2018-07-23 18:41:00 +00:00
|
|
|
# GIT_LFS_SHA is the '--short'-form SHA1 of the current revision of Git LFS.
|
2018-07-19 18:02:25 +00:00
|
|
|
GIT_LFS_SHA ?= $(shell git rev-parse --short HEAD)
|
2018-07-23 18:41:00 +00:00
|
|
|
# VERSION is the longer-form describe output of the current revision of Git LFS,
|
|
|
|
|
# used for identifying intermediate releases.
|
|
|
|
|
#
|
|
|
|
|
# If Git LFS is being built for a published release, VERSION and GIT_LFS_SHA
|
|
|
|
|
# should be identical.
|
2018-07-19 18:02:25 +00:00
|
|
|
VERSION ?= $(shell git describe HEAD)
|
|
|
|
|
|
Makefile: put all archive contents in a directory
Right now, extracting one of our archives (except for the source
archives) causes all files to be extracted in the current directory.
This is commonly referred to as a tarbomb, and is generally unwelcome.
Instead, let's create a top-level directory in each of our archives
named the same way as we currently name our source tarballs: the string
"git-lfs-" and then a version number without the initial "v". This is
the same algorithm GitHub would use to create its autogenerated
archives.
Because we can no longer use zip's -j option to strip off path
components (since we now want to preserve at least some of them), using
zip becomes tricky. Instead, let's use the BSD (libarchive) tar, which
is natively available on Windows, macOS, and FreeBSD as the system tar
implementation, and which can be easily installed on all Linux distros
under the name "bsdtar". This program supports tar files, zip files,
and a wide variety of other formats that we don't need here and is ideal
for this usage. However, it doesn't support updating zip files in
place, so we need to extract and rebuild the archives instead.
2022-04-29 14:28:42 +00:00
|
|
|
# PREFIX is VERSION without the leading v, for use in archive prefixes.
|
|
|
|
|
PREFIX ?= $(patsubst v%,git-lfs-%,$(VERSION))
|
|
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# GO is the name of the 'go' binary used to compile Git LFS.
|
2018-07-16 20:25:44 +00:00
|
|
|
GO ?= go
|
|
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# GO_TEST_EXTRA_ARGS are extra arguments given to invocations of 'go test'.
|
|
|
|
|
#
|
|
|
|
|
# Examples include:
|
|
|
|
|
#
|
|
|
|
|
# make test GO_TEST_EXTRA_ARGS=-v
|
|
|
|
|
# make test GO_TEST_EXTRA_ARGS='-run TestMyExample'
|
2018-07-16 21:25:54 +00:00
|
|
|
GO_TEST_EXTRA_ARGS =
|
|
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# BUILTIN_LD_FLAGS are the internal flags used to pass to the linker. By default
|
|
|
|
|
# the config.GitCommit variable is always set via this variable, and
|
|
|
|
|
# DWARF-stripping is enabled unless DWARF=YesPlease.
|
2018-07-19 18:02:25 +00:00
|
|
|
BUILTIN_LD_FLAGS =
|
2019-05-08 18:40:24 +00:00
|
|
|
ifneq ("$(VENDOR)","")
|
2022-10-13 11:27:39 +00:00
|
|
|
BUILTIN_LD_FLAGS += -X 'github.com/git-lfs/git-lfs/v3/config.Vendor=$(VENDOR)'
|
2019-05-08 18:40:24 +00:00
|
|
|
endif
|
2022-10-13 11:17:50 +00:00
|
|
|
BUILTIN_LD_FLAGS += -X github.com/git-lfs/git-lfs/v3/config.GitCommit=$(GIT_LFS_SHA)
|
2018-07-19 18:02:25 +00:00
|
|
|
ifneq ("$(DWARF)","YesPlease")
|
|
|
|
|
BUILTIN_LD_FLAGS += -s
|
|
|
|
|
BUILTIN_LD_FLAGS += -w
|
|
|
|
|
endif
|
2018-07-23 18:41:00 +00:00
|
|
|
# EXTRA_LD_FLAGS are given by the caller, and are passed to the Go linker after
|
2018-12-21 20:16:21 +00:00
|
|
|
# BUILTIN_LD_FLAGS are processed. By default the system LDFLAGS are passed.
|
2019-02-25 21:19:52 +00:00
|
|
|
ifdef LDFLAGS
|
2018-12-21 20:16:21 +00:00
|
|
|
EXTRA_LD_FLAGS ?= -extldflags ${LDFLAGS}
|
2019-02-25 21:19:52 +00:00
|
|
|
endif
|
2018-07-23 18:41:00 +00:00
|
|
|
# LD_FLAGS is the union of the above two BUILTIN_LD_FLAGS and EXTRA_LD_FLAGS.
|
2018-07-19 18:02:25 +00:00
|
|
|
LD_FLAGS = $(BUILTIN_LD_FLAGS) $(EXTRA_LD_FLAGS)
|
|
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# BUILTIN_GC_FLAGS are the internal flags used to pass compiler.
|
2022-04-11 18:44:27 +00:00
|
|
|
BUILTIN_GC_FLAGS =
|
2018-07-23 18:41:00 +00:00
|
|
|
# EXTRA_GC_FLAGS are the caller-provided flags to pass to the compiler.
|
2018-07-19 18:02:25 +00:00
|
|
|
EXTRA_GC_FLAGS =
|
2018-07-23 18:41:00 +00:00
|
|
|
# GC_FLAGS are the union of the above two BUILTIN_GC_FLAGS and EXTRA_GC_FLAGS.
|
2018-07-19 18:02:25 +00:00
|
|
|
GC_FLAGS = $(BUILTIN_GC_FLAGS) $(EXTRA_GC_FLAGS)
|
|
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# RONN is the name of the 'ronn' program used to generate man pages.
|
2018-07-19 19:03:54 +00:00
|
|
|
RONN ?= ronn
|
2018-07-23 18:41:00 +00:00
|
|
|
# RONN_EXTRA_ARGS are extra arguments given to the $(RONN) program when invoked.
|
2018-07-19 19:03:54 +00:00
|
|
|
RONN_EXTRA_ARGS ?=
|
|
|
|
|
|
2022-06-22 20:33:21 +00:00
|
|
|
# ASCIIDOCTOR is the name of the 'asciidoctor' program used to generate man pages.
|
|
|
|
|
ASCIIDOCTOR ?= asciidoctor
|
|
|
|
|
# ASCIIDOCTOR_EXTRA_ARGS are extra arguments given to the $(ASCIIDOCTOR) program when invoked.
|
|
|
|
|
ASCIIDOCTOR_EXTRA_ARGS ?= -a reproducible
|
|
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# GREP is the name of the program used for regular expression matching, or
|
|
|
|
|
# 'grep' if unset.
|
2018-07-16 20:25:44 +00:00
|
|
|
GREP ?= grep
|
2018-07-23 18:41:00 +00:00
|
|
|
# XARGS is the name of the program used to turn stdin into program arguments, or
|
|
|
|
|
# 'xargs' if unset.
|
2018-07-16 20:25:44 +00:00
|
|
|
XARGS ?= xargs
|
|
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# GOIMPORTS is the name of the program formatter used before compiling.
|
2018-07-16 20:25:44 +00:00
|
|
|
GOIMPORTS ?= goimports
|
2018-07-23 18:41:00 +00:00
|
|
|
# GOIMPORTS_EXTRA_OPTS are the default options given to the $(GOIMPORTS)
|
|
|
|
|
# program.
|
2018-07-16 20:25:44 +00:00
|
|
|
GOIMPORTS_EXTRA_OPTS ?= -w -l
|
|
|
|
|
|
2022-04-28 20:06:05 +00:00
|
|
|
# TAR is the tar command, either GNU or BSD (libarchive) tar.
|
|
|
|
|
TAR ?= tar
|
|
|
|
|
|
|
|
|
|
TAR_XFORM_ARG ?= $(shell $(TAR) --version | grep -q 'GNU tar' && echo '--xform' || echo '-s')
|
|
|
|
|
TAR_XFORM_CMD ?= $(shell $(TAR) --version | grep -q 'GNU tar' && echo 's')
|
2018-08-24 15:05:57 +00:00
|
|
|
|
2018-09-24 20:52:46 +00:00
|
|
|
# CERT_SHA1 is the SHA-1 hash of the Windows code-signing cert to use. The
|
|
|
|
|
# actual signature is made with SHA-256.
|
2022-04-15 22:25:34 +00:00
|
|
|
CERT_SHA1 ?= 27ea8f81ce920bccd2174e3b272f2ba247605be6
|
2018-09-24 20:52:46 +00:00
|
|
|
|
2019-09-05 21:50:36 +00:00
|
|
|
# CERT_FILE is the PKCS#12 file holding the certificate.
|
|
|
|
|
CERT_FILE ?=
|
|
|
|
|
|
|
|
|
|
# CERT_PASS is the password for the certificate. It must not contain
|
|
|
|
|
# double-quotes.
|
|
|
|
|
CERT_PASS ?=
|
|
|
|
|
|
|
|
|
|
# CERT_ARGS are additional arguments to pass when signing Windows binaries.
|
|
|
|
|
ifneq ("$(CERT_FILE)$(CERT_PASS)","")
|
2019-09-24 17:27:22 +00:00
|
|
|
CERT_ARGS ?= -f "$(CERT_FILE)" -p "$(CERT_PASS)"
|
|
|
|
|
else
|
|
|
|
|
CERT_ARGS ?= -sha1 $(CERT_SHA1)
|
2019-09-05 21:50:36 +00:00
|
|
|
endif
|
|
|
|
|
|
workflows/release: sign and notarize macOS binaries
On macOS, Gatekeeper requires binaries that are signed with a trusted
code-signing certificate and notarized by Apple in order for them to
run. To ease the burden for Mac users, let's start providing signed
binaries.
The macOS codesign tool can only read certificates from a keychain.
However, setting keychains up to work in a non-interactive way is
complex and error prone. We create a target to import the certificates
from a PKCS #12 file and pull them into a temporary keychain which has
been specially set up to work in CI. This requires multiple complex and
poorly documented incantations to work correctly, but it does currently
work. These incantations are not to be meant run on a user system
because they modify various keychain properties, such as the default
keychain, so add a comment to that effect.
We sign both the binary and the zip file, since we cannot notarize the
binary alone but would like to have a signed binary. Only zip files,
pkg files, and disk images can be notarized; this is why we have
switched to a zip file for macOS.
Note that the notarization process requires a particular developer to
submit the binary for notarization using their Apple account. That
developer's ID and their app password are specified from the environment
and can be read from the secret store. This is so that this can easily
be rotated to reflect a new user without needing to involve code
changes. Similarly, the cert ID, although not secret, is passed in in a
similar way.
When we perform the notarization, we do it in a loop, since Apple's
servers can sometimes "forget" the fact that we submitted a request and
therefore cause gon, the notarization tool we use, to spuriously fail
when it checks on the status of our request. We don't use seq to count
in our loop because it is not portable to non-Linux systems.
Finally, we use "darwin" in the Makefile because everything else in the
Makefile already uses that, but we use "MACOS" for secrets for
consistency with the GitHub Actions workflow, which uses that. We
translate in the workflow file.
