2016-12-05 13:12:19 -06:00
|
|
|
###############################################################################
|
|
|
|
## Presettings
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
# Select bash for commands
|
|
|
|
.ONESHELL:
|
|
|
|
SHELL = /bin/bash
|
|
|
|
.SHELLFLAGS += -e
|
2017-07-19 10:10:45 -05:00
|
|
|
USER = $(shell id -un)
|
|
|
|
UID = $(shell id -u)
|
|
|
|
GUID = $(shell id -g)
|
2016-12-05 13:12:19 -06:00
|
|
|
|
|
|
|
.SECONDEXPANSION:
|
|
|
|
|
2018-05-10 20:52:38 -05:00
|
|
|
NULL :=
|
|
|
|
SPACE := $(NULL) $(NULL)
|
2016-12-05 13:12:19 -06:00
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
## General definitions
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
SRC_PATH = src
|
|
|
|
RULES_PATH = rules
|
|
|
|
TARGET_PATH = target
|
|
|
|
DOCKERS_PATH = dockers
|
|
|
|
DEBS_PATH = $(TARGET_PATH)/debs
|
2017-07-28 12:57:51 -05:00
|
|
|
FILES_PATH = $(TARGET_PATH)/files
|
2016-12-05 13:12:19 -06:00
|
|
|
PYTHON_WHEELS_PATH = $(TARGET_PATH)/python-wheels
|
|
|
|
PROJECT_ROOT = $(shell pwd)
|
|
|
|
|
2017-01-29 13:33:33 -06:00
|
|
|
CONFIGURED_PLATFORM := $(shell [ -f .platform ] && cat .platform || echo generic)
|
2016-12-05 13:12:19 -06:00
|
|
|
PLATFORM_PATH = platform/$(CONFIGURED_PLATFORM)
|
2017-04-05 18:14:41 -05:00
|
|
|
export BUILD_NUMBER
|
2016-12-05 13:12:19 -06:00
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
## Utility rules
|
|
|
|
## Define configuration, help etc.
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
.platform :
|
2017-01-29 13:33:33 -06:00
|
|
|
ifneq ($(CONFIGURED_PLATFORM),generic)
|
2016-12-05 13:12:19 -06:00
|
|
|
@echo Build system is not configured, please run make configure
|
|
|
|
@exit 1
|
2017-01-29 13:33:33 -06:00
|
|
|
endif
|
|
|
|
|
2016-12-05 13:12:19 -06:00
|
|
|
configure :
|
|
|
|
@mkdir -p target/debs
|
2017-07-28 12:57:51 -05:00
|
|
|
@mkdir -p target/files
|
2016-12-05 13:12:19 -06:00
|
|
|
@mkdir -p target/python-wheels
|
|
|
|
@echo $(PLATFORM) > .platform
|
|
|
|
|
2017-03-02 06:08:25 -06:00
|
|
|
distclean : .platform clean
|
|
|
|
@rm -f .platform
|
2016-12-05 13:12:19 -06:00
|
|
|
|
2017-07-29 17:34:27 -05:00
|
|
|
list :
|
|
|
|
@$(foreach target,$(SONIC_TARGET_LIST),echo $(target);)
|
|
|
|
|
2016-12-05 13:12:19 -06:00
|
|
|
###############################################################################
|
|
|
|
## Include other rules
|
|
|
|
###############################################################################
|
|
|
|
|
2018-03-06 01:55:37 -06:00
|
|
|
ifeq ($(SONIC_ENABLE_PFCWD_ON_START),y)
|
|
|
|
ENABLE_PFCWD_ON_START = y
|
|
|
|
endif
|
|
|
|
|
2018-04-18 02:31:12 -05:00
|
|
|
ifeq ($(SONIC_ENABLE_SYSTEM_TELEMETRY),y)
|
|
|
|
ENABLE_SYSTEM_TELEMETRY = y
|
|
|
|
endif
|
|
|
|
|
2016-12-05 13:12:19 -06:00
|
|
|
include $(RULES_PATH)/config
|
|
|
|
include $(RULES_PATH)/functions
|
|
|
|
include $(RULES_PATH)/*.mk
|
|
|
|
ifneq ($(CONFIGURED_PLATFORM), undefined)
|
|
|
|
include $(PLATFORM_PATH)/rules.mk
|
|
|
|
endif
|
|
|
|
|
2017-04-12 13:23:48 -05:00
|
|
|
ifeq ($(USERNAME),)
|
|
|
|
override USERNAME := $(DEFAULT_USERNAME)
|
[baseimage]: Improve password hashing for default user account (#1748)
* [slave.mk]: Fix displaying username and password in build summary
We display contents of DEFAULT_USERNAME and DEFAULT_PASSWORD, while
image can be build with USERNAME and/or PASSWORD given on make(1)
command line. For example:
$ make USERNAME=adm PASSWORD=mypass target/sonic-broadcom.bin
Fix by displaying USERNAME and PASSWORD variables in build summary.
Signed-off-by: Sergey Popovich <sergey.popovich@ordnance.co>
* [baseimage]: Improve default user account handling
There are couple of issues with current implementation of default
user account management in baseimage:
1) It uses DES to encrypt accounts password. Furthermore this
effectively limits password length to 8 symbols, even if more
provided with PASSWORD or DEFAULT_PASSWORD from rules/config.
2) Salt value for password is same on all builds even with different
password increasing attack surface.
3) During the build process password passed as command line parameter
either as plain text (if given to make(1) as "make PASSWORD=...")
or DES encrypted (if given to build_debian.sh) can be seen by
non-build users using /proc/<pid>/cmdline file that has group and
world readable permissions.
Both 1) and 2) come from:
perl -e 'print crypt("$(PASSWORD)", "salt"),"\n"')"
that by defalt uses DES if salt does not have format $<id>$<salt>$,
where <id> is hashing function id. See crypt(3) for more details on
valid <id> values.
To address issues above we propose following changes:
1) Do not create password by hands (e.g. using perl snippet above):
put this job to chpasswd(8) which is aware about system wide
password hashing policy specified in /etc/login.defs with
ENCRYPT_METHOD (by default it is SHA512 for Debian 8).
2) Now chpasswd(8) will take care about proper salt value.
3) This has two steps:
3.1) For compatibility reasons accept USERNAME and PASSWORD as
make(1) parameters, but warn user that this is unsafe.
3.2) Use process environment to pass USERNAME and PASSWORD variables
from Makefile to build_debian.sh as more secure alternative to
passing via command line parameters: /proc/<pid>/environ
readable only by user running process or privileged users like
root.
Before change:
--------------
hash1
-----
# u='admin'
# p="$(LANG=C perl -e 'print crypt("YourPaSs", "salt"),"\n"')"
^^^^^^^^
8 symbols
# echo "$u:$p" | chpasswd -e
# getent shadow admin
admin:sazQDkwgZPfSk:17680:0:99999:7:::
^^^^^^^^^^^^^
Note the hash (DES encrypted password)
hash2
-----
# u='admin'
# p="$(LANG=C perl -e 'print crypt("YourPaSsWoRd", "salt"),"\n"')"
^^^^^^^^^^^^
12 symbols
# echo "$u:$p" | chpasswd -e
# getent shadow admin
admin:sazQDkwgZPfSk:17680:0:99999:7:::
^^^^^^^^^^^^^
Hash is the same as for "YourPaSs"
After change:
-------------
hash1
-----
# echo "admin:YourPaSs" | chpasswd
# getent shadow admin
admin:$6$1Nho1jHC$T8YwK58FYToXMFuetQta7/XouAAN2q1IzWC3bdIg86woAs6WuTg\
^^^^^^^^
Note salt here
ksLO3oyQInax/wNVq.N4de6dyWZDsCAvsZ1:17681:0:99999:7:::
hash2
-----
# echo "admin:YourPaSs" | chpasswd
# getent shadow admin
admin:$6$yKU5g7BO$kdT02Z1wHXhr1VCniKkZbLaMPZXK0WSSVGhSLGrNhsrsVxCJ.D9\
^^^^^^^^
Here salt completely different from case above
plFpd8ksGNpw/Vb92hvgYyCL2i5cfI8QEY/:17681:0:99999:7:::
Since salt is different hashes for same password different too.
hash1
-----
# LANG=C perl -e 'print crypt("YourPaSs", "\$6\$salt\$"),"\n"'
^^^^^
We want SHA512 hash
$6$salt$qkwPvXqUeGpexO1vatnIQFAreOTXs6rnDX.OI.Sz2rcy51JrO8dFc9aGv82bB\
yd2ELrIMJ.FQLNjgSD0nNha7/
hash2
-----
# LANG=C perl -e 'print crypt("YourPaSsWoRd", "\$6\$salt\$"),"\n"'
$6$salt$1JVndGzyy/dj7PaXo6hNcttlQoZe23ob8GWYWxVGEiGOlh6sofbaIvwl6Ho7N\
kYDI8zwRumRwga/A29nHm4mZ1
Now with same "salt" and $<id>$, and same 8 symbol prefix in password, but
different password length we have different hashes.
