From e4280f2c4e8822b1e846cdbbb37e1bf099f83b62 Mon Sep 17 00:00:00 2001
From: Patrice Ferlet <metal3d@gmail.com>
Date: Tue, 15 Jul 2025 10:27:24 +0200
Subject: [PATCH 1/3] chore(build): Fixes cache, add better cleanup, add PHONY

---
 Makefile | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/Makefile b/Makefile
index 41279a5..12aa2d9 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@ SHELL := bash
 .SHELLFLAGS := -eu -o pipefail -c
 .ONESHELL:
 .DELETE_ON_ERROR:
-.PHONY: help dist-clean dist package build install test doc nsis
+.PHONY: all help build pull katenary dist dist-full prepare upx packages packager-oci-image gpg-sign check-sign rpm rpm-sign deb pacman freebsd tar manpage doc install uninstall serve-doc __label_doc install-gomarkdoc clean-all clean-dist clean-package-signer clean-go-cache test cover sast
 MAKEFLAGS += --warn-undefined-variables
 MAKEFLAGS += --no-builtin-rules
 
@@ -147,7 +147,7 @@ else
 		-e GOARCH=$(GOARCH) \
 		--rm -v $(PWD):/go/src/katenary:z \
 		-w /go/src/katenary \
-		-v ./.cache:/go/pkg/mod:z \
+		-v go-cache:/go/pkg/mod:z \
 		$(CTN_USERMAP) \
 		$(BUILD_IMAGE) $(GO_BUILD)
 endif
@@ -156,7 +156,7 @@ endif
 # Make dist, build executables for all platforms, sign them, and compress them with upx if possible.
 # Also generate the windows installer.
 dist: prepare $(BINARIES) upx packages
-dist-full: dist-clean dist gpg-sign check-sign rpm-sign check-dist-all
+dist-full: clean-dist dist gpg-sign check-sign rpm-sign check-dist-all
 
 prepare: pull packager-oci-image
 	mkdir -p dist
@@ -468,6 +468,15 @@ cover:
 
 ## Miscellaneous
 
-dist-clean:
+clean-all: clean-dist clean-package-signer clean-go-cache
+
+clean-dist:
 	rm -rf dist
 	rm -f katenary
+
+clean-package-signer:
+	rm -f .secret.gpg .rpmmacros
+
+clean-go-cache:
+	$(CTN) volume rm -f go-cache
+
-- 
2.49.1


From 22e1ebdce112725273898a6895ce7c4fdbf40cc3 Mon Sep 17 00:00:00 2001
From: Patrice Ferlet <metal3d@gmail.com>
Date: Tue, 15 Jul 2025 13:41:49 +0200
Subject: [PATCH 2/3] chore(make): huge refactor, add more tests

- more test on gpg signature
- change build target in the help message
- refactor upx compression
-
---
 Makefile | 44 ++++++++++++++++++++++++++++++++------------
 1 file changed, 32 insertions(+), 12 deletions(-)

diff --git a/Makefile b/Makefile
index 12aa2d9..8d86491 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@ SHELL := bash
 .SHELLFLAGS := -eu -o pipefail -c
 .ONESHELL:
 .DELETE_ON_ERROR:
-.PHONY: all help build pull katenary dist dist-full prepare upx packages packager-oci-image gpg-sign check-sign rpm rpm-sign deb pacman freebsd tar manpage doc install uninstall serve-doc __label_doc install-gomarkdoc clean-all clean-dist clean-package-signer clean-go-cache test cover sast
+.PHONY: all binaries build check-dist-all check-dist-archlinux check-dist-debian check-dist-fedora check-dist-rocky check-dist-ubuntu check-sign clean-all clean-dist clean-go-cache clean-package-signer cover deb dist dist-full doc freebsd gpg-sign help install install-gomarkdoc katenary manpage packager-oci-image packages pacman prepare pull rpm rpm-sign sast serve-doc show-cover tar test uninstall upx warn-docker
 MAKEFLAGS += --warn-undefined-variables
 MAKEFLAGS += --no-builtin-rules
 
@@ -21,13 +21,12 @@ GOARCH=amd64
 CGO_ENABLED=0
 PREFIX=~/.local
 
-
 warn-docker:
 	@echo -e "\033[1;31mWarning: Docker is not recommended, use Podman instead.\033[0m"
 	sleep 5
 
 # Get the container (Podman is preferred, but docker can be used too. It may failed with Docker.)
-# TODO: prpose nerdctl
+# TODO: propose nerdctl
 CTN:=$(shell which podman 2>&1 1>/dev/null && echo "podman" || echo "docker")
 ifeq ($(CTN),podman)
 	CTN_USERMAP=--userns=keep-id
@@ -120,7 +119,7 @@ help:
 	This will build the binary for darwin amd64.
 	
