Makefile

SHELL = /bin/bash
PREFIX ?= /usr/local
BUILD_DIR ?= build
KEYRING_TARGET_DIR ?= $(PREFIX)/share/pacman/keyrings/
RELEASE ?=
SCRIPT_TARGET_DIR ?= $(PREFIX)/bin
SYSTEMD_SYSTEM_UNIT_DIR ?= $(shell pkgconf --variable systemd_system_unit_dir systemd)
WKD_FQDN ?= archlinux.org
WKD_BUILD_DIR ?= $(BUILD_DIR)/wkd/.well-known/
KEYRING_FILE=archlinux.gpg
KEYRING_REVOKED_FILE=archlinux-revoked
KEYRING_TRUSTED_FILE=archlinux-trusted
PROJECT=archlinux-keyring
WKD_SYNC_SCRIPT=archlinux-keyring-wkd-sync
WKD_SYNC_SERVICE_IN=archlinux-keyring-wkd-sync.service.in
WKD_SYNC_SERVICE=archlinux-keyring-wkd-sync.service
WKD_SYNC_TIMER=archlinux-keyring-wkd-sync.timer
SYSTEMD_TIMER_DIR=$(SYSTEMD_SYSTEM_UNIT_DIR)/timers.target.wants/
SOURCES := $(shell find keyring) $(shell find libkeyringctl -name '*.py' -or -type d) keyringctl

all: build

lint:
	black --check --diff keyringctl libkeyringctl tests
	isort --diff .
	flake8 keyringctl libkeyringctl tests
	mypy --install-types --non-interactive keyringctl libkeyringctl tests

fmt:
	black .
	isort .

check:
	./keyringctl -v check

test:
	coverage run
	coverage xml
	coverage report --fail-under=100.0

build: $(SOURCES)
	./keyringctl -v build

wkd: build
	wkd-exporter --append --domain $(WKD_FQDN) $(WKD_BUILD_DIR) < $(BUILD_DIR)/$(KEYRING_FILE)

wkd_inspect: wkd
	for file in $(WKD_BUILD_DIR)/openpgpkey/$(WKD_FQDN)/hu/*; do sq inspect --certifications $$file; done

wkd_sync_service: wkd_sync/$(WKD_SYNC_SERVICE_IN)
	sed -e 's|SCRIPT_TARGET_DIR|$(SCRIPT_TARGET_DIR)|' wkd_sync/$(WKD_SYNC_SERVICE_IN) > $(BUILD_DIR)/$(WKD_SYNC_SERVICE)

clean:
	rm -rf $(BUILD_DIR) $(WKD_BUILD_DIR)

release: clean build
	$(if $(RELEASE),,$(error RELEASE was not specified!))
	@glab auth status -h gitlab.archlinux.org
	@git tag -s $(RELEASE) -m "release version $(RELEASE)"
	@git push origin refs/tags/$(RELEASE)
	@mkdir -p $(BUILD_DIR)/$(PROJECT)-$(RELEASE)/
	@cp $(BUILD_DIR)/{$(KEYRING_FILE),$(KEYRING_REVOKED_FILE),$(KEYRING_TRUSTED_FILE)} $(BUILD_DIR)/$(PROJECT)-$(RELEASE)/
	@tar cvfz $(BUILD_DIR)/$(PROJECT)-$(RELEASE).tar.gz -C $(BUILD_DIR)/ $(PROJECT)-$(RELEASE)/
	@gpg -o $(BUILD_DIR)/$(PROJECT)-$(RELEASE).tar.gz.sig --default-key "$(shell git config --local --get user.signingkey)" -s $(BUILD_DIR)/$(PROJECT)-$(RELEASE).tar.gz
	# NOTE: we specify GITLAB_HOST, because otherwise glab YOLO uses whatever is specified by the `host` key in its config and silently breaks all links...
	GITLAB_HOST=gitlab.archlinux.org glab release create $(RELEASE) ./build/$(PROJECT)-$(RELEASE).tar.gz* --name=$(RELEASE) --notes="release version $(RELEASE)"

install: build wkd_sync_service
	install -vDm 644 build/{$(KEYRING_FILE),$(KEYRING_REVOKED_FILE),$(KEYRING_TRUSTED_FILE)} -t $(DESTDIR)$(KEYRING_TARGET_DIR)
	install -vDm 755 wkd_sync/$(WKD_SYNC_SCRIPT) -t $(DESTDIR)$(SCRIPT_TARGET_DIR)
	install -vDm 644 build/$(WKD_SYNC_SERVICE) -t $(DESTDIR)$(SYSTEMD_SYSTEM_UNIT_DIR)
	install -vDm 644 wkd_sync/$(WKD_SYNC_TIMER) -t $(DESTDIR)$(SYSTEMD_SYSTEM_UNIT_DIR)
	install -vdm 755 $(DESTDIR)$(SYSTEMD_TIMER_DIR)
	ln -fsv ../$(WKD_SYNC_TIMER) $(DESTDIR)$(SYSTEMD_TIMER_DIR)/$(WKD_SYNC_TIMER)

uninstall:
	rm -fv $(DESTDIR)$(KEYRING_TARGET_DIR)/{$(KEYRING_FILE),$(KEYRING_REVOKED_FILE),$(KEYRING_TRUSTED_FILE)}
	rmdir -pv --ignore-fail-on-non-empty $(DESTDIR)$(KEYRING_TARGET_DIR)
	rm -v $(DESTDIR)$(SCRIPT_TARGET_DIR)/$(WKD_SYNC_SCRIPT)
	rmdir -pv --ignore-fail-on-non-empty $(DESTDIR)$(SCRIPT_TARGET_DIR)
	rm -v $(DESTDIR)$(SYSTEMD_SYSTEM_UNIT_DIR)/{$(WKD_SYNC_SERVICE),$(WKD_SYNC_TIMER)}
	rmdir -pv --ignore-fail-on-non-empty $(DESTDIR)$(SYSTEMD_SYSTEM_UNIT_DIR)
	rm -v $(DESTDIR)$(SYSTEMD_TIMER_DIR)/$(WKD_SYNC_TIMER)
	rmdir -pv --ignore-fail-on-non-empty $(DESTDIR)$(SYSTEMD_TIMER_DIR)

.PHONY: all build lint fmt check test clean install release uninstall wkd wkd_inspect