1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-23 23:08:14 +00:00

ci: use NixOS in Docker

This commit is contained in:
Pavol Rusnak 2020-05-03 19:00:57 +02:00
parent 179645e3ad
commit 1d68c9b386
4 changed files with 56 additions and 139 deletions

View File

@ -1,14 +1,7 @@
#!/usr/bin/env bash
set -e
if [ "$1" = "--gcc_source" ]; then
TOOLCHAIN_FLAVOR=src
shift
else
TOOLCHAIN_FLAVOR=x86_64-linux
fi
IMAGE=trezor-firmware-build.$TOOLCHAIN_FLAVOR
IMAGE=trezor-firmware-build.nixos
TAG=${1:-master}
REPOSITORY=${2:-local}
@ -21,7 +14,7 @@ else
REPOSITORY=https://github.com/$REPOSITORY/trezor-firmware.git
fi
docker build -t "$IMAGE" --build-arg TOOLCHAIN_FLAVOR=$TOOLCHAIN_FLAVOR ci/
docker build -t "$IMAGE" ci/
USER=$(ls -lnd . | awk '{ print $3 }')
GROUP=$(ls -lnd . | awk '{ print $4 }')
@ -43,7 +36,7 @@ for BITCOIN_ONLY in 0 1; do
--env PRODUCTION="$PRODUCTION" \
--user="$USER:$GROUP" \
"$IMAGE" \
/bin/sh -c "\
/nix/var/nix/profiles/default/bin/nix-shell --run "\
cd /tmp && \
git clone $REPOSITORY trezor-firmware && \
cd trezor-firmware/core && \
@ -69,7 +62,7 @@ for BITCOIN_ONLY in 0 1; do
--env MEMORY_PROTECT="$MEMORY_PROTECT" \
--user="$USER:$GROUP" \
"$IMAGE" \
/bin/sh -c "\
/nix/var/nix/profiles/default/bin/nix-shell --run "\
cd /tmp && \
git clone $REPOSITORY trezor-firmware && \
cd trezor-firmware/legacy && \

