diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..f910d53 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1,13 @@ +# Default owners +* @strombetta + +# CI / release workflows +/.github/workflows/ @strombetta + +# Build system and scripts +/Makefile @strombetta +/Makefile.check @strombetta +/Makefile.help @strombetta +/make/ @strombetta +/scripts/ @strombetta +/config/ @strombetta diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..fa3f0c1 --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,66 @@ +# Code of Conduct + +## Our Pledge + +We as contributors and maintainers pledge to make participation in this project +a harassment-free experience for everyone, regardless of age, body size, +visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, religion, or sexual identity and +orientation. + +## Our Standards + +Examples of behavior that contributes to a positive environment include: + +- Demonstrating empathy and kindness toward other people +- Being respectful of differing opinions, viewpoints, and experiences +- Giving and gracefully accepting constructive feedback +- Accepting responsibility and apologizing to those affected by our mistakes +- Focusing on what is best for the community + +Examples of unacceptable behavior include: + +- Sexualized language or imagery, and sexual attention or advances +- Trolling, insulting or derogatory comments, and personal or political attacks +- Public or private harassment +- Publishing others' private information without explicit permission +- Other conduct which could reasonably be considered inappropriate + +## Enforcement Responsibilities + +Project maintainers are responsible for clarifying and enforcing standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior they deem inappropriate, threatening, offensive, or +harmful. + +## Scope + +This Code of Conduct applies within all project spaces and also applies when an +individual is officially representing the project in public spaces. + +## Reporting + +Report incidents to the maintainers by contacting the repository owner via the +email listed on their GitHub profile. If you are unable to use email, open a +private GitHub discussion (if enabled) or request a private contact channel +through a maintainer. + +We will acknowledge receipt within 5 business days and will keep you informed +about the process when possible. + +## Enforcement Guidelines + +Maintainers will follow these Community Impact Guidelines in determining the +consequences for any action they deem in violation of this Code of Conduct: + +1. **Correction**: A private, written warning with clarification. +2. **Warning**: A formal warning with consequences for continued behavior. +3. **Temporary Ban**: A temporary ban from participation. +4. **Permanent Ban**: Permanent removal from the community. + +## Attribution + +This Code of Conduct is adapted from the Contributor Covenant, version 2.1. +For details, see: +https://www.contributor-covenant.org/version/2/1/code_of_conduct.html diff --git a/MAINTAINERS.md b/MAINTAINERS.md new file mode 100644 index 0000000..aac6a3f --- /dev/null +++ b/MAINTAINERS.md @@ -0,0 +1,21 @@ +# Maintainers + +This document lists the active maintainers for the BugleOS Cross Toolchain +repository and their areas of responsibility. + +## Active Maintainers + +- Sebastiano Trombetta (@strombetta) — Lead Maintainer + - Toolchain build system (Makefiles, scripts) + - Release process and artifacts + - CI/CD workflows + +## Contact + +For questions or support, see SUPPORT.md. +For security issues, follow SECURITY.md. + +## Changes to This File + +Updates to this file should be made via pull request and require approval from +an existing maintainer. diff --git a/Makefile b/Makefile index 7d9d66b..266ddf1 100644 --- a/Makefile +++ b/Makefile @@ -20,8 +20,7 @@ # SOFTWARE. include config/paths.mk -include config/versions.mk -include make/common.mk +include make/helpers.mk ROOT_DIR := $(abspath $(ROOT_DIR)) @@ -81,10 +80,10 @@ clean-binutils: clean-gcc ## Remove binutils build directories $(call do_clean,binutils) $(call do_safe_remove,$(BINUTILS1_BUILD_DIR)) $(call do_safe_remove,$(BINUTILS2_BUILD_DIR)) - $(call do_safe_remove,$(BINUTILS_SRC_DIR)) - $(call do_safe_remove,$(BINUTILS_STAMP)) - $(call do_safe_remove,$(BINUTILS_ARCHIVE)) - $(call do_safe_remove,$(DOWNLOADS_DIR)/binutils-$(BINUTILS_VERSION).tar.xz.sig) + $(call do_safe_remove_glob,$(SOURCES_DIR),binutils-*) + $(call do_safe_remove_glob,$(DOWNLOADS_DIR),.binutils-*-verified) + $(call do_safe_remove_glob,$(DOWNLOADS_DIR),binutils-*.tar.xz) + $(call do_safe_remove_glob,$(DOWNLOADS_DIR),binutils-*.tar.xz.sig) $(call do_safe_remove,$(DOWNLOADS_DIR)/gnu-keyring.gpg) $(call do_safe_remove_glob,$(LOGS_DIR),binutils-stage1-*.log) $(call do_safe_remove_glob,$(LOGS_DIR),binutils-stage2-*.log) @@ -118,10 +117,10 @@ clean-binutils-stage2: clean-gcc: clean-musl ## Remove GCC build directory $(call do_clean,gcc) $(call do_safe_remove,$(GCC_BUILD_DIR)) - $(call do_safe_remove,$(GCC_SRC_DIR)) - $(call do_safe_remove,$(GCC_STAMP)) - $(call do_safe_remove,$(GCC_ARCHIVE)) - $(call do_safe_remove,$(DOWNLOADS_DIR)/gcc-$(GCC_VERSION).tar.xz.sig) + $(call