2022-10-19 07:10:15 -04:00
|
|
|
SHELL = /bin/bash
|
|
|
|
SRC_PATH = $(CURDIR)
|
|
|
|
BASE_PATH ?= $(SRC_PATH)
|
2022-10-21 04:11:53 -04:00
|
|
|
BOOTSTRAPPER_BINARY ?= $(BASE_PATH)/../build/bootstrapper
|
|
|
|
DISK_MAPPER_BINARY ?= $(BASE_PATH)/../build/disk-mapper
|
2022-12-29 11:50:11 -05:00
|
|
|
UPGRADE_AGENT_BINARY ?= $(BASE_PATH)/../build/upgrade-agent
|
2023-01-20 04:28:09 -05:00
|
|
|
DEBUGD_BINARY ?= $(BASE_PATH)/../build/debugd
|
2023-03-09 05:22:58 -05:00
|
|
|
MEASUREMENT_READER_BINARY ?= $(BASE_PATH)/../build/measurement-reader
|
2022-10-19 07:10:15 -04:00
|
|
|
PKI ?= $(BASE_PATH)/pki
|
|
|
|
MKOSI_EXTRA ?= $(BASE_PATH)/mkosi.extra
|
2023-04-25 12:22:40 -04:00
|
|
|
EXTRA_SEARCH_PATHS ?=
|
2022-11-16 09:45:10 -05:00
|
|
|
IMAGE_VERSION ?= v0.0.0
|
2023-01-20 04:28:09 -05:00
|
|
|
DEBUG ?= false
|
2023-01-16 06:20:01 -05:00
|
|
|
AUTOLOGIN ?= false
|
|
|
|
AUTOLOGIN_ARGS := $(if $(filter true,$(AUTOLOGIN)),--autologin) # set "--autologin" if AUTOLOGIN is true
|
2023-02-24 08:25:39 -05:00
|
|
|
KERNEL_DEBUG_CMDLNE := $(if $(filter true,$(DEBUG)),constellation.debug) # set "constellation.debug" if DEBUG is true
|
2023-04-25 12:22:40 -04:00
|
|
|
SEARCH_PATHS_PARAM := $(if $(EXTRA_SEARCH_PATHS),--extra-search-path=$(EXTRA_SEARCH_PATHS))
|
2023-02-24 08:25:39 -05:00
|
|
|
export INSTALL_DEBUGD ?= $(DEBUG)
|
2023-01-16 06:20:01 -05:00
|
|
|
export CONSOLE_MOTD = $(AUTOLOGIN)
|
2022-10-19 07:10:15 -04:00
|
|
|
-include $(CURDIR)/config.mk
|
2023-02-27 12:19:52 -05:00
|
|
|
csps := aws azure gcp openstack qemu
|
2023-05-26 04:15:30 -04:00
|
|
|
variants := aws_aws-sev-snp aws_aws-nitro-tpm azure_azure-sev-snp gcp_gcp-sev-es gcp_gcp-sev-snp openstack_qemu-vtpm qemu_qemu-vtpm
|
2022-10-19 07:10:15 -04:00
|
|
|
certs := $(PKI)/PK.cer $(PKI)/KEK.cer $(PKI)/db.cer
|
|
|
|
|
2023-03-08 04:45:53 -05:00
|
|
|
SYSTEMD_FIXED_RPMS := systemd-251.11-2.fc37.x86_64.rpm systemd-libs-251.11-2.fc37.x86_64.rpm systemd-networkd-251.11-2.fc37.x86_64.rpm systemd-pam-251.11-2.fc37.x86_64.rpm systemd-resolved-251.11-2.fc37.x86_64.rpm systemd-udev-251.11-2.fc37.x86_64.rpm
|
2023-07-18 09:08:34 -04:00
|
|
|
AWS_FIXED_RPMS := kernel-6.1.34-59.116.amzn2023.x86_64.rpm
|
2023-03-13 12:48:31 -04:00
|
|
|
AZURE_FIXED_KERNEL_RPMS := kernel-6.1.18-200.fc37.x86_64.rpm kernel-core-6.1.18-200.fc37.x86_64.rpm kernel-modules-6.1.18-200.fc37.x86_64.rpm
|
|
|
|
GCP_FIXED_KERNEL_RPMS := kernel-6.1.18-200.fc37.x86_64.rpm kernel-core-6.1.18-200.fc37.x86_64.rpm kernel-modules-6.1.18-200.fc37.x86_64.rpm
