2019-09-12 13:42:04 +00:00
|
|
|
#!/usr/bin/env bash
|
2020-11-11 15:53:42 +00:00
|
|
|
set -e -o pipefail
|
2019-09-08 15:16:53 +00:00
|
|
|
|
2020-11-11 15:53:42 +00:00
|
|
|
cd "$(dirname "${BASH_SOURCE[0]}")"
|
|
|
|
|
2021-02-22 16:15:27 +00:00
|
|
|
if [ -z "$ALPINE_ARCH" ]; then
|
|
|
|
arch="$(uname -m)"
|
|
|
|
case "$arch" in
|
|
|
|
aarch64|arm64)
|
|
|
|
ALPINE_ARCH="aarch64"
|
|
|
|
;;
|
|
|
|
x86_64)
|
|
|
|
ALPINE_ARCH="x86_64"
|
|
|
|
;;
|
|
|
|
*)
|
|
|
|
echo "Unsupported arch"
|
|
|
|
exit
|
|
|
|
esac
|
|
|
|
fi
|
|
|
|
|
2021-07-20 09:07:03 +00:00
|
|
|
if [ -z "$ALPINE_CHECKSUM" ]; then
|
|
|
|
case "$ALPINE_ARCH" in
|
|
|
|
aarch64)
|
2021-12-07 16:13:02 +00:00
|
|
|
ALPINE_CHECKSUM="1be50ae27c8463d005c4de16558d239e11a88ac6b2f8721c47e660fbeead69bf"
|
2021-07-20 09:07:03 +00:00
|
|
|
;;
|
|
|
|
x86_64)
|
2021-12-07 16:13:02 +00:00
|
|
|
ALPINE_CHECKSUM="ec7ec80a96500f13c189a6125f2dbe8600ef593b87fc4670fe959dc02db727a2"
|
2021-07-20 09:07:03 +00:00
|
|
|
;;
|
|
|
|
*)
|
|
|
|
exit
|
|
|
|
esac
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
2020-11-11 15:53:42 +00:00
|
|
|
CONTAINER_NAME=${CONTAINER_NAME:-trezor-firmware-env.nix}
|
2021-07-20 09:07:03 +00:00
|
|
|
ALPINE_CDN=${ALPINE_CDN:-https://dl-cdn.alpinelinux.org/alpine}
|
2021-12-07 16:13:02 +00:00
|
|
|
ALPINE_RELEASE=${ALPINE_RELEASE:-3.15}
|
|
|
|
ALPINE_VERSION=${ALPINE_VERSION:-3.15.0}
|
2021-02-22 16:15:27 +00:00
|
|
|
ALPINE_TARBALL=${ALPINE_FILE:-alpine-minirootfs-$ALPINE_VERSION-$ALPINE_ARCH.tar.gz}
|
2021-12-07 16:13:02 +00:00
|
|
|
NIX_VERSION=${NIX_VERSION:-2.4}
|
2021-02-22 16:15:27 +00:00
|
|
|
CONTAINER_FS_URL=${CONTAINER_FS_URL:-"$ALPINE_CDN/v$ALPINE_RELEASE/releases/$ALPINE_ARCH/$ALPINE_TARBALL"}
|
2019-09-08 15:16:53 +00:00
|
|
|
|
2021-04-29 15:11:34 +00:00
|
|
|
VARIANTS_core=(0 1)
|
|
|
|
VARIANTS_legacy=(0 1)
|
|
|
|
|
|
|
|
if [ "$1" == "--skip-core" ]; then
|
|
|
|
VARIANTS_core=()
|
|
|
|
shift
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$1" == "--skip-legacy" ]; then
|
|
|
|
VARIANTS_legacy=()
|
|
|
|
shift
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$1" == "--skip-bitcoinonly" ]; then
|
|
|
|
VARIANTS_core=(0)
|
|
|
|
VARIANTS_legacy=(0)
|
|
|
|
shift
|
|
|
|
fi
|
|
|
|
|
2019-09-08 15:16:53 +00:00
|
|
|
TAG=${1:-master}
|
2020-11-11 15:53:42 +00:00
|
|
|
REPOSITORY=${2:-/local}
|
2019-09-08 15:16:53 +00:00
|
|
|
PRODUCTION=${PRODUCTION:-1}
|
|
|
|
|
2021-02-22 16:15:27 +00:00
|
|
|
|
|
|
|
if which wget > /dev/null ; then
|
|
|
|
wget --no-config -nc -P ci/ "$CONTAINER_FS_URL"
|
|
|
|
else
|
|
|
|
if ! [ -f "ci/$ALPINE_TARBALL" ]; then
|
|
|
|
curl -L -o "ci/$ALPINE_TARBALL" "$CONTAINER_FS_URL"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2021-07-20 09:07:03 +00:00
|
|
|
# check alpine checksum
|
2021-07-20 15:29:16 +00:00
|
|
|
if command -v sha256sum &> /dev/null ; then
|
|
|
|
echo "${ALPINE_CHECKSUM} ci/${ALPINE_TARBALL}" | sha256sum -c
|
|
|
|
else
|
|
|
|
echo "${ALPINE_CHECKSUM} ci/${ALPINE_TARBALL}" | shasum -a 256 -c