Signed-off-by: Sergey Popovich <sergey.popovich@ordnance.co>
2018-06-09 13:29:16 -05:00
|
|
|
else
|
|
|
|
$(warning USERNAME given on command line: could be visible to other users)
|
2017-04-12 13:23:48 -05:00
|
|
|
endif
|
|
|
|
|
|
|
|
ifeq ($(PASSWORD),)
|
|
|
|
override PASSWORD := $(DEFAULT_PASSWORD)
|
[baseimage]: Improve password hashing for default user account (#1748)
* [slave.mk]: Fix displaying username and password in build summary
We display contents of DEFAULT_USERNAME and DEFAULT_PASSWORD, while
image can be build with USERNAME and/or PASSWORD given on make(1)
command line. For example:
$ make USERNAME=adm PASSWORD=mypass target/sonic-broadcom.bin
Fix by displaying USERNAME and PASSWORD variables in build summary.
Signed-off-by: Sergey Popovich <sergey.popovich@ordnance.co>
* [baseimage]: Improve default user account handling
There are couple of issues with current implementation of default
user account management in baseimage:
1) It uses DES to encrypt accounts password. Furthermore this
effectively limits password length to 8 symbols, even if more
provided with PASSWORD or DEFAULT_PASSWORD from rules/config.
2) Salt value for password is same on all builds even with different
password increasing attack surface.
3) During the build process password passed as command line parameter
either as plain text (if given to make(1) as "make PASSWORD=...")
or DES encrypted (if given to build_debian.sh) can be seen by
non-build users using /proc/<pid>/cmdline file that has group and
world readable permissions.
Both 1) and 2) come from:
perl -e 'print crypt("$(PASSWORD)", "salt"),"\n"')"
that by defalt uses DES if salt does not have format $<id>$<salt>$,
where <id> is hashing function id. See crypt(3) for more details on
valid <id> values.
To address issues above we propose following changes:
1) Do not create password by hands (e.g. using perl snippet above):
put this job to chpasswd(8) which is aware about system wide
password hashing policy specified in /etc/login.defs with
ENCRYPT_METHOD (by default it is SHA512 for Debian 8).
2) Now chpasswd(8) will take care about proper salt value.
3) This has two steps:
3.1) For compatibility reasons accept USERNAME and PASSWORD as
make(1) parameters, but warn user that this is unsafe.
3.2) Use process environment to pass USERNAME and PASSWORD variables
from Makefile to build_debian.sh as more secure alternative to
passing via command line parameters: /proc/<pid>/environ
readable only by user running process or privileged users like
root.
Before change:
--------------
hash1
-----
# u='admin'
# p="$(LANG=C perl -e 'print crypt("YourPaSs", "salt"),"\n"')"
^^^^^^^^
8 symbols
# echo "$u:$p" | chpasswd -e
# getent shadow admin
admin:sazQDkwgZPfSk:17680:0:99999:7:::
^^^^^^^^^^^^^
Note the hash (DES encrypted password)
hash2
-----
# u='admin'
# p="$(LANG=C perl -e 'print crypt("YourPaSsWoRd", "salt"),"\n"')"
^^^^^^^^^^^^
12 symbols
# echo "$u:$p" | chpasswd -e
# getent shadow admin
admin:sazQDkwgZPfSk:17680:0:99999:7:::
^^^^^^^^^^^^^
Hash is the same as for "YourPaSs"
After change:
-------------
hash1
-----
# echo "admin:YourPaSs" | chpasswd
# getent shadow admin
admin:$6$1Nho1jHC$T8YwK58FYToXMFuetQta7/XouAAN2q1IzWC3bdIg86woAs6WuTg\
^^^^^^^^
Note salt here
ksLO3oyQInax/wNVq.N4de6dyWZDsCAvsZ1:17681:0:99999:7:::
hash2
-----
# echo "admin:YourPaSs" | chpasswd
# getent shadow admin
admin:$6$yKU5g7BO$kdT02Z1wHXhr1VCniKkZbLaMPZXK0WSSVGhSLGrNhsrsVxCJ.D9\
^^^^^^^^
Here salt completely different from case above
plFpd8ksGNpw/Vb92hvgYyCL2i5cfI8QEY/:17681:0:99999:7:::
Since salt is different hashes for same password different too.
hash1
-----
# LANG=C perl -e 'print crypt("YourPaSs", "\$6\$salt\$"),"\n"'
^^^^^
We want SHA512 hash
$6$salt$qkwPvXqUeGpexO1vatnIQFAreOTXs6rnDX.OI.Sz2rcy51JrO8dFc9aGv82bB\
yd2ELrIMJ.FQLNjgSD0nNha7/
hash2
-----
# LANG=C perl -e 'print crypt("YourPaSsWoRd", "\$6\$salt\$"),"\n"'
$6$salt$1JVndGzyy/dj7PaXo6hNcttlQoZe23ob8GWYWxVGEiGOlh6sofbaIvwl6Ho7N\
kYDI8zwRumRwga/A29nHm4mZ1
Now with same "salt" and $<id>$, and same 8 symbol prefix in password, but
different password length we have different hashes.
Signed-off-by: Sergey Popovich <sergey.popovich@ordnance.co>
2018-06-09 13:29:16 -05:00
|
|
|
else
|
|
|
|
$(warning PASSWORD given on command line: could be visible to other users)
|
2017-04-12 13:23:48 -05:00
|
|
|
endif
|
|
|
|
|
2018-06-19 17:59:12 -05:00
|
|
|
ifeq ($(SONIC_DEBUGGING_ON),y)
|
|
|
|
DEB_BUILD_OPTIONS_GENERIC := "nostrip"
|
|
|
|
endif
|
|
|
|
|
|
|
|
ifeq ($(SONIC_PROFILING_ON),y)
|
|
|
|
DEB_BUILD_OPTIONS_GENERIC := "nostrip noopt"
|
|
|
|
endif
|
|
|
|
|
2017-12-20 17:25:30 -06:00
|
|
|
ifeq ($(SONIC_BUILD_JOBS),)
|
|
|
|
override SONIC_BUILD_JOBS := $(SONIC_CONFIG_BUILD_JOBS)
|
|
|
|
endif
|
|
|
|
|
|
|
|
MAKEFLAGS += -j $(SONIC_BUILD_JOBS)
|
2017-07-07 07:32:50 -05:00
|
|
|
export SONIC_CONFIG_MAKE_JOBS
|
2016-12-05 13:12:19 -06:00
|
|
|
|
2017-04-20 11:12:27 -05:00
|
|
|
###############################################################################
|
|
|
|
## Dumping key config attributes associated to current building exercise
|
|
|
|
###############################################################################
|
|
|
|
|
2017-07-25 01:49:39 -05:00
|
|
|
$(info SONiC Build System)
|
|
|
|
$(info )
|
|
|
|
$(info Build Configuration)
|
|
|
|
$(info "CONFIGURED_PLATFORM" : "$(if $(PLATFORM),$(PLATFORM),$(CONFIGURED_PLATFORM))")
|
|
|
|
$(info "SONIC_CONFIG_PRINT_DEPENDENCIES" : "$(SONIC_CONFIG_PRINT_DEPENDENCIES)")
|
2017-12-20 17:25:30 -06:00
|
|
|
$(info "SONIC_BUILD_JOBS" : "$(SONIC_BUILD_JOBS)")
|
2017-07-25 01:49:39 -05:00
|
|
|
$(info "SONIC_CONFIG_MAKE_JOBS" : "$(SONIC_CONFIG_MAKE_JOBS)")
|
[baseimage]: Improve password hashing for default user account (#1748)
* [slave.mk]: Fix displaying username and password in build summary
We display contents of DEFAULT_USERNAME and DEFAULT_PASSWORD, while
image can be build with USERNAME and/or PASSWORD given on make(1)
command line. For example:
$ make USERNAME=adm PASSWORD=mypass target/sonic-broadcom.bin
Fix by displaying USERNAME and PASSWORD variables in build summary.
Signed-off-by: Sergey Popovich <sergey.popovich@ordnance.co>
* [baseimage]: Improve default user account handling
There are couple of issues with current implementation of default
user account management in baseimage:
1) It uses DES to encrypt accounts password. Furthermore this
effectively limits password length to 8 symbols, even if more
provided with PASSWORD or DEFAULT_PASSWORD from rules/config.
2) Salt value for password is same on all builds even with different
password increasing attack surface.
3) During the build process password passed as command line parameter
either as plain text (if given to make(1) as "make PASSWORD=...")
or DES encrypted (if given to build_debian.sh) can be seen by
non-build users using /proc/<pid>/cmdline file that has group and
world readable permissions.
Both 1) and 2) come from:
perl -e 'print crypt("$(PASSWORD)", "salt"),"\n"')"
that by defalt uses DES if salt does not have format $<id>$<salt>$,
where <id> is hashing function id. See crypt(3) for more details on
valid <id> values.
To address issues above we propose following changes:
1) Do not create password by hands (e.g. using perl snippet above):
put this job to chpasswd(8) which is aware about system wide
password hashing policy specified in /etc/login.defs with
ENCRYPT_METHOD (by default it is SHA512 for Debian 8).
2) Now chpasswd(8) will take care about proper salt value.