|
2023-03-08 04:45:53 -05:00
|
|
|
PREBUILD_RPMS_SYSTEMD := $(addprefix prebuilt/rpms/systemd/,$(SYSTEMD_FIXED_RPMS))
|
2023-01-04 11:48:27 -05:00
|
|
|
PREBUILT_RPMS_AZURE := $(addprefix prebuilt/rpms/azure/,$(AZURE_FIXED_KERNEL_RPMS))
|
2023-07-18 09:08:34 -04:00
|
|
|
PREBUILT_RPMS_AWS := $(addprefix prebuilt/rpms/aws/,$(AWS_FIXED_RPMS))
|
2022-12-09 07:20:00 -05:00
|
|
|
|
2023-05-22 05:17:24 -04:00
|
|
|
.PHONY: all clean inject-bins $(csps) $(variants)
|
2022-10-19 07:10:15 -04:00
|
|
|
|
2023-06-15 10:50:35 -04:00
|
|
|
.NOTPARALLEL: mkosi.output.%/fedora~38/image.raw clean-%
|
2023-04-25 12:22:40 -04:00
|
|
|
|
2022-10-19 07:10:15 -04:00
|
|
|
all: $(csps)
|
|
|
|
|
2023-07-18 09:08:34 -04:00
|
|
|
aws: aws_aws-sev-snp aws_aws-nitro-tpm
|
2023-05-22 05:17:24 -04:00
|
|
|
azure: azure_azure-sev-snp
|
|
|
|
gcp: gcp_gcp-sev-es gcp_gcp-sev-snp
|
|
|
|
openstack: openstack_qemu-vtpm
|
|
|
|
qemu: qemu_qemu-vtpm
|
|
|
|
|
2023-06-15 10:50:35 -04:00
|
|
|
$(variants): %: mkosi.output.%/fedora~38/image.raw
|
2022-10-19 07:10:15 -04:00
|
|
|
|
2023-03-08 04:45:53 -05:00
|
|
|
prebuilt/rpms/systemd/%.rpm:
|
|
|
|
@echo "Downloading $*"
|
|
|
|
@mkdir -p $(@D)
|
|
|
|
@curl -fsSL -o $@ https://kojipkgs.fedoraproject.org/packages/systemd/251.11/2.fc37/x86_64/$*.rpm
|
|
|
|
|
2023-07-18 09:08:34 -04:00
|
|
|
prebuilt/rpms/aws/kernel-6.1.34-59.116.amzn2023.x86_64.rpm:
|
|
|
|
@echo "Downloading $*"
|
|
|
|
@mkdir -p $(@D)
|
|
|
|
@curl -fsSL -o $@ https://cdn.confidential.cloud/constellation/kernel/6.1.34-59.116.amzn2023/kernel-6.1.34-59.116.amzn2023.x86_64.rpm
|
|
|
|
|
2023-01-04 11:48:27 -05:00
|
|
|
prebuilt/rpms/azure/%.rpm:
|
|
|
|
@echo "Downloading $*"
|
|
|
|
@mkdir -p $(@D)
|
2023-03-13 12:48:31 -04:00
|
|
|
@curl -fsSL -o $@ https://kojipkgs.fedoraproject.org/packages/kernel/6.1.18/200.fc37/x86_64/$*.rpm
|
2023-01-04 11:48:27 -05:00
|
|
|
|
2023-06-15 10:50:35 -04:00
|
|
|
mkosi.output.%/fedora~38/image.raw: inject-bins inject-certs
|
2023-04-25 12:22:40 -04:00
|
|
|
rm -rf .csp/
|
|
|
|
mkdir -p .csp/
|
2023-05-22 05:17:24 -04:00
|
|
|
$(eval csp := $(firstword $(subst _, ,$*)))
|
|
|
|
$(eval attestation_variant := $(lastword $(subst _, ,$*)))
|
|
|
|
touch .csp/$(csp)
|
2023-04-25 12:22:40 -04:00
|
|
|
mkosi \
|
2023-01-20 04:28:09 -05:00
|
|
|
--image-version=$(IMAGE_VERSION) \
|
|
|
|
$(AUTOLOGIN_ARGS) \
|
|
|
|
--environment=INSTALL_DEBUGD \
|
|
|
|
--environment=CONSOLE_MOTD \
|
2023-02-24 08:25:39 -05:00
|
