github.com/SagerNet/gvisor@v0.0.0-20210707092255-7731c139d75c/Makefile (about)

     1  #!/usr/bin/make -f
     2  
     3  # Copyright 2019 The gVisor Authors.
     4  #
     5  # Licensed under the Apache License, Version 2.0 (the "License");
     6  # you may not use this file except in compliance with the License.
     7  # You may obtain a copy of the License at
     8  #
     9  #     http://www.apache.org/licenses/LICENSE-2.0
    10  #
    11  # Unless required by applicable law or agreed to in writing, software
    12  # distributed under the License is distributed on an "AS IS" BASIS,
    13  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14  # See the License for the specific language governing permissions and
    15  # limitations under the License.
    16  
    17  default: runsc
    18  .PHONY: default
    19  
    20  # Header for debugging (used by other macros).
    21  header = echo --- $(1) >&2
    22  
    23  # Make hacks.
    24  EMPTY :=
    25  SPACE := $(EMPTY) $(EMPTY)
    26  SHELL = /bin/bash
    27  
    28  ## usage: make <target>
    29  ##         or
    30  ##        make <build|test|copy|run|sudo> STARTUP_OPTIONS="..." OPTIONS="..." TARGETS="..." ARGS="..."
    31  ##
    32  ## Basic targets.
    33  ##
    34  ##   This Makefile wraps basic build and test targets for ease-of-use. Bazel
    35  ##   is run inside a canonical Docker container in order to simplify up-front
    36  ##   requirements.
    37  ##
    38  ##   There are common arguments that may be passed to targets. These are:
    39  ##     OPTIONS - Build or test options.
    40  ##     TARGETS - The bazel targets.
    41  ##     ARGS    - Arguments for run or sudo.
    42  ##
    43  ##   Additionally, the copy target expects a DESTINATION to be provided.
    44  ##
    45  ##   For example, to build runsc using this Makefile, you can run:
    46  ##     make build OPTIONS="" TARGETS="//runsc"'
    47  ##
    48  help: ## Shows all targets and help from the Makefile (this message).
    49  	@grep --no-filename -E '^([a-z.A-Z_%-]+:.*?|)##' $(MAKEFILE_LIST) | \
    50  		awk 'BEGIN {FS = "(:.*?|)## ?"}; { \
    51  			if (length($$1) > 0) { \
    52  				printf "  \033[36m%-20s\033[0m %s\n", $$1, $$2; \
    53  			} else { \
    54  				printf "%s\n", $$2; \
    55  			} \
    56  		}'
    57  
    58  build: ## Builds the given $(TARGETS) with the given $(OPTIONS). E.g. make build TARGETS=runsc
    59  	@$(call build,$(OPTIONS) $(TARGETS))
    60  .PHONY: build
    61  
    62  test: ## Tests the given $(TARGETS) with the given $(OPTIONS). E.g. make test TARGETS=pkg/buffer:buffer_test
    63  	@$(call test,$(OPTIONS) $(TARGETS))
    64  .PHONY: test
    65  
    66  copy: ## Copies the given $(TARGETS) to the given $(DESTINATION). E.g. make copy TARGETS=runsc DESTINATION=/tmp
    67  	@$(call copy,$(TARGETS),$(DESTINATION))
    68  .PHONY: copy
    69  
    70  run: ## Runs the given $(TARGETS), built with $(OPTIONS), using $(ARGS). E.g. make run TARGETS=runsc ARGS=-version
    71  	@$(call run,$(TARGETS),$(ARGS))
    72  .PHONY: run
    73  
    74  sudo: ## Runs the given $(TARGETS) as per run, but using "sudo -E". E.g. make sudo TARGETS=test/root:root_test ARGS=-test.v
    75  	@$(call sudo,$(TARGETS),$(ARGS))
    76  .PHONY: sudo
    77  
    78  # Load image helpers.
    79  include tools/images.mk
    80  
    81  # Load all bazel wrappers.
