cedricAbonnel/scripts-bash
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
scripts-bash/Makefile
T
cedricAbonnel 2949248446 fix: sécurité — remote SSH + vérification GPG à l'installation 
- Remote origin passé en SSH (token retiré de l'URL)
- make install dépend de make verify (vérifie la signature GPG du dernier tag)
- Sans tag signé : avertissement non bloquant (bootstrap)
- Avec tag signé et clé invalide : erreur bloquante
- DEVELOPER.md : instructions pour signer les tags de release
- README.md : mention de l'import de clé GPG

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-17 22:14:05 +02:00

117 lines
5.0 KiB
Makefile
Raw Permalink Blame History

# ──────────────────────────────────────────────────────────────
# XDG Base Directory Specification
# ──────────────────────────────────────────────────────────────
XDG_DATA_HOME ?= $(HOME)/.local/share
XDG_BIN_HOME ?= $(HOME)/.local/bin
INSTALL_BIN := $(XDG_BIN_HOME)
INSTALL_MAN := $(XDG_DATA_HOME)/man/man1
INSTALL_DOC := $(XDG_DATA_HOME)/doc/scripts-bash
INSTALL_YTDLL := $(XDG_DATA_HOME)/ytdll
# ──────────────────────────────────────────────────────────────
# Sources
# ──────────────────────────────────────────────────────────────
SCRIPTS_SH := $(wildcard local/bin/*.sh)
SCRIPTS_OTHER := $(wildcard local/bin/*.php) \
$(filter-out $(wildcard local/bin/*.*),$(wildcard local/bin/*))
DOC_SRC := $(wildcard local/share/doc/scripts-bash/*.md)
MAN_PAGES := $(patsubst local/share/doc/scripts-bash/%.md,local/share/man/man1/%,$(DOC_SRC))
# ──────────────────────────────────────────────────────────────
.PHONY: all build install uninstall clean verify
## Cible par défaut : installe tout dans ~/.local/
all: install
## build : génère les pages man depuis les .md (développeur, nécessite Pandoc)
build: $(MAN_PAGES)
local/share/man/man1/%: local/share/doc/scripts-bash/%.md
@mkdir -p $(dir $@)
pandoc -s $< -t man -o $@
@echo " MAN $@"
## verify : vérifie la signature GPG du dernier tag avant d'installer
verify:
@tag=$$(git describe --tags --abbrev=0 2>/dev/null) || { \
echo " GPG Avertissement : aucun tag signé trouvé — intégrité non vérifiée."; \
echo " Importez la clé publique du développeur et vérifiez avec : git tag -v <tag>"; \
exit 0; \
}; \
if git verify-tag "$$tag" 2>/dev/null; then \
echo " GPG $$tag : signature valide"; \
else \
echo " GPG Erreur : signature invalide pour le tag $$tag"; \
echo " Importez la clé publique du développeur avant d'installer."; \
exit 1; \
fi
## install : déploie tout dans ~/.local/ (aucune dépendance externe)
install: verify
@[ -d "local/bin" ] || { echo "Erreur : lancer depuis la racine du projet scripts-bash"; exit 1; }
@mkdir -p "$(INSTALL_BIN)" "$(INSTALL_MAN)" "$(INSTALL_DOC)" "$(INSTALL_YTDLL)/lib"
@for f in $(SCRIPTS_SH); do \
dest="$(INSTALL_BIN)/$$(basename "$${f%.sh}")"; \
install -m 755 "$$f" "$$dest"; \
echo " BIN $$dest"; \
done
@for f in $(SCRIPTS_OTHER); do \
dest="$(INSTALL_BIN)/$$(basename "$$f")"; \
install -m 755 "$$f" "$$dest"; \
echo " BIN $$dest"; \
done
@for f in $(wildcard local/share/man/man1/*); do \
install -m 644 "$$f" "$(INSTALL_MAN)/$$(basename "$$f")"; \
echo " MAN $(INSTALL_MAN)/$$(basename "$$f")"; \
done
@for f in $(wildcard local/share/doc/scripts-bash/*); do \
install -m 644 "$$f" "$(INSTALL_DOC)/$$(basename "$$f")"; \
echo " DOC $(INSTALL_DOC)/$$(basename "$$f")"; \
done
@for f in $(wildcard local/share/ytdll/*); do \
[ -f "$$f" ] || continue; \
install -m 644 "$$f" "$(INSTALL_YTDLL)/$$(basename "$$f")"; \
echo " DATA $(INSTALL_YTDLL)/$$(basename "$$f")"; \
done
@for f in $(wildcard local/share/ytdll/lib/*); do \
install -m 644 "$$f" "$(INSTALL_YTDLL)/lib/$$(basename "$$f")"; \
echo " DATA $(INSTALL_YTDLL)/lib/$$(basename "$$f")"; \
done
@path_line='export PATH="$$PATH:$$HOME/.local/bin"'; \
if ! grep -qF "$$path_line" ~/.bashrc 2>/dev/null; then \
echo "$$path_line" >> ~/.bashrc; \
echo " PATH ~/.bashrc ← ~/.local/bin (rechargez votre terminal)"; \
fi
@manpath_line='export MANPATH="$$(manpath):$$HOME/.local/share/man"'; \
if ! grep -qF "$$manpath_line" ~/.bashrc 2>/dev/null; then \
echo "$$manpath_line" >> ~/.bashrc; \
echo " MANPATH ~/.bashrc ← ~/.local/share/man (rechargez votre terminal)"; \
fi
@echo ""
@echo "Installation terminée."
## uninstall : supprime les fichiers installés par 'make install'
uninstall:
@[ -d "local/bin" ] || { echo "Erreur : lancer depuis la racine du projet scripts-bash"; exit 1; }
@for f in $(SCRIPTS_SH); do \
rm -fv "$(INSTALL_BIN)/$$(basename "$${f%.sh}")"; \
done
@for f in $(SCRIPTS_OTHER); do \
rm -fv "$(INSTALL_BIN)/$$(basename "$$f")"; \
done
@for f in $(wildcard local/share/man/man1/*); do \
rm -fv "$(INSTALL_MAN)/$$(basename "$$f")"; \
done
@for f in $(wildcard local/share/doc/scripts-bash/*); do \
rm -fv "$(INSTALL_DOC)/$$(basename "$$f")"; \
done
@rm -rfv "$(INSTALL_YTDLL)"
@echo "Désinstallation terminée."
## clean : supprime les pages man générées (dépôt local uniquement)
clean:
@rm -f $(MAN_PAGES)
@echo "Pages man supprimées."
Reference in New Issue View Git Blame Copy Permalink