2020-04-10 19:39:23 +00:00
|
|
|
# DARWIN_CERT_ID is a portion of the common name of the signing certificatee.
|
|
|
|
|
DARWIN_CERT_ID ?=
|
|
|
|
|
|
|
|
|
|
# DARWIN_KEYCHAIN_ID is the name of the keychain (with suffix) where the
|
|
|
|
|
# certificate is located.
|
|
|
|
|
DARWIN_KEYCHAIN_ID ?= CI.keychain
|
|
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# SOURCES is a listing of all .go files in this and child directories, excluding
|
|
|
|
|
# that in vendor.
|
|
|
|
|
SOURCES = $(shell find . -type f -name '*.go' | grep -v vendor)
|
2021-11-09 21:23:20 +00:00
|
|
|
|
|
|
|
|
# MSGFMT is the GNU gettext msgfmt binary.
|
|
|
|
|
MSGFMT ?= msgfmt
|
|
|
|
|
|
|
|
|
|
# PO is a list of all the po (gettext source) files.
|
|
|
|
|
PO = $(wildcard po/*.po)
|
|
|
|
|
|
|
|
|
|
# MO is a list of all the mo (gettext compiled) files to be built.
|
|
|
|
|
MO = $(patsubst po/%.po,po/build/%.mo,$(PO))
|
|
|
|
|
|
2021-12-13 20:53:42 +00:00
|
|
|
# XGOTEXT is the string extractor for gotext.
|
|
|
|
|
XGOTEXT ?= xgotext
|
|
|
|
|
|
2022-04-28 19:39:55 +00:00
|
|
|
# CODESIGN is the macOS signing tool.
|
|
|
|
|
CODESIGN ?= codesign
|
|
|
|
|
|
|
|
|
|
# GON is the macOS notarizing tool.
|
|
|
|
|
GON ?= gon
|
|
|
|
|
|
|
|
|
|
# SIGNTOOL is the Windows signing tool.
|
|
|
|
|
SIGNTOOL ?= signtool.exe
|
|
|
|
|
|
2022-02-03 14:37:30 +00:00
|
|
|
# FORCE_LOCALIZE forces localization to be run if set to non-empty.
|
|
|
|
|
FORCE_LOCALIZE ?=
|
|
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# PKGS is a listing of packages that are considered to be a part of Git LFS, and
|
|
|
|
|
# are used in package-specific commands, such as the 'make test' targets. For
|
|
|
|
|
# example:
|
|
|
|
|
#
|
|
|
|
|
# make test # run 'go test' in all packages
|
|
|
|
|
# make PKGS='config git/githistory' test # run 'go test' in config and
|
|
|
|
|
# # git/githistory
|
|
|
|
|
#
|
|
|
|
|
# By default, it is a listing of all packages in Git LFS. When new packages (or
|
|
|
|
|
# sub-packages) are created, they should be added here.
|
2018-07-16 21:10:31 +00:00
|
|
|
ifndef PKGS
|
|
|
|
|
PKGS =
|
|
|
|
|
PKGS += commands
|
|
|
|
|
PKGS += config
|
2018-09-19 15:05:48 +00:00
|
|
|
PKGS += creds
|
2018-07-16 21:10:31 +00:00
|
|
|
PKGS += errors
|
|
|
|
|
PKGS += filepathfilter
|
|
|
|
|
PKGS += fs
|
|
|
|
|
PKGS += git
|
|
|
|
|
PKGS += git/gitattr
|
|
|
|
|
PKGS += git/githistory
|
|
|
|
|
PKGS += git
|
|
|
|
|
PKGS += lfs
|
|
|
|
|
PKGS += lfsapi
|
2018-09-06 21:42:41 +00:00
|
|
|
PKGS += lfshttp
|
2018-07-16 21:10:31 +00:00
|
|
|
PKGS += locking
|
2021-02-03 22:27:01 +00:00
|
|
|
PKGS += ssh
|
2018-07-16 21:10:31 +00:00
|
|
|
PKGS += subprocess
|
|
|
|
|
PKGS += tasklog
|
|
|
|
|
PKGS += tools
|
|
|
|
|
PKGS += tools/humanize
|
|
|
|
|
PKGS += tools/kv
|
2021-11-09 21:23:20 +00:00
|
|
|
PKGS += tr
|
2018-07-16 21:10:31 +00:00
|
|
|
PKGS += tq
|
|
|
|
|
endif
|
2018-07-16 20:05:08 +00:00
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# X is the platform-specific extension for Git LFS binaries. It is automatically
|
|
|
|
|
# set to .exe on Windows, and the empty string on all other platforms. It may be
|
|
|
|
|
# overridden.
|
2018-07-24 15:41:45 +00:00
|
|
|
#
|
|
|
|
|
# BUILD_MAIN is the main ".go" file that contains func main() for Git LFS. On
|
|
|
|
|
# macOS and other non-Windows platforms, it is required that a specific
|
|
|
|
|
# entrypoint be given, hence the below conditional. On Windows, it is required
|
|
|
|
|
# that an entrypoint not be given so that goversioninfo can successfully embed
|
|
|
|
|
# the resource.syso file (for more, see below).
|
2022-05-20 14:02:23 +00:00
|
|
|
#
|
|
|
|
|
# BSDTAR is BSD (libarchive) tar.
|
2018-07-19 18:02:25 +00:00
|
|
|
ifeq ($(OS),Windows_NT)
|
|
|
|
|
X ?= .exe
|
2018-07-24 15:41:45 +00:00
|
|
|
BUILD_MAIN ?=
|
2022-05-20 14:02:23 +00:00
|
|
|
BSDTAR ?= C:/Windows/system32/tar.exe
|
2018-07-19 18:02:25 +00:00
|
|
|
else
|
|
|
|
|
X ?=
|
2018-07-24 15:41:45 +00:00
|
|
|
BUILD_MAIN ?= ./git-lfs.go
|
2022-05-20 14:02:23 +00:00
|
|
|
BSDTAR ?= $(shell $(TAR) --version | grep -q 'GNU tar' && echo bsdtar || echo $(TAR))
|
2018-07-19 18:02:25 +00:00
|
|
|
endif
|
|
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# BUILD is a macro used to build a single binary of Git LFS using the above
|
|
|
|
|
# LD_FLAGS and GC_FLAGS.
|
|
|
|
|
#
|
|
|
|
|
# It takes three arguments:
|
|
|
|
|
#
|
|
|
|
|
# $(1) - a valid GOOS value, or empty-string
|
|
|
|
|
# $(2) - a valid GOARCH value, or empty-string
|
|
|
|
|
# $(3) - an optional program extension. If $(3) is given as '-foo', then the
|
|
|
|
|
# program will be written to bin/git-lfs-foo.
|
2018-07-24 15:41:45 +00:00
|
|
|
#
|
|
|
|
|
# It uses BUILD_MAIN as defined above to specify the entrypoint for building Git
|
|
|
|
|
# LFS.
|
2018-07-19 18:02:25 +00:00
|
|
|
BUILD = GOOS=$(1) GOARCH=$(2) \
|
|
|
|
|
$(GO) build \
|
|
|
|
|
-ldflags="$(LD_FLAGS)" \
|
|
|
|
|
-gcflags="$(GC_FLAGS)" \
|
2022-04-11 18:44:27 +00:00
|
|
|
-trimpath \
|
2018-07-24 15:41:45 +00:00
|
|
|
-o ./bin/git-lfs$(3) $(BUILD_MAIN)
|
2018-07-19 18:02:25 +00:00
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# BUILD_TARGETS is the set of all platforms and architectures that Git LFS is
|
|
|
|
|
# built for.
|
2018-08-24 15:08:32 +00:00
|
|
|
BUILD_TARGETS = \
|
|
|
|
|
bin/git-lfs-darwin-amd64 \
|
2021-03-11 21:11:33 +00:00
|
|
|
bin/git-lfs-darwin-arm64 \
|
2020-05-08 12:35:42 +00:00
|
|
|
bin/git-lfs-linux-arm \
|
2018-08-24 15:12:15 +00:00
|
|
|
bin/git-lfs-linux-arm64 \
|
2018-08-24 15:08:32 +00:00
|
|
|
bin/git-lfs-linux-amd64 \
|
2020-01-14 21:35:27 +00:00
|
|
|
bin/git-lfs-linux-ppc64le \
|
|
|
|
|
bin/git-lfs-linux-s390x \
|
2018-08-24 15:08:32 +00:00
|
|
|
bin/git-lfs-linux-386 \
|
|
|
|
|
bin/git-lfs-freebsd-amd64 \
|
|
|
|
|
bin/git-lfs-freebsd-386 \
|
|
|
|
|
bin/git-lfs-windows-amd64.exe \
|
2021-08-17 08:04:01 +00:00
|
|
|
bin/git-lfs-windows-386.exe \
|
|
|
|
|
bin/git-lfs-windows-arm64.exe
|
2018-07-19 18:02:25 +00:00
|
|
|
|
2018-08-01 16:41:58 +00:00
|
|
|
# mangen is a shorthand for ensuring that commands/mancontent_gen.go is kept
|
|
|
|
|
# up-to-date with the contents of docs/man/*.ronn.
|
2018-07-31 06:09:27 +00:00
|
|
|
.PHONY : mangen
|
2018-08-01 16:36:29 +00:00
|
|
|
mangen : commands/mancontent_gen.go
|
2018-07-31 06:09:27 +00:00
|
|
|
|
2018-08-01 16:41:58 +00:00
|
|
|
# commands/mancontent_gen.go is generated by running 'go generate' on package
|
|
|
|
|
# 'commands' of Git LFS. It depends upon the contents of the 'docs' directory
|
|
|
|
|
# and converts those manpages into code.
|
2018-08-01 16:41:05 +00:00
|
|
|
commands/mancontent_gen.go : $(wildcard docs/man/*.ronn)
|
2021-09-01 19:41:10 +00:00
|
|
|
GOOS= GOARCH= $(GO) generate github.com/git-lfs/git-lfs/v3/commands
|
2018-07-31 06:09:27 +00:00
|
|
|
|
2021-11-09 21:23:20 +00:00
|
|
|
# trgen is a shorthand for ensuring that tr/tr_gen.go is kept up-to-date with
|
|
|
|
|
# the contents of po/build/*.mo.
|
|
|
|
|
.PHONY : trgen
|
|
|
|
|
trgen : tr/tr_gen.go
|
|
|
|
|
|
|
|
|
|
# tr/tr_gen.go is generated by running 'go generate' on package
|
|
|
|
|
# 'tr' of Git LFS. It depends upon the contents of the 'po' directory
|
|
|
|
|
# and converts the .mo files.
|
|
|
|
|
tr/tr_gen.go : $(MO)
|
|
|
|
|
GOOS= GOARCH= $(GO) generate github.com/git-lfs/git-lfs/v3/tr
|
|
|
|
|
|
|
|
|
|
po/build:
|
|
|
|
|
mkdir -p po/build
|
|
|
|
|
|
|
|
|
|
# These targets build the MO files.
|
|
|
|
|
po/build/%.mo: po/%.po po/build
|
2022-02-03 14:37:30 +00:00
|
|
|
ifeq ($(FORCE_LOCALIZE),)
|
2021-11-09 21:23:20 +00:00
|
|
|
if command -v $(MSGFMT) >/dev/null 2>&1; \
|
|
|
|
|
then \
|
|
|
|
|
$(MSGFMT) -o $@ $<; \
|
|
|
|
|
fi
|
2022-02-03 14:37:30 +00:00
|
|
|
else
|
|
|
|
|
$(MSGFMT) -o $@ $<
|
|
|
|
|
endif
|
2021-11-09 21:23:20 +00:00
|
|
|
|
2021-12-13 20:53:42 +00:00
|
|
|
po/i-reverse.po: po/default.pot
|
|
|
|
|
script/gen-i-reverse $< $@
|
|
|
|
|
|
|
|
|
|
po/default.pot:
|
|
|
|
|
if command -v $(XGOTEXT) >/dev/null 2>&1; \
|
|
|
|
|
then \
|
|
|
|
|
$(XGOTEXT) -in . -exclude .git,.github,vendor -out po -v; \
|
|
|
|
|
fi
|
|
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# Targets 'all' and 'build' build binaries of Git LFS for the above release