|
|
--kernel-command-line="$(KERNEL_DEBUG_CMDLNE)" \
|
2023-05-22 05:17:24 -04:00
|
|
|
--kernel-command-line="constel.attestation-variant=$(attestation_variant)" \
|
|
|
|
--kernel-command-line="constel.csp=$(csp)" \
|
|
|
|
--output-dir=mkosi.output.$* \
|
2023-04-25 12:22:40 -04:00
|
|
|
$(SEARCH_PATHS_PARAM) \
|
2023-01-20 04:28:09 -05:00
|
|
|
build
|
2022-10-19 07:10:15 -04:00
|
|
|
secure-boot/signed-shim.sh $@
|
|
|
|
@if [ -n $(SUDO_UID) ] && [ -n $(SUDO_GID) ]; then \
|
|
|
|
chown -R $(SUDO_UID):$(SUDO_GID) mkosi.output.$*; \
|
|
|
|
fi
|
2023-04-25 12:22:40 -04:00
|
|
|
rm -rf .csp/
|
2022-10-19 07:10:15 -04:00
|
|
|
@echo "Image is ready: $@"
|
|
|
|
|
2023-07-18 09:08:34 -04:00
|
|
|
inject-bins: $(PREBUILD_RPMS_SYSTEMD) $(PREBUILT_RPMS_AZURE) $(PREBUILT_RPMS_AWS)
|
2022-10-19 07:10:15 -04:00
|
|
|
mkdir -p $(MKOSI_EXTRA)/usr/bin
|
|
|
|
mkdir -p $(MKOSI_EXTRA)/usr/sbin
|
2022-12-29 11:50:11 -05:00
|
|
|
cp $(UPGRADE_AGENT_BINARY) $(MKOSI_EXTRA)/usr/bin/upgrade-agent
|
2022-10-19 07:10:15 -04:00
|
|
|
cp $(DISK_MAPPER_BINARY) $(MKOSI_EXTRA)/usr/sbin/disk-mapper
|
2023-03-09 05:22:58 -05:00
|
|
|
cp $(MEASUREMENT_READER_BINARY) $(MKOSI_EXTRA)/usr/sbin/measurement-reader
|
2023-01-20 04:28:09 -05:00
|
|
|
if [ "$(DEBUG)" = "true" ]; then \
|
|
|
|
cp $(DEBUGD_BINARY) $(MKOSI_EXTRA)/usr/bin/debugd; \
|
|
|
|
rm -f $(MKOSI_EXTRA)/usr/bin/bootstrapper; \
|
2023-03-09 05:22:58 -05:00
|
|
|
rm -f $(MKOSI_EXTRA)/usr/bin/upgrade-agent; \
|
2023-01-20 04:28:09 -05:00
|
|
|
else \
|
|
|
|
cp $(BOOTSTRAPPER_BINARY) $(MKOSI_EXTRA)/usr/bin/bootstrapper; \
|
|
|
|
rm -f $(MKOSI_EXTRA)/usr/bin/debugd; \
|
|
|
|
fi
|
2022-10-19 07:10:15 -04:00
|
|
|
|
|
|
|
inject-certs: $(certs)
|
|
|
|
# for auto enrollment using systemd-boot (not working yet)
|
|
|
|
mkdir -p "$(MKOSI_EXTRA)/boot/loader/keys/auto"
|
|
|
|
cp $(PKI)/{PK,KEK,db}.cer "$(MKOSI_EXTRA)/boot/loader/keys/auto"
|
|
|
|
cp $(PKI)/{MicWinProPCA2011_2011-10-19,MicCorUEFCA2011_2011-06-27,MicCorKEKCA2011_2011-06-24}.crt "$(MKOSI_EXTRA)/boot/loader/keys/auto"
|
|
|
|
|
|
|
|
clean-cache:
|
|
|
|
rm -rf mkosi.cache/*
|
|
|
|
|
|
|
|
clean-%:
|
2023-04-25 12:22:40 -04:00
|
|
|
rm -rf .csp/
|
|
|
|
mkdir -p .csp/
|
|
|
|
touch .csp/$*
|
|
|
|
mkosi clean
|
|
|
|
rm -rf .csp/
|
2022-10-19 07:10:15 -04:00
|
|
|
|
|
|
|
clean:
|
|
|
|
rm -rf mkosi.output.*
|
2023-01-04 11:48:27 -05:00
|
|
|
rm -rf prebuilt/rpms
|
2022-10-19 07:10:15 -04:00
|
|
|
rm -rf $(MKOSI_EXTRA)
|
|
|
|
mkdir -p $(MKOSI_EXTRA)
|