41 lines
1.5 KiB
Makefile
41 lines
1.5 KiB
Makefile
OVERLAY := $(shell pwd)/overlay
|
|
ONLY :=
|
|
FILTER := --only 3.16 $(ONLY)
|
|
STEP := publish
|
|
|
|
all: build
|
|
|
|
build:
|
|
cd alpine-cloud-images && ./build $(STEP) --clean --revise $(FILTER) --custom $(OVERLAY)/zdt --vars $(OVERLAY)/zdt/zdt.hcl
|
|
|
|
clean:
|
|
rm -rf alpine-cloud-images/work
|
|
|
|
# Adds all tracked encrypted files to .gitignore as safety net
|
|
age-add-gitignore:
|
|
@touch .gitignore; for f in $$(yq eval .paths[] .age.yml); do grep -qxF $$f .gitignore || echo $$f >> .gitignore; done
|
|
|
|
# Decrypts all secrets and deletes encrypted .age
|
|
age-unseal:
|
|
@for f in $$(yq eval .paths[] .age.yml); do \
|
|
age --decrypt -i ~/.ssh/git.age -o $$f $$f.age && rm $$f.age; \
|
|
done
|
|
|
|
# Compares all unencrypted files against last encrypted versions
|
|
# If there are no diffs, just restore the .age file from the index and delete the unaltered local unencrypted file
|
|
# otherwise re-encrypt and remove clear text
|
|
age-seal:
|
|
@keys=$$(yq eval .keys[] .age.yml | sed -e 's/^/-r /' ); \
|
|
for f in $$(yq eval .paths[] .age.yml); do \
|
|
[ -f $$f ] || continue; \
|
|
git restore $${f}.age 2>/dev/null && \
|
|
age --decrypt -i ~/.ssh/git.age $$f.age | diff -q - $$f 2>/dev/null 1>&2 && \
|
|
rm -f $$f || ( rm -f $$f.age; age --encrypt $$keys -o $$f.age $$f && rm -f $$f; ); done
|
|
|
|
# Just a reference how it could work, requires root though
|
|
scan-image:
|
|
modprobe nbd
|
|
qemu-nbd -c /dev/nbd0 --read-only alpine-cloud-images/work/images/aws/3.15.4-x86_64-bios-cloudinit-aws-kubezero/image.qcow2
|
|
mount /dev/nbd0 /mnt/temp/
|
|
trivy rootfs /mnt/temp
|