View File

@ -1,142 +1,37 @@
# initialize from the image
FROM nixos/nix:2.3.4
FROM debian:10
COPY shell.nix shell.nix
ARG TOOLCHAIN_FLAVOR=x86_64-linux
ENV TOOLCHAIN_FLAVOR=${TOOLCHAIN_FLAVOR}
RUN nix-env -i -f shell.nix -A buildInputs
CMD [ "nix-shell" ]
# the rest of the file only applies when docker build is called
# with the following argument: "--build-arg FULLDEPS_TESTING=1"
ENV TREZOR_MONERO_TESTS_PATH="/opt/trezor_monero_tests"
ARG FULLDEPS_TESTING=0
ENV FULLDEPS_TESTING=${FULLDEPS_TESTING}
# install build tools and dependencies
RUN apt-get update && apt-get install -y \
build-essential \
check \
clang-format \
git \
graphviz \
libjpeg-dev \
libsdl2-dev \
libsdl2-image-dev \
libsodium-dev \
libssl-dev \
libudev-dev \
libusb-1.0-0-dev \
valgrind \
wget \
zlib1g-dev
# install python 3.7.3 + pip from the image
RUN apt-get install -y \
python3-dev \
python3-pip
# install other python versions from their sources
# install other python versions for tox testing
RUN if [ "${FULLDEPS_TESTING}" = "1" ]; then \
export PYTHON35VER="3.5.7" ; \
wget --no-verbose https://www.python.org/ftp/python/${PYTHON35VER}/Python-${PYTHON35VER}.tgz ; \
tar zxf Python-${PYTHON35VER}.tgz ; \
cd Python-${PYTHON35VER}/ && ./configure && make && make install ; \
nix-env -iP python3-3.8.2 ; \
nix-env --set-flag priority 6 python3-3.8.2 ; \
nix-env -iP python3-3.6.10 ; \
nix-env --set-flag priority 7 python3-3.6.10 ; \
nix-env -iP python3-3.5.9 ; \
nix-env --set-flag priority 8 python3-3.5.9 ; \
fi
RUN if [ "${FULLDEPS_TESTING}" = "1" ]; then \
export PYTHON36VER="3.6.9" ; \
wget --no-verbose https://www.python.org/ftp/python/${PYTHON36VER}/Python-${PYTHON36VER}.tgz ; \
tar zxf Python-${PYTHON36VER}.tgz ; \
cd Python-${PYTHON36VER}/ && ./configure && make && make install ; \
fi
RUN if [ "${FULLDEPS_TESTING}" = "1" ]; then \
export PYTHON38VER="3.8.0" ; \
export PYTHONSUBVER="b3"; \
wget --no-verbose https://www.python.org/ftp/python/${PYTHON38VER}/Python-${PYTHON38VER}${PYTHONSUBVER}.tgz ; \
tar zxf Python-${PYTHON38VER}${PYTHONSUBVER}.tgz ; \
cd Python-${PYTHON38VER}${PYTHONSUBVER}/ && ./configure && make && make install ; \
fi
# remove symlinks to newly installed pythons
RUN cd /usr/local/bin; \
rm -f 2to3; \
rm -f python3; \
rm -f python3-config; \
rm -f pydoc3; \
rm -f pip3; \
rm -f pyvenv;
# install dependencies from toolchain source build
RUN if [ "${TOOLCHAIN_FLAVOR}" = "src" ]; then \
apt-get install -y autoconf autogen bison dejagnu \
flex flip gawk git gperf gzip nsis \
openssh-client p7zip-full perl python-dev \
libisl-dev tcl tofrodos zip \
texinfo texlive texlive-extra-utils; \
fi
# download toolchain
ENV TOOLCHAIN_LONGVER=gcc-arm-none-eabi-9-2019-q4-major
ENV TOOLCHAIN_SUBDIR="9-2019q4/RC2.1"
ENV TOOLCHAIN_URL=https://developer.arm.com/-/media/Files/downloads/gnu-rm/${TOOLCHAIN_SUBDIR}/${TOOLCHAIN_LONGVER}-${TOOLCHAIN_FLAVOR}.tar.bz2
ENV TOOLCHAIN_HASH_linux=bcd840f839d5bf49279638e9f67890b2ef3a7c9c7a9b25271e83ec4ff41d177a
ENV TOOLCHAIN_HASH_src=f162a655f222319f75862d7aba9ff8a4a86f752392e4f3c5d9ef2ee8bc13be58
# extract toolchain
RUN cd /opt && wget --no-verbose ${TOOLCHAIN_URL}
RUN cd /opt && echo "${TOOLCHAIN_HASH_linux} ${TOOLCHAIN_LONGVER}-x86_64-linux.tar.bz2\n${TOOLCHAIN_HASH_src} ${TOOLCHAIN_LONGVER}-src.tar.bz2" | sha256sum -c --ignore-missing
RUN cd /opt && tar xfj ${TOOLCHAIN_LONGVER}-${TOOLCHAIN_FLAVOR}.tar.bz2
# build toolchain (if required)
RUN if [ "${TOOLCHAIN_FLAVOR}" = "src" ]; then \
pushd /opt/${TOOLCHAIN_LONGVER} ; \
./install-sources.sh --skip_steps=mingw32 ; \
./build-prerequisites.sh --skip_steps=mingw32 ; \
./build-toolchain.sh --skip_steps=mingw32,manual ; \
popd ; \
fi
# download protobuf
ENV PROTOBUF_VERSION=3.6.1
ENV PROTOBUF_HASH=6003de742ea3fcf703cfec1cd4a3380fd143081a2eb0e559065563496af27807
RUN wget --no-verbose "https://github.com/google/protobuf/releases/download/v${PROTOBUF_VERSION}/protoc-${PROTOBUF_VERSION}-linux-x86_64.zip"
RUN echo "${PROTOBUF_HASH} protoc-${PROTOBUF_VERSION}-linux-x86_64.zip" | sha256sum -c
# setup toolchain
ENV PATH=/opt/${TOOLCHAIN_LONGVER}/bin:${PATH}
ENV LC_ALL=C.UTF-8 LANG=C.UTF-8
ENV PYTHON=python3
# use zipfile module to extract files world-readable
RUN ${PYTHON} -m zipfile -e "protoc-${PROTOBUF_VERSION}-linux-x86_64.zip" /usr/local && chmod 755 /usr/local/bin/protoc
# download monero tests binary
ENV TREZOR_MONERO_TESTS_SHA256SUM=5b35342c79eb91265f5f427224016a52994fff32c8ea078de5d502b37d3022d6
ENV TREZOR_MONERO_TESTS_URL="https://github.com/ph4r05/monero/releases/download/v0.15.0.0-tests-u18.04-03/trezor_tests"
ENV TREZOR_MONERO_TESTS_PATH="/opt/trezor_monero_tests"
RUN if [ "${FULLDEPS_TESTING}" = "1" ]; then \
TREZOR_MONERO_TESTS_SHA256SUM=1e5dfdb07de4ea46088f4a5bdb0d51f040fe479019efae30f76427eee6edb3f7 ; \
TREZOR_MONERO_TESTS_URL="https://github.com/ph4r05/monero/releases/download/v0.15.0.0-tests-u18.04-03/trezor_tests" ; \
wget --no-verbose "${TREZOR_MONERO_TESTS_URL}" -O "${TREZOR_MONERO_TESTS_PATH}" ; \
chmod +x "${TREZOR_MONERO_TESTS_PATH}" ; \
echo "${TREZOR_MONERO_TESTS_SHA256SUM} ${TREZOR_MONERO_TESTS_PATH}" | sha256sum -c ; \
nix-shell -p patchelf --run 'patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" "${TREZOR_MONERO_TESTS_PATH}"' ; \
fi
# install python dependencies
ENV WORKON_HOME=/tmp/.venvs
ENV PIPENV_CACHE_DIR=/tmp/.pipenv-cache
RUN ${PYTHON} -m pip install pipenv
RUN ${PYTHON} --version
RUN ${PYTHON} -m pip --version
RUN pipenv --version

