package/google/google_signing/google_signing.mk - buildroot - Git at Google

 #############################################################
 #
 # google_signing (signing related code)
 #
 #############################################################
 GOOGLE_SIGNING_SITE=repo://vendor/google/platform
 GOOGLE_SIGNING_DEPENDENCIES=host-gtest host-py-openssl \
 			    host-google_keystore_client
 GOOGLE_SIGNING_INSTALL_TARGET=YES
 GOOGLE_SIGNING_TEST=YES

 ifeq ($(BR2_PACKAGE_GOOGLE_PROD),y)
 GOOGLE_SIGNING_DEPENDENCIES += bcm_signing host-bcm_signing
 endif

 HOST_GOOGLE_SIGNING_TEST=YES
 SIGNING_DIR=$(BINARIES_DIR)/signing

 define GOOGLE_SIGNING_BUILD_CMDS
 	HOSTDIR=$(HOST_DIR) CROSS_COMPILE=$(TARGET_CROSS) $(MAKE) -C \
 		 $(@D)/signing
 endef

 SIGNING_FLAG=""
 ifeq ($(BR2_PACKAGE_GOOGLE_PROD),y)
 define HOST_GOOGLE_SIGNING_RETRIEVE_KEY
 	(mkdir -m 700 -p $(SIGNING_DIR); \
 	$(call GOOGLE_KEYSTORE_CLIENT_EXECUTE,signing_private_key,$(SIGNING_DIR)/gfiber_private.pem))
 endef
 SIGNING_FLAG="-s"
 GOOGLE_KEYSTORE_CLIENT_NEEDS_KEYS += \
 	signing_private_key \
 	signing_public_key_signature
 else
 define HOST_GOOGLE_SIGNING_RETRIEVE_KEY
 	echo "Skip retrieving signing key..."
 endef
 endif

 define HOST_GOOGLE_SIGNING_CLEANUP
 	if [ -d "$(SIGNING_DIR)" ]; then \
 		shred -f -u -z -n 5 $(SIGNING_DIR)/*; \
 		rm -rf $(SIGNING_DIR); \
 	fi
 endef

 define HOST_GOOGLE_SIGNING_SIGN
 	($(HOST_GOOGLE_SIGNING_RETRIEVE_KEY) && \
 		$(HOST_DIR)/usr/bin/python $(HOST_DIR)/usr/sbin/repack.py \
 		-o $(HOST_DIR) $(SIGNING_FLAG) -b $(BINARIES_DIR) && \
 		$(HOST_GOOGLE_SIGNING_CLEANUP))
 endef

 define GOOGLE_SIGNING_INSTALL_TARGET_CMDS
 	$(MAKE) HOSTDIR=$(HOST_DIR) TARGET_DIR=$(TARGET_DIR) \
 		INSTALL=$(INSTALL) -C $(@D)/signing install
 endef

 define GOOGLE_SIGNING_TEST_CMDS
 	$(MAKE) HOSTDIR=$(HOST_DIR) -C $(@D)/signing test
 endef

 define HOST_GOOGLE_SIGNING_INSTALL_CMDS
 	mkdir -p $(HOST_DIR)/usr/sbin/
 	$(INSTALL) -D -m 0755 $(@D)/signing/repack.py \
 		$(HOST_DIR)/usr/sbin/repack.py
 	$(INSTALL) -D -m 0755 $(@D)/signing/signserial.py \
 		$(HOST_DIR)/usr/sbin/signserial.py
 endef

 define HOST_GOOGLE_SIGNING_TEST_CMDS
 	(cd $(@D)/signing && $(HOST_DIR)/usr/bin/python repacktest.py)
 endef

 sign_sn: sn.txt
 	($(HOST_GOOGLE_SIGNING_RETRIEVE_KEY); \
 		$(HOST_DIR)/usr/bin/python $(HOST_DIR)/usr/sbin/signserial.py \
 		-o $(HOST_DIR) -b $(BINARIES_DIR) -f $<; \
 		$(HOST_GOOGLE_SIGNING_CLEANUP))

