-
-
Notifications
You must be signed in to change notification settings - Fork 66
/
Copy pathMakefile
119 lines (97 loc) · 2.98 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
NAME := kernel
SPECFILE := kernel.spec
WORKDIR := $(shell pwd)
BRANCH ?= master
DISTS ?=
ifndef NAME
$(error "You can not run this Makefile without having NAME defined")
endif
ifndef VERSION
VERSION := $(file <version)
endif
ifndef RELEASE
RELEASE := $(file <rel)
endif
ifneq ($(VERSION),$(subst -rc,,$(VERSION)))
DOWNLOAD_FROM_GIT=1
VERIFICATION := hash
else
VERIFICATION := signature
endif
all: help
UNTRUSTED_SUFF := .UNTRUSTED
MIRROR := cdn.kernel.org
ifeq (,$(DISTFILES_MIRROR))
SRC_BASEURL := https://${MIRROR}/pub/linux/kernel/v$(shell echo $(VERSION) | sed 's/^\(2\.[0-9]*\).*/\1/;s/^3\..*/3.x/;s/^4\..*/4.x/;s/^5\..*/5.x/;s/^6\..*/6.x/')
else
SRC_BASEURL := $(DISTFILES_MIRROR)
endif
ifeq ($(VERIFICATION),signature)
SRC_FILE := linux-${VERSION}.tar.xz
SIGN_FILE := linux-${VERSION}.tar.sign
else
SRC_FILE := linux-${VERSION}.tar.gz
HASH_FILE := linux-${VERSION}.tar.sha256
endif
SRC_TARFILE := linux-${VERSION}.tar
URL := $(SRC_BASEURL)/$(SRC_FILE)
URL_SIGN := $(SRC_BASEURL)/$(SIGN_FILE)
ifeq ($(DOWNLOAD_FROM_GIT),1)
URL := https://git.kernel.org/torvalds/t/linux-$(VERSION).tar.gz
endif
verrel:
@echo $(NAME)-$(VERSION)-$(RELEASE)
get-sources: $(SRC_TARFILE)
git submodule update --init --recursive
ifeq ($(FETCH_CMD),)
$(error "You can not run this Makefile without having FETCH_CMD defined")
endif
.INTERMEDIATE: linux-keyring.gpg
linux-keyring.gpg: $(sort $(wildcard kernel.org-*.asc))
cat $^ | gpg --dearmor >$@
.INTERMEDIATE: $(SRC_TARFILE)$(UNTRUSTED_SUFF)
%.tar$(UNTRUSTED_SUFF): %.tar.xz$(UNTRUSTED_SUFF)
if [ -f /usr/bin/qvm-run-vm ]; \
then qvm-run-vm --no-gui --dispvm 2>/dev/null xzcat <$< > $@; \
else xzcat <$< > $@; fi
%.tar$(UNTRUSTED_SUFF): %.tar.gz$(UNTRUSTED_SUFF)
if [ -f /usr/bin/qvm-run-vm ]; \
then qvm-run-vm --no-gui --dispvm 2>/dev/null zcat <$< > $@; \
else zcat <$< > $@; fi
ifeq ($(VERIFICATION),signature)
# signature based
$(SRC_TARFILE): $(SRC_TARFILE)$(UNTRUSTED_SUFF) $(SIGN_FILE) linux-keyring.gpg
gpgv --keyring ./$(word 3,$^) $(word 2,$^) $(word 1,$^) || \
{ echo "Wrong signature on $@$(UNTRUSTED_SUFF)!"; exit 1; }
mv $@$(UNTRUSTED_SUFF) $@
else
# hash based
$(SRC_TARFILE): $(SRC_TARFILE)$(UNTRUSTED_SUFF) $(HASH_FILE)
# there are no signatures for rc tarballs
# verify locally based on a signed git tag and commit hash file
@sha256sum --status --strict -c <(printf "$(file <$(HASH_FILE)) -\n") <$< || \
{ echo "Wrong hash of $@$(UNTRUSTED_SUFF)!"; exit 1; }
@mv $< $@
endif
$(SRC_FILE)$(UNTRUSTED_SUFF):
@$(FETCH_CMD) $@ -- $(URL)
.SECONDARY: $(SIGN_FILE)
$(SIGN_FILE):
@$(FETCH_CMD) $(SIGN_FILE) -- $(URL_SIGN)
verify-sources:
@true
.PHONY: clean-sources
clean-sources:
ifneq ($(SRC_FILE), None)
-rm $(SRC_FILE)$(UNTRUSTED_SUFF) $(SRC_TARFILE) $(SIGN_FILE)
endif
.PHONY: update-sources
update-sources:
@$(WORKDIR)/update-sources $(BRANCH) $(DIST)
help:
@echo "Usage: make <target>"
@echo
@echo "get-sources Download kernel sources from kernel.org"
@echo "verify-sources"
@echo
@echo "verrel" Echo version release"