do_safe_remove_glob,$(SOURCES_DIR),gcc-*) + $(call do_safe_remove_glob,$(DOWNLOADS_DIR),.gcc-*-verified) + $(call do_safe_remove_glob,$(DOWNLOADS_DIR),gcc-*.tar.xz) + $(call do_safe_remove_glob,$(DOWNLOADS_DIR),gcc-*.tar.xz.sig) $(call do_safe_remove,$(DOWNLOADS_DIR)/gnu-keyring.gpg) $(call do_safe_remove_glob,$(LOGS_DIR),gcc-stage1-*.log) $(call do_safe_remove_glob,$(LOGS_DIR),gcc-stage2-*.log) @@ -151,10 +150,10 @@ clean-gcc-stage2: clean-musl: clean-binutils-stage2 clean-gcc-stage2 ## Remove musl build directory $(call do_clean,musl) $(call do_safe_remove,$(MUSL_BUILD_DIR)) - $(call do_safe_remove,$(MUSL_SRC_DIR)) - $(call do_safe_remove,$(MUSL_STAMP)) - $(call do_safe_remove,$(MUSL_ARCHIVE)) - $(call do_safe_remove,$(DOWNLOADS_DIR)/musl-$(MUSL_VERSION).tar.gz.asc) + $(call do_safe_remove_glob,$(SOURCES_DIR),musl-*) + $(call do_safe_remove_glob,$(DOWNLOADS_DIR),.musl-*-verified) + $(call do_safe_remove_glob,$(DOWNLOADS_DIR),musl-*.tar.gz) + $(call do_safe_remove_glob,$(DOWNLOADS_DIR),musl-*.tar.gz.asc) $(call do_safe_remove,$(DOWNLOADS_DIR)/musl.pub) $(call do_safe_remove_glob,$(LOGS_DIR),musl-*.log) $(foreach lib,$(MUSL_LIBS),$(call do_safe_remove_glob,$(SYSROOT)/lib,$(lib).*)) @@ -187,10 +186,10 @@ clean-musl: clean-binutils-stage2 clean-gcc-stage2 ## Remove musl build director clean-kheaders: clean-gcc ## Remove Linux UAPI headers build directory $(call do_clean,linux-headers) $(call do_safe_remove,$(LINUX_HEADERS_BUILD_DIR)) - $(call do_safe_remove,$(LINUX_SRC_DIR)) - $(call do_safe_remove,$(LINUX_STAMP)) - $(call do_safe_remove,$(LINUX_ARCHIVE)) - $(call do_safe_remove,$(DOWNLOADS_DIR)/linux-$(LINUX_VERSION).tar.sign) + $(call do_safe_remove_glob,$(SOURCES_DIR),linux-*) + $(call do_safe_remove_glob,$(DOWNLOADS_DIR),.linux-*-verified) + $(call do_safe_remove_glob,$(DOWNLOADS_DIR),linux-*.tar.xz) + $(call do_safe_remove_glob,$(DOWNLOADS_DIR),linux-*.tar.sign) $(call do_safe_remove_glob,$(LOGS_DIR),linux-headers-*.log) $(call do_safe_remove,$(SYSROOT)/usr/include/linux) $(call do_safe_remove,$(SYSROOT)/usr/include/asm) diff --git a/Makefile.check b/Makefile.check index 6adb3b8..beda1d2 100644 --- a/Makefile.check +++ b/Makefile.check @@ -20,7 +20,7 @@ # SOFTWARE. include config/paths.mk -include make/common.mk +include make/helpers.mk ROOT_DIR := $(abspath $(ROOT_DIR)) diff --git a/README.md b/README.md index 91595ca..6a0f4b8 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ BugleOS Cross Toolchain builds deterministic cross-compilers and system headers ## Repository layout - `Makefile`: entry point orchestrating staged builds per architecture. -- `config/`: central version and path definitions, plus per-architecture target triples. +- `config/`: path definitions and per-architecture target triples. - `make/`: stage-specific makefiles for binutils, GCC, and musl. - `scripts/`: helper utilities for fetching sources, verifying checksums, loading the environment, and emitting metadata files. - `patches/`: placeholder for local patches to upstream sources. @@ -41,7 +41,7 @@ To list optional variables for a specific target, pass the target name via `TARG make help TARGET=toolchain ``` -To install Linux UAPI headers into the sysroot, set `WITH_LINUX_HEADERS=1` and update `LINUX_VERSION`/`LINUX_SHA256` in `config/versions.mk`: +To install Linux UAPI headers into the sysroot, set `WITH_LINUX_HEADERS=1` and update `LINUX_VERSION`/`LINUX_SHA256` in `make/linux-headers.mk`: ``` make WITH_LINUX_HEADERS=1 TARGET=x86_64-bugleos-linux-musl toolchain diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..67d7ae8 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,61 @@ +# Security Policy + +This document describes how to report security issues for BugleOS Cross Toolchain. + +## Supported Versions + +We currently support the latest released version and the `main` branch. + +| Version | Supported | +| --- | --- | +| latest | :white_check_mark: | +| older releases | :x: | + +## Reporting a Vulnerability + +Please report security issues **privately**. + +Preferred method: +1. Open a private GitHub Security Advisory: + https://github.com/strombetta/bugleos-make-toolchain/security/advisories + +If you cannot use GitHub Security Advisories, contact the maintainer privately +via the email listed in the maintainer's GitHub profile or commit metadata. + +### What to Include + +Please include: +- A clear description of the vulnerability and impact +- Steps to reproduce (proof-of-concept if possible) +- Affected versions/commits +- Any suggested fixes or mitigations + +## Response Timeline + +We aim to: +- Acknowledge receipt within **2 business days** +- Provide a status update within **7 days** +- Coordinate a fix and disclosure schedule as appropriate + +Timelines may vary based on complexity and upstream coordination needs. + +## Scope + +In scope: +- Build scripts, CI workflows, release artifacts, and integrity checks +- Supply-chain or signing/verification issues +- Toolchain configuration that could compromise build outputs + +Out of scope: +- Vulnerabilities in upstream projects (binutils/GCC/musl/Linux) + unless introduced or amplified by this repository + +## Coordinated Disclosure + +Please