|
|
|
|
|
# matrix.
|
2018-07-19 18:02:25 +00:00
|
|
|
.PHONY : all build
|
|
|
|
|
all build : $(BUILD_TARGETS)
|
|
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# The following bin/git-lfs-% targets make a single binary compilation of Git
|
|
|
|
|
# LFS for a specific operating system and architecture pair.
|
|
|
|
|
#
|
|
|
|
|
# They function by translating target names into arguments for the above BUILD
|
|
|
|
|
# builtin, and appending the appropriate suffix to the build target.
|
|
|
|
|
#
|
2018-07-23 19:00:44 +00:00
|
|
|
# On Windows, they also depend on the resource.syso target, which installs and
|
|
|
|
|
# embeds the versioninfo into the binary.
|
2021-11-09 21:23:20 +00:00
|
|
|
bin/git-lfs-darwin-amd64 : $(SOURCES) mangen trgen
|
2018-07-19 18:02:25 +00:00
|
|
|
$(call BUILD,darwin,amd64,-darwin-amd64)
|
2021-11-09 21:23:20 +00:00
|
|
|
bin/git-lfs-darwin-arm64 : $(SOURCES) mangen trgen
|
2021-03-11 21:11:33 +00:00
|
|
|
$(call BUILD,darwin,arm64,-darwin-arm64)
|
2021-11-09 21:23:20 +00:00
|
|
|
bin/git-lfs-linux-arm : $(SOURCES) mangen trgen
|
2020-05-08 12:35:42 +00:00
|
|
|
GOARM=5 $(call BUILD,linux,arm,-linux-arm)
|
2021-11-09 21:23:20 +00:00
|
|
|
bin/git-lfs-linux-arm64 : $(SOURCES) mangen trgen
|
2018-08-24 16:41:37 +00:00
|
|
|
$(call BUILD,linux,arm64,-linux-arm64)
|
2021-11-09 21:23:20 +00:00
|
|
|
bin/git-lfs-linux-amd64 : $(SOURCES) mangen trgen
|
2018-07-19 18:02:25 +00:00
|
|
|
$(call BUILD,linux,amd64,-linux-amd64)
|
2021-11-09 21:23:20 +00:00
|
|
|
bin/git-lfs-linux-ppc64le : $(SOURCES) mangen trgen
|
2020-01-14 21:35:27 +00:00
|
|
|
$(call BUILD,linux,ppc64le,-linux-ppc64le)
|
2021-11-09 21:23:20 +00:00
|
|
|
bin/git-lfs-linux-s390x : $(SOURCES) mangen trgen
|
2020-01-14 21:35:27 +00:00
|
|
|
$(call BUILD,linux,s390x,-linux-s390x)
|
2021-11-09 21:23:20 +00:00
|
|
|
bin/git-lfs-linux-386 : $(SOURCES) mangen trgen
|
2018-07-19 18:02:25 +00:00
|
|
|
$(call BUILD,linux,386,-linux-386)
|
2021-11-09 21:23:20 +00:00
|
|
|
bin/git-lfs-freebsd-amd64 : $(SOURCES) mangen trgen
|
2018-07-19 18:02:25 +00:00
|
|
|
$(call BUILD,freebsd,amd64,-freebsd-amd64)
|
2021-11-09 21:23:20 +00:00
|
|
|
bin/git-lfs-freebsd-386 : $(SOURCES) mangen trgen
|
2018-07-19 18:02:25 +00:00
|
|
|
$(call BUILD,freebsd,386,-freebsd-386)
|
2021-11-09 21:23:20 +00:00
|
|
|
bin/git-lfs-windows-amd64.exe : resource.syso $(SOURCES) mangen trgen
|
2018-07-19 18:02:25 +00:00
|
|
|
$(call BUILD,windows,amd64,-windows-amd64.exe)
|
2021-11-09 21:23:20 +00:00
|
|
|
bin/git-lfs-windows-386.exe : resource.syso $(SOURCES) mangen trgen
|
2018-07-19 18:02:25 +00:00
|
|
|
$(call BUILD,windows,386,-windows-386.exe)
|
2021-11-09 21:23:20 +00:00
|
|
|
bin/git-lfs-windows-arm64.exe : resource.syso $(SOURCES) mangen trgen
|
2021-08-17 08:04:01 +00:00
|
|
|
$(call BUILD,windows,arm64,-windows-arm64.exe)
|
2018-07-19 18:02:25 +00:00
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# .DEFAULT_GOAL sets the operating system-appropriate Git LFS binary as the
|
|
|
|
|
# default output of 'make'.
|
|
|
|
|
.DEFAULT_GOAL := bin/git-lfs$(X)
|
|
|
|
|
|
|
|
|
|
# bin/git-lfs targets the default output of Git LFS on non-Windows operating
|
|
|
|
|
# systems, and respects the build knobs as above.
|
2021-11-09 21:23:20 +00:00
|
|
|
bin/git-lfs : $(SOURCES) fmt mangen trgen
|
2018-07-19 18:02:25 +00:00
|
|
|
$(call BUILD,$(GOOS),$(GOARCH),)
|
|
|
|
|
|
2018-07-25 23:50:05 +00:00
|
|
|
# bin/git-lfs.exe targets the default output of Git LFS on Windows systems, and
|
2018-07-23 18:41:00 +00:00
|
|
|
# respects the build knobs as above.
|
2021-11-09 21:23:20 +00:00
|
|
|
bin/git-lfs.exe : $(SOURCES) resource.syso mangen trgen
|
2018-07-19 18:02:25 +00:00
|
|
|
$(call BUILD,$(GOOS),$(GOARCH),.exe)
|
|
|
|
|
|
2018-07-25 23:50:43 +00:00
|
|
|
# resource.syso installs the 'goversioninfo' command and uses it in order to
|
2018-07-23 18:41:00 +00:00
|
|
|
# generate a binary that has information included necessary to create the
|
|
|
|
|
# Windows installer.
|
2018-07-27 02:12:06 +00:00
|
|
|
#
|
|
|
|
|
# Generating a new resource.syso is a pure function of the contents in the
|
|
|
|
|
# prerequisites listed below.
|
|
|
|
|
resource.syso : \
|
|
|
|
|
versioninfo.json script/windows-installer/git-lfs-logo.bmp \
|
|
|
|
|
script/windows-installer/git-lfs-logo.ico \
|
|
|
|
|
script/windows-installer/git-lfs-wizard-image.bmp
|
2018-07-23 18:45:21 +00:00
|
|
|
$(GO) generate
|
2018-07-19 18:02:25 +00:00
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# RELEASE_TARGETS is the set of all release artifacts that we generate over a
|
|
|
|
|
# particular release. They each have a corresponding entry in BUILD_TARGETS as
|
|
|
|
|
# above.
|
|
|
|
|
#
|
|
|
|
|
# Unlike BUILD_TARGETS above, each of the below create a compressed directory
|
|
|
|
|
# containing the matching binary, as well as the contents of RELEASE_INCLUDES
|
|
|
|
|
# below.
|
2018-07-25 23:57:55 +00:00
|
|
|
#
|
|
|
|
|
# To build a specific release, execute the following:
|
|
|
|
|
#
|
|
|
|
|
# make bin/releases/git-lfs-darwin-amd64-$(git describe HEAD).tar.gz
|
|
|
|
|
#
|
|
|
|
|
# To build a specific release with a custom VERSION suffix, run the following:
|
|
|
|
|
#
|
|
|
|
|
# make VERSION=my-version bin/releases/git-lfs-darwin-amd64-my-version.tar.gz
|
2018-08-24 15:08:32 +00:00
|
|
|
RELEASE_TARGETS = \
|
2020-04-10 14:34:54 +00:00
|
|
|
bin/releases/git-lfs-darwin-amd64-$(VERSION).zip \
|
2021-03-11 21:11:33 +00:00
|
|
|
bin/releases/git-lfs-darwin-arm64-$(VERSION).zip \
|
2020-05-08 12:35:42 +00:00
|
|
|
bin/releases/git-lfs-linux-arm-$(VERSION).tar.gz \
|
2018-08-24 15:12:15 +00:00
|
|
|
bin/releases/git-lfs-linux-arm64-$(VERSION).tar.gz \
|
2018-07-19 18:02:25 +00:00
|
|
|
bin/releases/git-lfs-linux-amd64-$(VERSION).tar.gz \
|
2020-01-14 21:35:27 +00:00
|
|
|
bin/releases/git-lfs-linux-ppc64le-$(VERSION).tar.gz \
|
|
|
|
|
bin/releases/git-lfs-linux-s390x-$(VERSION).tar.gz \
|
2018-07-19 18:02:25 +00:00
|
|
|
bin/releases/git-lfs-linux-386-$(VERSION).tar.gz \
|
|
|
|
|
bin/releases/git-lfs-freebsd-amd64-$(VERSION).tar.gz \
|
|
|
|
|
bin/releases/git-lfs-freebsd-386-$(VERSION).tar.gz \
|
|
|
|
|
bin/releases/git-lfs-windows-amd64-$(VERSION).zip \
|
2018-09-24 14:44:58 +00:00
|
|
|
bin/releases/git-lfs-windows-386-$(VERSION).zip \
|
2021-08-17 08:04:01 +00:00
|
|
|
bin/releases/git-lfs-windows-arm64-$(VERSION).zip \
|
2018-09-24 14:44:58 +00:00
|
|
|
bin/releases/git-lfs-$(VERSION).tar.gz
|
2018-07-19 18:02:25 +00:00
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# RELEASE_INCLUDES are the names of additional files that are added to each
|
|
|
|
|
# release artifact.
|
2020-09-03 16:19:02 +00:00
|
|
|
RELEASE_INCLUDES = README.md CHANGELOG.md man
|
2018-07-19 18:02:25 +00:00
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# release is a phony target that builds all of the release artifacts, and then
|
|
|
|
|
# shows the SHA 256 signature of each.
|
2018-07-25 23:57:55 +00:00
|
|
|
#
|
|
|
|
|
# To build all of the release binaries for a given Git LFS release:
|
|
|
|
|
#
|
|
|
|
|
# make release
|
2018-07-19 18:02:25 +00:00
|
|
|
.PHONY : release
|
|
|
|
|
release : $(RELEASE_TARGETS)
|
|
|
|
|
shasum -a 256 $(RELEASE_TARGETS)
|
|
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# bin/releases/git-lfs-%-$(VERSION).tar.gz generates a gzip-compressed TAR of
|
2020-04-10 14:34:54 +00:00
|
|
|
# the non-Windows and non-macOS release artifacts.
|
2018-07-23 18:41:00 +00:00
|
|
|
#
|
|
|
|
|
# It includes all of RELEASE_INCLUDES, as well as script/install.sh.
|
|
|
|
|
bin/releases/git-lfs-%-$(VERSION).tar.gz : \
|
|
|
|
|
$(RELEASE_INCLUDES) bin/git-lfs-% script/install.sh
|
2018-07-19 18:02:25 +00:00
|
|
|
@mkdir -p bin/releases
|
Makefile: put all archive contents in a directory
Right now, extracting one of our archives (except for the source
archives) causes all files to be extracted in the current directory.