3) This has two steps:
3.1) For compatibility reasons accept USERNAME and PASSWORD as
make(1) parameters, but warn user that this is unsafe.
3.2) Use process environment to pass USERNAME and PASSWORD variables
from Makefile to build_debian.sh as more secure alternative to
passing via command line parameters: /proc/<pid>/environ
readable only by user running process or privileged users like
root.
Before change:
--------------
hash1
-----
# u='admin'
# p="$(LANG=C perl -e 'print crypt("YourPaSs", "salt"),"\n"')"
^^^^^^^^
8 symbols
# echo "$u:$p" | chpasswd -e
# getent shadow admin
admin:sazQDkwgZPfSk:17680:0:99999:7:::
^^^^^^^^^^^^^
Note the hash (DES encrypted password)
hash2
-----
# u='admin'
# p="$(LANG=C perl -e 'print crypt("YourPaSsWoRd", "salt"),"\n"')"
^^^^^^^^^^^^
12 symbols
# echo "$u:$p" | chpasswd -e
# getent shadow admin
admin:sazQDkwgZPfSk:17680:0:99999:7:::
^^^^^^^^^^^^^
Hash is the same as for "YourPaSs"
After change:
-------------
hash1
-----
# echo "admin:YourPaSs" | chpasswd
# getent shadow admin
admin:$6$1Nho1jHC$T8YwK58FYToXMFuetQta7/XouAAN2q1IzWC3bdIg86woAs6WuTg\
^^^^^^^^
Note salt here
ksLO3oyQInax/wNVq.N4de6dyWZDsCAvsZ1:17681:0:99999:7:::
hash2
-----
# echo "admin:YourPaSs" | chpasswd
# getent shadow admin
admin:$6$yKU5g7BO$kdT02Z1wHXhr1VCniKkZbLaMPZXK0WSSVGhSLGrNhsrsVxCJ.D9\
^^^^^^^^
Here salt completely different from case above
plFpd8ksGNpw/Vb92hvgYyCL2i5cfI8QEY/:17681:0:99999:7:::
Since salt is different hashes for same password different too.
hash1
-----
# LANG=C perl -e 'print crypt("YourPaSs", "\$6\$salt\$"),"\n"'
^^^^^
We want SHA512 hash
$6$salt$qkwPvXqUeGpexO1vatnIQFAreOTXs6rnDX.OI.Sz2rcy51JrO8dFc9aGv82bB\
yd2ELrIMJ.FQLNjgSD0nNha7/
hash2
-----
# LANG=C perl -e 'print crypt("YourPaSsWoRd", "\$6\$salt\$"),"\n"'
$6$salt$1JVndGzyy/dj7PaXo6hNcttlQoZe23ob8GWYWxVGEiGOlh6sofbaIvwl6Ho7N\
kYDI8zwRumRwga/A29nHm4mZ1
Now with same "salt" and $<id>$, and same 8 symbol prefix in password, but
different password length we have different hashes.
Signed-off-by: Sergey Popovich <sergey.popovich@ordnance.co>
2018-06-09 13:29:16 -05:00
|
|
|
$(info "USERNAME" : "$(USERNAME)")
|
|
|
|
$(info "PASSWORD" : "$(PASSWORD)")
|
2017-07-25 01:49:39 -05:00
|
|
|
$(info "ENABLE_DHCP_GRAPH_SERVICE" : "$(ENABLE_DHCP_GRAPH_SERVICE)")
|
|
|
|
$(info "SHUTDOWN_BGP_ON_START" : "$(SHUTDOWN_BGP_ON_START)")
|
2018-03-06 01:55:37 -06:00
|
|
|
$(info "ENABLE_PFCWD_ON_START" : "$(ENABLE_PFCWD_ON_START)")
|
2018-06-19 17:59:12 -05:00
|
|
|
$(info "SONIC_INSTALL_DEBUG_TOOLS" : "$(SONIC_INSTALL_DEBUG_TOOLS)")
|
2017-07-25 01:49:39 -05:00
|
|
|
$(info "ROUTING_STACK" : "$(SONIC_ROUTING_STACK)")
|
|
|
|
$(info "ENABLE_SYNCD_RPC" : "$(ENABLE_SYNCD_RPC)")
|
2017-09-19 18:23:31 -05:00
|
|
|
$(info "ENABLE_ORGANIZATION_EXTENSIONS" : "$(ENABLE_ORGANIZATION_EXTENSIONS)")
|
2017-12-24 01:34:15 -06:00
|
|
|
$(info "HTTP_PROXY" : "$(HTTP_PROXY)")
|
|
|
|
$(info "HTTPS_PROXY" : "$(HTTPS_PROXY)")
|
2018-03-27 15:39:04 -05:00
|
|
|
$(info "ENABLE_SYSTEM_TELEMETRY" : "$(ENABLE_SYSTEM_TELEMETRY)")
|
2018-06-19 17:59:12 -05:00
|
|
|
$(info "SONIC_DEBUGGING_ON" : "$(SONIC_DEBUGGING_ON)")
|
|
|
|
$(info "SONIC_PROFILING_ON" : "$(SONIC_PROFILING_ON)")
|
2017-07-25 01:49:39 -05:00
|
|
|
$(info )
|
2017-04-20 11:12:27 -05:00
|
|
|
|
2016-12-05 13:12:19 -06:00
|
|
|
###############################################################################
|
|
|
|
## Generic rules section
|
|
|
|
## All rules must go after includes for propper targets expansion
|
|
|
|
###############################################################################
|
|
|
|
|
2016-12-14 13:59:24 -06:00
|
|
|
###############################################################################
|
|
|
|
## Local targets
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
# Copy debian packages from local directory
|
|
|
|
# Add new package for copy:
|
|
|
|
# SOME_NEW_DEB = some_new_deb.deb
|
|
|
|
# $(SOME_NEW_DEB)_PATH = path/to/some_new_deb.deb
|
|
|
|
# SONIC_COPY_DEBS += $(SOME_NEW_DEB)
|
|
|
|
$(addprefix $(DEBS_PATH)/, $(SONIC_COPY_DEBS)) : $(DEBS_PATH)/% : .platform
|
|
|
|
$(HEADER)
|
|
|
|
$(foreach deb,$* $($*_DERIVED_DEBS), \
|
|
|
|
{ cp $($(deb)_PATH)/$(deb) $(DEBS_PATH)/ $(LOG) || exit 1 ; } ; )
|
|
|
|
$(FOOTER)
|
|
|
|
|
2017-07-29 17:34:27 -05:00
|
|
|
SONIC_TARGET_LIST += $(addprefix $(DEBS_PATH)/, $(SONIC_COPY_DEBS))
|
|
|
|
|
2016-12-14 13:59:24 -06:00
|
|
|
# Copy regular files from local directory
|
|
|
|
# Add new package for copy:
|
|
|
|
# SOME_NEW_FILE = some_new_file
|
|
|
|
# $(SOME_NEW_FILE)_PATH = path/to/some_new_file
|
|
|
|
# SONIC_COPY_FILES += $(SOME_NEW_FILE)
|
2017-07-28 12:57:51 -05:00
|
|
|
$(addprefix $(FILES_PATH)/, $(SONIC_COPY_FILES)) : $(FILES_PATH)/% : .platform
|
2016-12-14 13:59:24 -06:00
|
|
|
$(HEADER)
|
2017-07-28 12:57:51 -05:00
|
|
|
cp $($*_PATH)/$* $(FILES_PATH)/ $(LOG) || exit 1
|
2016-12-14 13:59:24 -06:00
|
|
|
$(FOOTER)
|
|
|
|
|
2017-07-29 17:34:27 -05:00
|
|
|
SONIC_TARGET_LIST += $(addprefix $(FILES_PATH)/, $(SONIC_COPY_FILES))
|
|
|
|
|
2016-12-05 13:12:19 -06:00
|
|
|
###############################################################################
|
|
|
|
## Online targets
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
# Download debian packages from online location
|
|
|
|
# Add new package for download:
|
|
|
|
# SOME_NEW_DEB = some_new_deb.deb
|
|
|
|
# $(SOME_NEW_DEB)_URL = https://url/to/this/deb.deb
|
|
|
|
# SONIC_ONLINE_DEBS += $(SOME_NEW_DEB)
|
|
|
|
$(addprefix $(DEBS_PATH)/, $(SONIC_ONLINE_DEBS)) : $(DEBS_PATH)/% : .platform
|
|
|
|
$(HEADER)
|
|
|
|
$(foreach deb,$* $($*_DERIVED_DEBS), \
|
2017-07-21 11:05:21 -05:00
|
|
|
{ wget --no-use-server-timestamps -O $(DEBS_PATH)/$(deb) $($(deb)_URL) $(LOG) || exit 1 ; } ; )
|
2016-12-05 13:12:19 -06:00
|
|
|
$(FOOTER)
|
|
|
|
|
2017-07-29 17:34:27 -05:00
|
|
|
SONIC_TARGET_LIST += $(addprefix $(DEBS_PATH)/, $(SONIC_ONLINE_DEBS))
|
|
|
|
|
2016-12-05 13:12:19 -06:00
|
|
|
# Download regular files from online location
|
|
|
|
# Files are stored in deb packages directory for convenience
|
|
|
|
# Add new file for download:
|
|
|
|
# SOME_NEW_FILE = some_new_file
|
|
|
|
# $(SOME_NEW_FILE)_URL = https://url/to/this/file
|
|
|
|
# SONIC_ONLINE_FILES += $(SOME_NEW_FILE)
|
2017-07-28 12:57:51 -05:00
|
|
|
$(addprefix $(FILES_PATH)/, $(SONIC_ONLINE_FILES)) : $(FILES_PATH)/% : .platform
|
2016-12-05 13:12:19 -06:00
|
|
|
$(HEADER)
|
2017-07-21 11:05:21 -05:00
|
|
|
wget --no-use-server-timestamps -O $@ $($*_URL) $(LOG)
|
2016-12-05 13:12:19 -06:00
|
|
|
$(FOOTER)
|
|
|
|
|
2017-07-29 17:34:27 -05:00
|
|
|
SONIC_TARGET_LIST += $(addprefix $(FILES_PATH)/, $(SONIC_ONLINE_FILES))