    82  #
    83  # This file should define the basic "build", "test", "run" and "sudo" rules, in
    84  # addition to the $(BRANCH_NAME) and $(BUILD_ROOTS) variables.
    85  ifneq (,$(wildcard tools/google.mk))
    86  include tools/google.mk
    87  else
    88  include tools/bazel.mk
    89  endif
    90  
    91  ##
    92  ## Development helpers and tooling.
    93  ##
    94  ##   These targets faciliate local development by automatically
    95  ##   installing and configuring a runtime. Several variables may
    96  ##   be used here to tweak the installation:
    97  ##     RUNTIME         - The name of the installed runtime (default: branch).
    98  ##     RUNTIME_DIR     - Where the runtime will be installed (default: temporary directory with the $RUNTIME).
    99  ##     RUNTIME_BIN     - The runtime binary (default: $RUNTIME_DIR/runsc).
   100  ##     RUNTIME_LOG_DIR - The logs directory (default: $RUNTIME_DIR/logs).
   101  ##     RUNTIME_LOGS    - The log pattern (default: $RUNTIME_LOG_DIR/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND%).
   102  ##
   103  ifeq (,$(BRANCH_NAME))
   104  RUNTIME     := runsc
   105  RUNTIME_DIR := $(shell dirname $(shell mktemp -u))/$(RUNTIME)
   106  else
   107  RUNTIME     := $(BRANCH_NAME)
   108  RUNTIME_DIR := $(shell dirname $(shell mktemp -u))/$(RUNTIME)
   109  endif
   110  RUNTIME_BIN     := $(RUNTIME_DIR)/runsc
   111  RUNTIME_LOG_DIR := $(RUNTIME_DIR)/logs
   112  RUNTIME_LOGS    := $(RUNTIME_LOG_DIR)/runsc.log.%TEST%.%TIMESTAMP%.%COMMAND%
   113  
   114  $(RUNTIME_BIN): # See below.
   115  	@mkdir -p "$(RUNTIME_DIR)"
   116  	@$(call copy,//runsc,$(RUNTIME_BIN))
   117  .PHONY: $(RUNTIME_BIN) # Real file, but force rebuild.
   118  
   119  # Configure helpers for below.
   120  configure_noreload = \
   121    $(call header,CONFIGURE $(1) → $(RUNTIME_BIN) $(2)); \
   122    sudo $(RUNTIME_BIN) install --experimental=true --runtime="$(1)" -- --debug-log "$(RUNTIME_LOGS)" $(2) && \
   123    sudo rm -rf "$(RUNTIME_LOG_DIR)" && mkdir -p "$(RUNTIME_LOG_DIR)"
   124  reload_docker = \
   125    sudo systemctl reload docker && \
   126    if test -f /etc/docker/daemon.json; then \
   127      sudo chmod 0755 /etc/docker && \
   128      sudo chmod 0644 /etc/docker/daemon.json; \
   129    fi
   130  configure = $(call configure_noreload,$(1),$(2)) && $(reload_docker)
   131  
   132  # Helpers for above. Requires $(RUNTIME_BIN) dependency.
   133  install_runtime = $(call configure,$(1),$(2) --TESTONLY-test-name-env=RUNSC_TEST_NAME)
   134  # Don't use cached results, otherwise multiple runs using different runtimes
   135  # may be skipped, if all other inputs are the same.
   136  test_runtime = $(call test,--test_arg=--runtime=$(1) --nocache_test_results $(PARTITIONS) $(2))
   137  
   138  refresh: $(RUNTIME_BIN) ## Updates the runtime binary.
   139  .PHONY: refresh
   140  
   141  dev: $(RUNTIME_BIN) ## Installs a set of local runtimes. Requires sudo.