do not open public issues or disclose details until a fix or mitigation +is available. We will coordinate disclosure with you. + +## Security Updates + +Security fixes will be released as new versions. Release notes will reference +the advisory and provide upgrade guidance. diff --git a/SUPPORT.md b/SUPPORT.md new file mode 100644 index 0000000..c64b281 --- /dev/null +++ b/SUPPORT.md @@ -0,0 +1,34 @@ +# Support + +This document describes how to get help with BugleOS Cross Toolchain. + +## What We Support + +We can help with: +- Build failures in this repository +- Reproducibility issues and validation checks +- Documentation clarity and usage questions +- Feature requests related to the build system + +## What We Do Not Support + +- Bugs in upstream projects (binutils, GCC, musl, Linux) unless caused by + configuration or patches in this repository +- General operating system setup outside the documented prerequisites + +## How to Get Help + +1. **Check the docs first** + - README.md and CONTRIBUTING.md +2. **Collect diagnostics** + - Host OS and tool versions + - Target triplet + - Logs from `logs/` +3. **Choose the right channel** + - Questions: GitHub Discussions (if enabled) + - Bugs/feature requests: GitHub Issues with clear reproduction steps + +## Security Issues + +Please do not file public issues for security vulnerabilities. +Follow SECURITY.md for private reporting. diff --git a/VERSION b/VERSION new file mode 100644 index 0000000..3eefcb9 --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +1.0.0 diff --git a/VERSIONING.md b/VERSIONING.md new file mode 100644 index 0000000..b022a38 --- /dev/null +++ b/VERSIONING.md @@ -0,0 +1,38 @@ +# Versioning Policy + +BugleOS Cross Toolchain follows Semantic Versioning 2.0.0. + +## Version Format + +`MAJOR.MINOR.PATCH` stored in the `VERSION` file. + +- **MAJOR**: incompatible changes (build outputs, flags, toolchain layout) +- **MINOR**: backward-compatible feature additions +- **PATCH**: backward-compatible bug fixes and reproducibility fixes + +## Tags + +Release tags follow: + +`vMAJOR.MINOR.PATCH` +or +`vMAJOR.MINOR.PATCH-PRERELEASE` + +Examples: +- `v1.2.3` +- `v1.2.3-rc.1` + +## Release Process + +1. Update `VERSION` with the next `MAJOR.MINOR.PATCH`. +2. Create an annotated tag using the `Tag from VERSION` workflow. +3. CI builds artifacts, verifies checksums, and publishes the release. + +## Pre-releases + +Pre-releases are allowed (e.g., `-rc.1`, `-beta.1`) and are published as +pre-release tags in GitHub. + +## Hotfixes + +Hotfixes increment **PATCH** and follow the same release process. diff --git a/config/paths.mk b/config/paths.mk index 8a8f50e..d1de155 100644 --- a/config/paths.mk +++ b/config/paths.mk @@ -46,9 +46,6 @@ LINUX_ARCH := $(TARGET_ARCH) endif MUSL_LDSO := ld-musl-$(TARGET_ARCH).so.1 -HOST_PATH := /usr/bin:/bin:$(PATH) -CROSS_PATH := $(TOOLCHAIN_ROOT)/bin:$(TOOLCHAIN_TARGET_DIR)/bin:$(STAGE1_TOOLCHAIN_ROOT)/bin:$(STAGE1_TOOLCHAIN_ROOT)/$(TARGET)/bin - TOOLCHAIN_ROOT ?= $(OUT_DIR)/toolchain TOOLCHAIN_TARGET_DIR ?= $(TOOLCHAIN_ROOT)/$(TARGET) SYSROOT ?= $(TOOLCHAIN_TARGET_DIR)/sysroot diff --git a/config/versions.mk b/config/versions.mk deleted file mode 100644 index c75e59d..0000000 --- a/config/versions.mk +++ /dev/null @@ -1,46 +0,0 @@ -# -# Copyright (c) Sebastiano Trombetta. All rights reserved. -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to deal -# in the Software without restriction, including without limitation the rights -# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -# copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in all -# copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -# SOFTWARE. - -BINUTILS_VERSION := 2.45.1 -BINUTILS_URL := https://ftp.gnu.org/gnu/binutils/binutils-$(BINUTILS_VERSION).tar.xz -BINUTILS_SIG_URL := https://ftp.gnu.org/gnu/binutils/binutils-$(BINUTILS_VERSION).tar.xz.sig -BINUTILS_SHA256 := 5fe101e6fe9d18fdec95962d81ed670fdee5f37e3f48f0bef87bddf862513aa5 - -LINUX_VERSION := 6.18.2 -LINUX_URL := https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-$(LINUX_VERSION).tar.xz -LINUX_SIG_URL := https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-$(LINUX_VERSION).tar.sign -LINUX_KEYRING_URL := https://www.kernel.org/keys.html -LINUX_KEYRING_FPRS := 647F28654894E3BD457199BE38DBBDC86092693E,F41BDF16F35CD80D9E56735BF38153E276D54749,ABAF11C65A2970B130ABE3C479BE3E4300411886,AEE416F7DCCB753BB3D5609D88BCE80F012F54CA -LINUX_SHA256 := 558c6bbab749492b34f99827fe807b0039a744693c21d3a7e03b3a48edaab96a - -GCC_VERSION := 15.2.0 -GCC_URL := https://ftp.gnu.org/gnu/gcc/gcc-$(GCC_VERSION)/gcc-$(GCC_VERSION).tar.xz -GCC_SIG_URL := https://ftp.gnu.org/gnu/gcc/gcc-$(GCC_VERSION)/gcc-$(GCC_VERSION).tar.xz.sig -GCC_SHA256 := 438fd996826b0c82485a29da03a72d71d6e3541a83ec702df4271f6fe025d24e -GNU_KEYRING_URL := https://ftp.gnu.org/gnu/gnu-keyring.gpg -GNU_KEYRING_FPRS := 1397 5A70 E63C 361C 73AE 69EF 6EEB 81F8 981C 74C7 - -MUSL_VERSION := 1.2.4 -MUSL_URL := https://musl.libc.org/releases/musl-$(MUSL_VERSION).tar.gz -MUSL_SIG_URL := https://musl.libc.org/releases/musl-$(MUSL_VERSION).tar.gz.asc -MUSL_SHA256 := 7a35eae33d5372a7c0da1188de798726f68825513b7ae3ebe97aaaa52114f039 -MUSL_PUBKEY_URL := https://musl.libc.org/musl.pub -MUSL_PUBKEY_FPR := 8364 8929 0BB6 B70F 99FF DA05 56BC DB59 3020 450F diff --git a/make/binutils-stage1.mk b/make/binutils-stage1.mk index 056c2c6..cf134c2 100644 --- a/make/binutils-stage1.mk +++ b/make/binutils-stage1.mk @@ -19,23 +19,30 @@ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. +BINUTILS_VERSION := 2.45.1 +BINUTILS_URL := https://ftp.gnu.org/gnu/binutils/binutils-$(BINUTILS_VERSION).tar.xz +BINUTILS_SIG_URL := https://ftp.gnu.org/gnu/binutils/binutils-$(BINUTILS_VERSION).tar.xz.sig +BINUTILS_SHA256 := 5fe101e6fe9d18fdec95962d81ed670fdee5f37e3f48f0bef87bddf862513aa5 + +GNU_KEYRING_URL := https://ftp.gnu.org/gnu/gnu-keyring.gpg +GNU_KEYRING_FPRS := 1397 5A70 E63C 361C 73AE 69EF 6EEB 81F8 981C 74C7 + THIS_MAKEFILE := $(lastword $(MAKEFILE_LIST)) -include $(abspath $(dir $(lastword $(MAKEFILE_LIST)))/common.mk) +include $(abspath $(dir $(lastword $(MAKEFILE_LIST)))/helpers.mk) .PHONY: all all: binutils-stage1 .PHONY: binutils-stage1 -binutils-stage1: ensure-dirs $(BINUTILS1_BUILD_DIR)/.built-stage1 +binutils-stage1: $(PROGRESS_DIR)/.binutils-stage1-done + +$(PROGRESS_DIR)/.binutils-stage1-done: $(PROGRESS_DIR)/.binutils-stage1-built + $(Q)touch $@ -$(BINUTILS1_BUILD_DIR)/.built-stage1: $(BINUTILS_STAMP) +$(PROGRESS_DIR)/.binutils-stage1-built: $(PROGRESS_DIR)/.binutils-stage1-unpacked $(Q)rm -rf $(BINUTILS1_BUILD_DIR) $(Q)mkdir -p $(BINUTILS1_BUILD_DIR) - $(call do_step,EXTRACT,binutils-stage1, \ - $(MAKE) -f $(THIS_MAKEFILE) unpack-binutils, \ - binutils-stage1-extract) - $(call do_step,CONFIG,binutils-stage1, \ $(call with_host_env, cd "$(BINUTILS1_BUILD_DIR)" && "$(BINUTILS_SRC_DIR)/configure" \ --target="$(TARGET)" \ @@ -63,3 +70,19 @@ $(BINUTILS1_BUILD_DIR)/.built-stage1: $(BINUTILS_STAMP) binutils-stage1-check) $(Q)touch $@ + +$(PROGRESS_DIR)/.binutils-stage1-unpacked: $(PROGRESS_DIR)/.binutils-stage1-verified + $(call do_unpack,binutils, \ + $(call with_host_env, \ + rm -rf "$(BINUTILS_SRC_DIR)"; \ + "$(TAR)" -xf "$(BINUTILS_ARCHIVE)" -C "$(SOURCES_DIR)"), \ + binutils-stage1-unpack) + $(Q)touch $@ + +$(PROGRESS_DIR)/.binutils-stage1-verified: $(PROGRESS_DIR)/.binutils-stage1-downloaded + $(call do_verify,binutils,$(ROOT_DIR)/scripts/verify-checksums.sh binutils,binutils-stage1-verify) + $(Q)touch $@ + +$(PROGRESS_DIR)/.binutils-stage1-downloaded: | ensure-dirs + $(call do_download,binutils,$(ROOT_DIR)/scripts/fetch-sources.sh binutils,binutils-stage1-download) + $(Q)touch $@ diff --git a/make/binutils-stage2.mk b/make/binutils-stage2.mk index fb213d9..94d2f81 100644 --- a/make/binutils-stage2.mk +++ b/make/binutils-stage2.mk @@ -19,23 +19,30 @@ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. +BINUTILS_VERSION := 2.45.1 +BINUTILS_URL := https://ftp.gnu.org/gnu/binutils/binutils-$(BINUTILS_VERSION).tar.xz +BINUTILS_SIG_URL := https://ftp.gnu.org/gnu/binutils/binutils-$(BINUTILS_VERSION).tar.xz.sig +BINUTILS_SHA256 := 5fe101e6fe9d18fdec95962d81ed670fdee5f37e3f48f0bef87bddf862513aa5 + +GNU_KEYRING_URL := https://ftp.gnu.org/gnu/gnu-keyring.gpg +GNU_KEYRING_FPRS := 1397 5A70 E63C 361C 73AE 69EF 6EEB 81F8 981C 74C7 + THIS_MAKEFILE := $(lastword $(MAKEFILE_LIST)) -include $(abspath $(dir $(lastword $(MAKEFILE_LIST)))/common.mk) +include $(abspath $(dir $(lastword $(MAKEFILE_LIST)))/helpers.mk) .PHONY: all all: binutils-stage2 .PHONY: binutils-stage2 -binutils-stage2: ensure-dirs $(BINUTILS2_BUILD_DIR)/.built-stage2 +binutils-stage2: $(PROGRESS_DIR)/.binutils-stage2-done + +$(PROGRESS_DIR)/.binutils-stage2-done: $(PROGRESS_DIR)/.binutils-stage2-built + $(Q)touch $@ -$(BINUTILS2_BUILD_DIR)/.built-stage2: $(BINUTILS_STAMP) +$(PROGRESS_DIR)/.binutils-stage2-built: $(PROGRESS_DIR)/.binutils-stage2-unpacked $(Q)rm -rf "$(BINUTILS2_BUILD_DIR)" $(Q)mkdir -p "$(BINUTILS2_BUILD_DIR)" - $(call do_step,EXTRACT,binutils-stage2, \ - $(MAKE) -f $(THIS_MAKEFILE) unpack-binutils, \ - binutils-stage2-extract) - $(call do_step,CONFIG,binutils-stage2, \ $(call with_cross_env, \ cd "$(BINUTILS2_BUILD_DIR)" && \ @@ -74,3 +81,19 @@ $(BINUTILS2_BUILD_DIR)/.built-stage2: $(BINUTILS_STAMP) binutils-stage2-check) $(Q)touch $@ + +$(PROGRESS_DIR)/.binutils-stage2-unpacked: $(PROGRESS_DIR)/.binutils-stage2-verified + $(call do_unpack,binutils, \ + $(call with_host_env, \ + rm -rf "$(BINUTILS_SRC_DIR)"; \ + "$(TAR)" -xf "$(BINUTILS_ARCHIVE)" -C "$(SOURCES_DIR)"), \ + binutils-stage2-unpack) + $(Q)touch $@ + +$(PROGRESS_DIR)/.binutils-stage2-verified: $(PROGRESS_DIR)/.binutils-stage2-downloaded + $(call do_verify,binutils,$(ROOT_DIR)/scripts/verify-checksums.sh binutils,binutils-stage2-verify) + $(Q)touch $@ + +$(PROGRESS_DIR)/.binutils-stage2-downloaded: | ensure-dirs + $(call do_download,binutils,$(ROOT_DIR)/scripts/fetch-sources.sh binutils,binutils-stage2-download) + $(Q)touch $@ diff --git a/make/gcc-stage1.mk b/make/gcc-stage1.mk index 9ca1c6e..4b5b86a 100644 --- a/make/gcc-stage1.mk +++ b/make/gcc-stage1.mk @@ -19,22 +19,30 @@ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. +GCC_VERSION := 15.2.0 +GCC_URL := https://ftp.gnu.org/gnu/gcc/gcc-$(GCC_VERSION)/gcc-$(GCC_VERSION).tar.xz +GCC_SIG_URL := https://ftp.gnu.org/gnu/gcc/gcc-$(GCC_VERSION)/gcc-$(GCC_VERSION).tar.xz.sig +GCC_SHA256 := 438fd996826b0c82485a29da03a72d71d6e3541a83ec702df4271f6fe025d24e + +GNU_KEYRING_URL := https://ftp.gnu.org/gnu/gnu-keyring.gpg +GNU_KEYRING_FPRS := 1397 5A70 E63C 361C 73AE 69EF 6EEB 81F8 981C 74C7 + THIS_MAKEFILE := $(lastword $(MAKEFILE_LIST)) -include $(abspath $(dir $(lastword $(MAKEFILE_LIST)))/common.mk) +include $(abspath $(dir $(lastword $(MAKEFILE_LIST)))/helpers.mk) .PHONY: all all: gcc-stage1 .PHONY: gcc-stage1 -gcc-stage1: ensure-dirs $(GCC_BUILD_DIR)/.built-stage1 +gcc-stage1: $(PROGRESS_DIR)/.gcc-stage1-done + +$(PROGRESS_DIR)/.gcc-stage1-done: $(PROGRESS_DIR)/.gcc-stage1-built + $(Q)touch $@ -$(GCC_BUILD_DIR)/.built-stage1: $(GCC_STAMP) +$(PROGRESS_DIR)/.gcc-stage1-built: $(PROGRESS_DIR)/.gcc-stage1-unpacked $(Q)rm -rf $(GCC_BUILD_DIR) $(Q)mkdir -p $(GCC_BUILD_DIR) - $(call do_step,EXTRACT,gcc-stage1, $(MAKE) -f $(THIS_MAKEFILE) unpack-gcc, \ - gcc-stage1-extract) - $(call do_step,EXTRACT,gcc-stage1-prerequisites, \ $(call with_host_env,cd "$(GCC_SRC_DIR)" && ./contrib/download_prerequisites), \ gcc-stage1-prereqs) @@ -102,3 +110,19 @@ $(GCC_BUILD_DIR)/.built-stage1: $(GCC_STAMP) gcc-stage1-check) $(Q)touch $@ + +$(PROGRESS_DIR)/.gcc-stage1-unpacked: $(PROGRESS_DIR)/.gcc-stage1-verified + $(call do_unpack,gcc, \ + $(call with_host_env, \ + rm -rf "$(GCC_SRC_DIR)"; \ + "$(TAR)" -xf "$(GCC_ARCHIVE)" -C "$(SOURCES_DIR)"), \ + gcc-stage1-unpack) + $(Q)touch $@ + +$(PROGRESS_DIR)/.gcc-stage1-verified: $(PROGRESS_DIR)/.gcc-stage1-downloaded + $(call do_verify,gcc,$(ROOT_DIR)/scripts/verify-checksums.sh gcc,gcc-stage1-verify) + $(Q)touch $@ + +$(PROGRESS_DIR)/.gcc-stage1-downloaded: | ensure-dirs + $(call do_download,gcc,$(ROOT_DIR)/scripts/fetch-sources.sh gcc,gcc-stage1-download) + $(Q)touch $@ diff --git a/make/gcc-stage2.mk b/make/gcc-stage2.mk index b2b24a7..ede74d3 100644 --- a/make/gcc-stage2.mk +++ b/make/gcc-stage2.mk @@ -19,23 +19,30 @@ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. +GCC_VERSION := 15.2.0 +GCC_URL := https://ftp.gnu.org/gnu/gcc/gcc-$(GCC_VERSION)/gcc-$(GCC_VERSION).tar.xz +GCC_SIG_URL := https://ftp.gnu.org/gnu/gcc/gcc-$(GCC_VERSION)/gcc-$(GCC_VERSION).tar.xz.sig +GCC_SHA256 := 438fd996826b0c82485a29da03a72d71d6e3541a83ec702df4271f6fe025d24e + +GNU_KEYRING_URL := https://ftp.gnu.org/gnu/gnu-keyring.gpg +GNU_KEYRING_FPRS := 1397 5A70 E63C 361C 73AE 69EF 6EEB 81F8 981C 74C7 + THIS_MAKEFILE := $(lastword $(MAKEFILE_LIST)) -include $(abspath $(dir $(lastword $(MAKEFILE_LIST)))/common.mk) +include $(abspath $(dir $(lastword $(MAKEFILE_LIST)))/helpers.mk) .PHONY: all all: gcc-stage2 .PHONY: gcc-stage2 -gcc-stage2: ensure-dirs $(GCC_BUILD_DIR)/.built-gcc-stage2 +gcc-stage2: $(PROGRESS_DIR)/.gcc-stage2-done + +$(PROGRESS_DIR)/.gcc-stage2-done: $(PROGRESS_DIR)/.gcc-stage2-built + $(Q)touch $@ -$(GCC_BUILD_DIR)/.built-gcc-stage2: $(GCC_STAMP) +$(PROGRESS_DIR)/.gcc-stage2-built: $(PROGRESS_DIR)/.gcc-stage2-unpacked $(Q)rm -rf "$(GCC_BUILD_DIR)" $(Q)mkdir -p "$(GCC_BUILD_DIR)" - $(call do_step,EXTRACT,gcc-stage2, \ - $(MAKE) -f $(THIS_MAKEFILE) unpack-gcc, \ - gcc-stage2-extract) - $(call do_step,EXTRACT,gcc-stage2-prerequisites, \ $(call with_host_env, \ cd "$(GCC_SRC_DIR)" && ./contrib/download_prerequisites \ @@ -103,3 +110,19 @@ $(GCC_BUILD_DIR)/.built-gcc-stage2: $(GCC_STAMP) gcc-stage2-check) $(Q)touch $@ + +$(PROGRESS_DIR)/.gcc-stage2-unpacked: $(PROGRESS_DIR)/.gcc-stage2-verified + $(call do_unpack,gcc, \ + $(call with_host_env, \ + rm -rf "$(GCC_SRC_DIR)"; \ + "$(TAR)" -xf "$(GCC_ARCHIVE)" -C "$(SOURCES_DIR)"), \ + gcc-stage2-unpack) + $(Q)touch $@ + +$(PROGRESS_DIR)/.gcc-stage2-verified: $(PROGRESS_DIR)/.gcc-stage2-downloaded + $(call do_verify,gcc,$(ROOT_DIR)/scripts/verify-checksums.sh gcc,gcc-stage2-verify) + $(Q)touch $@ + +$(PROGRESS_DIR)/.gcc-stage2-downloaded: | ensure-dirs + $(call do_download,gcc,$(ROOT_DIR)/scripts/fetch-sources.sh gcc,gcc-stage2-download) + $(Q)touch $@ diff --git a/make/common.mk b/make/helpers.mk similarity index 67% rename from make/common.mk rename to make/helpers.mk index 8724d45..02275cf 100644 --- a/make/common.mk +++ b/make/helpers.mk @@ -21,7 +21,6 @@ ROOT_DIR ?= $(abspath $(dir $(lastword $(MAKEFILE_LIST)))/..) include $(ROOT_DIR)/config/paths.mk -include $(ROOT_DIR)/config/versions.mk # define comma COMMA := "," @@ -93,6 +92,11 @@ define do_verify $(call do_step,VERIFY,$(1),$(2),$(3)) endef +# $(call do_unpack, LABEL, COMMAND, LOGFILE) +define do_unpack + $(call do_step,UNPACK,$(1),$(2),$(3)) +endef + # Quote a shell string safely for: sh -c '' # It wraps the whole command in single quotes and escapes any embedded single quote. # Example: abc'def -> 'abc'"'"'def' @@ -114,26 +118,16 @@ define with_cross_env sh -eu -c $(call sh_quote,$(1)) endef -# PATH baseline (host tools) -HOST_PATH := /usr/bin:/bin:$(PATH) -# PATH to discover cross tools (prefixed) when needed -CROSS_PATH := $(TOOLCHAIN_ROOT)/bin:$(TOOLCHAIN_ROOT)/$(TARGET)/bin:$(STAGE1_TOOLCHAIN_ROOT)/bin:$(STAGE1_TOOLCHAIN_ROOT)/$(TARGET)/bin - -HOST ?= $(shell uname -m)-unknown-linux-gnu -PKGDIR ?= $(ROOT_DIR)/patches +PROGRESS_DIR ?