|
|
|
|
|
2016-12-05 13:12:19 -06:00
|
|
|
###############################################################################
|
|
|
|
## Debian package related targets
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
# Build project using build.sh script
|
|
|
|
# They are essentially a one-time build projects that get sources from some URL
|
|
|
|
# and compile them
|
|
|
|
# Add new package for build:
|
|
|
|
# SOME_NEW_DEB = some_new_deb.deb
|
|
|
|
# $(SOME_NEW_DEB)_SRC_PATH = $(SRC_PATH)/project_name
|
|
|
|
# $(SOME_NEW_DEB)_DEPENDS = $(SOME_OTHER_DEB1) $(SOME_OTHER_DEB2) ...
|
|
|
|
# SONIC_MAKE_DEBS += $(SOME_NEW_DEB)
|
|
|
|
$(addprefix $(DEBS_PATH)/, $(SONIC_MAKE_DEBS)) : $(DEBS_PATH)/% : .platform $$(addsuffix -install,$$(addprefix $(DEBS_PATH)/,$$($$*_DEPENDS)))
|
|
|
|
$(HEADER)
|
2017-09-07 16:02:17 -05:00
|
|
|
# Remove target to force rebuild
|
2017-03-01 10:32:58 -06:00
|
|
|
rm -f $(addprefix $(DEBS_PATH)/, $* $($*_DERIVED_DEBS) $($*_EXTRA_DEBS))
|
2017-09-07 16:02:17 -05:00
|
|
|
# Apply series of patches if exist
|
2017-03-17 00:57:30 -05:00
|
|
|
if [ -f $($*_SRC_PATH).patch/series ]; then pushd $($*_SRC_PATH) && QUILT_PATCHES=../$(notdir $($*_SRC_PATH)).patch quilt push -a; popd; fi
|
2017-09-07 16:02:17 -05:00
|
|
|
# Build project and take package
|
2018-06-19 17:59:12 -05:00
|
|
|
DEB_BUILD_OPTIONS="${DEB_BUILD_OPTIONS_GENERIC}" make DEST=$(shell pwd)/$(DEBS_PATH) -C $($*_SRC_PATH) $(shell pwd)/$(DEBS_PATH)/$* $(LOG)
|
2017-09-07 16:02:17 -05:00
|
|
|
# Clean up
|
2017-03-17 00:57:30 -05:00
|
|
|
if [ -f $($*_SRC_PATH).patch/series ]; then pushd $($*_SRC_PATH) && quilt pop -a -f; popd; fi
|
2016-12-05 13:12:19 -06:00
|
|
|
$(FOOTER)
|
|
|
|
|
2017-07-29 17:34:27 -05:00
|
|
|
SONIC_TARGET_LIST += $(addprefix $(DEBS_PATH)/, $(SONIC_MAKE_DEBS))
|
|
|
|
|
2016-12-05 13:12:19 -06:00
|
|
|
# Build project with dpkg-buildpackage
|
|
|
|
# Add new package for build:
|
|
|
|
# SOME_NEW_DEB = some_new_deb.deb
|
|
|
|
# $(SOME_NEW_DEB)_SRC_PATH = $(SRC_PATH)/project_name
|
|
|
|
# $(SOME_NEW_DEB)_DEPENDS = $(SOME_OTHER_DEB1) $(SOME_OTHER_DEB2) ...
|
|
|
|
# SONIC_DPKG_DEBS += $(SOME_NEW_DEB)
|
|
|
|
$(addprefix $(DEBS_PATH)/, $(SONIC_DPKG_DEBS)) : $(DEBS_PATH)/% : .platform $$(addsuffix -install,$$(addprefix $(DEBS_PATH)/,$$($$*_DEPENDS)))
|
|
|
|
$(HEADER)
|
2017-09-07 16:02:17 -05:00
|
|
|
# Remove old build logs if they exist
|
2016-12-05 13:12:19 -06:00
|
|
|
rm -f $($*_SRC_PATH)/debian/*.debhelper.log
|
2017-09-07 16:02:17 -05:00
|
|
|
# Apply series of patches if exist
|
2017-05-22 03:08:16 -05:00
|
|
|
if [ -f $($*_SRC_PATH).patch/series ]; then pushd $($*_SRC_PATH) && QUILT_PATCHES=../$(notdir $($*_SRC_PATH)).patch quilt push -a; popd; fi
|
2017-09-07 16:02:17 -05:00
|
|
|
# Build project
|
2016-12-05 13:12:19 -06:00
|
|
|
pushd $($*_SRC_PATH) $(LOG)
|
|
|
|
[ ! -f ./autogen.sh ] || ./autogen.sh $(LOG)
|
2017-10-24 00:01:42 -05:00
|
|
|
$(if $($*_DPKG_TARGET),
|
2018-06-19 17:59:12 -05:00
|
|
|
DEB_BUILD_OPTIONS="${DEB_BUILD_OPTIONS_GENERIC} ${$*_DEB_BUILD_OPTIONS}" dpkg-buildpackage -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS) --as-root -T$($*_DPKG_TARGET) $(LOG),
|
|
|
|
DEB_BUILD_OPTIONS="${DEB_BUILD_OPTIONS_GENERIC} ${$*_DEB_BUILD_OPTIONS}" dpkg-buildpackage -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS) $(LOG)
|
2017-10-24 00:01:42 -05:00
|
|
|
)
|
2016-12-05 13:12:19 -06:00
|
|
|
popd $(LOG)
|
2017-09-07 16:02:17 -05:00
|
|
|
# Clean up
|
2017-05-22 03:08:16 -05:00
|
|
|
if [ -f $($*_SRC_PATH).patch/series ]; then pushd $($*_SRC_PATH) && quilt pop -a -f; popd; fi
|
2017-09-07 16:02:17 -05:00
|
|
|
# Take built package(s)
|
2017-03-01 10:32:58 -06:00
|
|
|
mv $(addprefix $($*_SRC_PATH)/../, $* $($*_DERIVED_DEBS) $($*_EXTRA_DEBS)) $(DEBS_PATH) $(LOG)
|
2016-12-05 13:12:19 -06:00
|
|
|
$(FOOTER)
|
|
|
|
|
2017-07-29 17:34:27 -05:00
|
|
|
SONIC_TARGET_LIST += $(addprefix $(DEBS_PATH)/, $(SONIC_DPKG_DEBS))
|
|
|
|
|
2016-12-05 13:12:19 -06:00
|
|
|
# Build project with python setup.py --command-packages=stdeb.command
|
|
|
|
# Add new package for build:
|
|
|
|
# SOME_NEW_DEB = some_new_deb.deb
|
|
|
|
# $(SOME_NEW_DEB)_SRC_PATH = $(SRC_PATH)/project_name
|
|
|
|
# $(SOME_NEW_DEB)_DEPENDS = $(SOME_OTHER_DEB1) $(SOME_OTHER_DEB2) ...
|
|
|
|
# SONIC_PYTHON_STDEB_DEBS += $(SOME_NEW_DEB)
|
2017-10-25 07:06:30 -05:00
|
|
|
$(addprefix $(DEBS_PATH)/, $(SONIC_PYTHON_STDEB_DEBS)) : $(DEBS_PATH)/% : .platform $$(addsuffix -install,$$(addprefix $(DEBS_PATH)/,$$($$*_DEPENDS))) \
|
|
|
|
$$(addsuffix -install,$$(addprefix $(PYTHON_WHEELS_PATH)/,$$($$*_WHEEL_DEPENDS)))
|
2016-12-05 13:12:19 -06:00
|
|
|
$(HEADER)
|
2017-09-07 16:02:17 -05:00
|
|
|
# Apply series of patches if exist
|
|
|
|
if [ -f $($*_SRC_PATH).patch/series ]; then pushd $($*_SRC_PATH) && QUILT_PATCHES=../$(notdir $($*_SRC_PATH)).patch quilt push -a; popd; fi
|
|
|
|
# Build project
|
2016-12-05 13:12:19 -06:00
|
|
|
pushd $($*_SRC_PATH) $(LOG)
|
2018-01-29 10:14:01 -06:00
|
|
|
rm -rf deb_dist/* $(LOG)
|
2016-12-08 09:05:19 -06:00
|
|
|
python setup.py --command-packages=stdeb.command bdist_deb $(LOG)
|
2016-12-05 13:12:19 -06:00
|
|
|
popd $(LOG)
|
2017-09-07 16:02:17 -05:00
|
|
|
# Clean up
|
|
|
|
if [ -f $($*_SRC_PATH).patch/series ]; then pushd $($*_SRC_PATH) && quilt pop -a -f; popd; fi
|
|
|
|
# Take built package(s)
|
2016-12-05 13:12:19 -06:00
|
|
|
mv $(addprefix $($*_SRC_PATH)/deb_dist/, $* $($*_DERIVED_DEBS)) $(DEBS_PATH) $(LOG)
|
|
|
|
$(FOOTER)
|
|
|
|
|
2017-07-29 17:34:27 -05:00
|
|
|
SONIC_TARGET_LIST += $(addprefix $(DEBS_PATH)/, $(SONIC_PYTHON_STDEB_DEBS))