   142  	@$(call configure_noreload,$(RUNTIME),--net-raw)
   143  	@$(call configure_noreload,$(RUNTIME)-d,--net-raw --debug --strace --log-packets)
   144  	@$(call configure_noreload,$(RUNTIME)-p,--net-raw --profile)
   145  	@$(call configure_noreload,$(RUNTIME)-vfs2-d,--net-raw --debug --strace --log-packets --vfs2)
   146  	@$(call configure_noreload,$(RUNTIME)-vfs2-fuse-d,--net-raw --debug --strace --log-packets --vfs2 --fuse)
   147  	@$(call configure_noreload,$(RUNTIME)-vfs2-cgroup-d,--net-raw --debug --strace --log-packets --vfs2 --cgroupfs)
   148  	@$(call reload_docker)
   149  .PHONY: dev
   150  
   151  ##
   152  ## Canonical build and test targets.
   153  ##
   154  ##   These targets are used by continuous integration and provide
   155  ##   convenient entrypoints for testing changes. If you're adding a
   156  ##   new subsystem or workflow, consider adding a new target here.
   157  ##
   158  ##   Some targets support a PARTITION (1-indexed) and TOTAL_PARTITIONS
   159  ##   environment variables for high-level test sharding. Unlike most
   160  ##   other variables, these are sourced from the environment.
   161  ##
   162  PARTITION        ?= 1
   163  TOTAL_PARTITIONS ?= 1
   164  PARTITIONS       := --test_arg=--partition=$(PARTITION) --test_arg=--total_partitions=$(TOTAL_PARTITIONS)
   165  
   166  runsc: ## Builds the runsc binary.
   167  	@$(call build,-c opt //runsc)
   168  .PHONY: runsc
   169  
   170  debian: ## Builds the debian packages.
   171  	@$(call build,-c opt //debian:debian)
   172  .PHONY: debian
   173  
   174  smoke-tests: ## Runs a simple smoke test after build runsc.
   175  	@$(call run,//runsc,--alsologtostderr --network none --debug --TESTONLY-unsafe-nonroot=true --rootless do true)
   176  .PHONY: smoke-tests
   177  
   178  nogo-tests:
   179  	@$(call test,--build_tag_filters=nogo --test_tag_filters=nogo //:all pkg/... tools/...)
   180  .PHONY: nogo-tests
   181  
   182  unit-tests: ## Local package unit tests in pkg/..., tools/.., etc.
   183  	@$(call test,--build_tag_filters=-nogo --test_tag_filters=-nogo //:all pkg/... tools/...)
   184  .PHONY: unit-tests
   185  
   186  runsc-tests: ## Run all tests in runsc/...
   187  	@$(call test,runsc/...)
   188  .PHONY: runsc-tests
   189  
   190  tests: ## Runs all unit tests and syscall tests.
   191  tests: unit-tests nogo-tests runsc-tests syscall-tests
   192  .PHONY: tests
   193  
   194  integration-tests: ## Run all standard integration tests.
   195  integration-tests: docker-tests overlay-tests hostnet-tests swgso-tests
   196  integration-tests: do-tests kvm-tests containerd-test-1.3.9
   197  .PHONY: integration-tests
   198  
   199  network-tests: ## Run all networking integration tests.
   200  network-tests: iptables-tests packetdrill-tests packetimpact-tests
   201  .PHONY: network-tests
   202  
   203  # The set of system call targets.
   204  SYSCALL_TARGETS := test/syscalls/... test/fuse/...
   205  
   206  syscall-%-tests:
   207  	@$(call test,--test_tag_filters=runsc_$* $(PARTITIONS) test/syscalls/...)
   208  
   209  syscall-native-tests:
   210  	@$(call test,--test_tag_filters=native $(PARTITIONS) test/syscalls/...)
   211  .PHONY: syscall-native-tests
   212  
   213  syscall-tests: ## Run all system call tests.
   214  	@$(call test,$(PARTITIONS) $(SYSCALL_TARGETS))
   215  .PHONY: syscall-tests
   216  
   217  %-runtime-tests: load-runtimes_% $(RUNTIME_BIN)
   218  	@$(call install_runtime,$(RUNTIME),) # Ensure flags are cleared.
