-
Notifications
You must be signed in to change notification settings - Fork 2
/
Makefile
81 lines (72 loc) · 2.86 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
.DEFAULT_GOAL := help
IMG_NAME = fpf.local/kernel-builder
SCRIPT_OUTPUT_PREFIX=$(PWD)/build/$(shell date +%Y%m%d)
SCRIPT_OUTPUT_EXT=log
.PHONY: tiny-5.15
tiny-5.15: OUT:=$(SCRIPT_OUTPUT_PREFIX)-tiny-5.15.$(SCRIPT_OUTPUT_EXT)
tiny-5.15: ## Builds latest 5.15 kernel, unpatched
LINUX_MAJOR_VERSION="5.15" LOCALVERSION="tiny" \
BUILD_DISTRO="buster" \
LINUX_LOCAL_CONFIG_PATH="$(PWD)/configs/tinyconfig-5.15" \
script \
--command ./scripts/build-kernel-wrapper \
--return \
$(OUT)
.PHONY: tiny-6.6
tiny-6.6: OUT:=$(SCRIPT_OUTPUT_PREFIX)-tiny-6.6.$(SCRIPT_OUTPUT_EXT)
tiny-6.6: ## Builds latest 6.6 kernel, unpatched
LINUX_MAJOR_VERSION="6.6" LOCALVERSION="tiny" \
LINUX_LOCAL_CONFIG_PATH="$(PWD)/configs/tinyconfig-6.6" \
script \
--command ./scripts/build-kernel-wrapper \
--return \
$(OUT)
.PHONY: grsec
grsec: OUT:=$(SCRIPT_OUTPUT_PREFIX)-grsec.$(SCRIPT_OUTPUT_EXT)
grsec: ## Builds grsecurity-patched kernel (requires credentials)
GRSECURITY=1 \
script \
--command ./scripts/build-kernel-wrapper \
--return \
$(OUT)
.PHONY: reprotest
reprotest: ## Builds simple kernel multiple times to confirm reproducibility
LINUX_MAJOR_VERSION="5.15" ./scripts/reproducibility-test
.PHONY: reprotest-sd
reprotest-sd: ## DEBUG Builds SD kernel config without grsec in CI
GRSECURITY=0 LOCALVERSION="securedrop" \
LINUX_LOCAL_CONFIG_PATH="$(PWD)/configs/config-securedrop-5.15" \
LINUX_LOCAL_PATCHES_PATH="$(PWD)/patches" \
./scripts/reproducibility-test
securedrop-core-5.15: OUT:=$(SCRIPT_OUTPUT_PREFIX)-securedrop-core-5.15.$(SCRIPT_OUTPUT_EXT)
securedrop-core-5.15: ## Builds kernels for SecureDrop servers, 5.15.x
GRSECURITY=1 GRSECURITY_PATCH_TYPE=stable6 LOCALVERSION="securedrop" \
BUILD_DISTRO="buster" \
LINUX_LOCAL_CONFIG_PATH="$(PWD)/configs/config-securedrop-5.15" \
LINUX_LOCAL_PATCHES_PATH="$(PWD)/patches" \
script \
--command ./scripts/build-kernel-wrapper \
--return \
$(OUT)
securedrop-core-6.6: OUT:=$(SCRIPT_OUTPUT_PREFIX)-securedrop-core-6.6.$(SCRIPT_OUTPUT_EXT)
securedrop-core-6.6: ## Builds kernels for SecureDrop servers, 6.6.x
GRSECURITY=1 GRSECURITY_PATCH_TYPE=stable9 LOCALVERSION="securedrop" \
LINUX_LOCAL_CONFIG_PATH="$(PWD)/configs/config-securedrop-6.6" \
script \
--command ./scripts/build-kernel-wrapper \
--return \
$(OUT)
securedrop-workstation-6.6: OUT:=$(SCRIPT_OUTPUT_PREFIX)-securedrop-workstation-6.6.$(SCRIPT_OUTPUT_EXT)
securedrop-workstation-6.6: ## Builds kernels for SecureDrop Workstation, 6.6.x
GRSECURITY=1 GRSECURITY_PATCH_TYPE=stable9 LOCALVERSION="workstation" \
LINUX_LOCAL_CONFIG_PATH="$(PWD)/configs/config-workstation-6.6" \
script \
--command ./scripts/build-kernel-wrapper \
--return \
$(OUT)
.PHONY: help
help: ## Prints this message and exits.
@printf "Subcommands:\n\n"
@perl -F':.*##\s+' -lanE '$$F[1] and say "\033[36m$$F[0]\033[0m : $$F[1]"' $(MAKEFILE_LIST) \
| sort \
| column -s ':' -t