|
|
|
|
|
2016-12-05 13:12:19 -06:00
|
|
|
# Rules for derived debian packages (dev, dbg, etc.)
|
|
|
|
# All noise takes place in main deb recipe, so we are just telling that
|
|
|
|
# we depend on it and move our deb to other targets
|
|
|
|
# Add new dev package:
|
|
|
|
# $(eval $(call add_derived_package,$(ORIGINAL_DEB),derived_deb_file.deb))
|
|
|
|
$(addprefix $(DEBS_PATH)/, $(SONIC_DERIVED_DEBS)) : $(DEBS_PATH)/% : .platform $$(addsuffix -install,$$(addprefix $(DEBS_PATH)/,$$($$*_DEPENDS)))
|
|
|
|
$(HEADER)
|
|
|
|
# All noise takes place in main deb recipe, so we are just telling that
|
|
|
|
# we depend on it
|
|
|
|
# Put newer timestamp
|
|
|
|
[ -f $@ ] && touch $@
|
|
|
|
$(FOOTER)
|
|
|
|
|
2017-07-29 17:34:27 -05:00
|
|
|
SONIC_TARGET_LIST += $(addprefix $(DEBS_PATH)/, $(SONIC_DERIVED_DEBS))
|
|
|
|
|
2017-03-01 10:32:58 -06:00
|
|
|
# Rules for extra debian packages
|
|
|
|
# All noise takes place in main deb recipe, so we are just telling that
|
|
|
|
# we need to build the main deb and move our deb to other targets
|
|
|
|
# Add new dev package:
|
|
|
|
# $(eval $(call add_extra_package,$(ORIGINAL_DEB),extra_deb_file.deb))
|
|
|
|
$(addprefix $(DEBS_PATH)/, $(SONIC_EXTRA_DEBS)) : $(DEBS_PATH)/% : .platform $$(addprefix $(DEBS_PATH)/,$$($$*_MAIN_DEB))
|
|
|
|
$(HEADER)
|
|
|
|
# All noise takes place in main deb recipe, so we are just telling that
|
|
|
|
# we depend on it
|
|
|
|
# Put newer timestamp
|
|
|
|
[ -f $@ ] && touch $@
|
|
|
|
$(FOOTER)
|
|
|
|
|
2017-07-29 17:34:27 -05:00
|
|
|
SONIC_TARGET_LIST += $(addprefix $(DEBS_PATH)/, $(SONIC_EXTRA_DEBS))
|
|
|
|
|
2016-12-05 13:12:19 -06:00
|
|
|
# Targets for installing debian packages prior to build one that depends on them
|
|
|
|
SONIC_INSTALL_TARGETS = $(addsuffix -install,$(addprefix $(DEBS_PATH)/, \
|
|
|
|
$(SONIC_ONLINE_DEBS) \
|
|
|
|
$(SONIC_COPY_DEBS) \
|
|
|
|
$(SONIC_MAKE_DEBS) \
|
|
|
|
$(SONIC_DPKG_DEBS) \
|
|
|
|
$(SONIC_PYTHON_STDEB_DEBS) \
|
2017-03-01 10:32:58 -06:00
|
|
|
$(SONIC_DERIVED_DEBS) \
|
|
|
|
$(SONIC_EXTRA_DEBS)))
|
2016-12-05 13:12:19 -06:00
|
|
|
$(SONIC_INSTALL_TARGETS) : $(DEBS_PATH)/%-install : .platform $$(addsuffix -install,$$(addprefix $(DEBS_PATH)/,$$($$*_DEPENDS))) $(DEBS_PATH)/$$*
|
|
|
|
$(HEADER)
|
2017-07-25 01:49:39 -05:00
|
|
|
[ -f $(DEBS_PATH)/$* ] || { echo $(DEBS_PATH)/$* does not exist $(LOG) && false $(LOG) }
|
2016-12-05 13:12:19 -06:00
|
|
|
# put a lock here because dpkg does not allow installing packages in parallel
|
|
|
|
while true; do
|
|
|
|
if mkdir $(DEBS_PATH)/dpkg_lock &> /dev/null; then
|
|
|
|
{ sudo dpkg -i $(DEBS_PATH)/$* $(LOG) && rm -d $(DEBS_PATH)/dpkg_lock && break; } || { rm -d $(DEBS_PATH)/dpkg_lock && exit 1 ; }
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
$(FOOTER)
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
## Python packages
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
# Build project using python setup.py bdist_wheel
|
|
|
|
# Projects that generate python wheels
|
|
|
|
# Add new package for build:
|
|
|
|
# SOME_NEW_WHL = some_new_whl.whl
|
|
|
|
# $(SOME_NEW_WHL)_SRC_PATH = $(SRC_PATH)/project_name
|
|
|
|
# $(SOME_NEW_WHL)_PYTHON_VERSION = 2 (or 3)
|
|
|
|
# $(SOME_NEW_WHL)_DEPENDS = $(SOME_OTHER_WHL1) $(SOME_OTHER_WHL2) ...
|
2017-03-30 17:25:31 -05:00
|
|
|
# SONIC_PYTHON_WHEELS += $(SOME_NEW_WHL)
|
2016-12-05 13:12:19 -06:00
|
|
|
$(addprefix $(PYTHON_WHEELS_PATH)/, $(SONIC_PYTHON_WHEELS)) : $(PYTHON_WHEELS_PATH)/% : .platform $$(addsuffix -install,$$(addprefix $(PYTHON_WHEELS_PATH)/,$$($$*_DEPENDS)))
|
|
|
|
$(HEADER)
|
|
|
|
pushd $($*_SRC_PATH) $(LOG)
|
2017-03-17 00:57:30 -05:00
|
|
|
# apply series of patches if exist
|
|
|
|
if [ -f ../$(notdir $($*_SRC_PATH)).patch/series ]; then QUILT_PATCHES=../$(notdir $($*_SRC_PATH)).patch quilt push -a; fi
|
2017-12-07 15:08:23 -06:00
|
|
|
[ "$($*_TEST)" = "n" ] || python$($*_PYTHON_VERSION) setup.py test $(LOG)
|
2016-12-05 13:12:19 -06:00
|
|
|
python$($*_PYTHON_VERSION) setup.py bdist_wheel $(LOG)
|
2017-03-17 00:57:30 -05:00
|
|
|
# clean up
|
|
|
|
if [ -f ../$(notdir $($*_SRC_PATH)).patch/series ]; then quilt pop -a -f; fi
|
2016-12-05 13:12:19 -06:00
|
|
|
popd $(LOG)
|
|
|
|
mv $($*_SRC_PATH)/dist/$* $(PYTHON_WHEELS_PATH) $(LOG)
|
|
|
|
$(FOOTER)
|
|
|
|
|
2017-07-29 17:34:27 -05:00
|
|
|
SONIC_TARGET_LIST += $(addprefix $(PYTHON_WHEELS_PATH)/, $(SONIC_PYTHON_WHEELS))
