33
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Sun Jul 3 15:15:51 2016 -0400

    Simplify version numbering, add preliminary Homebrew support.
---
 Makefile                  | 48 ++++++++++++++++++++++++++-------------
 build-homebrew-formula.py | 57 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 89 insertions(+), 16 deletions(-)

diff --git a/Makefile b/Makefile
index 98378ce..1e15c3d 100644
--- a/Makefile
+++ b/Makefile
@@ -1,23 +1,21 @@
 # Top-level package build for Cryptech Alpha board.
 
-export CRYPTECH_VERSION := 2.0
-
-HEAD_TIME := $(shell git show -s --format=%ct HEAD)
-HEAD_HASH := $(shell git rev-parse HEAD)
-
 PACKAGE_NAME	 := cryptech-alpha
-PACKAGE_VERSION  := ${CRYPTECH_VERSION}~${HEAD_TIME}~${HEAD_HASH}
+PACKAGE_VERSION  := 2.0.$(shell git show -s --format=%ct HEAD)
 
 export GNUPGHOME := /home/aptbot/gnupg
+GPG_USER	 := APT Builder Robot <aptbot at cryptech.is>
+GPG_KEYID	 := 37A8E93F5D7E7B9A
 
-REPO_BASE	 := /home/aptbot/alpha
+REPO_BASE	 := /home/aptbot
 REPO_UMASK	 := 002
 
 PBUILDER_BASE	 := ${HOME}/pbuilder
 PBUILDER_TARGETS := debian/jessie/i386 debian/jessie/amd64 ubuntu/xenial/i386 ubuntu/xenial/amd64
 
 REPO_UPLOAD_USER := aptbot
-REPO_UPLOAD_URI	 := rsync://apt.cryptech.is/alpha/
+REPO_UPLOAD_HOST := bikeshed.cryptech.is
+REPO_UPLOAD_DIRS := apt brew
 
 # Yes, we really are putting the firmware tarball into the source package.
 # We want to supply the firmware in both source and binary form, to save users
@@ -34,11 +32,11 @@ TAMPER		 := build/user/ln5/tamper/tamper.hex
 # Does nothing if the changelog already exists.
 
 DCH =	test -f debian/changelog || \
-	EDITOR=true VISUAL=true TZ=UTC DEBEMAIL='APT Builder Robot <aptbot at cryptech.is>' \
+	EDITOR=true VISUAL=true TZ=UTC DEBEMAIL='${GPG_USER}' \
 	dch --create --package ${PACKAGE_NAME} --newversion '${PACKAGE_VERSION}' \
-	'$(strip Version ${CRYPTECH_VERSION} package for Cryptech Alpha development board.)'
+	'Software and firmware for Cryptech Alpha development board.'
 
-all: init firmware dsc pbuilder homebrew
+all: init firmware dsc pbuilder homebrew expire
 
 enchilada: all upload
 
@@ -85,15 +83,33 @@ pbuilder:
 	umask ${REPO_UMASK}; \
 	for target in ${PBUILDER_TARGETS}; do echo $$target | tr '/' ' '; done | \
 	while read dist code arch; do \
-		reprepro -b ${REPO_BASE}/$$dist -A $$arch list $$code ${PACKAGE_NAME} | awk '{v = $$3} END {exit v != "${PACKAGE_VERSION}"}' && continue; \
+		reprepro -b ${REPO_BASE}/apt/$$dist -A $$arch list $$code ${PACKAGE_NAME} | awk '{v = $$3} END {exit v != "${PACKAGE_VERSION}"}' && continue; \
 		pbuilder-dist $$code $$arch build ${PACKAGE_NAME}_${PACKAGE_VERSION}.dsc; \
-		reprepro -b ${REPO_BASE}/$$dist include $$code ${PBUILDER_BASE}/$${code}-$${arch}_result/${PACKAGE_NAME}_${PACKAGE_VERSION}_$${arch}.changes; \
+		cp -p ${PBUILDER_BASE}/$${code}-$${arch}_result/${PACKAGE_NAME}_${PACKAGE_VERSION}.tar.xz ${REPO_BASE}/brew/tarballs/; \
+		reprepro -b ${REPO_BASE}/apt/$$dist include $$code ${PBUILDER_BASE}/$${code}-$${arch}_result/${PACKAGE_NAME}_${PACKAGE_VERSION}_$${arch}.changes; \
 	done
 
