CISS.debian.live.builder/makefile

# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-08-21; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: LicenseRef-CNCL-1.1 OR LicenseRef-CCLA-1.1
# SPDX-LicenseComment: This file is part of the CISS.debian.installer.secure framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu

### Use Bash for recipe shells (not /bin/sh)
SHELL                := /usr/bin/bash
.SHELLFLAGS          := -CEeuTo pipefail -O failglob -c
.ONESHELL            :
.DELETE_ON_ERROR     :
.RECIPEPREFIX        :=	### Tabstopp
.DEFAULT_GOAL        := live

### Local, unversioned overrides (optional):
-include config.mk

### Timestamp at parse time (UTC); can be overridden:
TIMESTAMP            ?= $(shell date -u +%Y-%m-%dT%H-%M-%S)

### Core parameters (safe defaults; override in config.mk, rename config.mk.sample to config.mk and apply the remaining values):
ARCH                 ?= amd64
AUTOBUILD            ?= 6.16.3+deb13-amd64
CONTROL              ?= $(TIMESTAMP)

### Nice/ionice settings:
RENICE               ?= -19
REIONICE_CLASS       ?= 1
REIONICE_PRIO        ?= 2

### Feature flags (set to empty to disable):
FLAG_CDI             ?= 1
FLAG_DEBUG           ?= 1
FLAG_DHCP_CENTURION  ?= 1
FLAG_TRIXIE          ?= 1

### Reusable canned recipe:
### Usage: $(call COMPOSE_AND,print) -> prints the fully quoted command
###        $(call COMPOSE_AND,exec)  -> execs the command
define COMPOSE_AND
	### Build command as a robust array to avoid word-splitting and globbing issues:
	cmd=( ./ciss_live_builder.sh )
	cmd+=( --architecture '$(ARCH)' )
	cmd+=( --build-directory '$(BUILD_DIR)' )
	cmd+=( --control '$(CONTROL)' )
	cmd+=( --root-password-file '$(ROOT_PASSWORD_FILE)' )
	cmd+=( --ssh-port '$(SSH_PORT)' )
	cmd+=( --ssh-pubkey '$(SSH_PUBKEY)' )
	### Optional flags:
	[[ -n '$(AUTOBUILD)'            ]] && cmd+=( --autobuild=$(AUTOBUILD) )
	[[ -n '$(FLAG_CDI)'             ]] && cmd+=( --cdi )
	[[ -n '$(FLAG_DEBUG)'           ]] && cmd+=( --debug )
	[[ -n '$(FLAG_DHCP_CENTURION)'  ]] && cmd+=( --dhcp-centurion )
	[[ -n '$(FLAG_TRIXIE)'          ]] && cmd+=( --trixie )
	[[ -n '$(PROVIDER_NETCUP_IPV6)' ]] && cmd+=( --provider-netcup-ipv6 '$(PROVIDER_NETCUP_IPV6)' )
	[[ -n '$(RENICE)'               ]] && cmd+=( --renice-priority '$(RENICE)' )
	if [[ -n '$(REIONICE_CLASS)' && -n '$(REIONICE_PRIO)' ]]; then
	                                      cmd+=( --reionice-priority '$(REIONICE_CLASS)' '$(REIONICE_PRIO)' )
	fi
	### Only add the flag if there is actually at least one host:
	jh_csv='$(strip $(JUMP_HOSTS))'
	if [[ -n "$$jh_csv" ]]; then
	 	### Disable globbing so [fe80::1] isn't treated as a pattern:
	 	set -f
	 	IFS=',' read -r -a jh <<< "$$jh_csv"
		set +f
		### Emit a single --jump-host followed by N addresses:
		cmd+=( --jump-host )
		for h in "$${jh[@]}"; do
			[[ -n "$$h" ]] && cmd+=( "$$h" )
		done
	fi
	## Act according to the requested mode ($(1) = print|exec):
	 case "$(1)" in
		print)
			printf '\e[92mCommand to run:\e[0m\n'
			printf '\e[95m%s ' "$${cmd[@]@Q}"; printf '\e[0m\n'
			;;
		exec|"")
			printf '\e[92mThe following command is executed: \e[0m\n'
			printf '\n'
			printf '\e[95m%s ' "$${cmd[@]@Q}"; printf '\e[0m\n'
			printf '\n'
			printf '\e[92mScript is loading ... \e[0m\n'
			exec "$${cmd[@]}"
			;;
		*)
			printf 'Unknown mode: %s\n' "$(1)" >&2; exit 2
			;;
	esac
endef

### Targets that reuse the block:
.PHONY: dry-run live

dry-run:
	@$(call COMPOSE_AND,print)

live:
	@$(call COMPOSE_AND,exec)

# vim: set ft=make noet ts=8 sw=8