   219  	@$(call test_runtime,$(RUNTIME),--test_timeout=10800 //test/runtimes:$*)
   220  
   221  %-runtime-tests_vfs2: load-runtimes_% $(RUNTIME_BIN)
   222  	@$(call install_runtime,$(RUNTIME),--vfs2)
   223  	@$(call test_runtime,$(RUNTIME),--test_timeout=10800 //test/runtimes:$*)
   224  
   225  do-tests:
   226  	@$(call run,//runsc,--rootless do true)
   227  	@$(call run,//runsc,--rootless -network=none do true)
   228  	@$(call sudo,//runsc,do true)
   229  .PHONY: do-tests
   230  
   231  arm-qemu-smoke-test: BAZEL_OPTIONS=--config=cross-aarch64
   232  arm-qemu-smoke-test: load-arm-qemu
   233  	export T=$$(mktemp -d --tmpdir release.XXXXXX); \
   234  	mkdir -p $$T/bin/arm64/ && \
   235  	$(call copy,//runsc:runsc,$$T/bin/arm64) && \
   236  	docker run --rm -v $$T/bin/arm64/runsc:/workdir/initramfs/runsc gvisor.dev/images/arm-qemu
   237  .PHONY: arm-qemu-smoke-test
   238  
   239  simple-tests: unit-tests # Compatibility target.
   240  .PHONY: simple-tests
   241  
   242  # Standard integration targets.
   243  INTEGRATION_TARGETS := //test/image:image_test //test/e2e:integration_test
   244  
   245  docker-tests: load-basic $(RUNTIME_BIN)
   246  	@$(call install_runtime,$(RUNTIME),) # Clear flags.
   247  	@$(call test_runtime,$(RUNTIME),$(INTEGRATION_TARGETS))
   248  	@$(call install_runtime,$(RUNTIME),--vfs2)
   249  	@$(call test_runtime,$(RUNTIME),$(INTEGRATION_TARGETS))
   250  .PHONY: docker-tests
   251  
   252  overlay-tests: load-basic $(RUNTIME_BIN)
   253  	@$(call install_runtime,$(RUNTIME),--overlay)
   254  	@$(call test_runtime,$(RUNTIME),$(INTEGRATION_TARGETS))
   255  .PHONY: overlay-tests
   256  
   257  swgso-tests: load-basic $(RUNTIME_BIN)
   258  	@$(call install_runtime,$(RUNTIME),--software-gso=true --gso=false)
   259  	@$(call test_runtime,$(RUNTIME),$(INTEGRATION_TARGETS))
   260  .PHONY: swgso-tests
   261  
   262  hostnet-tests: load-basic $(RUNTIME_BIN)
   263  	@$(call install_runtime,$(RUNTIME),--network=host)
   264  	@$(call test_runtime,$(RUNTIME),--test_arg=-checkpoint=false  --test_arg=-hostnet=true $(INTEGRATION_TARGETS))
   265  .PHONY: hostnet-tests
   266  
   267  kvm-tests: load-basic $(RUNTIME_BIN)
   268  	@(lsmod | grep -E '^(kvm_intel|kvm_amd)') || sudo modprobe kvm
   269  	@if ! test -w /dev/kvm; then sudo chmod a+rw /dev/kvm; fi
   270  	@$(call test,//pkg/sentry/platform/kvm:kvm_test)
   271  	@$(call install_runtime,$(RUNTIME),--platform=kvm)
   272  	@$(call test_runtime,$(RUNTIME),$(INTEGRATION_TARGETS))
   273  .PHONY: kvm-tests
   274  
   275  iptables-tests: load-iptables $(RUNTIME_BIN)
   276  	@sudo modprobe iptable_filter
   277  	@sudo modprobe ip6table_filter
   278  	@$(call test,--test_arg=-runtime=runc $(PARTITIONS) //test/iptables:iptables_test)
   279  	@$(call install_runtime,$(RUNTIME),--net-raw)
   280  	@$(call test_runtime,$(RUNTIME),//test/iptables:iptables_test)
   281  .PHONY: iptables-tests
   282  
   283  packetdrill-tests: load-packetdrill $(RUNTIME_BIN)
   284  	@$(call install_runtime,$(RUNTIME),) # Clear flags.