This is commonly referred to as a tarbomb, and is generally unwelcome.
Instead, let's create a top-level directory in each of our archives
named the same way as we currently name our source tarballs: the string
"git-lfs-" and then a version number without the initial "v". This is
the same algorithm GitHub would use to create its autogenerated
archives.
Because we can no longer use zip's -j option to strip off path
components (since we now want to preserve at least some of them), using
zip becomes tricky. Instead, let's use the BSD (libarchive) tar, which
is natively available on Windows, macOS, and FreeBSD as the system tar
implementation, and which can be easily installed on all Linux distros
under the name "bsdtar". This program supports tar files, zip files,
and a wide variety of other formats that we don't need here and is ideal
for this usage. However, it doesn't support updating zip files in
place, so we need to extract and rebuild the archives instead.
2022-04-29 14:28:42 +00:00
|
|
|
$(TAR) $(TAR_XFORM_ARG) '$(TAR_XFORM_CMD)!bin/git-lfs-.*!$(PREFIX)/git-lfs!' \
|
|
|
|
|
$(TAR_XFORM_ARG) '$(TAR_XFORM_CMD)!script/!$(PREFIX)/!' \
|
|
|
|
|
$(TAR_XFORM_ARG) '$(TAR_XFORM_CMD)!\(.*\)\.md!$(PREFIX)/\1.md!' \
|
|
|
|
|
$(TAR_XFORM_ARG) '$(TAR_XFORM_CMD)!man!$(PREFIX)/man!' \
|
Makefile: use pax format for tar archives
There are a wide variety of possible formats for tar archives. The
POSIX standard provides the ustar format (Unix standard tar), and GNU
tar has extended this with various extensions to better support long
file names. The latter is the default format for GNU tar.
However, POSIX has also standardized an additional format, called the
pax format, which is an extension to the ustar format that allows for
functionally unlimited file name lengths, file sizes, and other
attributes. Because it is standardized, it is substantially more
portable than GNU tar, and it is also used by default in Git, so anyone
who can consume a Git-produced tar archive can therefore handle this
format.
The pax format can be enabled with the --posix option to both GNU and
BSD tar. Since it's a substantial improvement over the default for GNU
tar, let's produce it by default when we create a tar archive.
2022-04-29 14:46:24 +00:00
|
|
|
--posix -czf $@ $^
|
2018-07-19 18:02:25 +00:00
|
|
|
|
2020-04-10 14:34:54 +00:00
|
|
|
# bin/releases/git-lfs-darwin-$(VERSION).zip generates a ZIP compression of all
|
|
|
|
|
# of the macOS release artifacts.
|
|
|
|
|
#
|
|
|
|
|
# It includes all of the RELEASE_INCLUDES, as well as script/install.sh.
|
|
|
|
|
bin/releases/git-lfs-darwin-%-$(VERSION).zip : \
|
|
|
|
|
$(RELEASE_INCLUDES) bin/git-lfs-darwin-% script/install.sh
|
Makefile: put all archive contents in a directory
Right now, extracting one of our archives (except for the source
archives) causes all files to be extracted in the current directory.
This is commonly referred to as a tarbomb, and is generally unwelcome.
Instead, let's create a top-level directory in each of our archives
named the same way as we currently name our source tarballs: the string
"git-lfs-" and then a version number without the initial "v". This is
the same algorithm GitHub would use to create its autogenerated
archives.
Because we can no longer use zip's -j option to strip off path
components (since we now want to preserve at least some of them), using
zip becomes tricky. Instead, let's use the BSD (libarchive) tar, which
is natively available on Windows, macOS, and FreeBSD as the system tar
implementation, and which can be easily installed on all Linux distros
under the name "bsdtar". This program supports tar files, zip files,
and a wide variety of other formats that we don't need here and is ideal
for this usage. However, it doesn't support updating zip files in
place, so we need to extract and rebuild the archives instead.
2022-04-29 14:28:42 +00:00
|
|
|
@mkdir -p bin/releases
|
|
|
|
|
$(BSDTAR) --format zip \
|
|
|
|
|
-s '!bin/git-lfs-.*!$(PREFIX)/git-lfs!' \
|
|
|
|
|
-s '!script/!$(PREFIX)/!' \
|
|
|
|
|
-s '!\(.*\)\.md!$(PREFIX)/\1.md!' \
|
|
|
|
|
-s '!man!$(PREFIX)/man!' \
|
|
|
|
|
-cf $@ $^
|
2020-04-10 14:34:54 +00:00
|
|
|
|
|
|
|
|
# bin/releases/git-lfs-windows-$(VERSION).zip generates a ZIP compression of all
|
|
|
|
|
# of the Windows release artifacts.
|
2018-07-23 18:41:00 +00:00
|
|
|
#
|
|
|
|
|
# It includes all of the RELEASE_INCLUDES, and converts LF-style line endings to
|
|
|
|
|
# CRLF in the non-binary components of the artifact.
|
2020-04-10 14:34:54 +00:00
|
|
|
bin/releases/git-lfs-windows-%-$(VERSION).zip : $(RELEASE_INCLUDES) bin/git-lfs-windows-%.exe
|
2018-07-19 18:02:25 +00:00
|
|
|
@mkdir -p bin/releases
|
2022-05-20 14:27:13 +00:00
|
|
|
# Windows's bsdtar doesn't support -s, so do the same thing as for Darwin, but
|
|
|
|
|
# by hand.
|
|
|
|
|
temp=$$(mktemp -d); \
|
|
|
|
|
file="$$PWD/$@" && \
|
|
|
|
|
mkdir -p "$$temp/$(PREFIX)/man" && \
|
|
|
|
|
cp -r $^ "$$temp/$(PREFIX)" && \
|
|
|
|
|
(cd "$$temp" && $(BSDTAR) --format zip -cf "$$file" $(PREFIX)) && \
|
|
|
|
|
$(RM) -r "$$temp"
|
2018-07-19 18:02:25 +00:00
|
|
|
|
2018-09-24 14:44:58 +00:00
|
|
|
# bin/releases/git-lfs-$(VERSION).tar.gz generates a tarball of the source code.
|
|
|
|
|
#
|
|
|
|
|
# This is useful for third parties who wish to have a bit-for-bit identical
|
|
|
|
|
# source archive to download and verify cryptographically.
|
|
|
|
|
bin/releases/git-lfs-$(VERSION).tar.gz :
|
Makefile: put all archive contents in a directory
Right now, extracting one of our archives (except for the source
archives) causes all files to be extracted in the current directory.
This is commonly referred to as a tarbomb, and is generally unwelcome.
Instead, let's create a top-level directory in each of our archives
named the same way as we currently name our source tarballs: the string
"git-lfs-" and then a version number without the initial "v". This is
the same algorithm GitHub would use to create its autogenerated
archives.
Because we can no longer use zip's -j option to strip off path
components (since we now want to preserve at least some of them), using
zip becomes tricky. Instead, let's use the BSD (libarchive) tar, which
is natively available on Windows, macOS, and FreeBSD as the system tar
implementation, and which can be easily installed on all Linux distros
under the name "bsdtar". This program supports tar files, zip files,
and a wide variety of other formats that we don't need here and is ideal
for this usage. However, it doesn't support updating zip files in
place, so we need to extract and rebuild the archives instead.
2022-04-29 14:28:42 +00:00
|
|
|
git archive -o $@ --prefix=$(PREFIX)/ --format tar.gz $(VERSION)
|
2018-09-24 14:44:58 +00:00
|
|
|
|
2018-09-24 21:53:53 +00:00
|
|
|
# release-linux is a target that builds Linux packages. It must be run on a
|
|
|
|
|
# system with Docker that can run Linux containers.
|
|
|
|
|
.PHONY : release-linux
|
|
|
|
|
release-linux:
|
|
|
|
|
./docker/run_dockers.bsh
|
|
|
|
|
|
2018-09-24 20:52:46 +00:00
|
|
|
# release-windows is a target that builds and signs Windows binaries. It must
|
|
|
|
|
# be run on a Windows machine under Git Bash.
|
|
|
|
|
#
|
workflows/release: sign and notarize macOS binaries
On macOS, Gatekeeper requires binaries that are signed with a trusted
code-signing certificate and notarized by Apple in order for them to
run. To ease the burden for Mac users, let's start providing signed
binaries.
The macOS codesign tool can only read certificates from a keychain.
However, setting keychains up to work in a non-interactive way is
complex and error prone. We create a target to import the certificates
from a PKCS #12 file and pull them into a temporary keychain which has
been specially set up to work in CI. This requires multiple complex and
poorly documented incantations to work correctly, but it does currently
work. These incantations are not to be meant run on a user system
because they modify various keychain properties, such as the default
keychain, so add a comment to that effect.
We sign both the binary and the zip file, since we cannot notarize the
binary alone but would like to have a signed binary. Only zip files,
pkg files, and disk images can be notarized; this is why we have
switched to a zip file for macOS.
Note that the notarization process requires a particular developer to
submit the binary for notarization using their Apple account. That
developer's ID and their app password are specified from the environment
and can be read from the secret store. This is so that this can easily
be rotated to reflect a new user without needing to involve code
changes. Similarly, the cert ID, although not secret, is passed in in a
similar way.
When we perform the notarization, we do it in a loop, since Apple's
servers can sometimes "forget" the fact that we submitted a request and
therefore cause gon, the notarization tool we use, to spuriously fail
when it checks on the status of our request. We don't use seq to count
in our loop because it is not portable to non-Linux systems.
Finally, we use "darwin" in the Makefile because everything else in the
Makefile already uses that, but we use "MACOS" for secrets for
consistency with the GitHub Actions workflow, which uses that. We
translate in the workflow file.
2020-04-10 19:39:23 +00:00
|
|
|
# You may sign with a different certificate by specifying CERT_ID.
|
2018-09-24 20:52:46 +00:00
|
|
|
.PHONY : release-windows
|
|
|
|
|
release-windows: bin/releases/git-lfs-windows-assets-$(VERSION).tar.gz
|
|
|
|
|
|
|
|
|
|
bin/releases/git-lfs-windows-assets-$(VERSION).tar.gz :
|
|
|
|
|
$(RM) git-lfs-windows-*.exe
|
|
|
|
|
@# Using these particular filenames is required for the Inno Setup script to
|
|
|
|
|
@# work properly.
|
Makefile: put all archive contents in a directory
Right now, extracting one of our archives (except for the source
archives) causes all files to be extracted in the current directory.
This is commonly referred to as a tarbomb, and is generally unwelcome.
Instead, let's create a top-level directory in each of our archives
named the same way as we currently name our source tarballs: the string
"git-lfs-" and then a version number without the initial "v". This is
the same algorithm GitHub would use to create its autogenerated
archives.
Because we can no longer use zip's -j option to strip off path
components (since we now want to preserve at least some of them), using
zip becomes tricky. Instead, let's use the BSD (libarchive) tar, which
is natively available on Windows, macOS, and FreeBSD as the system tar
implementation, and which can be easily installed on all Linux distros
under the name "bsdtar". This program supports tar files, zip files,
and a wide variety of other formats that we don't need here and is ideal
for this usage. However, it doesn't support updating zip files in
place, so we need to extract and rebuild the archives instead.