= $(OUT_DIR)/progress BINUTILS_ARCHIVE := $(DOWNLOADS_DIR)/binutils-$(BINUTILS_VERSION).tar.xz BINUTILS_SRC_DIR := $(SOURCES_DIR)/binutils-$(BINUTILS_VERSION) -BINUTILS_STAMP := $(DOWNLOADS_DIR)/.binutils-$(BINUTILS_VERSION)-verified LINUX_ARCHIVE := $(DOWNLOADS_DIR)/linux-$(LINUX_VERSION).tar.xz LINUX_SRC_DIR := $(SOURCES_DIR)/linux-$(LINUX_VERSION) -LINUX_STAMP := $(DOWNLOADS_DIR)/.linux-$(LINUX_VERSION)-verified GCC_ARCHIVE := $(DOWNLOADS_DIR)/gcc-$(GCC_VERSION).tar.xz GCC_SRC_DIR := $(SOURCES_DIR)/gcc-$(GCC_VERSION) -GCC_STAMP := $(DOWNLOADS_DIR)/.gcc-$(GCC_VERSION)-verified MUSL_ARCHIVE := $(DOWNLOADS_DIR)/musl-$(MUSL_VERSION).tar.gz MUSL_SRC_DIR := $(SOURCES_DIR)/musl-$(MUSL_VERSION) -MUSL_STAMP := $(DOWNLOADS_DIR)/.musl-$(MUSL_VERSION)-verified # Directory helpers BINUTILS1_BUILD_DIR := $(BUILDS_DIR)/binutils-stage1 @@ -144,46 +138,4 @@ LINUX_HEADERS_BUILD_DIR := $(BUILDS_DIR)/linux-headers .PHONY: ensure-dirs ensure-dirs: - @mkdir -p $(DOWNLOADS_DIR) $(SOURCES_DIR) $(BUILDS_DIR) $(OUT_DIR) $(TOOLCHAIN_ROOT) $(TOOLCHAIN) $(STAGE1_TOOLCHAIN_ROOT) $(SYSROOT) $(STAGE1_SYSROOT) $(LOGS_DIR) - -.PHONY: ensure-binutils ensure-linux ensure-gcc ensure-musl -ensure-binutils: $(BINUTILS_STAMP) -ensure-linux: $(LINUX_STAMP) -ensure-gcc: $(GCC_STAMP) -ensure-musl: $(MUSL_STAMP) - -$(BINUTILS_STAMP): | ensure-dirs - $(call do_download,binutils,$(ROOT_DIR)/scripts/fetch-sources.sh binutils,binutils-download) - $(call do_verify,binutils,$(ROOT_DIR)/scripts/verify-checksums.sh binutils,binutils-verify) - $(Q)touch $@ - -$(LINUX_STAMP): | ensure-dirs - $(call do_download,linux,$(ROOT_DIR)/scripts/fetch-sources.sh linux,linux-download) - $(call do_verify,linux,$(ROOT_DIR)/scripts/verify-checksums.sh linux,linux-verify) - $(Q)touch $@ - -$(GCC_STAMP): | ensure-dirs - $(call do_download,gcc,$(ROOT_DIR)/scripts/fetch-sources.sh gcc,gcc-download) - $(call do_verify,gcc,$(ROOT_DIR)/scripts/verify-checksums.sh gcc,gcc-verify) - $(Q)touch $@ - -$(MUSL_STAMP): | ensure-dirs - $(call do_download,musl,$(ROOT_DIR)/scripts/fetch-sources.sh musl,musl-download) - $(call do_verify,musl,$(ROOT_DIR)/scripts/verify-checksums.sh musl,musl-verify) - $(Q)touch $@ - -unpack-binutils: ensure-binutils - @rm -rf $(BINUTILS_SRC_DIR) - @$(TAR) -xf $(BINUTILS_ARCHIVE) -C $(SOURCES_DIR) - -unpack-linux: ensure-linux - @rm -rf $(LINUX_SRC_DIR) - @$(TAR) -xf $(LINUX_ARCHIVE) -C $(SOURCES_DIR) - -unpack-gcc: ensure-gcc - @rm -rf $(GCC_SRC_DIR) - @$(TAR) -xf $(GCC_ARCHIVE) -C $(SOURCES_DIR) - -unpack-musl: ensure-musl - @rm -rf $(MUSL_SRC_DIR) - @$(TAR) -xf $(MUSL_ARCHIVE) -C $(SOURCES_DIR) + @mkdir -p $(DOWNLOADS_DIR) $(SOURCES_DIR) $(BUILDS_DIR) $(OUT_DIR) $(PROGRESS_DIR) $(TOOLCHAIN_ROOT) $(TOOLCHAIN) $(STAGE1_TOOLCHAIN_ROOT) $(SYSROOT) $(STAGE1_SYSROOT) $(LOGS_DIR) diff --git a/make/linux-headers.mk b/make/linux-headers.mk index 67b78b4..968efc6 100644 --- a/make/linux-headers.mk +++ b/make/linux-headers.mk @@ -19,23 +19,29 @@ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. +LINUX_VERSION := 6.18.2 +LINUX_URL := https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-$(LINUX_VERSION).tar.xz +LINUX_SIG_URL := https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-$(LINUX_VERSION).tar.sign +LINUX_KEYRING_URL := https://www.kernel.org/keys.html +LINUX_KEYRING_FPRS := 647F28654894E3BD457199BE38DBBDC86092693E,F41BDF16F35CD80D9E56735BF38153E276D54749,ABAF11C65A2970B130ABE3C479BE3E4300411886,AEE416F7DCCB753BB3D5609D88BCE80F012F54CA +LINUX_SHA256 := 558c6bbab749492b34f99827fe807b0039a744693c21d3a7e03b3a48edaab96a + THIS_MAKEFILE := $(lastword $(MAKEFILE_LIST)) -include $(abspath $(dir $(THIS_MAKEFILE))/common.mk) +include $(abspath $(dir $(THIS_MAKEFILE))/helpers.mk) .PHONY: all all: linux-headers .PHONY: linux-headers -linux-headers: ensure-dirs $(LINUX_HEADERS_BUILD_DIR)/.built-linux-headers +linux-headers: $(PROGRESS_DIR)/.linux-headers-done + +$(PROGRESS_DIR)/.linux-headers-done: $(PROGRESS_DIR)/.linux-headers-built + $(Q)touch $@ -$(LINUX_HEADERS_BUILD_DIR)/.built-linux-headers: $(LINUX_STAMP) +$(PROGRESS_DIR)/.linux-headers-built: $(PROGRESS_DIR)/.linux-headers-unpacked $(Q)rm -rf "$(LINUX_HEADERS_BUILD_DIR)" $(Q)mkdir -p "$(LINUX_HEADERS_BUILD_DIR)" - $(call do_step,EXTRACT,linux-headers, \ - $(MAKE) -f "$(THIS_MAKEFILE)" unpack-linux, \ - linux-headers-extract) - $(call do_step,INSTALL,linux-headers, \ $(call with_host_env, \ $(MAKE) -C "$(LINUX_SRC_DIR)" O="$(LINUX_HEADERS_BUILD_DIR)" \ @@ -54,3 +60,19 @@ $(LINUX_HEADERS_BUILD_DIR)/.built-linux-headers: $(LINUX_STAMP) linux-headers-check) $(Q)touch $@ + +$(PROGRESS_DIR)/.linux-headers-unpacked: $(PROGRESS_DIR)/.linux-headers-verified + $(call do_unpack,linux, \ + $(call with_host_env, \ + rm -rf "$(LINUX_SRC_DIR)"; \ + "$(TAR)" -xf "$(LINUX_ARCHIVE)" -C "$(SOURCES_DIR)"), \ + linux-headers-unpack) + $(Q)touch $@ + +$(PROGRESS_DIR)/.linux-headers-verified: $(PROGRESS_DIR)/.linux-headers-downloaded + $(call do_verify,linux,$(ROOT_DIR)/scripts/verify-checksums.sh linux,linux-headers-verify) + $(Q)touch $@ + +$(PROGRESS_DIR)/.linux-headers-downloaded: | ensure-dirs + $(call do_download,linux,$(ROOT_DIR)/scripts/fetch-sources.sh linux,linux-headers-download) + $(Q)touch $@ diff --git a/make/musl.mk b/make/musl.mk index