   285  	@$(call test_runtime,$(RUNTIME),//test/packetdrill:all_tests)
   286  .PHONY: packetdrill-tests
   287  
   288  packetimpact-tests: load-packetimpact $(RUNTIME_BIN)
   289  	@sudo modprobe iptable_filter
   290  	@sudo modprobe ip6table_filter
   291  	@$(call install_runtime,$(RUNTIME),) # Clear flags.
   292  	@$(call test_runtime,$(RUNTIME),--jobs=HOST_CPUS*3 --local_test_jobs=HOST_CPUS*3 //test/packetimpact/tests:all_tests)
   293  .PHONY: packetimpact-tests
   294  
   295  fsstress-test: load-basic $(RUNTIME_BIN)
   296  	@$(call install_runtime,$(RUNTIME),--vfs2)
   297  	@$(call test_runtime,$(RUNTIME),//test/fsstress:fsstress_test)
   298  .PHONY: fsstress-test
   299  
   300  # Specific containerd version tests.
   301  containerd-test-%: load-basic_alpine load-basic_python load-basic_busybox load-basic_resolv load-basic_httpd load-basic_ubuntu $(RUNTIME_BIN)
   302  	@$(call install_runtime,$(RUNTIME),) # Clear flags.
   303  	@$(call sudo,tools/installers:containerd,$*)
   304  	@$(call sudo,tools/installers:shim)
   305  	@$(call sudo,test/root:root_test,--runtime=$(RUNTIME) -test.v)
   306  
   307  # The shim builds with containerd 1.3.9 and it's not backward compatible. Test
   308  # with 1.3.9 and newer versions.
   309  containerd-tests: ## Runs all supported containerd version tests.
   310  containerd-tests: containerd-test-1.3.9
   311  containerd-tests: containerd-test-1.4.3
   312  
   313  ##
   314  ## Benchmarks.
   315  ##
   316  ## Targets to run benchmarks. See //test/benchmarks for details.
   317  ##
   318  ##   common arguments:
   319  ##     BENCHMARKS_PROJECT   - BigQuery project to which to send data.
   320  ##     BENCHMARKS_DATASET   - BigQuery dataset to which to send data.
   321  ##     BENCHMARKS_TABLE     - BigQuery table to which to send data.
   322  ##     BENCHMARKS_SUITE     - name of the benchmark suite. See //tools/bigquery/bigquery.go.
   323  ##     BENCHMARKS_UPLOAD    - if true, upload benchmark data from the run.
   324  ##     BENCHMARKS_OFFICIAL  - marks the data as official.
   325  ##     BENCHMARKS_PLATFORMS - platforms to run benchmarks (e.g. ptrace kvm).
   326  ##     BENCHMARKS_FILTER    - filter to be applied to the test suite.
   327  ##     BENCHMARKS_OPTIONS   - options to be passed to the test.
   328  ##     BENCHMARKS_PROFILE   - profile options to be passed to the test.
   329  ##     BENCH_RUNTIME_ARGS   - args to configure the runtime which runs the benchmarks.
   330  ##
   331  BENCHMARKS_PROJECT   ?= gvisor-benchmarks
   332  BENCHMARKS_DATASET   ?= kokoro
   333  BENCHMARKS_TABLE     ?= benchmarks
   334  BENCHMARKS_SUITE     ?= ffmpeg
   335  BENCHMARKS_UPLOAD    ?= false
   336  BENCHMARKS_OFFICIAL  ?= false
   337  BENCHMARKS_PLATFORMS ?= ptrace
   338  BENCHMARKS_TARGETS   := //test/benchmarks/media:ffmpeg_test
   339  BENCHMARKS_FILTER    := .
   340  BENCHMARKS_OPTIONS   := -test.benchtime=30s
   341  BENCHMARKS_ARGS      := -test.v -test.bench=$(BENCHMARKS_FILTER) $(BENCHMARKS_OPTIONS)
   342  BENCHMARKS_PROFILE   := -pprof-dir=/tmp/profile -pprof-cpu -pprof-heap -pprof-block -pprof-mutex
   343  BENCH_VFS            := --vfs2
   344  BENCH_RUNTIME_ARGS   ?=
   345  
   346  init-benchmark-table: ## Initializes a BigQuery table with the benchmark schema.