2022-04-29 14:28:42 +00:00
|
|
|
$(MAKE) -B GOOS=windows X=.exe GOARCH=amd64 && cp ./bin/git-lfs.exe ./git-lfs-x64.exe
|
|
|
|
|
$(MAKE) -B GOOS=windows X=.exe GOARCH=386 && cp ./bin/git-lfs.exe ./git-lfs-x86.exe
|
|
|
|
|
$(MAKE) -B GOOS=windows X=.exe GOARCH=arm64 && cp ./bin/git-lfs.exe ./git-lfs-arm64.exe
|
2019-09-05 21:50:36 +00:00
|
|
|
@echo Signing git-lfs-x64.exe
|
2022-04-28 19:39:55 +00:00
|
|
|
@$(SIGNTOOL) sign -debug -fd sha256 -tr http://timestamp.digicert.com -td sha256 $(CERT_ARGS) -v git-lfs-x64.exe
|
2019-09-05 21:50:36 +00:00
|
|
|
@echo Signing git-lfs-x86.exe
|
2022-04-28 19:39:55 +00:00
|
|
|
@$(SIGNTOOL) sign -debug -fd sha256 -tr http://timestamp.digicert.com -td sha256 $(CERT_ARGS) -v git-lfs-x86.exe
|
2021-08-17 08:04:01 +00:00
|
|
|
@echo Signing git-lfs-arm64.exe
|
2022-04-28 19:39:55 +00:00
|
|
|
@$(SIGNTOOL) sign -debug -fd sha256 -tr http://timestamp.digicert.com -td sha256 $(CERT_ARGS) -v git-lfs-arm64.exe
|
2018-09-24 20:52:46 +00:00
|
|
|
iscc.exe script/windows-installer/inno-setup-git-lfs-installer.iss
|
|
|
|
|
@# This file will be named according to the version number in the
|
|
|
|
|
@# versioninfo.json, not according to $(VERSION).
|
|
|
|
|
mv git-lfs-windows-*.exe git-lfs-windows.exe
|
2019-09-05 21:50:36 +00:00
|
|
|
@echo Signing git-lfs-windows.exe
|
2022-04-28 19:39:55 +00:00
|
|
|
@$(SIGNTOOL) sign -debug -fd sha256 -tr http://timestamp.digicert.com -td sha256 $(CERT_ARGS) -v git-lfs-windows.exe
|
2018-09-24 20:52:46 +00:00
|
|
|
mv git-lfs-x64.exe git-lfs-windows-amd64.exe
|
|
|
|
|
mv git-lfs-x86.exe git-lfs-windows-386.exe
|
2021-08-17 08:04:01 +00:00
|
|
|
mv git-lfs-arm64.exe git-lfs-windows-arm64.exe
|
2018-09-24 20:52:46 +00:00
|
|
|
@# We use tar because Git Bash doesn't include zip.
|
Makefile: put all archive contents in a directory
Right now, extracting one of our archives (except for the source
archives) causes all files to be extracted in the current directory.
This is commonly referred to as a tarbomb, and is generally unwelcome.
Instead, let's create a top-level directory in each of our archives
named the same way as we currently name our source tarballs: the string
"git-lfs-" and then a version number without the initial "v". This is
the same algorithm GitHub would use to create its autogenerated
archives.
Because we can no longer use zip's -j option to strip off path
components (since we now want to preserve at least some of them), using
zip becomes tricky. Instead, let's use the BSD (libarchive) tar, which
is natively available on Windows, macOS, and FreeBSD as the system tar
implementation, and which can be easily installed on all Linux distros
under the name "bsdtar". This program supports tar files, zip files,
and a wide variety of other formats that we don't need here and is ideal
for this usage. However, it doesn't support updating zip files in
place, so we need to extract and rebuild the archives instead.
2022-04-29 14:28:42 +00:00
|
|
|
$(TAR) -czf $@ git-lfs-windows-amd64.exe git-lfs-windows-386.exe git-lfs-windows-arm64.exe git-lfs-windows.exe
|
2021-08-17 08:04:01 +00:00
|
|
|
$(RM) git-lfs-windows-amd64.exe git-lfs-windows-386.exe git-lfs-windows-arm64.exe git-lfs-windows.exe
|
2018-09-24 20:52:46 +00:00
|
|
|
|
|
|
|
|
# release-windows-rebuild takes the archive produced by release-windows and
|
|
|
|
|
# incorporates the signed binaries into the existing zip archives.
|
|
|
|
|
.PHONY : release-windows-rebuild
|
|
|
|
|
release-windows-rebuild: bin/releases/git-lfs-windows-assets-$(VERSION).tar.gz
|
|
|
|
|
temp=$$(mktemp -d); \
|
|
|
|
|
file="$$PWD/$^"; \
|
Makefile: put all archive contents in a directory
Right now, extracting one of our archives (except for the source
archives) causes all files to be extracted in the current directory.
This is commonly referred to as a tarbomb, and is generally unwelcome.
Instead, let's create a top-level directory in each of our archives
named the same way as we currently name our source tarballs: the string
"git-lfs-" and then a version number without the initial "v". This is
the same algorithm GitHub would use to create its autogenerated
archives.
Because we can no longer use zip's -j option to strip off path
components (since we now want to preserve at least some of them), using
zip becomes tricky. Instead, let's use the BSD (libarchive) tar, which
is natively available on Windows, macOS, and FreeBSD as the system tar
implementation, and which can be easily installed on all Linux distros
under the name "bsdtar". This program supports tar files, zip files,
and a wide variety of other formats that we don't need here and is ideal
for this usage. However, it doesn't support updating zip files in
place, so we need to extract and rebuild the archives instead.
2022-04-29 14:28:42 +00:00
|
|
|
root="$$PWD" && \
|
2018-09-24 20:52:46 +00:00
|
|
|
( \
|
|
|
|
|
tar -C "$$temp" -xzf "$$file" && \
|
2021-08-17 08:04:01 +00:00
|
|
|
for i in 386 amd64 arm64; do \
|
Makefile: put all archive contents in a directory
Right now, extracting one of our archives (except for the source
archives) causes all files to be extracted in the current directory.
This is commonly referred to as a tarbomb, and is generally unwelcome.
Instead, let's create a top-level directory in each of our archives
named the same way as we currently name our source tarballs: the string
"git-lfs-" and then a version number without the initial "v". This is
the same algorithm GitHub would use to create its autogenerated
archives.
Because we can no longer use zip's -j option to strip off path
components (since we now want to preserve at least some of them), using
zip becomes tricky. Instead, let's use the BSD (libarchive) tar, which
is natively available on Windows, macOS, and FreeBSD as the system tar
implementation, and which can be easily installed on all Linux distros
under the name "bsdtar". This program supports tar files, zip files,
and a wide variety of other formats that we don't need here and is ideal
for this usage. However, it doesn't support updating zip files in
place, so we need to extract and rebuild the archives instead.
2022-04-29 14:28:42 +00:00
|
|
|
temp2="$$(mktemp -d)" && \
|
|
|
|
|
$(BSDTAR) -C "$$temp2" -xf "$$root/bin/releases/git-lfs-windows-$$i-$(VERSION).zip" && \
|
|
|
|
|
rm -f "$$temp2/$(PREFIX)/"git-lfs*.exe && \
|
|
|
|
|
cp "$$temp/git-lfs-windows-$$i.exe" "$$temp2/$(PREFIX)/git-lfs.exe" && \
|
|
|
|
|
(cd "$$temp2" && $(BSDTAR) --format=zip -cf "$$root/bin/releases/git-lfs-windows-$$i-$(VERSION).zip" $(PREFIX)) && \
|
|
|
|
|
rm -fr "$$temp2"; \
|
2018-09-24 20:52:46 +00:00
|
|
|
done && \
|
|
|
|
|
cp "$$temp/git-lfs-windows.exe" bin/releases/git-lfs-windows-$(VERSION).exe \
|
|
|
|
|
); \
|
|
|
|
|
status="$$?"; [ -n "$$temp" ] && $(RM) -r "$$temp"; exit "$$status"
|
|
|
|
|
|
workflows/release: sign and notarize macOS binaries
On macOS, Gatekeeper requires binaries that are signed with a trusted
code-signing certificate and notarized by Apple in order for them to
run. To ease the burden for Mac users, let's start providing signed
binaries.
The macOS codesign tool can only read certificates from a keychain.
However, setting keychains up to work in a non-interactive way is
complex and error prone. We create a target to import the certificates
from a PKCS #12 file and pull them into a temporary keychain which has
been specially set up to work in CI. This requires multiple complex and
poorly documented incantations to work correctly, but it does currently
work. These incantations are not to be meant run on a user system
because they modify various keychain properties, such as the default
keychain, so add a comment to that effect.
We sign both the binary and the zip file, since we cannot notarize the
binary alone but would like to have a signed binary. Only zip files,
pkg files, and disk images can be notarized; this is why we have
switched to a zip file for macOS.
Note that the notarization process requires a particular developer to
submit the binary for notarization using their Apple account. That
developer's ID and their app password are specified from the environment
and can be read from the secret store. This is so that this can easily
be rotated to reflect a new user without needing to involve code
changes. Similarly, the cert ID, although not secret, is passed in in a
similar way.
When we perform the notarization, we do it in a loop, since Apple's
servers can sometimes "forget" the fact that we submitted a request and
therefore cause gon, the notarization tool we use, to spuriously fail
when it checks on the status of our request. We don't use seq to count
in our loop because it is not portable to non-Linux systems.
Finally, we use "darwin" in the Makefile because everything else in the
Makefile already uses that, but we use "MACOS" for secrets for
consistency with the GitHub Actions workflow, which uses that. We
translate in the workflow file.
2020-04-10 19:39:23 +00:00
|
|
|
# release-darwin is a target that builds and signs Darwin (macOS) binaries. It must
|
|
|
|
|
# be run on a macOS machine with a suitable version of XCode.
|
|
|
|
|
#
|
|
|
|
|
# You may sign with a different certificate by specifying DARWIN_CERT_ID.
|
|
|
|
|
.PHONY : release-darwin
|
2021-03-11 21:11:33 +00:00
|
|
|
release-darwin: bin/releases/git-lfs-darwin-amd64-$(VERSION).zip bin/releases/git-lfs-darwin-arm64-$(VERSION).zip
|
workflows/release: sign and notarize macOS binaries
On macOS, Gatekeeper requires binaries that are signed with a trusted
code-signing certificate and notarized by Apple in order for them to
run. To ease the burden for Mac users, let's start providing signed
binaries.
The macOS codesign tool can only read certificates from a keychain.
However, setting keychains up to work in a non-interactive way is
complex and error prone. We create a target to import the certificates
from a PKCS #12 file and pull them into a temporary keychain which has
been specially set up to work in CI. This requires multiple complex and
poorly documented incantations to work correctly, but it does currently
work. These incantations are not to be meant run on a user system
because they modify various keychain properties, such as the default
keychain, so add a comment to that effect.
We sign both the binary and the zip file, since we cannot notarize the
binary alone but would like to have a signed binary. Only zip files,
pkg files, and disk images can be notarized; this is why we have
switched to a zip file for macOS.
Note that the notarization process requires a particular developer to
submit the binary for notarization using their Apple account. That
developer's ID and their app password are specified from the environment
and can be read from the secret store. This is so that this can easily
be rotated to reflect a new user without needing to involve code
changes. Similarly, the cert ID, although not secret, is passed in in a
similar way.