 	Or you can build all versions:
-	$$ make build-all
+	$$ make binaries
 	EOF
 
 
@@ -155,7 +154,8 @@ endif
 
 # Make dist, build executables for all platforms, sign them, and compress them with upx if possible.
 # Also generate the windows installer.
-dist: prepare $(BINARIES) upx packages
+binaries: prepare $(BINARIES)
+dist: binaries upx packages
 dist-full: clean-dist dist gpg-sign check-sign rpm-sign check-dist-all
 
 prepare: pull packager-oci-image
@@ -206,12 +206,16 @@ nsis/EnVar.dll:
 	mv Plugins/x86-unicode/EnVar.dll EnVar.dll
 	rm -rf EnVar_plugin.zip Plugins
 
-upx: dist/katenary-linux-amd64 dist/katenary-linux-arm64 dist/katenary-darwin-amd64
-	$(UPX) dist/katenary-linux-amd64
-	$(UPX) dist/katenary-linux-arm64
-	$(UPX) dist/katenary-darwin-amd64 --force-macos
+# UPX compression
+upx: upx-linux upx-darwin
 
-## Linux / FreeBSD packages
+upx-linux: dist/katenary-linux-amd64 dist/katenary-linux-arm64 
+	$(UPX) $^
+
+upx-darwin: dist/katenary-darwin-amd64
+	$(UPX) --force-macos $^
+
+## Linux / FreeBSD packages with fpm
 
 DESCRIPTION := $(shell cat packaging/description | sed ':a;N;$$!ba;s/\n/\\n/g')
 
@@ -321,6 +325,20 @@ check-sign:
 			exit 1; \
 		fi; \
 	done
+	@echo "=> checking in blank environment..."
+	keyid=$(shell gpg -k --with-colons $(SIGNER)| grep '^pub' | cut -d: -f5);
+	$(CTN) run --rm -it -e GPGKEY=$${keyid} -v ./dist:/opt/dist:z \
+		packaging:fedora \
+		bash -c '
+		gpg --recv-key $$GPGKEY || exit 1;
+		echo "Trusting $(SIGNER) key...";
+		echo "trusted-key 483493B2DD0845DA8F21A26DF3702E3FAD8F76DC" >> ~/.gnupg/gpg.conf;
+		gpg --update-trustdb;
+		rm -f ~/.gnupg/gpg.conf;
+		for f in /opt/dist/*.asc; do echo "==> $${f}"; gpg --verify --auto-key-retrieve $${f}; done;
+		echo "=> Listing imported keys...";
+		gpg -k
+		'
 
 dist/%.asc: dist/%
 	gpg --armor --detach-sign  --default-key $(SIGNER) $< &>/dev/null || exit 1
@@ -457,15 +475,17 @@ test:
 	$(MAKE) cover
 
 cover:
-	go tool cover -func=cover.out | grep "total:"
+	@go tool cover -func=cover.out | grep "total:"
 	go tool cover -html=cover.out -o cover.html
+
+show-cover:
+	@[ -f cover.html ] || (echo "cover.html is not present, run make test before"; exit 1)
 	if [ "$(BROWSER)" = "xdg-open" ]; then
 		xdg-open cover.html
 	else
 		$(BROWSER) -i --new-window cover.html
 	fi
 
-
 ## Miscellaneous
 
 clean-all: clean-dist clean-package-signer clean-go-cache
-- 
2.49.1


From a754dc9275dab651807578814ec7b8e53d147f92 Mon Sep 17 00:00:00 2001
From: Patrice Ferlet <metal3d@gmail.com>
Date: Tue, 15 Jul 2025 13:44:25 +0200
Subject: [PATCH 3/3] fix(make): no need to auto retrieve key now

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 8d86491..367eec9 100644
--- a/Makefile
+++ b/Makefile
@@ -335,7 +335,7 @@ check-sign:
 		echo "trusted-key 483493B2DD0845DA8F21A26DF3702E3FAD8F76DC" >> ~/.gnupg/gpg.conf;
 		gpg --update-trustdb;
 		rm -f ~/.gnupg/gpg.conf;
-		for f in /opt/dist/*.asc; do echo "==> $${f}"; gpg --verify --auto-key-retrieve $${f}; done;
+		for f in /opt/dist/*.asc; do echo "==> $${f}"; gpg --verify $${f}; done;
 		echo "=> Listing imported keys...";
 		gpg -k
 		'
-- 
2.49.1