|
|
|
|
|
2016-12-05 13:12:19 -06:00
|
|
|
# Targets for installing python wheels.
|
|
|
|
# Autogenerated
|
|
|
|
SONIC_INSTALL_WHEELS = $(addsuffix -install, $(addprefix $(PYTHON_WHEELS_PATH)/, $(SONIC_PYTHON_WHEELS)))
|
|
|
|
$(SONIC_INSTALL_WHEELS) : $(PYTHON_WHEELS_PATH)/%-install : .platform $$(addsuffix -install,$$(addprefix $(PYTHON_WHEELS_PATH)/,$$($$*_DEPENDS))) $(PYTHON_WHEELS_PATH)/$$*
|
|
|
|
$(HEADER)
|
|
|
|
[ -f $(PYTHON_WHEELS_PATH)/$* ] || { echo $(PYTHON_WHEELS_PATH)/$* does not exist $(LOG) && exit 1; }
|
|
|
|
# put a lock here to avoid race conditions
|
|
|
|
while true; do
|
|
|
|
if mkdir $(PYTHON_WHEELS_PATH)/pip_lock &> /dev/null; then
|
2017-12-24 01:34:15 -06:00
|
|
|
{ sudo -E pip$($*_PYTHON_VERSION) install $(PYTHON_WHEELS_PATH)/$* $(LOG) && rm -d $(PYTHON_WHEELS_PATH)/pip_lock && break; } || { rm -d $(PYTHON_WHEELS_PATH)/pip_lock && exit 1 ; }
|
2016-12-05 13:12:19 -06:00
|
|
|
fi
|
|
|
|
done
|
|
|
|
$(FOOTER)
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
## Docker images related targets
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
# start docker daemon
|
|
|
|
docker-start :
|
2017-12-24 01:34:15 -06:00
|
|
|
@sudo sed -i '/http_proxy/d' /etc/default/docker
|
|
|
|
@sudo bash -c "echo \"export http_proxy=$$http_proxy\" >> /etc/default/docker"
|
2017-12-01 21:24:55 -06:00
|
|
|
@sudo service docker status &> /dev/null || ( sudo service docker start &> /dev/null && sleep 1 )
|
2016-12-05 13:12:19 -06:00
|
|
|
|
|
|
|
# targets for building simple docker images that do not depend on any debian packages
|
|
|
|
$(addprefix $(TARGET_PATH)/, $(SONIC_SIMPLE_DOCKER_IMAGES)) : $(TARGET_PATH)/%.gz : .platform docker-start $$(addsuffix -load,$$(addprefix $(TARGET_PATH)/,$$($$*.gz_LOAD_DOCKERS)))
|
|
|
|
$(HEADER)
|
2018-02-15 19:48:49 -06:00
|
|
|
# Apply series of patches if exist
|
|
|
|
if [ -f $($*.gz_PATH).patch/series ]; then pushd $($*.gz_PATH) && QUILT_PATCHES=../$(notdir $($*.gz_PATH)).patch quilt push -a; popd; fi
|
2017-12-24 01:34:15 -06:00
|
|
|
docker build --squash --no-cache \
|
|
|
|
--build-arg http_proxy=$(HTTP_PROXY) \
|
|
|
|
--build-arg https_proxy=$(HTTPS_PROXY) \
|
|
|
|
--build-arg user=$(USER) \
|
|
|
|
--build-arg uid=$(UID) \
|
|
|
|
--build-arg guid=$(GUID) \
|
2018-06-25 12:48:42 -05:00
|
|
|
--build-arg docker_container_name=$($*.gz_CONTAINER_NAME) \
|
2017-12-24 01:34:15 -06:00
|
|
|
-t $* $($*.gz_PATH) $(LOG)
|
2016-12-05 13:12:19 -06:00
|
|
|
docker save $* | gzip -c > $@
|
2018-02-15 19:48:49 -06:00
|
|
|
# Clean up
|
|
|
|
if [ -f $($*.gz_PATH).patch/series ]; then pushd $($*.gz_PATH) && quilt pop -a -f; popd; fi
|
2016-12-05 13:12:19 -06:00
|
|
|
$(FOOTER)
|
|
|
|
|
2017-07-29 17:34:27 -05:00
|
|
|
SONIC_TARGET_LIST += $(addprefix $(TARGET_PATH)/, $(SONIC_SIMPLE_DOCKER_IMAGES))
|
|
|
|
|
2016-12-05 13:12:19 -06:00
|
|
|
# Targets for building docker images
|
2017-07-28 12:57:51 -05:00
|
|
|
$(addprefix $(TARGET_PATH)/, $(SONIC_DOCKER_IMAGES)) : $(TARGET_PATH)/%.gz : .platform docker-start $$(addprefix $(DEBS_PATH)/,$$($$*.gz_DEPENDS)) $$(addprefix $(FILES_PATH)/,$$($$*.gz_FILES)) $$(addprefix $(PYTHON_WHEELS_PATH)/,$$($$*.gz_PYTHON_WHEELS)) $$(addsuffix -load,$$(addprefix $(TARGET_PATH)/,$$($$*.gz_LOAD_DOCKERS))) $$($$*.gz_PATH)/Dockerfile.j2
|
2016-12-05 13:12:19 -06:00
|
|
|
$(HEADER)
|
2018-02-15 19:48:49 -06:00
|
|
|
# Apply series of patches if exist
|
|
|
|
if [ -f $($*.gz_PATH).patch/series ]; then pushd $($*.gz_PATH) && QUILT_PATCHES=../$(notdir $($*.gz_PATH)).patch quilt push -a; popd; fi
|
2016-12-23 17:22:06 -06:00
|
|
|
mkdir -p $($*.gz_PATH)/debs $(LOG)
|
2017-07-28 12:57:51 -05:00
|
|
|
mkdir -p $($*.gz_PATH)/files $(LOG)
|
2016-12-05 13:12:19 -06:00
|
|
|
mkdir -p $($*.gz_PATH)/python-wheels $(LOG)
|
2016-12-23 17:22:06 -06:00
|
|
|
sudo mount --bind $(DEBS_PATH) $($*.gz_PATH)/debs $(LOG)
|
2017-07-28 12:57:51 -05:00
|
|
|
sudo mount --bind $(FILES_PATH) $($*.gz_PATH)/files $(LOG)
|
2016-12-05 13:12:19 -06:00
|
|
|
sudo mount --bind $(PYTHON_WHEELS_PATH) $($*.gz_PATH)/python-wheels $(LOG)
|
2016-12-23 17:22:06 -06:00
|
|
|
# Export variables for j2. Use path for unique variable names, e.g. docker_orchagent_debs
|
|
|
|
$(eval export $(subst -,_,$(notdir $($*.gz_PATH)))_debs=$(shell printf "$(subst $(SPACE),\n,$(call expand,$($*.gz_DEPENDS),RDEPENDS))\n" | awk '!a[$$0]++'))
|
2017-03-17 16:51:42 -05:00
|
|
|
$(eval export $(subst -,_,$(notdir $($*.gz_PATH)))_whls=$(shell printf "$(subst $(SPACE),\n,$(call expand,$($*.gz_PYTHON_WHEELS)))\n" | awk '!a[$$0]++'))
|
2017-02-21 21:04:43 -06:00
|
|
|
$(eval export $(subst -,_,$(notdir $($*.gz_PATH)))_dbgs=$(shell printf "$(subst $(SPACE),\n,$(call expand,$($*.gz_DBG_PACKAGES)))\n" | awk '!a[$$0]++'))
|
2016-12-23 17:22:06 -06:00
|
|
|
j2 $($*.gz_PATH)/Dockerfile.j2 > $($*.gz_PATH)/Dockerfile
|
2017-12-24 01:34:15 -06:00
|
|
|
docker build --squash --no-cache \
|
|
|
|
--build-arg http_proxy=$(HTTP_PROXY) \
|
|
|
|
--build-arg https_proxy=$(HTTPS_PROXY) \
|
|
|
|
--build-arg user=$(USER) \
|
|
|
|
--build-arg uid=$(UID) \
|
|
|
|
--build-arg guid=$(GUID) \
|
2018-06-25 12:48:42 -05:00
|
|
|
--build-arg docker_container_name=$($*.gz_CONTAINER_NAME) \
|
2017-12-24 01:34:15 -06:00
|
|
|
-t $* $($*.gz_PATH) $(LOG)
|
2016-12-05 13:12:19 -06:00
|
|
|
docker save $* | gzip -c > $@
|
2018-02-15 19:48:49 -06:00
|
|
|
# Clean up
|
|
|
|
if [ -f $($*.gz_PATH).patch/series ]; then pushd $($*.gz_PATH) && quilt pop -a -f; popd; fi
|
2016-12-05 13:12:19 -06:00
|
|
|
$(FOOTER)
|
|
|
|
|
2017-07-29 17:34:27 -05:00
|
|
|
SONIC_TARGET_LIST += $(addprefix $(TARGET_PATH)/, $(SONIC_DOCKER_IMAGES))
|
|
|
|
|
2016-12-05 13:12:19 -06:00
|
|
|
DOCKER_LOAD_TARGETS = $(addsuffix -load,$(addprefix $(TARGET_PATH)/, \
|
|
|
|
$(SONIC_SIMPLE_DOCKER_IMAGES) \
|
|
|
|
$(SONIC_DOCKER_IMAGES)))
|
|
|
|
$(DOCKER_LOAD_TARGETS) : $(TARGET_PATH)/%.gz-load : .platform docker-start $$(TARGET_PATH)/$$*.gz
|
|
|
|
$(HEADER)
|
|
|
|
docker load -i $(TARGET_PATH)/$*.gz $(LOG)
|
|
|
|
$(FOOTER)
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
## Installers
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
# targets for building installers with base image
|
2017-11-16 14:27:03 -06:00
|
|
|
$(addprefix $(TARGET_PATH)/, $(SONIC_INSTALLERS)) : $(TARGET_PATH)/% : \
|
|
|
|
.platform \
|
|
|
|
onie-image.conf \
|
|
|
|
$$(addsuffix -install,$$(addprefix $(DEBS_PATH)/,$$($$*_DEPENDS))) \
|
|
|
|
$$(addprefix $(DEBS_PATH)/,$$($$*_INSTALLS)) \
|
|
|
|
$$(addprefix $(DEBS_PATH)/,$$($$*_LAZY_INSTALLS)) \
|
|
|
|
$$(addprefix $(FILES_PATH)/,$$($$*_FILES)) \