When we perform the notarization, we do it in a loop, since Apple's
servers can sometimes "forget" the fact that we submitted a request and
therefore cause gon, the notarization tool we use, to spuriously fail
when it checks on the status of our request. We don't use seq to count
in our loop because it is not portable to non-Linux systems.
Finally, we use "darwin" in the Makefile because everything else in the
Makefile already uses that, but we use "MACOS" for secrets for
consistency with the GitHub Actions workflow, which uses that. We
translate in the workflow file.
2020-04-10 19:39:23 +00:00
|
|
|
for i in $^; do \
|
|
|
|
|
temp=$$(mktemp -d) && \
|
Makefile: put all archive contents in a directory
Right now, extracting one of our archives (except for the source
archives) causes all files to be extracted in the current directory.
This is commonly referred to as a tarbomb, and is generally unwelcome.
Instead, let's create a top-level directory in each of our archives
named the same way as we currently name our source tarballs: the string
"git-lfs-" and then a version number without the initial "v". This is
the same algorithm GitHub would use to create its autogenerated
archives.
Because we can no longer use zip's -j option to strip off path
components (since we now want to preserve at least some of them), using
zip becomes tricky. Instead, let's use the BSD (libarchive) tar, which
is natively available on Windows, macOS, and FreeBSD as the system tar
implementation, and which can be easily installed on all Linux distros
under the name "bsdtar". This program supports tar files, zip files,
and a wide variety of other formats that we don't need here and is ideal
for this usage. However, it doesn't support updating zip files in
place, so we need to extract and rebuild the archives instead.
2022-04-29 14:28:42 +00:00
|
|
|
root=$$(pwd -P) && \
|
workflows/release: sign and notarize macOS binaries
On macOS, Gatekeeper requires binaries that are signed with a trusted
code-signing certificate and notarized by Apple in order for them to
run. To ease the burden for Mac users, let's start providing signed
binaries.
The macOS codesign tool can only read certificates from a keychain.
However, setting keychains up to work in a non-interactive way is
complex and error prone. We create a target to import the certificates
from a PKCS #12 file and pull them into a temporary keychain which has
been specially set up to work in CI. This requires multiple complex and
poorly documented incantations to work correctly, but it does currently
work. These incantations are not to be meant run on a user system
because they modify various keychain properties, such as the default
keychain, so add a comment to that effect.
We sign both the binary and the zip file, since we cannot notarize the
binary alone but would like to have a signed binary. Only zip files,
pkg files, and disk images can be notarized; this is why we have
switched to a zip file for macOS.
Note that the notarization process requires a particular developer to
submit the binary for notarization using their Apple account. That
developer's ID and their app password are specified from the environment
and can be read from the secret store. This is so that this can easily
be rotated to reflect a new user without needing to involve code
changes. Similarly, the cert ID, although not secret, is passed in in a
similar way.
When we perform the notarization, we do it in a loop, since Apple's
servers can sometimes "forget" the fact that we submitted a request and
therefore cause gon, the notarization tool we use, to spuriously fail
when it checks on the status of our request. We don't use seq to count
in our loop because it is not portable to non-Linux systems.
Finally, we use "darwin" in the Makefile because everything else in the
Makefile already uses that, but we use "MACOS" for secrets for
consistency with the GitHub Actions workflow, which uses that. We
translate in the workflow file.
2020-04-10 19:39:23 +00:00
|
|
|
( \
|
Makefile: put all archive contents in a directory
Right now, extracting one of our archives (except for the source
archives) causes all files to be extracted in the current directory.
This is commonly referred to as a tarbomb, and is generally unwelcome.
Instead, let's create a top-level directory in each of our archives
named the same way as we currently name our source tarballs: the string
"git-lfs-" and then a version number without the initial "v". This is
the same algorithm GitHub would use to create its autogenerated
archives.
Because we can no longer use zip's -j option to strip off path
components (since we now want to preserve at least some of them), using
zip becomes tricky. Instead, let's use the BSD (libarchive) tar, which
is natively available on Windows, macOS, and FreeBSD as the system tar
implementation, and which can be easily installed on all Linux distros
under the name "bsdtar". This program supports tar files, zip files,
and a wide variety of other formats that we don't need here and is ideal
for this usage. However, it doesn't support updating zip files in
place, so we need to extract and rebuild the archives instead.
2022-04-29 14:28:42 +00:00
|
|
|
$(BSDTAR) -C "$$temp" -xf "$$i" && \
|
|
|
|
|
$(CODESIGN) --keychain $(DARWIN_KEYCHAIN_ID) -s "$(DARWIN_CERT_ID)" --force --timestamp -vvvv --options runtime "$$temp/$(PREFIX)/git-lfs" && \
|
|
|
|
|
$(CODESIGN) -dvvv "$$temp/$(PREFIX)/git-lfs" && \
|
|
|
|
|
(cd "$$temp" && $(BSDTAR) --format zip -cf "$$root/$$i" "$(PREFIX)") && \
|
2022-04-28 19:39:55 +00:00
|
|
|
$(CODESIGN) --keychain $(DARWIN_KEYCHAIN_ID) -s "$(DARWIN_CERT_ID)" --force --timestamp -vvvv --options runtime "$$i" && \
|
|
|
|
|
$(CODESIGN) -dvvv "$$i" && \
|
workflows/release: sign and notarize macOS binaries
On macOS, Gatekeeper requires binaries that are signed with a trusted
code-signing certificate and notarized by Apple in order for them to
run. To ease the burden for Mac users, let's start providing signed
binaries.
The macOS codesign tool can only read certificates from a keychain.
However, setting keychains up to work in a non-interactive way is
complex and error prone. We create a target to import the certificates
from a PKCS #12 file and pull them into a temporary keychain which has
been specially set up to work in CI. This requires multiple complex and
poorly documented incantations to work correctly, but it does currently
work. These incantations are not to be meant run on a user system
because they modify various keychain properties, such as the default
keychain, so add a comment to that effect.
We sign both the binary and the zip file, since we cannot notarize the
binary alone but would like to have a signed binary. Only zip files,
pkg files, and disk images can be notarized; this is why we have
switched to a zip file for macOS.
Note that the notarization process requires a particular developer to
submit the binary for notarization using their Apple account. That
developer's ID and their app password are specified from the environment
and can be read from the secret store. This is so that this can easily
be rotated to reflect a new user without needing to involve code
changes. Similarly, the cert ID, although not secret, is passed in in a
similar way.
When we perform the notarization, we do it in a loop, since Apple's
servers can sometimes "forget" the fact that we submitted a request and
therefore cause gon, the notarization tool we use, to spuriously fail
when it checks on the status of our request. We don't use seq to count
in our loop because it is not portable to non-Linux systems.
Finally, we use "darwin" in the Makefile because everything else in the
Makefile already uses that, but we use "MACOS" for secrets for
consistency with the GitHub Actions workflow, which uses that. We
translate in the workflow file.
2020-04-10 19:39:23 +00:00
|
|
|
jq -e ".notarize.path = \"$$i\" | .apple_id.username = \"$(DARWIN_DEV_USER)\"" script/macos/manifest.json > "$$temp/manifest.json"; \
|
|
|
|
|
for j in 1 2 3; \
|
|
|
|
|
do \
|
2022-04-28 19:39:55 +00:00
|
|
|
$(GON) "$$temp/manifest.json" && break; \
|
workflows/release: sign and notarize macOS binaries
On macOS, Gatekeeper requires binaries that are signed with a trusted
code-signing certificate and notarized by Apple in order for them to
run. To ease the burden for Mac users, let's start providing signed
binaries.
The macOS codesign tool can only read certificates from a keychain.
However, setting keychains up to work in a non-interactive way is
complex and error prone. We create a target to import the certificates
from a PKCS #12 file and pull them into a temporary keychain which has
been specially set up to work in CI. This requires multiple complex and
poorly documented incantations to work correctly, but it does currently
work. These incantations are not to be meant run on a user system
because they modify various keychain properties, such as the default
keychain, so add a comment to that effect.
We sign both the binary and the zip file, since we cannot notarize the
binary alone but would like to have a signed binary. Only zip files,
pkg files, and disk images can be notarized; this is why we have
switched to a zip file for macOS.
Note that the notarization process requires a particular developer to
submit the binary for notarization using their Apple account. That
developer's ID and their app password are specified from the environment
and can be read from the secret store. This is so that this can easily
be rotated to reflect a new user without needing to involve code
changes. Similarly, the cert ID, although not secret, is passed in in a
similar way.
When we perform the notarization, we do it in a loop, since Apple's
servers can sometimes "forget" the fact that we submitted a request and
therefore cause gon, the notarization tool we use, to spuriously fail
when it checks on the status of our request. We don't use seq to count
in our loop because it is not portable to non-Linux systems.
Finally, we use "darwin" in the Makefile because everything else in the
Makefile already uses that, but we use "MACOS" for secrets for
consistency with the GitHub Actions workflow, which uses that. We
translate in the workflow file.
2020-04-10 19:39:23 +00:00
|
|
|
done; \
|
|
|
|
|
); \
|
|
|
|
|
status="$$?"; [ -n "$$temp" ] && $(RM) -r "$$temp"; [ "$$status" -eq 0 ] || exit "$$status"; \
|
|
|
|
|
done
|
|
|
|
|
|
2019-09-05 21:50:36 +00:00
|
|
|
.PHONY : release-write-certificate
|
|
|
|
|
release-write-certificate:
|
|
|
|
|
@echo "Writing certificate to $(CERT_FILE)"
|
|
|
|
|
@echo "$$CERT_CONTENTS" | base64 --decode >"$$CERT_FILE"
|
|
|
|
|
@printf 'Wrote %d bytes (SHA256 %s) to certificate file\n' $$(wc -c <"$$CERT_FILE") $$(shasum -ba 256 "$$CERT_FILE" | cut -d' ' -f1)
|
|
|
|
|
|
workflows/release: sign and notarize macOS binaries
On macOS, Gatekeeper requires binaries that are signed with a trusted
code-signing certificate and notarized by Apple in order for them to
run. To ease the burden for Mac users, let's start providing signed
binaries.
The macOS codesign tool can only read certificates from a keychain.
However, setting keychains up to work in a non-interactive way is
complex and error prone. We create a target to import the certificates
from a PKCS #12 file and pull them into a temporary keychain which has
been specially set up to work in CI. This requires multiple complex and
poorly documented incantations to work correctly, but it does currently
work. These incantations are not to be meant run on a user system
because they modify various keychain properties, such as the default
keychain, so add a comment to that effect.
We sign both the binary and the zip file, since we cannot notarize the
binary alone but would like to have a signed binary. Only zip files,
pkg files, and disk images can be notarized; this is why we have
switched to a zip file for macOS.
Note that the notarization process requires a particular developer to
submit the binary for notarization using their Apple account. That
developer's ID and their app password are specified from the environment
and can be read from the secret store. This is so that this can easily
be rotated to reflect a new user without needing to involve code
changes. Similarly, the cert ID, although not secret, is passed in in a
similar way.
When we perform the notarization, we do it in a loop, since Apple's
servers can sometimes "forget" the fact that we submitted a request and
therefore cause gon, the notarization tool we use, to spuriously fail
when it checks on the status of our request. We don't use seq to count
in our loop because it is not portable to non-Linux systems.
Finally, we use "darwin" in the Makefile because everything else in the
Makefile already uses that, but we use "MACOS" for secrets for
consistency with the GitHub Actions workflow, which uses that. We
translate in the workflow file.