de0aafa..5f41f6f 100644 --- a/make/musl.mk +++ b/make/musl.mk @@ -19,23 +19,29 @@ # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. +MUSL_VERSION := 1.2.4 +MUSL_URL := https://musl.libc.org/releases/musl-$(MUSL_VERSION).tar.gz +MUSL_SIG_URL := https://musl.libc.org/releases/musl-$(MUSL_VERSION).tar.gz.asc +MUSL_SHA256 := 7a35eae33d5372a7c0da1188de798726f68825513b7ae3ebe97aaaa52114f039 +MUSL_PUBKEY_URL := https://musl.libc.org/musl.pub +MUSL_PUBKEY_FPR := 8364 8929 0BB6 B70F 99FF DA05 56BC DB59 3020 450F + THIS_MAKEFILE := $(lastword $(MAKEFILE_LIST)) -include $(abspath $(dir $(THIS_MAKEFILE))/common.mk) +include $(abspath $(dir $(THIS_MAKEFILE))/helpers.mk) .PHONY: all all: musl .PHONY: musl -musl: ensure-dirs $(MUSL_BUILD_DIR)/.built-musl +musl: $(PROGRESS_DIR)/.musl-done + +$(PROGRESS_DIR)/.musl-done: $(PROGRESS_DIR)/.musl-built + $(Q)touch $@ -$(MUSL_BUILD_DIR)/.built-musl: $(MUSL_STAMP) +$(PROGRESS_DIR)/.musl-built: $(PROGRESS_DIR)/.musl-unpacked $(Q)rm -rf "$(MUSL_BUILD_DIR)" $(Q)mkdir -p "$(MUSL_BUILD_DIR)" - $(call do_step,EXTRACT,musl, \ - $(MAKE) -f "$(THIS_MAKEFILE)" unpack-musl, \ - musl-extract) - $(call do_step,CONFIG,musl, \ $(call with_cross_env,cd "$(MUSL_BUILD_DIR)" && \ "$(MUSL_SRC_DIR)/configure" \ @@ -91,3 +97,19 @@ $(MUSL_BUILD_DIR)/.built-musl: $(MUSL_STAMP) musl-check) $(Q)touch $@ + +$(PROGRESS_DIR)/.musl-unpacked: $(PROGRESS_DIR)/.musl-verified + $(call do_unpack,musl, \ + $(call with_host_env, \ + rm -rf "$(MUSL_SRC_DIR)"; \ + "$(TAR)" -xf "$(MUSL_ARCHIVE)" -C "$(SOURCES_DIR)"), \ + musl-unpack) + $(Q)touch $@ + +$(PROGRESS_DIR)/.musl-verified: $(PROGRESS_DIR)/.musl-downloaded + $(call do_verify,musl,$(ROOT_DIR)/scripts/verify-checksums.sh musl,musl-verify) + $(Q)touch $@ + +$(PROGRESS_DIR)/.musl-downloaded: | ensure-dirs + $(call do_download,musl,$(ROOT_DIR)/scripts/fetch-sources.sh musl,musl-download) + $(Q)touch $@ diff --git a/scripts/fetch-sources.sh b/scripts/fetch-sources.sh index ca41f75..e27aeab 100755 --- a/scripts/fetch-sources.sh +++ b/scripts/fetch-sources.sh @@ -25,14 +25,10 @@ set -euo pipefail ROOT_DIR="$(cd "$(dirname "$0")/.." && pwd)" DOWNLOADS_DIR="${DOWNLOADS_DIR:-$ROOT_DIR/downloads}" -version_of() { - local var="$1" - awk -F':=' -v name="$var" '$1 ~ "^"name"" {gsub(/[ \t]/,"",$2); print $2}' "$ROOT_DIR/config/versions.mk" -} - -url_of() { - local var="$1" - awk -F':=' -v name="$var" '$1 ~ "^"name"" {sub(/^ /,"",$2); print $2}' "$ROOT_DIR/config/versions.mk" +value_of() { + local mk_file="$1" + local var="$2" + awk -F':=' -v name="$var" '$1 ~ "^"name"" {sub(/^[ \t]+/,"",$2); print $2; exit}' "$mk_file" } expand_make_vars() { @@ -66,26 +62,32 @@ fetch() { fi } -BINUTILS_VERSION=$(version_of BINUTILS_VERSION) -LINUX_VERSION=$(version_of LINUX_VERSION) -GCC_VERSION=$(version_of GCC_VERSION) -MUSL_VERSION=$(version_of MUSL_VERSION) - -BINUTILS_URL=$(url_of BINUTILS_URL) -BINUTILS_SIG_URL=$(url_of BINUTILS_SIG_URL) -LINUX_URL=$(url_of LINUX_URL) -LINUX_SIG_URL=$(url_of LINUX_SIG_URL) -GCC_URL=$(url_of GCC_URL) -GCC_SIG_URL=$(url_of GCC_SIG_URL) -GNU_KEYRING_URL=$(url_of GNU_KEYRING_URL) -MUSL_URL=$(url_of MUSL_URL) -MUSL_SIG_URL=$(url_of MUSL_SIG_URL) -MUSL_PUBKEY_URL=$(url_of MUSL_PUBKEY_URL) +BINUTILS_MK="$ROOT_DIR/make/binutils-stage1.mk" +LINUX_MK="$ROOT_DIR/make/linux-headers.mk" +GCC_MK="$ROOT_DIR/make/gcc-stage1.mk" +MUSL_MK="$ROOT_DIR/make/musl.mk" + +BINUTILS_VERSION=$(value_of "$BINUTILS_MK" BINUTILS_VERSION) +LINUX_VERSION=$(value_of "$LINUX_MK" LINUX_VERSION) +GCC_VERSION=$(value_of "$GCC_MK" GCC_VERSION) +MUSL_VERSION=$(value_of "$MUSL_MK" MUSL_VERSION) + +BINUTILS_URL=$(value_of "$BINUTILS_MK" BINUTILS_URL) +BINUTILS_SIG_URL=$(value_of "$BINUTILS_MK" BINUTILS_SIG_URL) +LINUX_URL=$(value_of "$LINUX_MK" LINUX_URL) +LINUX_SIG_URL=$(value_of "$LINUX_MK" LINUX_SIG_URL) +GCC_URL=$(value_of "$GCC_MK" GCC_URL) +GCC_SIG_URL=$(value_of "$GCC_MK" GCC_SIG_URL) +MUSL_URL=$(value_of "$MUSL_MK" MUSL_URL) +MUSL_SIG_URL=$(value_of "$MUSL_MK" MUSL_SIG_URL) +MUSL_PUBKEY_URL=$(value_of "$MUSL_MK" MUSL_PUBKEY_URL) fetch_binutils() { + local gnu_keyring_url + gnu_keyring_url=$(value_of "$BINUTILS_MK" GNU_KEYRING_URL) fetch "binutils-${BINUTILS_VERSION}.tar.xz" "$(expand_url "$BINUTILS_URL")" fetch "binutils-${BINUTILS_VERSION}.tar.xz.sig" "$(expand_url "$BINUTILS_SIG_URL")" - fetch "gnu-keyring.gpg" "$(expand_url "$GNU_KEYRING_URL")" + fetch "gnu-keyring.gpg" "$(expand_url "$gnu_keyring_url")" } fetch_linux() { @@ -94,9 +96,11 @@ fetch_linux() { } fetch_gcc() { + local gnu_keyring_url + gnu_keyring_url=$(value_of "$GCC_MK" GNU_KEYRING_URL) fetch "gcc-${GCC_VERSION}.tar.xz" "$(expand_url "$GCC_URL")" fetch "gcc-${GCC_VERSION}.tar.xz.sig" "$(expand_url "$GCC_SIG_URL")" - fetch "gnu-keyring.gpg" "$(expand_url "$GNU_KEYRING_URL")" + fetch "gnu-keyring.gpg" "$(expand_url "$gnu_keyring_url")" } fetch_musl() { diff --git a/scripts/verify-checksums.sh b/scripts/verify-checksums.sh index 0f590a3..61eb1cd 100755 --- a/scripts/verify-checksums.sh +++ b/scripts/verify-checksums.sh @@ -26,30 +26,38 @@ ROOT_DIR="$(cd "$(dirname "$0")/.." && pwd)" DOWNLOADS_DIR="${DOWNLOADS_DIR:-$ROOT_DIR/downloads}" value_of() { - local var="$1" - awk -F':=' -v name="$var" '$1 ~ "^"name"" {gsub(/[ \t]/,"",$2); print $2}' "$ROOT_DIR/config/versions.mk" + local mk_file="$1" + local var="$2" + awk -F':=' -v name="$var" '$1 ~ "^"name"" {gsub(/[ \t]/,"",$2); print $2; exit}' "$mk_file" } -BINUTILS_VERSION=$(value_of BINUTILS_VERSION) -GCC_VERSION=$(value_of GCC_VERSION) -MUSL_VERSION=$(value_of MUSL_VERSION) -LINUX_VERSION=$(value_of LINUX_VERSION) +BINUTILS_MK="$ROOT_DIR/make/binutils-stage1.mk" +LINUX_MK="$ROOT_DIR/make/linux-headers.mk" +GCC_MK="$ROOT_DIR/make/gcc-stage1.mk" +MUSL_MK="$ROOT_DIR/make/musl.mk" -BINUTILS_SHA=$(value_of BINUTILS_SHA256) -GCC_SHA=$(value_of GCC_SHA256) -MUSL_SHA=$(value_of MUSL_SHA256) -LINUX_SHA=$(value_of LINUX_SHA256) +BINUTILS_VERSION=$(value_of "$BINUTILS_MK" BINUTILS_VERSION) +GCC_VERSION=$(value_of "$GCC_MK" GCC_VERSION) +MUSL_VERSION=$(value_of "$MUSL_MK" MUSL_VERSION) +LINUX_VERSION=$(value_of "$LINUX_MK" LINUX_VERSION) -LINUX_KEYRING_FPRS=$(value_of LINUX_KEYRING_FPRS) -GNU_KEYRING_FPRS=$(value_of GNU_KEYRING_FPRS) -MUSL_PUBKEY_FPR=$(value_of MUSL_PUBKEY_FPR) +BINUTILS_SHA=$(value_of "$BINUTILS_MK" BINUTILS_SHA256) +GCC_SHA=$(value_of "$GCC_MK" GCC_SHA256) +MUSL_SHA=$(value_of "$MUSL_MK" MUSL_SHA256) +LINUX_SHA=$(value_of "$LINUX_MK" LINUX_SHA256) + +LINUX_KEYRING_FPRS=$(value_of "$LINUX_MK" LINUX_KEYRING_FPRS) +GNU_KEYRING_FPRS_BINUTILS=$(value_of "$BINUTILS_MK" GNU_KEYRING_FPRS) +GNU_KEYRING_FPRS_GCC=$(value_of "$GCC_MK" GNU_KEYRING_FPRS) +MUSL_PUBKEY_FPR=$(value_of "$MUSL_MK" MUSL_PUBKEY_FPR) ensure_checksum_set() { local name="$1" local value="$2" + local file="$3" if [[ $value =~ ^SHA256_PLACEHOLDER ]]; then - echo "Checksum for $name is missing. Please update config/versions.mk with the real SHA256 before verifying." >&2 + echo "Checksum for $name is missing. Please update $file with the real SHA256 before verifying." >&2 exit 1 fi } @@ -57,9 +65,10 @@ ensure_checksum_set() { ensure_fpr_set() { local name="$1" local value="$2" + local file="$3" if [[ -z "$value" || $value =~ FPR_PLACEHOLDER ]]; then - echo "Fingerprint for $name is missing. Please update config/versions.mk before verifying." >&2 + echo "Fingerprint for $name is missing. Please update $file before verifying." >&2 exit 1 fi } @@ -171,14 +180,16 @@ trap cleanup EXIT gpg_common_args=(--homedir "$GNUPGHOME_TMP" --batch --no-tty) import_gnu_keyring() { + local expected_fprs="$1" + local source_file="$2" ensure_file_present "$GNU_KEYRING" "GNU project keyring" - ensure_fpr_set "GNU_KEYRING_FPRS" "$GNU_KEYRING_FPRS" - verify_key_fprs "$GNU_KEYRING" "$GNU_KEYRING_FPRS" "GNU keyring" + ensure_fpr_set "GNU_KEYRING_FPRS" "$expected_fprs" "$source_file" + verify_key_fprs "$GNU_KEYRING" "$expected_fprs" "GNU keyring" gpg "${gpg_common_args[@]}" --import "$GNU_KEYRING" >/dev/null } import_linux_keys() { - ensure_fpr_set "LINUX_KEYRING_FPRS" "$LINUX_KEYRING_FPRS" + ensure_fpr_set "LINUX_KEYRING_FPRS" "$LINUX_KEYRING_FPRS" "$LINUX_MK" if [[ -f "$LINUX_KEYRING" ]]; then verify_key_fprs "$LINUX_KEYRING" "$LINUX_KEYRING_FPRS" "Linux kernel signing keyring" gpg "${gpg_common_args[@]}" --import "$LINUX_KEYRING" >/dev/null @@ -209,7 +220,7 @@ import_linux_keys() { import_musl_pubkey() { ensure_file_present "$MUSL_PUBKEY" "musl public key" - ensure_fpr_set "MUSL_PUBKEY_FPR" "$MUSL_PUBKEY_FPR" + ensure_fpr_set "MUSL_PUBKEY_FPR" "$MUSL_PUBKEY_FPR" "$MUSL_MK" verify_key_fprs "$MUSL_PUBKEY" "$MUSL_PUBKEY_FPR" "musl public key" gpg "${gpg_common_args[@]}" --import "$MUSL_PUBKEY" >/dev/null } @@ -231,10 +242,10 @@ verify_checksum() { } verify_binutils() { - ensure_checksum_set "binutils" "$BINUTILS_SHA" + ensure_checksum_set "binutils" "$BINUTILS_SHA" "$BINUTILS_MK" ensure_file_present "$DOWNLOADS_DIR/$SIG_BINUTILS" "binutils signature file" ensure_file_present "$DOWNLOADS_DIR/binutils-${BINUTILS_VERSION}.tar.xz" "binutils source archive" - import_gnu_keyring + import_gnu_keyring "$GNU_KEYRING_FPRS_BINUTILS" "$BINUTILS_MK" echo "Verifying binutils signature..." verify_signature "$SIG_BINUTILS" "binutils-${BINUTILS_VERSION}.tar.xz" echo "Verifying binutils checksum..." @@ -242,7 +253,7 @@ verify_binutils() { } verify_linux() { - ensure_checksum_set "linux" "$LINUX_SHA" + ensure_checksum_set "linux" "$LINUX_SHA" "$LINUX_MK" ensure_file_present "$DOWNLOADS_DIR/$SIG_LINUX" "Linux source signature file" ensure_file_present "$DOWNLOADS_DIR/linux-${LINUX_VERSION}.tar.xz" "Linux source archive" @@ -259,10 +270,10 @@ verify_linux() { } verify_gcc() { - ensure_checksum_set "GCC" "$GCC_SHA" + ensure_checksum_set "GCC" "$GCC_SHA" "$GCC_MK" ensure_file_present "$DOWNLOADS_DIR/$SIG_GCC" "GCC signature file" ensure_file_present "$DOWNLOADS_DIR/gcc-${GCC_VERSION}.tar.xz" "GCC source archive" - import_gnu_keyring + import_gnu_keyring "$GNU_KEYRING_FPRS_GCC" "$GCC_MK" echo "Verifying GCC signature..." verify_signature "$SIG_GCC" "gcc-${GCC_VERSION}.tar.xz" echo "Verifying GCC checksum..." @@ -270,7 +281,7 @@ verify_gcc() { } verify_musl() { - ensure_checksum_set "musl" "$MUSL_SHA" + ensure_checksum_set "musl" "$MUSL_SHA" "$MUSL_MK" ensure_file_present "$DOWNLOADS_DIR/$SIG_MUSL" "musl signature file" ensure_file_present "$DOWNLOADS_DIR/musl-${MUSL_VERSION}.tar.gz" "musl source archive" import_musl_pubkey