 $(eval $(call GENTARGETS))
 $(eval $(call GENTARGETS,host))
	#############################################################
	#
	# google_signing (signing related code)
	#
	#############################################################
	GOOGLE_SIGNING_SITE=repo://vendor/google/platform
	GOOGLE_SIGNING_DEPENDENCIES=host-gtest host-py-openssl \
	host-google_keystore_client
	GOOGLE_SIGNING_INSTALL_TARGET=YES
	GOOGLE_SIGNING_TEST=YES

	ifeq ($(BR2_PACKAGE_GOOGLE_PROD),y)
	GOOGLE_SIGNING_DEPENDENCIES += bcm_signing host-bcm_signing
	endif

	HOST_GOOGLE_SIGNING_TEST=YES
	SIGNING_DIR=$(BINARIES_DIR)/signing

	define GOOGLE_SIGNING_BUILD_CMDS
	HOSTDIR=$(HOST_DIR) CROSS_COMPILE=$(TARGET_CROSS) $(MAKE) -C \
	$(@D)/signing
	endef

	SIGNING_FLAG=""
	ifeq ($(BR2_PACKAGE_GOOGLE_PROD),y)
	define HOST_GOOGLE_SIGNING_RETRIEVE_KEY
	(mkdir -m 700 -p $(SIGNING_DIR); \
	$(call GOOGLE_KEYSTORE_CLIENT_EXECUTE,signing_private_key,$(SIGNING_DIR)/gfiber_private.pem))
	endef
	SIGNING_FLAG="-s"
	GOOGLE_KEYSTORE_CLIENT_NEEDS_KEYS += \
	signing_private_key \
	signing_public_key_signature
	else
	define HOST_GOOGLE_SIGNING_RETRIEVE_KEY
	echo "Skip retrieving signing key..."
	endef
	endif

	define HOST_GOOGLE_SIGNING_CLEANUP
	if [ -d "$(SIGNING_DIR)" ]; then \
	shred -f -u -z -n 5 $(SIGNING_DIR)/*; \
	rm -rf $(SIGNING_DIR); \
	fi
	endef

	define HOST_GOOGLE_SIGNING_SIGN
	($(HOST_GOOGLE_SIGNING_RETRIEVE_KEY) && \
	$(HOST_DIR)/usr/bin/python $(HOST_DIR)/usr/sbin/repack.py \
	-o $(HOST_DIR) $(SIGNING_FLAG) -b $(BINARIES_DIR) && \
	$(HOST_GOOGLE_SIGNING_CLEANUP))
	endef

	define GOOGLE_SIGNING_INSTALL_TARGET_CMDS
	$(MAKE) HOSTDIR=$(HOST_DIR) TARGET_DIR=$(TARGET_DIR) \
	INSTALL=$(INSTALL) -C $(@D)/signing install
	endef

	define GOOGLE_SIGNING_TEST_CMDS
	$(MAKE) HOSTDIR=$(HOST_DIR) -C $(@D)/signing test
	endef

	define HOST_GOOGLE_SIGNING_INSTALL_CMDS
	mkdir -p $(HOST_DIR)/usr/sbin/
	$(INSTALL) -D -m 0755 $(@D)/signing/repack.py \
	$(HOST_DIR)/usr/sbin/repack.py
	$(INSTALL) -D -m 0755 $(@D)/signing/signserial.py \
	$(HOST_DIR)/usr/sbin/signserial.py
	endef

	define HOST_GOOGLE_SIGNING_TEST_CMDS
	(cd $(@D)/signing && $(HOST_DIR)/usr/bin/python repacktest.py)
	endef

	sign_sn: sn.txt
	($(HOST_GOOGLE_SIGNING_RETRIEVE_KEY); \
	$(HOST_DIR)/usr/bin/python $(HOST_DIR)/usr/sbin/signserial.py \
	-o $(HOST_DIR) -b $(BINARIES_DIR) -f $<; \
	$(HOST_GOOGLE_SIGNING_CLEANUP))

	$(eval $(call GENTARGETS))
	$(eval $(call GENTARGETS,host))