# # Maintenance Helpers # # This makefile contains targets used for development, as well as helpers to # aid automatization of maintenance. Unless a target is documented in # `make help`, it is not supported and is only meant to be used by developers # to aid their daily development work. # # All supported targets honor the `SRCDIR` variable to find the source-tree. # For most unsupported targets, you are expected to have the source-tree as # your working directory. To specify a different source-tree, simply override # the variable via `SRCDIR=` on the commandline. By default, the working # directory is used for build output, but `BUILDDIR=` allows overriding # it. # BUILDDIR ?= . SRCDIR ?= . RST2MAN ?= rst2man # # Automatic Variables # # This section contains a bunch of automatic variables used all over the place. # They mostly try to fetch information from the repository sources to avoid # hard-coding them in this makefile. # # Most of the variables here are pre-fetched so they will only ever be # evaluated once. This, however, means they are always executed regardless of # which target is run. # # VERSION: # This evaluates the `Version` field of the specfile. Therefore, it will # be set to the latest version number of this repository without any # prefix (just a plain number). # # COMMIT: # This evaluates to the latest git commit sha. This will not work if # the source is not a git checkout. Hence, this variable is not # pre-fetched but evaluated at time of use. # VERSION := $(shell (cd "$(SRCDIR)" && grep "^Version:" osbuild-composer.spec | sed 's/[^[:digit:]]*$[[:digit:]]\+$.*/\1/')) COMMIT = $(shell (cd "$(SRCDIR)" && git rev-parse HEAD)) # # Generic Targets # # The following is a set of generic targets used across the makefile. The # following targets are defined: # # help # This target prints all supported targets. It is meant as # documentation of targets we support and might use outside of this # repository. # This is also the default target. # # $(BUILDDIR)/ # $(BUILDDIR)/%/ # This target simply creates the specified directory. It is limited to # the build-dir as a safety measure. Note that this requires you to use # a trailing slash after the directory to not mix it up with regular # files. Lastly, you mostly want this as order-only dependency, since # timestamps on directories do not affect their content. # .PHONY: help help: @echo "make [TARGETS...]" @echo @echo "This is the maintenance makefile of osbuild. The following" @echo "targets are available:" @echo @echo " help: Print this usage information." @echo " man: Generate all man-pages" $(BUILDDIR)/: mkdir -p "$@" $(BUILDDIR)/%/: mkdir -p "$@" # # Documentation # # The following targets build the included documentation. This includes the # packaged man-pages, but also all other kinds of documentation that needs to # be generated. Note that these targets are relied upon by automatic # deployments to our website, as well as package manager scripts. # MANPAGES_RST = $(wildcard $(SRCDIR)/docs/*.[0123456789].rst) MANPAGES_TROFF = $(patsubst $(SRCDIR)/%.rst,$(BUILDDIR)/%,$(MANPAGES_RST)) $(MANPAGES_TROFF): $(BUILDDIR)/docs/%: $(SRCDIR)/docs/%.rst | $(BUILDDIR)/docs/ $(RST2MAN) "$<" "$@" .PHONY: man man: $(MANPAGES_TROFF) # # Maintenance Targets # # The following targets are meant for development and repository maintenance. # They are not supported nor is their use recommended in scripts. # .PHONY: build build: - mkdir bin go build -o bin/osbuild-composer ./cmd/osbuild-composer/ go build -o bin/osbuild-worker ./cmd/osbuild-worker/ go build -o bin/osbuild-pipeline ./cmd/osbuild-pipeline/ go build -o bin/osbuild-upload-azure ./cmd/osbuild-upload-azure/ go build -o bin/osbuild-upload-aws ./cmd/osbuild-upload-aws/ go test -c -tags=integration -o bin/osbuild-composer-cli-tests ./cmd/osbuild-composer-cli-tests/main_test.go go test -c -tags=integration -o bin/osbuild-weldr-tests ./internal/client/ go test -c -tags=integration -o bin/osbuild-dnf-json-tests ./cmd/osbuild-dnf-json-tests/main_test.go go test -c -tags=integration -o bin/osbuild-image-tests ./cmd/osbuild-image-tests/ go test -c -tags=integration -o bin/osbuild-auth-tests ./cmd/osbuild-auth-tests/ go test -c -tags=integration -o bin/osbuild-koji-tests ./cmd/osbuild-koji-tests/ .PHONY: install install: - mkdir -p /usr/libexec/osbuild-composer cp bin/osbuild-composer /usr/libexec/osbuild-composer/ cp bin/osbuild-worker /usr/libexec/osbuild-composer/ cp dnf-json /usr/libexec/osbuild-composer/ - mkdir -p /usr/share/osbuild-composer/repositories cp repositories/* /usr/share/osbuild-composer/repositories - mkdir -p /etc/sysusers.d/ cp distribution/osbuild-composer.conf /etc/sysusers.d/ systemd-sysusers osbuild-composer.conf - mkdir -p /etc/systemd/system/ cp distribution/*.service /etc/systemd/system/ cp distribution/*.socket /etc/systemd/system/ systemctl daemon-reload CERT_DIR=/etc/osbuild-composer .PHONY: ca ca: ifneq (${CERT_DIR}/ca-key.pem${CERT_DIR}/ca-crt.pem,$(wildcard ${CERT_DIR}/ca-key.pem)$(wildcard ${CERT_DIR}/ca-crt.pem)) @echo CA key or certificate file is missing, generating a new pair... - mkdir -p ${CERT_DIR} openssl req -new -nodes -x509 -days 365 -keyout ${CERT_DIR}/ca-key.pem -out ${CERT_DIR}/ca-crt.pem -subj "/CN=osbuild.org" else @echo CA key and certificate files already exist, skipping... endif .PHONY: composer-key-pair composer-key-pair: ca # generate a private key and a certificate request openssl req -new -nodes \ -subj "/CN=localhost" \ -keyout ${CERT_DIR}/composer-key.pem \ -out ${CERT_DIR}/composer-csr.pem # sign the certificate openssl x509 -req \ -in ${CERT_DIR}/composer-csr.pem \ -CA ${CERT_DIR}/ca-crt.pem \ -CAkey ${CERT_DIR}/ca-key.pem \ -CAcreateserial \ -out ${CERT_DIR}/composer-crt.pem # delete the request and set _osbuild-composer as the owner rm ${CERT_DIR}/composer-csr.pem chown _osbuild-composer:_osbuild-composer ${CERT_DIR}/composer-key.pem ${CERT_DIR}/composer-crt.pem .PHONY: worker-key-pair worker-key-pair: ca # generate a private key and a certificate request openssl req -new -nodes \ -subj "/CN=localhost" \ -keyout ${CERT_DIR}/worker-key.pem \ -out ${CERT_DIR}/worker-csr.pem # sign the certificate openssl x509 -req \ -in ${CERT_DIR}/worker-csr.pem \ -CA ${CERT_DIR}/ca-crt.pem \ -CAkey ${CERT_DIR}/ca-key.pem \ -CAcreateserial \ -out ${CERT_DIR}/worker-crt.pem # delete the request rm /etc/osbuild-composer/worker-csr.pem # # Building packages # # The following rules build osbuild-composer packages from the current HEAD # commit, based on the spec file in this directory. The resulting packages # have the commit hash in their version, so that they don't get overwritten # when calling `make rpm` again after switching to another branch. # # All resulting files (spec files, source rpms, rpms) are written into # ./rpmbuild, using rpmbuild's usual directory structure. # RPM_SPECFILE=rpmbuild/SPECS/osbuild-composer.spec RPM_TARBALL=rpmbuild/SOURCES/osbuild-composer-$(COMMIT).tar.gz $(RPM_SPECFILE): mkdir -p $(CURDIR)/rpmbuild/SPECS git show HEAD:osbuild-composer.spec > $(RPM_SPECFILE) $(RPM_TARBALL): mkdir -p $(CURDIR)/rpmbuild/SOURCES git archive --prefix=osbuild-composer-$(COMMIT)/ --format=tar.gz HEAD > $(RPM_TARBALL) .PHONY: srpm srpm: $(RPM_SPECFILE) $(RPM_TARBALL) rpmbuild -bs \ --define "_topdir $(CURDIR)/rpmbuild" \ --define "commit $(COMMIT)" \ --with tests \ $(RPM_SPECFILE) .PHONY: rpm rpm: $(RPM_SPECFILE) $(RPM_TARBALL) rpmbuild -bb \ --define "_topdir $(CURDIR)/rpmbuild" \ --define "commit $(COMMIT)" \ --with tests \ $(RPM_SPECFILE) # # Releasing # NEXT_VERSION := $(shell expr "$(VERSION)" + 1) .PHONY: release release: @echo @echo "Checklist for release of osbuild-composer-$(NEXT_VERSION):" @echo @echo " * Create news entry in NEWS.md with a short description of" @echo " any changes since the last release, which are relevant to" @echo " users, packagers, distributors, or dependent projects." @echo @echo " Use the following template, break lines at 80ch:" @echo @echo "--------------------------------------------------------------------------------" @echo "## CHANGES WITH $(NEXT_VERSION):" @echo @echo " * ..." @echo @echo " * ..." @echo @echo -n "Contributions from: " # We omit the contributor list if `git log` fails. If you hit this, # consider fetching missing tags via `git fetch --tags`, or just copy # this command and remove the stderr-redirect. @echo `( git log --format='%an, ' v$(VERSION)..HEAD 2>/dev/null | sort -u | tr -d '\n' | sed 's/, $$//' ) || echo` @echo @echo "— Location, YYYY-MM-DD" @echo "--------------------------------------------------------------------------------" @echo @echo " To get a list of changes since the last release, you may use:" @echo @echo " git log v$(VERSION)..HEAD" @echo @echo " * Bump the project version. The canonical location so far is" @echo " 'osbuild-composer.spec'." @echo @echo " * Make sure the spec-file is updated for the new release and" @echo " correctly supports all new features. This should already be" @echo " done by previous commits that introduced the changes, but" @echo " a sanity check does not hurt." @echo @echo " * Commit the version bump, specfile changes and NEWS.md in any" @echo " order you want." @echo @echo " * Tag the release via:" @echo @echo " git tag -s -m 'osbuild-composer $(NEXT_VERSION)' v$(NEXT_VERSION) HEAD" @echo @echo " * Push main as well as the tag:" @echo @echo " git push origin main" @echo " git push origin v$(NEXT_VERSION)" @echo @echo " * Create a release on github. Use 'NEWS.md' verbatim from the" @echo " top until the end of the section for this release as release" @echo " notes. Use 'v$(NEXT_VERSION)' as release name and as tag for" @echo " the release." @echo