|
|
|
|
fi
|
2021-07-20 09:07:03 +00:00
|
|
|
|
2022-01-09 09:16:34 +00:00
|
|
|
echo
|
|
|
|
echo ">>> DOCKER BUILD ALPINE_VERSION=$ALPINE_VERSION ALPINE_ARCH=$ALPINE_ARCH NIX_VERSION=$NIX_VERSION -t $CONTAINER_NAME"
|
|
|
|
echo
|
|
|
|
|
2021-07-06 10:47:51 +00:00
|
|
|
docker build --build-arg ALPINE_VERSION="$ALPINE_VERSION" --build-arg ALPINE_ARCH="$ALPINE_ARCH" --build-arg NIX_VERSION="$NIX_VERSION" -t "$CONTAINER_NAME" ci/
|
2019-09-08 15:16:53 +00:00
|
|
|
|
2020-11-11 15:53:42 +00:00
|
|
|
# stat under macOS has slightly different cli interface
|
|
|
|
USER=$(stat -c "%u" . 2>/dev/null || stat -f "%u" .)
|
|
|
|
GROUP=$(stat -c "%g" . 2>/dev/null || stat -f "%g" .)
|
|
|
|
|
|
|
|
mkdir -p build/core build/legacy
|
|
|
|
mkdir -p build/core-bitcoinonly build/legacy-bitcoinonly
|
2019-09-08 15:16:53 +00:00
|
|
|
|
2020-11-11 15:53:42 +00:00
|
|
|
DIR=$(pwd)
|
2019-09-08 15:16:53 +00:00
|
|
|
|
|
|
|
# build core
|
|
|
|
|
2021-04-29 15:11:34 +00:00
|
|
|
for BITCOIN_ONLY in ${VARIANTS_core[@]}; do
|
2019-09-08 15:16:53 +00:00
|
|
|
|
|
|
|
DIRSUFFIX=${BITCOIN_ONLY/1/-bitcoinonly}
|
|
|
|
DIRSUFFIX=${DIRSUFFIX/0/}
|
|
|
|
|
2020-11-11 15:53:42 +00:00
|
|
|
SCRIPT_NAME=".build_core_$BITCOIN_ONLY.sh"
|
|
|
|
cat <<EOF > "build/$SCRIPT_NAME"
|
|
|
|
# DO NOT MODIFY!
|
|
|
|
# this file was generated by ${BASH_SOURCE[0]}
|
|
|
|
# variant: core build BITCOIN_ONLY=$BITCOIN_ONLY
|
|
|
|
set -e -o pipefail
|
|
|
|
cd /tmp
|
|
|
|
git clone "$REPOSITORY" trezor-firmware
|
|
|
|
cd trezor-firmware/core
|
|
|
|
ln -s /build build
|
|
|
|
git checkout "$TAG"
|
|
|
|
git submodule update --init --recursive
|
|
|
|
poetry install
|
|
|
|
poetry run make clean vendor build_firmware
|
|
|
|
poetry run ../python/tools/firmware-fingerprint.py \
|
|
|
|
-o build/firmware/firmware.bin.fingerprint \
|
|
|
|
build/firmware/firmware.bin
|
|
|
|
chown -R $USER:$GROUP /build
|
|
|
|
EOF
|
|
|
|
|
2022-01-09 09:16:34 +00:00
|
|
|
echo
|
|
|
|
echo ">>> DOCKER RUN core BITCOIN_ONLY=$BITCOIN_ONLY PRODUCTION=$PRODUCTION"
|
|
|
|
echo
|
|
|
|
|
2021-01-22 15:55:27 +00:00
|
|
|
docker run -it --rm \
|
2020-11-11 15:53:42 +00:00
|
|
|
-v "$DIR:/local" \
|
|
|
|
-v "$DIR/build/core$DIRSUFFIX":/build:z \
|
2019-09-08 15:16:53 +00:00
|
|
|
--env BITCOIN_ONLY="$BITCOIN_ONLY" \
|
|
|
|
--env PRODUCTION="$PRODUCTION" \
|
2020-11-11 15:53:42 +00:00
|
|
|
--init \
|
2020-06-07 12:11:03 +00:00
|
|
|
"$CONTAINER_NAME" \
|
2020-11-11 15:53:42 +00:00
|
|
|
/nix/var/nix/profiles/default/bin/nix-shell --run "bash /local/build/$SCRIPT_NAME"
|
2019-09-08 15:16:53 +00:00
|
|
|
done
|
|
|
|
|
|
|
|
# build legacy
|
|
|
|
|
2021-04-29 15:11:34 +00:00
|
|
|
for BITCOIN_ONLY in ${VARIANTS_legacy[@]}; do
|
2019-09-08 15:16:53 +00:00
|
|
|
|
|
|
|
DIRSUFFIX=${BITCOIN_ONLY/1/-bitcoinonly}
|
|
|
|
DIRSUFFIX=${DIRSUFFIX/0/}
|
|
|
|
|
2020-11-11 15:53:42 +00:00
|
|
|
SCRIPT_NAME=".build_legacy_$BITCOIN_ONLY.sh"
|
|
|
|
cat <<EOF > "build/$SCRIPT_NAME"