|
|
|
|
$(addprefix $(DEBS_PATH)/,$(INITRAMFS_TOOLS) \
|
|
|
|
$(LINUX_KERNEL) \
|
|
|
|
$(IGB_DRIVER) \
|
2017-12-22 12:04:29 -06:00
|
|
|
$(IXGBE_DRIVER) \
|
2017-11-16 14:27:03 -06:00
|
|
|
$(SONIC_DEVICE_DATA) \
|
2018-06-29 11:59:46 -05:00
|
|
|
$(PYTHON_CLICK) \
|
2017-12-07 05:36:17 -06:00
|
|
|
$(SONIC_UTILS) \
|
2018-02-08 19:43:52 -06:00
|
|
|
$(LIBWRAP) \
|
2017-12-07 05:36:17 -06:00
|
|
|
$(LIBPAM_TACPLUS) \
|
|
|
|
$(LIBNSS_TACPLUS)) \
|
2017-11-16 14:27:03 -06:00
|
|
|
$$(addprefix $(TARGET_PATH)/,$$($$*_DOCKERS)) \
|
2018-01-17 19:11:31 -06:00
|
|
|
$$(addprefix $(PYTHON_WHEELS_PATH)/,$(SONIC_CONFIG_ENGINE)) \
|
|
|
|
$$(addprefix $(PYTHON_WHEELS_PATH)/,$(SONIC_PLATFORM_COMMON_PY2))
|
2016-12-05 13:12:19 -06:00
|
|
|
$(HEADER)
|
2017-09-07 16:02:17 -05:00
|
|
|
# Pass initramfs and linux kernel explicitly. They are used for all platforms
|
2017-01-29 13:33:33 -06:00
|
|
|
export initramfs_tools="$(DEBS_PATH)/$(INITRAMFS_TOOLS)"
|
|
|
|
export linux_kernel="$(DEBS_PATH)/$(LINUX_KERNEL)"
|
|
|
|
export kversion="$(KVERSION)"
|
|
|
|
export image_type="$($*_IMAGE_TYPE)"
|
|
|
|
export sonicadmin_user="$(USERNAME)"
|
2017-02-10 09:39:05 -06:00
|
|
|
export sonic_asic_platform="$(CONFIGURED_PLATFORM)"
|
2018-03-27 15:39:04 -05:00
|
|
|
export enable_organization_extensions="$(ENABLE_ORGANIZATION_EXTENSIONS)"
|
2017-02-17 15:47:01 -06:00
|
|
|
export enable_dhcp_graph_service="$(ENABLE_DHCP_GRAPH_SERVICE)"
|
2017-06-12 13:05:22 -05:00
|
|
|
export shutdown_bgp_on_start="$(SHUTDOWN_BGP_ON_START)"
|
2018-03-06 01:55:37 -06:00
|
|
|
export enable_pfcwd_on_start="$(ENABLE_PFCWD_ON_START)"
|
2017-11-16 14:27:03 -06:00
|
|
|
export installer_debs="$(addprefix $(DEBS_PATH)/,$($*_INSTALLS))"
|
|
|
|
export lazy_installer_debs="$(foreach deb, $($*_LAZY_INSTALLS),$(foreach device, $($(deb)_PLATFORM),$(addprefix $(device)@, $(DEBS_PATH)/$(deb))))"
|
2017-04-04 01:56:15 -05:00
|
|
|
export installer_images="$(addprefix $(TARGET_PATH)/,$($*_DOCKERS))"
|
|
|
|
export config_engine_wheel_path="$(addprefix $(PYTHON_WHEELS_PATH)/,$(SONIC_CONFIG_ENGINE))"
|
|
|
|
export swsssdk_py2_wheel_path="$(addprefix $(PYTHON_WHEELS_PATH)/,$(SWSSSDK_PY2))"
|
2018-01-17 19:11:31 -06:00
|
|
|
export platform_common_py2_wheel_path="$(addprefix $(PYTHON_WHEELS_PATH)/,$(SONIC_PLATFORM_COMMON_PY2))"
|
2018-03-27 15:39:04 -05:00
|
|
|
|
2017-01-29 13:33:33 -06:00
|
|
|
$(foreach docker, $($*_DOCKERS),\
|
|
|
|
export docker_image="$(docker)"
|
|
|
|
export docker_image_name="$(basename $(docker))"
|
|
|
|
export docker_container_name="$($(docker)_CONTAINER_NAME)"
|
2017-09-11 17:29:42 -05:00
|
|
|
$(eval $(docker)_RUN_OPT += $($(docker)_$($*_IMAGE_TYPE)_RUN_OPT))
|
2017-01-29 13:33:33 -06:00
|
|
|
export docker_image_run_opt="$($(docker)_RUN_OPT)"
|
|
|
|
j2 files/build_templates/docker_image_ctl.j2 > $($(docker)_CONTAINER_NAME).sh
|
2017-03-01 12:57:35 -06:00
|
|
|
if [ -f files/build_templates/$($(docker)_CONTAINER_NAME).service.j2 ]; then
|
|
|
|
j2 files/build_templates/$($(docker)_CONTAINER_NAME).service.j2 > $($(docker)_CONTAINER_NAME).service
|
|
|
|
fi
|
2017-01-29 13:33:33 -06:00
|
|
|
chmod +x $($(docker)_CONTAINER_NAME).sh
|
|
|
|
)
|
|
|
|
|
2017-04-04 01:56:15 -05:00
|
|
|
export installer_start_scripts="$(foreach docker, $($*_DOCKERS),$(addsuffix .sh, $($(docker)_CONTAINER_NAME)))"
|
2017-01-29 13:33:33 -06:00
|
|
|
export installer_services="$(foreach docker, $($*_DOCKERS),$(addsuffix .service, $($(docker)_CONTAINER_NAME)))"
|
2017-02-07 02:33:20 -06:00
|
|
|
export installer_extra_files="$(foreach docker, $($*_DOCKERS), $(foreach file, $($(docker)_BASE_IMAGE_FILES), $($(docker)_PATH)/base_image_files/$(file)))"
|
2017-01-29 13:33:33 -06:00
|
|
|
|
2017-02-06 10:17:16 -06:00
|
|
|
j2 -f env files/initramfs-tools/union-mount.j2 onie-image.conf > files/initramfs-tools/union-mount
|
|
|
|
j2 -f env files/initramfs-tools/arista-convertfs.j2 onie-image.conf > files/initramfs-tools/arista-convertfs
|
|
|
|
|
2018-03-27 15:39:04 -05:00
|
|
|
$(if $($*_DOCKERS),
|
2017-01-29 13:33:33 -06:00
|
|
|
j2 files/build_templates/sonic_debian_extension.j2 > sonic_debian_extension.sh
|
|
|
|
chmod +x sonic_debian_extension.sh,
|
|
|
|
)
|
|
|
|
|
2017-09-27 02:04:34 -05:00
|
|
|
DIRTY_SUFFIX="$(shell date +%Y%m%d\.%H%M%S)"
|
|
|
|
export DIRTY_SUFFIX
|
[baseimage]: Improve password hashing for default user account (#1748)
* [slave.mk]: Fix displaying username and password in build summary
We display contents of DEFAULT_USERNAME and DEFAULT_PASSWORD, while
image can be build with USERNAME and/or PASSWORD given on make(1)
command line. For example:
$ make USERNAME=adm PASSWORD=mypass target/sonic-broadcom.bin
Fix by displaying USERNAME and PASSWORD variables in build summary.
Signed-off-by: Sergey Popovich <sergey.popovich@ordnance.co>
* [baseimage]: Improve default user account handling
There are couple of issues with current implementation of default
user account management in baseimage:
1) It uses DES to encrypt accounts password. Furthermore this
effectively limits password length to 8 symbols, even if more
provided with PASSWORD or DEFAULT_PASSWORD from rules/config.
2) Salt value for password is same on all builds even with different
password increasing attack surface.
3) During the build process password passed as command line parameter
either as plain text (if given to make(1) as "make PASSWORD=...")
or DES encrypted (if given to build_debian.sh) can be seen by
non-build users using /proc/<pid>/cmdline file that has group and
world readable permissions.
Both 1) and 2) come from:
perl -e 'print crypt("$(PASSWORD)", "salt"),"\n"')"
that by defalt uses DES if salt does not have format $<id>$<salt>$,
where <id> is hashing function id. See crypt(3) for more details on
valid <id> values.
To address issues above we propose following changes:
1) Do not create password by hands (e.g. using perl snippet above):
put this job to chpasswd(8) which is aware about system wide
password hashing policy specified in /etc/login.defs with
ENCRYPT_METHOD (by default it is SHA512 for Debian 8).
2) Now chpasswd(8) will take care about proper salt value.
3) This has two steps:
3.1) For compatibility reasons accept USERNAME and PASSWORD as
make(1) parameters, but warn user that this is unsafe.
3.2) Use process environment to pass USERNAME and PASSWORD variables
from Makefile to build_debian.sh as more secure alternative to
passing via command line parameters: /proc/<pid>/environ
readable only by user running process or privileged users like
root.