+homebrew:
+	rm -rf tap
+	umask ${REPO_UMASK}; \
+	git clone ${REPO_BASE}/brew/tap tap; \
+	cd tap; \
+	../build-homebrew-formula.py ${REPO_BASE}/brew/tarballs/${PACKAGE_NAME}_${PACKAGE_VERSION}.tar.xz ${PACKAGE_VERSION} ${PACKAGE_NAME}.rb; \
+	git add ${PACKAGE_NAME}.rb; \
+	git commit -S${GPG_KEYID} --author='${GPG_USER}' -m '${PACKAGE_NAME} ${PACKAGE_VERSION}'; \
+	git push
+#	rm -rf tap
+
+# Still need:
+#
+# expire:   target to expire old tarballs from .../brew/tarballs/, along the lines of download.rpki.net scripts
+
 RSYNC	:= rsync --rsh 'ssh -l ${REPO_UPLOAD_USER}' --archive --itemize-changes
 
 upload:
-	${RSYNC} --ignore-existing       ${REPO_BASE}/ ${REPO_UPLOAD_URI}
-	${RSYNC} --delete --delete-delay ${REPO_BASE}/ ${REPO_UPLOAD_URI}
+	for dir in ${REPO_UPLOAD_DIRS}; do \
+		${RSYNC} --ignore-existing       ${REPO_BASE}/$${dir}/	rsync://${REPO_UPLOAD_HOST}/$${dir}/ \
+		${RSYNC} --delete --delete-delay ${REPO_BASE}/$${dir}/	rsync://${REPO_UPLOAD_HOST}/$${dir}/ \
+	done
 
-.PHONY: all init clean firmware shadow bitstream elves tamper dsc pbuilder homebrew upload enchilada sandblast
+.PHONY: all init clean firmware shadow bitstream elves tamper dsc pbuilder homebrew expire upload enchilada sandblast
diff --git a/build-homebrew-formula.py b/build-homebrew-formula.py
new file mode 100755
index 0000000..8f29720
--- /dev/null
+++ b/build-homebrew-formula.py
@@ -0,0 +1,57 @@
+#!/usr/bin/env python
+
+# Yes, this is a Python program writing a Ruby program.
+
+import argparse
+import hashlib
+import sys
+import os
+
+parser = argparse.ArgumentParser()
+parser.add_argument("--url-base", default = "https://brew.cryptech.is/tarballs/")
+parser.add_argument("tarball")
+parser.add_argument("version")
+parser.add_argument("formula", type = argparse.FileType("w"), nargs = "?", default = sys.stdout)
+args = parser.parse_args()
+
+template = '''\
+# This Homebrew forumula was automatically generated by a script.
+# You might not want to edit it manually.
+
+class CryptechAlpha < Formula
+
+  desc     "Software for working with Cryptech Alpha board HSM"
+  homepage "https://cryptech.is/"
+  version  "{version}"
+  url      "{url}"
+  sha256   "{sha256}"
+
+  # Eventually we'll want resource clauses here to pull in stuff we
+  # need from pypi, see brew doc for that, but skip it initially.
+
+  # We should also specify a dependency on sqlite3, and perhaps other
+  # packages.  Skip that for now too.
+
+  # If we get really ambitous, it would be nice to have "bottled"
+  # (precompiled binary) versions, but that requires either a build
+  # farm or some kind of cross-compilation.
+
+  def install
+    ENV.deparallelize
+    system "make", "-C", "sw/pkcs11"
+    share.install "cryptech-alpha-firmware.tar.gz"
+    lib.install   "sw/pkcs11/libpkcs11.dylib"
+    sbin.install  "sw/pkcs11/p11util"
+    sbin.install  "sw/stm32/projects/hsm/cryptech_upload"
+  end
+
+end
+'''
+
+with open(args.tarball, "rb") as f:
+    digest = hashlib.sha256(f.read()).hexdigest()
+
+args.formula.write(template.format(
+    version = args.version,
+    url     = os.path.join(args.url_base, os.path.basename(args.tarball)),
+    sha256  = digest))

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.


More information about the Commits mailing list