2020-04-10 19:39:23 +00:00
|
|
|
# release-import-certificate imports the given certificate into the macOS
|
|
|
|
|
# keychain "CI". It is not generally recommended to run this on a user system,
|
|
|
|
|
# since it creates a new keychain and modifies the keychain search path.
|
|
|
|
|
.PHONY : release-import-certificate
|
|
|
|
|
release-import-certificate:
|
|
|
|
|
@[ -n "$(CI)" ] || { echo "Don't run this target by hand." >&2; false; }
|
|
|
|
|
@echo "Creating CI keychain"
|
|
|
|
|
security create-keychain -p default CI.keychain
|
|
|
|
|
security set-keychain-settings CI.keychain
|
|
|
|
|
security unlock-keychain -p default CI.keychain
|
|
|
|
|
@echo "Importing certificate from $(CERT_FILE)"
|
|
|
|
|
@security import "$$CERT_FILE" -f pkcs12 -k CI.keychain -P "$$CERT_PASS" -A
|
|
|
|
|
@echo "Verifying import and setting permissions"
|
|
|
|
|
security list-keychains -s CI.keychain
|
|
|
|
|
security default-keychain -s CI.keychain
|
|
|
|
|
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k default CI.keychain
|
|
|
|
|
security find-identity -vp codesigning CI.keychain
|
|
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# TEST_TARGETS is a list of all phony test targets. Each one of them corresponds
|
|
|
|
|
# to a specific kind or subset of tests to run.
|
2018-07-16 21:25:54 +00:00
|
|
|
TEST_TARGETS := test-bench test-verbose test-race
|
|
|
|
|
.PHONY : $(TEST_TARGETS) test
|
|
|
|
|
$(TEST_TARGETS) : test
|
|
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# test-bench runs all Go benchmark tests, and nothing more.
|
2018-07-16 21:25:54 +00:00
|
|
|
test-bench : GO_TEST_EXTRA_ARGS=-run=__nothing__ -bench=.
|
2018-07-23 18:41:00 +00:00
|
|
|
# test-verbose runs all Go tests in verbose mode.
|
2018-07-16 21:25:54 +00:00
|
|
|
test-verbose : GO_TEST_EXTRA_ARGS=-v
|
2018-07-23 18:41:00 +00:00
|
|
|
# test-race runs all Go tests in race-detection mode.
|
2018-07-16 21:25:54 +00:00
|
|
|
test-race : GO_TEST_EXTRA_ARGS=-race
|
|
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# test runs the Go tests with GO_TEST_EXTRA_ARGS in all specified packages,
|
|
|
|
|
# given by the PKGS variable.
|
|
|
|
|
#
|
|
|
|
|
# For example, a caller can invoke the race-detection tests in just the config
|
|
|
|
|
# package by running:
|
|
|
|
|
#
|
|
|
|
|
# make PKGS=config test-race
|
|
|
|
|
#
|
|
|
|
|
# Or in a series of packages, like:
|
|
|
|
|
#
|
|
|
|
|
# make PKGS="config lfsapi tools/kv" test-race
|
|
|
|
|
#
|
|
|
|
|
# And so on.
|
2020-03-28 02:46:40 +00:00
|
|
|
test : fmt $(.DEFAULT_GOAL)
|
2020-05-13 20:51:59 +00:00
|
|
|
( \
|
2022-10-05 14:03:18 +00:00
|
|
|
unset GIT_DIR; unset GIT_WORK_TREE; unset XDG_CONFIG_HOME; unset XDG_RUNTIME_DIR; \
|
2020-05-13 20:51:59 +00:00
|
|
|
tempdir="$$(mktemp -d)"; \
|
|
|
|
|
export HOME="$$tempdir"; \
|
|
|
|
|
export GIT_CONFIG_NOSYSTEM=1; \
|
|
|
|
|
$(GO) test -count=1 $(GO_TEST_EXTRA_ARGS) $(addprefix ./,$(PKGS)); \
|
|
|
|
|
RET=$$?; \
|
2020-06-12 16:36:50 +00:00
|
|
|
chmod -R u+w "$$tempdir"; \
|
2020-05-13 20:51:59 +00:00
|
|
|
rm -fr "$$tempdir"; \
|
|
|
|
|
exit $$RET; \
|
|
|
|
|
)
|
2018-07-16 21:25:54 +00:00
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# integration is a shorthand for running 'make' in the 't' directory.
|
|
|
|
|
.PHONY : integration
|
|
|
|
|
integration : bin/git-lfs$(X)
|
|
|
|
|
make -C t test
|
|
|
|
|
|
all: use Go Modules instead of Glide
Since we are now building on Go 1.11 (as of 074a2d4f (all: use Go 1.11
in CI, 2018-08-28)) and Go 1.11 supports Go Modules [1], let's stop
using Glide, and begin using Go Modules.
This involves a few things:
* Teach the Makefile how to build go.sum files instead of glide.lock
files.
* Teach continuous integration services to build Git LFS in a
non-$GOPATH environment, since (without setting GO111MODULE=on
explicitly, which we choose not to do), this will break compiling
Git LFS, because Go 1.11 will ignore modules present in a Go
checkout beneath $GOPATH.
* In order to do the above, let's also make sure that we are
un-setting $GOCACHE in the environment, as this causes Go to work
without modules support [2].
* Because we're no longer building in a `$GOPATH`-based location,
let's instruct the CircleCI base image to archive the new location,
too.
* Similarly, teach the RPM spec to build in a non-$GOPATH location.
* By contrast, since we use dh_golang to build git-lfs binaries on
Debian, let's wait until the upstream dh_golang package is released
with support for Go 1.11 module support explicitly. Therefore, force
GO111MODULE to be on so that we can build a copy of Git LFS whose
checkout is within a $GOPATH.
Although the go.mod versions match the glide.yaml ones, the diff
attached is large because Go Modules do not vendor `_test.go` files,
whereas Glide does.
[1]: https://golang.org/doc/go1.11#modules
[2]: `GOCACHE=on` will be deprecated in Go 1.12, so this change makes
sense for that reason, too.
Co-authored-by: brian m. carlson <bk2204@github.com>
2018-08-28 20:53:57 +00:00
|
|
|
# go.sum is a lockfile based on the contents of go.mod.
|
|
|
|
|
go.sum : go.mod
|
|
|
|
|
$(GO) mod verify >/dev/null
|
2018-07-16 20:05:08 +00:00
|
|
|
|
all: use Go Modules instead of Glide
Since we are now building on Go 1.11 (as of 074a2d4f (all: use Go 1.11
in CI, 2018-08-28)) and Go 1.11 supports Go Modules [1], let's stop
using Glide, and begin using Go Modules.
This involves a few things:
* Teach the Makefile how to build go.sum files instead of glide.lock
files.
* Teach continuous integration services to build Git LFS in a
non-$GOPATH environment, since (without setting GO111MODULE=on
explicitly, which we choose not to do), this will break compiling
Git LFS, because Go 1.11 will ignore modules present in a Go
checkout beneath $GOPATH.
* In order to do the above, let's also make sure that we are
un-setting $GOCACHE in the environment, as this causes Go to work
without modules support [2].
* Because we're no longer building in a `$GOPATH`-based location,
let's instruct the CircleCI base image to archive the new location,
too.
* Similarly, teach the RPM spec to build in a non-$GOPATH location.
* By contrast, since we use dh_golang to build git-lfs binaries on
Debian, let's wait until the upstream dh_golang package is released
with support for Go 1.11 module support explicitly. Therefore, force
GO111MODULE to be on so that we can build a copy of Git LFS whose
checkout is within a $GOPATH.
Although the go.mod versions match the glide.yaml ones, the diff
attached is large because Go Modules do not vendor `_test.go` files,
whereas Glide does.
[1]: https://golang.org/doc/go1.11#modules
[2]: `GOCACHE=on` will be deprecated in Go 1.12, so this change makes
sense for that reason, too.
Co-authored-by: brian m. carlson <bk2204@github.com>
2018-08-28 20:53:57 +00:00
|
|
|
# vendor updates the go.sum-file, and installs vendored dependencies into
|
2018-07-23 18:41:00 +00:00
|
|
|
# the vendor/ sub-tree, removing sub-packages (listed below) that are unused by
|
all: use Go Modules instead of Glide
Since we are now building on Go 1.11 (as of 074a2d4f (all: use Go 1.11
in CI, 2018-08-28)) and Go 1.11 supports Go Modules [1], let's stop
using Glide, and begin using Go Modules.
This involves a few things:
* Teach the Makefile how to build go.sum files instead of glide.lock
files.
* Teach continuous integration services to build Git LFS in a
non-$GOPATH environment, since (without setting GO111MODULE=on
explicitly, which we choose not to do), this will break compiling
Git LFS, because Go 1.11 will ignore modules present in a Go
checkout beneath $GOPATH.
* In order to do the above, let's also make sure that we are
un-setting $GOCACHE in the environment, as this causes Go to work
without modules support [2].
* Because we're no longer building in a `$GOPATH`-based location,
let's instruct the CircleCI base image to archive the new location,
too.
* Similarly, teach the RPM spec to build in a non-$GOPATH location.
* By contrast, since we use dh_golang to build git-lfs binaries on
Debian, let's wait until the upstream dh_golang package is released
with support for Go 1.11 module support explicitly. Therefore, force
GO111MODULE to be on so that we can build a copy of Git LFS whose
checkout is within a $GOPATH.
Although the go.mod versions match the glide.yaml ones, the diff
attached is large because Go Modules do not vendor `_test.go` files,
whereas Glide does.
[1]: https://golang.org/doc/go1.11#modules
[2]: `GOCACHE=on` will be deprecated in Go 1.12, so this change makes
sense for that reason, too.
Co-authored-by: brian m. carlson <bk2204@github.com>
2018-08-28 20:53:57 +00:00
|
|
|
# Git LFS as well as test code.
|
2018-07-23 18:41:00 +00:00
|
|
|
.PHONY : vendor
|
all: use Go Modules instead of Glide
Since we are now building on Go 1.11 (as of 074a2d4f (all: use Go 1.11
in CI, 2018-08-28)) and Go 1.11 supports Go Modules [1], let's stop
using Glide, and begin using Go Modules.
This involves a few things:
* Teach the Makefile how to build go.sum files instead of glide.lock
files.
* Teach continuous integration services to build Git LFS in a
non-$GOPATH environment, since (without setting GO111MODULE=on
explicitly, which we choose not to do), this will break compiling
Git LFS, because Go 1.11 will ignore modules present in a Go
checkout beneath $GOPATH.
* In order to do the above, let's also make sure that we are
un-setting $GOCACHE in the environment, as this causes Go to work
without modules support [2].
* Because we're no longer building in a `$GOPATH`-based location,
let's instruct the CircleCI base image to archive the new location,
too.
* Similarly, teach the RPM spec to build in a non-$GOPATH location.
* By contrast, since we use dh_golang to build git-lfs binaries on
Debian, let's wait until the upstream dh_golang package is released
with support for Go 1.11 module support explicitly. Therefore, force
GO111MODULE to be on so that we can build a copy of Git LFS whose
checkout is within a $GOPATH.
Although the go.mod versions match the glide.yaml ones, the diff
attached is large because Go Modules do not vendor `_test.go` files,
whereas Glide does.