Before change:
--------------
hash1
-----
# u='admin'
# p="$(LANG=C perl -e 'print crypt("YourPaSs", "salt"),"\n"')"
^^^^^^^^
8 symbols
# echo "$u:$p" | chpasswd -e
# getent shadow admin
admin:sazQDkwgZPfSk:17680:0:99999:7:::
^^^^^^^^^^^^^
Note the hash (DES encrypted password)
hash2
-----
# u='admin'
# p="$(LANG=C perl -e 'print crypt("YourPaSsWoRd", "salt"),"\n"')"
^^^^^^^^^^^^
12 symbols
# echo "$u:$p" | chpasswd -e
# getent shadow admin
admin:sazQDkwgZPfSk:17680:0:99999:7:::
^^^^^^^^^^^^^
Hash is the same as for "YourPaSs"
After change:
-------------
hash1
-----
# echo "admin:YourPaSs" | chpasswd
# getent shadow admin
admin:$6$1Nho1jHC$T8YwK58FYToXMFuetQta7/XouAAN2q1IzWC3bdIg86woAs6WuTg\
^^^^^^^^
Note salt here
ksLO3oyQInax/wNVq.N4de6dyWZDsCAvsZ1:17681:0:99999:7:::
hash2
-----
# echo "admin:YourPaSs" | chpasswd
# getent shadow admin
admin:$6$yKU5g7BO$kdT02Z1wHXhr1VCniKkZbLaMPZXK0WSSVGhSLGrNhsrsVxCJ.D9\
^^^^^^^^
Here salt completely different from case above
plFpd8ksGNpw/Vb92hvgYyCL2i5cfI8QEY/:17681:0:99999:7:::
Since salt is different hashes for same password different too.
hash1
-----
# LANG=C perl -e 'print crypt("YourPaSs", "\$6\$salt\$"),"\n"'
^^^^^
We want SHA512 hash
$6$salt$qkwPvXqUeGpexO1vatnIQFAreOTXs6rnDX.OI.Sz2rcy51JrO8dFc9aGv82bB\
yd2ELrIMJ.FQLNjgSD0nNha7/
hash2
-----
# LANG=C perl -e 'print crypt("YourPaSsWoRd", "\$6\$salt\$"),"\n"'
$6$salt$1JVndGzyy/dj7PaXo6hNcttlQoZe23ob8GWYWxVGEiGOlh6sofbaIvwl6Ho7N\
kYDI8zwRumRwga/A29nHm4mZ1
Now with same "salt" and $<id>$, and same 8 symbol prefix in password, but
different password length we have different hashes.
Signed-off-by: Sergey Popovich <sergey.popovich@ordnance.co>
2018-06-09 13:29:16 -05:00
|
|
|
|
|
|
|
USERNAME="$(USERNAME)" \
|
|
|
|
PASSWORD="$(PASSWORD)" \
|
|
|
|
./build_debian.sh $(LOG)
|
|
|
|
|
|
|
|
TARGET_MACHINE=$($*_MACHINE) \
|
|
|
|
IMAGE_TYPE=$($*_IMAGE_TYPE) \
|
|
|
|
./build_image.sh $(LOG)
|
2017-01-29 13:33:33 -06:00
|
|
|
|
|
|
|
$(foreach docker, $($*_DOCKERS), \
|
2017-03-01 12:57:35 -06:00
|
|
|
rm -f $($(docker)_CONTAINER_NAME).sh
|
|
|
|
rm -f $($(docker)_CONTAINER_NAME).service
|
2017-01-29 13:33:33 -06:00
|
|
|
)
|
|
|
|
|
|
|
|
$(if $($*_DOCKERS),
|
|
|
|
rm sonic_debian_extension.sh,
|
|
|
|
)
|
2017-02-26 18:00:44 -06:00
|
|
|
|
|
|
|
chmod a+x $@
|
2016-12-05 13:12:19 -06:00
|
|
|
$(FOOTER)
|
|
|
|
|
2017-07-29 17:34:27 -05:00
|
|
|
SONIC_TARGET_LIST += $(addprefix $(TARGET_PATH)/, $(SONIC_INSTALLERS))
|
|
|
|
|
2016-12-05 13:12:19 -06:00
|
|
|
###############################################################################
|
|
|
|
## Clean targets
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
SONIC_CLEAN_DEBS = $(addsuffix -clean,$(addprefix $(DEBS_PATH)/, \
|
|
|
|
$(SONIC_ONLINE_DEBS) \
|
|
|
|
$(SONIC_ONLINE_FILES) \
|
|
|
|
$(SONIC_COPY_DEBS) \
|
2016-12-14 13:59:24 -06:00
|
|
|
$(SONIC_COPY_FILES) \
|
2016-12-05 13:12:19 -06:00
|
|
|
$(SONIC_MAKE_DEBS) \
|
|
|
|
$(SONIC_DPKG_DEBS) \
|
|
|
|
$(SONIC_PYTHON_STDEB_DEBS) \
|
2017-03-01 10:32:58 -06:00
|
|
|
$(SONIC_DERIVED_DEBS) \
|
|
|
|
$(SONIC_EXTRA_DEBS)))
|
2017-07-28 12:57:51 -05:00
|
|
|
|
|
|
|
SONIC_CLEAN_FILES = $(addsuffix -clean,$(addprefix $(FILES_PATH)/, \
|
|
|
|
$(SONIC_ONLINE_FILES) \
|
|
|
|
$(SONIC_COPY_FILES)))
|
|
|
|
|
2017-03-01 10:32:58 -06:00
|
|
|
$(SONIC_CLEAN_DEBS) : $(DEBS_PATH)/%-clean : .platform $$(addsuffix -clean,$$(addprefix $(DEBS_PATH)/,$$($$*_MAIN_DEB)))
|
|
|
|
@# remove derived or extra targets if main one is removed, because we treat them
|
2016-12-05 13:12:19 -06:00
|
|
|
@# as part of one package
|
2017-03-01 10:32:58 -06:00
|
|
|
@rm -f $(addprefix $(DEBS_PATH)/, $* $($*_DERIVED_DEBS) $($*_EXTRA_DEBS))
|
2016-12-05 13:12:19 -06:00
|
|
|
|
2017-07-28 12:57:51 -05:00
|
|
|
$(SONIC_CLEAN_FILES) : $(FILES_PATH)/%-clean : .platform
|
|
|
|
@rm -f $(FILES_PATH)/$*
|
|
|
|
|
2016-12-05 13:12:19 -06:00
|
|
|
SONIC_CLEAN_TARGETS += $(addsuffix -clean,$(addprefix $(TARGET_PATH)/, \
|
|
|
|
$(SONIC_DOCKER_IMAGES) \
|
2017-03-07 14:34:24 -06:00
|
|
|
$(SONIC_SIMPLE_DOCKER_IMAGES) \
|
|
|
|
$(SONIC_INSTALLERS)))
|
2016-12-05 13:12:19 -06:00
|
|
|
$(SONIC_CLEAN_TARGETS) : $(TARGET_PATH)/%-clean : .platform
|
|
|
|
@rm -f $(TARGET_PATH)/$*
|
|
|
|
|
|
|
|
SONIC_CLEAN_WHEELS = $(addsuffix -clean,$(addprefix $(PYTHON_WHEELS_PATH)/, \
|
|
|
|
$(SONIC_PYTHON_WHEELS)))
|
|
|
|
$(SONIC_CLEAN_WHEELS) : $(PYTHON_WHEELS_PATH)/%-clean : .platform
|
|
|
|
@rm -f $(PYTHON_WHEELS_PATH)/$*
|
|
|
|
|
|
|
|
clean-logs : .platform
|
2017-07-28 12:57:51 -05:00
|
|
|
@rm -f $(TARGET_PATH)/*.log $(DEBS_PATH)/*.log $(FILES_PATH)/*.log $(PYTHON_WHEELS_PATH)/*.log
|
2016-12-05 13:12:19 -06:00
|
|
|
|
2017-07-28 12:57:51 -05:00
|
|
|
clean : .platform clean-logs $$(SONIC_CLEAN_DEBS) $$(SONIC_CLEAN_FILES) $$(SONIC_CLEAN_TARGETS) $$(SONIC_CLEAN_WHEELS)
|
2016-12-05 13:12:19 -06:00
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
## all
|
|
|
|
###############################################################################
|
|
|
|
|
|
|
|
all : .platform $$(addprefix $(TARGET_PATH)/,$$(SONIC_ALL))
|
|
|
|
|
|
|
|
###############################################################################
|
|
|
|
## Standard targets
|
|
|
|
###############################################################################
|
|
|
|
|
2017-07-28 12:57:51 -05:00
|
|
|
.PHONY : $(SONIC_CLEAN_DEBS) $(SONIC_CLEAN_FILES) $(SONIC_CLEAN_TARGETS) $(SONIC_CLEAN_WHEELS) clean distclean configure
|
2016-12-05 13:12:19 -06:00
|
|
|
|
2017-03-02 06:08:25 -06:00
|
|
|
.INTERMEDIATE : $(SONIC_INSTALL_TARGETS) $(SONIC_INSTALL_WHEELS) $(DOCKER_LOAD_TARGETS) docker-start .platform
|