|
|
|
|
# DO NOT MODIFY!
|
|
|
|
# this file was generated by ${BASH_SOURCE[0]}
|
|
|
|
# variant: legacy build BITCOIN_ONLY=$BITCOIN_ONLY
|
|
|
|
set -e -o pipefail
|
|
|
|
cd /tmp
|
|
|
|
git clone "$REPOSITORY" trezor-firmware
|
|
|
|
cd trezor-firmware/legacy
|
|
|
|
ln -s /build build
|
|
|
|
git checkout "$TAG"
|
|
|
|
git submodule update --init --recursive
|
|
|
|
poetry install
|
|
|
|
poetry run script/cibuild
|
2021-04-20 19:36:48 +00:00
|
|
|
mkdir -p build/bootloader build/firmware build/intermediate_fw
|
|
|
|
cp bootloader/bootloader.bin build/bootloader/bootloader.bin
|
|
|
|
cp intermediate_fw/trezor.bin build/intermediate_fw/inter.bin
|
2020-11-11 15:53:42 +00:00
|
|
|
cp firmware/trezor.bin build/firmware/firmware.bin
|
|
|
|
cp firmware/trezor.elf build/firmware/firmware.elf
|
|
|
|
poetry run ../python/tools/firmware-fingerprint.py \
|
|
|
|
-o build/firmware/firmware.bin.fingerprint \
|
|
|
|
build/firmware/firmware.bin
|
|
|
|
chown -R $USER:$GROUP /build
|
|
|
|
EOF
|
|
|
|
|
2022-01-09 09:16:34 +00:00
|
|
|
echo
|
|
|
|
echo ">>> DOCKER RUN legacy BITCOIN_ONLY=$BITCOIN_ONLY PRODUCTION=$PRODUCTION"
|
|
|
|
echo
|
|
|
|
|
2021-01-22 15:55:27 +00:00
|
|
|
docker run -it --rm \
|
2020-11-11 15:53:42 +00:00
|
|
|
-v "$DIR:/local" \
|
|
|
|
-v "$DIR/build/legacy$DIRSUFFIX":/build:z \
|
2019-09-08 15:16:53 +00:00
|
|
|
--env BITCOIN_ONLY="$BITCOIN_ONLY" \
|
2021-12-12 14:45:10 +00:00
|
|
|
--env PRODUCTION="$PRODUCTION" \
|
2020-11-11 15:53:42 +00:00
|
|
|
--init \
|
2020-06-07 12:11:03 +00:00
|
|
|
"$CONTAINER_NAME" \
|
2020-11-11 15:53:42 +00:00
|
|
|
/nix/var/nix/profiles/default/bin/nix-shell --run "bash /local/build/$SCRIPT_NAME"
|
2019-09-08 15:16:53 +00:00
|
|
|
|
|
|
|
done
|
2020-08-21 12:09:21 +00:00
|
|
|
|
|
|
|
# all built, show fingerprints
|
|
|
|
|
|
|
|
echo "Fingerprints:"
|
|
|
|
for VARIANT in core legacy; do
|
2021-04-29 15:11:34 +00:00
|
|
|
|
|
|
|
VARIANTS="VARIANTS_$VARIANT[@]"
|
|
|
|
|
|
|
|
for BITCOIN_ONLY in ${!VARIANTS}; do
|
2020-08-21 12:09:21 +00:00
|
|
|
|
|
|
|
DIRSUFFIX=${BITCOIN_ONLY/1/-bitcoinonly}
|
|
|
|
DIRSUFFIX=${DIRSUFFIX/0/}
|
|
|
|
|
|
|
|
FWPATH=build/${VARIANT}${DIRSUFFIX}/firmware/firmware.bin
|
|
|
|
FINGERPRINT=$(tr -d '\n' < $FWPATH.fingerprint)
|
|
|
|
echo "$FINGERPRINT $FWPATH"
|
|
|
|
done
|
|
|
|
done
|