-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathMakefile
More file actions
70 lines (61 loc) · 2.28 KB
/
Makefile
File metadata and controls
70 lines (61 loc) · 2.28 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
.DEFAULT_GOAL := help
IMG_NAME = fpf.local/kernel-builder
SCRIPT_OUTPUT_PREFIX=$(PWD)/build/$(shell date +%Y%m%d)
SCRIPT_OUTPUT_EXT=log
.PHONY: lint
lint: ## Check scripts
@poetry run ruff check .
@poetry run ruff format --check .
@poetry run zizmor .
.PHONY: fix
fix: ## Fix scripts
@poetry run ruff format .
@poetry run ruff check . --fix
.PHONY: tiny-6.6
tiny-6.6: OUT:=$(SCRIPT_OUTPUT_PREFIX)-tiny-6.6.$(SCRIPT_OUTPUT_EXT)
tiny-6.6: ## Builds latest 6.6 kernel, unpatched
LINUX_MAJOR_VERSION="6.6" LOCALVERSION="tiny" \
LINUX_LOCAL_CONFIG_PATH="$(PWD)/configs/tinyconfig-6.6" \
script \
--command ./scripts/build-kernel-wrapper \
--return \
$(OUT)
.PHONY: grsec
grsec: OUT:=$(SCRIPT_OUTPUT_PREFIX)-grsec.$(SCRIPT_OUTPUT_EXT)
grsec: ## Builds grsecurity-patched kernel (requires credentials)
GRSECURITY=1 \
script \
--command ./scripts/build-kernel-wrapper \
--return \
$(OUT)
.PHONY: reprotest
reprotest: ## Builds simple kernel multiple times to confirm reproducibility
LINUX_MAJOR_VERSION="6.6" ./scripts/reproducibility-test
.PHONY: reprotest-sd
reprotest-sd: ## DEBUG Builds SD kernel config without grsec in CI
GRSECURITY=0 LOCALVERSION="securedrop" \
LINUX_LOCAL_CONFIG_PATH="$(PWD)/configs/config-securedrop-6.6" \
LINUX_LOCAL_PATCHES_PATH="$(PWD)/patches" \
./scripts/reproducibility-test
securedrop-core-6.6: OUT:=$(SCRIPT_OUTPUT_PREFIX)-securedrop-core-6.6.$(SCRIPT_OUTPUT_EXT)
securedrop-core-6.6: ## Builds kernels for SecureDrop servers, 6.6.x
GRSECURITY=1 GRSECURITY_PATCH_TYPE=stable9 LOCALVERSION="securedrop" \
LINUX_LOCAL_CONFIG_PATH="$(PWD)/configs/config-securedrop-6.6" \
script \
--command ./scripts/build-kernel-wrapper \
--return \
$(OUT)
securedrop-workstation-6.6: OUT:=$(SCRIPT_OUTPUT_PREFIX)-securedrop-workstation-6.6.$(SCRIPT_OUTPUT_EXT)
securedrop-workstation-6.6: ## Builds kernels for SecureDrop Workstation, 6.6.x
GRSECURITY=1 GRSECURITY_PATCH_TYPE=stable9 LOCALVERSION="workstation" \
LINUX_LOCAL_CONFIG_PATH="$(PWD)/configs/config-workstation-6.6" \
script \
--command ./scripts/build-kernel-wrapper \
--return \
$(OUT)
.PHONY: help
help: ## Prints this message and exits.
@printf "Subcommands:\n\n"
@perl -F':.*##\s+' -lanE '$$F[1] and say "\033[36m$$F[0]\033[0m : $$F[1]"' $(MAKEFILE_LIST) \
| sort \
| column -s ':' -t