29
ci/shell.nix Normal file
View File

@ -0,0 +1,29 @@
# nixos-unstable from 2020-06-02
with import (builtins.fetchTarball https://github.com/NixOS/nixpkgs/archive/467ce5a9f45aaf96110b41eb863a56866e1c2c3c.tar.gz) {};
stdenv.mkDerivation {
name = "trezor-firmware-docker";
buildInputs = [
SDL2
SDL2_image
autoflake
check
clang-tools
gcc
gcc-arm-embedded
git
gnumake
graphviz
libffi
libjpeg
libressl
libusb1
pipenv
pkgconfig
protobuf3_6
valgrind
zlib
];
LD_LIBRARY_PATH = "${libffi}/lib:${libjpeg.out}/lib:${libusb1}/lib:${libressl.out}/lib";
NIX_ENFORCE_PURITY = 0;
}

View File

@ -1,4 +1,5 @@
with import <nixpkgs> {};
# nixos-unstable from 2020-06-02
with import (builtins.fetchTarball https://github.com/NixOS/nixpkgs/archive/467ce5a9f45aaf96110b41eb863a56866e1c2c3c.tar.gz) {};
stdenv.mkDerivation {
name = "trezor-firmware-dev";
@ -9,6 +10,7 @@ stdenv.mkDerivation {
check
clang-tools
gcc
gcc-arm-embedded
git
gnumake
graphviz
@ -21,8 +23,6 @@ stdenv.mkDerivation {
protobuf3_6
valgrind
zlib
] ++ stdenv.lib.optionals (!stdenv.isDarwin) [
gcc-arm-embedded
] ++ stdenv.lib.optionals (stdenv.isDarwin) [
darwin.apple_sdk.frameworks.CoreAudio
darwin.apple_sdk.frameworks.AudioToolbox