   347  	@$(call run,//tools/parsers:parser,init --project=$(BENCHMARKS_PROJECT) --dataset=$(BENCHMARKS_DATASET) --table=$(BENCHMARKS_TABLE))
   348  .PHONY: init-benchmark-table
   349  
   350  # $(1) is the runtime name, $(2) are the arguments.
   351  run_benchmark = \
   352    ($(call header,BENCHMARK $(1) $(2)); \
   353    set -euo pipefail; \
   354    export T=$$(mktemp --tmpdir logs.$(1).XXXXXX); \
   355    if test "$(1)" = "runc"; then $(call sudo,$(BENCHMARKS_TARGETS),-runtime=$(1) $(BENCHMARKS_ARGS)) | tee $$T; fi; \
   356    if test "$(1)" != "runc"; then $(call install_runtime,$(1),--profile $(2)); \
   357  	$(call sudo,$(BENCHMARKS_TARGETS),-runtime=$(1) $(BENCHMARKS_ARGS) $(BENCHMARKS_PROFILE)) | tee $$T; fi; \
   358    if test "$(BENCHMARKS_UPLOAD)" = "true"; then \
   359      $(call run,tools/parsers:parser,parse --debug --file=$$T --runtime=$(1) --suite_name=$(BENCHMARKS_SUITE) --project=$(BENCHMARKS_PROJECT) --dataset=$(BENCHMARKS_DATASET) --table=$(BENCHMARKS_TABLE) --official=$(BENCHMARKS_OFFICIAL)); \
   360    fi; \
   361    rm -rf $$T)
   362  
   363  benchmark-platforms: load-benchmarks $(RUNTIME_BIN) ## Runs benchmarks for runc and all given platforms in BENCHMARK_PLATFORMS.
   364  	@$(foreach PLATFORM,$(BENCHMARKS_PLATFORMS), \
   365  	  $(call run_benchmark,$(PLATFORM),--platform=$(PLATFORM) $(BENCH_RUNTIME_ARGS) --vfs2) && \
   366      $(call run_benchmark,$(PLATFORM)_vfs1,--platform=$(PLATFORM) $(BENCH_RUNTIME_ARGS)) && \
   367    ) true
   368  	@$(call run_benchmark,runc)
   369  .PHONY: benchmark-platforms
   370  
   371  run-benchmark: load-benchmarks $(RUNTIME_BIN) ## Runs single benchmark and optionally sends data to BigQuery.
   372  	@if test "$(RUNTIME)" = "runc"; then $(call run_benchmark,$(RUNTIME)); fi;
   373  	@if test "$(RUNTIME)" != "runc"; then $(call run_benchmark,$(RUNTIME)$(BENCH_VFS),$(BENCH_RUNTIME_ARGS) $(BENCH_VFS)); fi;
   374  .PHONY: run-benchmark
   375  
   376  ##
   377  ## Website & documentation helpers.
   378  ##
   379  ##   The website is built from repository documentation and wrappers, using
   380  ##   using a locally-defined Docker image (see images/jekyll). The following
   381  ##   variables may be set when using website-push:
   382  ##     WEBSITE_IMAGE   - The name of the container image.
   383  ##     WEBSITE_SERVICE - The backend service.
   384  ##     WEBSITE_PROJECT - The project id to use.
   385  ##     WEBSITE_REGION  - The region to deploy to.
   386  ##
   387  WEBSITE_IMAGE   := gcr.io/gvisordev/gvisordev
   388  WEBSITE_SERVICE := gvisordev
   389  WEBSITE_PROJECT := gvisordev
   390  WEBSITE_REGION  := us-central1
   391  
   392  website-build: load-jekyll ## Build the site image locally.