[1]: https://golang.org/doc/go1.11#modules
[2]: `GOCACHE=on` will be deprecated in Go 1.12, so this change makes
sense for that reason, too.
Co-authored-by: brian m. carlson <bk2204@github.com>
2018-08-28 20:53:57 +00:00
|
|
|
vendor : go.mod
|
|
|
|
|
$(GO) mod vendor -v
|
2018-07-16 20:25:44 +00:00
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# fmt runs goimports over all files in Git LFS (as defined by $(SOURCES) above),
|
|
|
|
|
# and replaces their contents with a formatted one in-place.
|
2018-07-25 01:28:22 +00:00
|
|
|
#
|
|
|
|
|
# If $(GOIMPORTS) does not exist, or isn't otherwise executable, this recipe
|
|
|
|
|
# still performs the linting sequence, but gracefully skips over running a
|
|
|
|
|
# non-existent command.
|
2018-07-19 18:02:25 +00:00
|
|
|
.PHONY : fmt
|
2021-08-23 15:30:43 +00:00
|
|
|
ifeq ($(shell test -x "`command -v $(GOIMPORTS)`"; echo $$?),0)
|
2018-07-25 01:28:22 +00:00
|
|
|
fmt : $(SOURCES) | lint
|
2018-07-31 21:20:11 +00:00
|
|
|
@$(GOIMPORTS) $(GOIMPORTS_EXTRA_OPTS) $?;
|
2018-07-25 01:28:22 +00:00
|
|
|
else
|
2018-07-19 18:10:56 +00:00
|
|
|
fmt : $(SOURCES) | lint
|
2018-07-25 01:28:22 +00:00
|
|
|
@echo "git-lfs: skipping fmt, no goimports found at \`$(GOIMPORTS)\` ..."
|
|
|
|
|
endif
|
2018-07-16 20:25:44 +00:00
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# lint ensures that there are all dependencies outside of the standard library
|
|
|
|
|
# are vendored in via vendor (see: above).
|
2018-07-19 18:02:25 +00:00
|
|
|
.PHONY : lint
|
2018-07-19 18:10:56 +00:00
|
|
|
lint : $(SOURCES)
|
2018-08-28 19:21:21 +00:00
|
|
|
@! $(GO) list -f '{{ join .Deps "\n" }}' . \
|
all: use Go Modules instead of Glide
Since we are now building on Go 1.11 (as of 074a2d4f (all: use Go 1.11
in CI, 2018-08-28)) and Go 1.11 supports Go Modules [1], let's stop
using Glide, and begin using Go Modules.
This involves a few things:
* Teach the Makefile how to build go.sum files instead of glide.lock
files.
* Teach continuous integration services to build Git LFS in a
non-$GOPATH environment, since (without setting GO111MODULE=on
explicitly, which we choose not to do), this will break compiling
Git LFS, because Go 1.11 will ignore modules present in a Go
checkout beneath $GOPATH.
* In order to do the above, let's also make sure that we are
un-setting $GOCACHE in the environment, as this causes Go to work
without modules support [2].
* Because we're no longer building in a `$GOPATH`-based location,
let's instruct the CircleCI base image to archive the new location,
too.
* Similarly, teach the RPM spec to build in a non-$GOPATH location.
* By contrast, since we use dh_golang to build git-lfs binaries on
Debian, let's wait until the upstream dh_golang package is released
with support for Go 1.11 module support explicitly. Therefore, force
GO111MODULE to be on so that we can build a copy of Git LFS whose
checkout is within a $GOPATH.
Although the go.mod versions match the glide.yaml ones, the diff
attached is large because Go Modules do not vendor `_test.go` files,
whereas Glide does.
[1]: https://golang.org/doc/go1.11#modules
[2]: `GOCACHE=on` will be deprecated in Go 1.12, so this change makes
sense for that reason, too.
Co-authored-by: brian m. carlson <bk2204@github.com>
2018-08-28 20:53:57 +00:00
|
|
|
| $(XARGS) $(GO) list -f \
|
|
|
|
|
'{{ if and (not .Standard) (not .Module) }} \
|
|
|
|
|
{{ .ImportPath }} \
|
|
|
|
|
{{ end }}' \
|
2018-08-28 19:21:21 +00:00
|
|
|
| $(GREP) -v "github.com/git-lfs/git-lfs" \
|
|
|
|
|
| $(GREP) "."
|
2018-07-19 19:03:54 +00:00
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# MAN_ROFF_TARGETS is a list of all ROFF-style targets in the man pages.
|
2022-02-16 00:47:43 +00:00
|
|
|
MAN_ROFF_TARGETS = man/man1/git-lfs-checkout.1 \
|
|
|
|
|
man/man1/git-lfs-clean.1 \
|
|
|
|
|
man/man1/git-lfs-clone.1 \
|
|
|
|
|
man/man5/git-lfs-config.5 \
|
|
|
|
|
man/man1/git-lfs-dedup.1 \
|
|
|
|
|
man/man1/git-lfs-env.1 \
|
|
|
|
|
man/man1/git-lfs-ext.1 \
|
2022-11-02 20:19:40 +00:00
|
|
|
man/man7/git-lfs-faq.7 \
|
2022-02-16 00:47:43 +00:00
|
|
|
man/man1/git-lfs-fetch.1 \
|
|
|
|
|
man/man1/git-lfs-filter-process.1 \
|
|
|
|
|
man/man1/git-lfs-fsck.1 \
|
|
|
|
|
man/man1/git-lfs-install.1 \
|
|
|
|
|
man/man1/git-lfs-lock.1 \
|
|
|
|
|
man/man1/git-lfs-locks.1 \
|
|
|
|
|
man/man1/git-lfs-logs.1 \
|
|
|
|
|
man/man1/git-lfs-ls-files.1 \
|
2022-04-27 15:11:40 +00:00
|
|
|
man/man1/git-lfs-merge-driver.1 \
|
2022-02-16 00:47:43 +00:00
|
|
|
man/man1/git-lfs-migrate.1 \
|
|
|
|
|
man/man1/git-lfs-pointer.1 \
|
|
|
|
|
man/man1/git-lfs-post-checkout.1 \
|
|
|
|
|
man/man1/git-lfs-post-commit.1 \
|
|
|
|
|
man/man1/git-lfs-post-merge.1 \
|
|
|
|
|
man/man1/git-lfs-pre-push.1 \
|
|
|
|
|
man/man1/git-lfs-prune.1 \
|
|
|
|
|
man/man1/git-lfs-pull.1 \
|
|
|
|
|
man/man1/git-lfs-push.1 \
|
|
|
|
|
man/man1/git-lfs-smudge.1 \
|
|
|
|
|
man/man1/git-lfs-standalone-file.1 \
|
|
|
|
|
man/man1/git-lfs-status.1 \
|
|
|
|
|
man/man1/git-lfs-track.1 \
|
|
|
|
|
man/man1/git-lfs-uninstall.1 \
|
|
|
|
|
man/man1/git-lfs-unlock.1 \
|
|
|
|
|
man/man1/git-lfs-untrack.1 \
|
|
|
|
|
man/man1/git-lfs-update.1 \
|
|
|
|
|
man/man1/git-lfs.1
|
2018-07-19 19:03:54 +00:00
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# MAN_HTML_TARGETS is a list of all HTML-style targets in the man pages.
|
2022-02-16 00:47:43 +00:00
|
|
|
MAN_HTML_TARGETS = man/html/git-lfs-checkout.1.html \
|
|
|
|
|
man/html/git-lfs-clean.1.html \
|
|
|
|
|
man/html/git-lfs-clone.1.html \
|
|
|
|
|
man/html/git-lfs-config.5.html \
|
|
|
|
|
man/html/git-lfs-dedup.1.html \
|
|
|
|
|
man/html/git-lfs-env.1.html \
|
|
|
|
|
man/html/git-lfs-ext.1.html \
|
2022-11-02 20:19:40 +00:00
|
|
|
man/html/git-lfs-faq.7.html \
|
2022-02-16 00:47:43 +00:00
|
|
|
man/html/git-lfs-fetch.1.html \
|
|
|
|
|
man/html/git-lfs-filter-process.1.html \
|
|
|
|
|
man/html/git-lfs-fsck.1.html \
|
|
|
|
|
man/html/git-lfs-install.1.html \
|
|
|
|
|
man/html/git-lfs-lock.1.html \
|
|
|
|
|
man/html/git-lfs-locks.1.html \
|
|
|
|
|
man/html/git-lfs-logs.1.html \
|
|
|
|
|
man/html/git-lfs-ls-files.1.html \
|
2022-04-27 15:11:40 +00:00
|
|
|
man/html/git-lfs-merge-driver.1.html \
|
2022-02-16 00:47:43 +00:00
|
|
|
man/html/git-lfs-migrate.1.html \
|
|
|
|
|
man/html/git-lfs-pointer.1.html \
|
|
|
|
|
man/html/git-lfs-post-checkout.1.html \
|
|
|
|
|
man/html/git-lfs-post-commit.1.html \
|
|
|
|
|
man/html/git-lfs-post-merge.1.html \
|
|
|
|
|
man/html/git-lfs-pre-push.1.html \
|
|
|
|
|
man/html/git-lfs-prune.1.html \
|
|
|
|
|
man/html/git-lfs-pull.1.html \
|
|
|
|
|
man/html/git-lfs-push.1.html \
|
|
|
|
|
man/html/git-lfs-smudge.1.html \
|
|
|
|
|
man/html/git-lfs-standalone-file.1.html \
|
|
|
|
|
man/html/git-lfs-status.1.html \
|
|
|
|
|
man/html/git-lfs-track.1.html \
|
|
|
|
|
man/html/git-lfs-uninstall.1.html \
|
|
|
|
|
man/html/git-lfs-unlock.1.html \
|
|
|
|
|
man/html/git-lfs-untrack.1.html \
|
|
|
|
|
man/html/git-lfs-update.1.html \
|
|
|
|
|
man/html/git-lfs.1.html
|
2018-07-19 19:03:54 +00:00
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# man generates all ROFF- and HTML-style manpage targets.
|
2018-07-19 19:03:54 +00:00
|
|
|
.PHONY : man
|
2022-06-22 20:33:21 +00:00
|
|
|
man : $(MAN_ROFF_TARGETS) $(MAN_HTML_TARGETS)
|
2018-07-19 19:03:54 +00:00
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# man/% generates ROFF-style man pages from the corresponding .ronn file.
|
2022-11-02 20:19:40 +00:00
|
|
|
man/man1/%.1 man/man5/%.5 man/man7/%.7 : docs/man/%.adoc
|
2022-02-16 00:47:43 +00:00
|
|
|
@mkdir -p man/man1 man/man5
|
2022-06-22 20:33:21 +00:00
|
|
|
$(ASCIIDOCTOR) $(ASCIIDOCTOR_EXTRA_ARGS) -b manpage -o $@ $^
|
2018-07-19 19:03:54 +00:00
|
|
|
|
2018-07-23 18:41:00 +00:00
|
|
|
# man/%.html generates HTML-style man pages from the corresponding .ronn file.
|
2022-11-02 20:19:40 +00:00
|
|
|
man/html/%.1.html man/html/%.5.html man/html/%.7.html : docs/man/%.adoc
|
2022-02-16 00:47:43 +00:00
|
|
|
@mkdir -p man/html
|
2022-06-22 20:33:21 +00:00
|
|
|
$(ASCIIDOCTOR) $(ASCIIDOCTOR_EXTRA_ARGS) -b html5 -o $@ $^
|