   393  	@$(call run,//website:website,$(WEBSITE_IMAGE))
   394  .PHONY: website-build
   395  
   396  website-server: website-build ## Run a local server for development.
   397  	@docker run -i -p 8080:8080 $(WEBSITE_IMAGE)
   398  .PHONY: website-server
   399  
   400  website-push: website-build ## Push a new image and update the service.
   401  	@docker push $(WEBSITE_IMAGE)
   402  .PHONY: website-push
   403  
   404  website-deploy: website-push ## Deploy a new version of the website.
   405  	@gcloud run deploy $(WEBSITE_SERVICE) --platform=managed --region=$(WEBSITE_REGION) --project=$(WEBSITE_PROJECT) --image=$(WEBSITE_IMAGE) --memory 1Gi
   406  .PHONY: website-deploy
   407  
   408  ##
   409  ## Repository builders.
   410  ##
   411  ##   This builds a local apt repository. The following variables may be set:
   412  ##     RELEASE_ROOT      - The repository root (default: "repo" directory).
   413  ##     RELEASE_KEY       - The repository GPG private key file (default: dummy key is created).
   414  ##     RELEASE_ARTIFACTS - The release artifacts directory. May contain multiple.
   415  ##     RELEASE_NIGHTLY   - Set to true if a nightly release (default: false).
   416  ##     RELEASE_COMMIT    - The commit or Change-Id for the release (needed for tag).
   417  ##     RELEASE_NAME      - The name of the release in the proper format (needed for tag).
   418  ##     RELEASE_NOTES     - The file containing release notes (needed for tag).
   419  ##
   420  RELEASE_ROOT      := repo
   421  RELEASE_KEY       := repo.key
   422  RELEASE_ARTIFACTS := artifacts
   423  RELEASE_NIGHTLY   := false
   424  RELEASE_COMMIT    :=
   425  RELEASE_NAME      :=
   426  RELEASE_NOTES     :=
   427  GPG_TEST_OPTIONS  := $(shell if gpg --pinentry-mode loopback --version >/dev/null 2>&1; then echo --pinentry-mode loopback; fi)
   428  
   429  $(RELEASE_KEY):
   430  	@echo "WARNING: Generating a key for testing ($@); don't use this."
   431  	@T=$$(mktemp --tmpdir keyring.XXXXXX); \
   432  	C=$$(mktemp --tmpdir config.XXXXXX); \
   433  	echo Key-Type: DSA >> $$C && \
   434  	echo Key-Length: 1024 >> $$C && \
   435  	echo Name-Real: Test >> $$C && \
   436  	echo Name-Email: test@example.com >> $$C && \
   437  	echo Expire-Date: 0 >> $$C && \
   438  	echo %commit >> $$C && \
   439  	gpg --batch $(GPG_TEST_OPTIONS) --passphrase '' --no-default-keyring --secret-keyring $$T --no-tty --gen-key $$C && \
   440  	gpg --batch $(GPG_TEST_OPTIONS) --export-secret-keys --no-default-keyring --secret-keyring $$T > $@; \
   441  	rc=$$?; rm -f $$T $$C; exit $$rc
   442  
   443  $(RELEASE_ARTIFACTS)/%:
   444  	@mkdir -p $@
   445  	@$(call copy,//runsc:runsc,$@)
   446  	@$(call copy,//shim:containerd-shim-runsc-v1,$@)
   447  	@$(call copy,//debian:debian,$@)
   448  
   449  release: $(RELEASE_KEY) $(RELEASE_ARTIFACTS)/$(ARCH)
   450  	@mkdir -p $(RELEASE_ROOT)
   451  	@NIGHTLY=$(RELEASE_NIGHTLY) tools/make_release.sh $(RELEASE_KEY) $(RELEASE_ROOT) $$(find $(RELEASE_ARTIFACTS) -type f)
   452  .PHONY: release
   453  
   454  tag: ## Creates and pushes a release tag.
   455  	@tools/tag_release.sh "$(RELEASE_COMMIT)" "$(RELEASE_NAME)" "$(RELEASE_NOTES)"
   456  .PHONY: tag