mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-11-22 15:38:11 +00:00
ci: use NixOS in Docker
This commit is contained in:
parent
179645e3ad
commit
1d68c9b386
@ -1,14 +1,7 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
if [ "$1" = "--gcc_source" ]; then
|
IMAGE=trezor-firmware-build.nixos
|
||||||
TOOLCHAIN_FLAVOR=src
|
|
||||||
shift
|
|
||||||
else
|
|
||||||
TOOLCHAIN_FLAVOR=x86_64-linux
|
|
||||||
fi
|
|
||||||
|
|
||||||
IMAGE=trezor-firmware-build.$TOOLCHAIN_FLAVOR
|
|
||||||
|
|
||||||
TAG=${1:-master}
|
TAG=${1:-master}
|
||||||
REPOSITORY=${2:-local}
|
REPOSITORY=${2:-local}
|
||||||
@ -21,7 +14,7 @@ else
|
|||||||
REPOSITORY=https://github.com/$REPOSITORY/trezor-firmware.git
|
REPOSITORY=https://github.com/$REPOSITORY/trezor-firmware.git
|
||||||
fi
|
fi
|
||||||
|
|
||||||
docker build -t "$IMAGE" --build-arg TOOLCHAIN_FLAVOR=$TOOLCHAIN_FLAVOR ci/
|
docker build -t "$IMAGE" ci/
|
||||||
|
|
||||||
USER=$(ls -lnd . | awk '{ print $3 }')
|
USER=$(ls -lnd . | awk '{ print $3 }')
|
||||||
GROUP=$(ls -lnd . | awk '{ print $4 }')
|
GROUP=$(ls -lnd . | awk '{ print $4 }')
|
||||||
@ -43,7 +36,7 @@ for BITCOIN_ONLY in 0 1; do
|
|||||||
--env PRODUCTION="$PRODUCTION" \
|
--env PRODUCTION="$PRODUCTION" \
|
||||||
--user="$USER:$GROUP" \
|
--user="$USER:$GROUP" \
|
||||||
"$IMAGE" \
|
"$IMAGE" \
|
||||||
/bin/sh -c "\
|
/nix/var/nix/profiles/default/bin/nix-shell --run "\
|
||||||
cd /tmp && \
|
cd /tmp && \
|
||||||
git clone $REPOSITORY trezor-firmware && \
|
git clone $REPOSITORY trezor-firmware && \
|
||||||
cd trezor-firmware/core && \
|
cd trezor-firmware/core && \
|
||||||
@ -69,7 +62,7 @@ for BITCOIN_ONLY in 0 1; do
|
|||||||
--env MEMORY_PROTECT="$MEMORY_PROTECT" \
|
--env MEMORY_PROTECT="$MEMORY_PROTECT" \
|
||||||
--user="$USER:$GROUP" \
|
--user="$USER:$GROUP" \
|
||||||
"$IMAGE" \
|
"$IMAGE" \
|
||||||
/bin/sh -c "\
|
/nix/var/nix/profiles/default/bin/nix-shell --run "\
|
||||||
cd /tmp && \
|
cd /tmp && \
|
||||||
git clone $REPOSITORY trezor-firmware && \
|
git clone $REPOSITORY trezor-firmware && \
|
||||||
cd trezor-firmware/legacy && \
|
cd trezor-firmware/legacy && \
|
||||||
|
145
ci/Dockerfile
145
ci/Dockerfile
@ -1,142 +1,37 @@
|
|||||||
# initialize from the image
|
FROM nixos/nix:2.3.4
|
||||||
|
|
||||||
FROM debian:10
|
COPY shell.nix shell.nix
|
||||||
|
|
||||||
ARG TOOLCHAIN_FLAVOR=x86_64-linux
|
RUN nix-env -i -f shell.nix -A buildInputs
|
||||||
ENV TOOLCHAIN_FLAVOR=${TOOLCHAIN_FLAVOR}
|
|
||||||
|
CMD [ "nix-shell" ]
|
||||||
|
|
||||||
|
# the rest of the file only applies when docker build is called
|
||||||
|
# with the following argument: "--build-arg FULLDEPS_TESTING=1"
|
||||||
|
|
||||||
|
ENV TREZOR_MONERO_TESTS_PATH="/opt/trezor_monero_tests"
|
||||||
|
|
||||||
ARG FULLDEPS_TESTING=0
|
ARG FULLDEPS_TESTING=0
|
||||||
ENV FULLDEPS_TESTING=${FULLDEPS_TESTING}
|
ENV FULLDEPS_TESTING=${FULLDEPS_TESTING}
|
||||||
|
|
||||||
# install build tools and dependencies
|
# install other python versions for tox testing
|
||||||
|
|
||||||
RUN apt-get update && apt-get install -y \
|
|
||||||
build-essential \
|
|
||||||
check \
|
|
||||||
clang-format \
|
|
||||||
git \
|
|
||||||
graphviz \
|
|
||||||
libjpeg-dev \
|
|
||||||
libsdl2-dev \
|
|
||||||
libsdl2-image-dev \
|
|
||||||
libsodium-dev \
|
|
||||||
libssl-dev \
|
|
||||||
libudev-dev \
|
|
||||||
libusb-1.0-0-dev \
|
|
||||||
valgrind \
|
|
||||||
wget \
|
|
||||||
zlib1g-dev
|
|
||||||
|
|
||||||
# install python 3.7.3 + pip from the image
|
|
||||||
|
|
||||||
RUN apt-get install -y \
|
|
||||||
python3-dev \
|
|
||||||
python3-pip
|
|
||||||
|
|
||||||
# install other python versions from their sources
|
|
||||||
|
|
||||||
RUN if [ "${FULLDEPS_TESTING}" = "1" ]; then \
|
RUN if [ "${FULLDEPS_TESTING}" = "1" ]; then \
|
||||||
export PYTHON35VER="3.5.7" ; \
|
nix-env -iP python3-3.8.2 ; \
|
||||||
wget --no-verbose https://www.python.org/ftp/python/${PYTHON35VER}/Python-${PYTHON35VER}.tgz ; \
|
nix-env --set-flag priority 6 python3-3.8.2 ; \
|
||||||
tar zxf Python-${PYTHON35VER}.tgz ; \
|
nix-env -iP python3-3.6.10 ; \
|
||||||
cd Python-${PYTHON35VER}/ && ./configure && make && make install ; \
|
nix-env --set-flag priority 7 python3-3.6.10 ; \
|
||||||
|
nix-env -iP python3-3.5.9 ; \
|
||||||
|
nix-env --set-flag priority 8 python3-3.5.9 ; \
|
||||||
fi
|
fi
|
||||||
|
|
||||||
RUN if [ "${FULLDEPS_TESTING}" = "1" ]; then \
|
|
||||||
export PYTHON36VER="3.6.9" ; \
|
|
||||||
wget --no-verbose https://www.python.org/ftp/python/${PYTHON36VER}/Python-${PYTHON36VER}.tgz ; \
|
|
||||||
tar zxf Python-${PYTHON36VER}.tgz ; \
|
|
||||||
cd Python-${PYTHON36VER}/ && ./configure && make && make install ; \
|
|
||||||
fi
|
|
||||||
|
|
||||||
RUN if [ "${FULLDEPS_TESTING}" = "1" ]; then \
|
|
||||||
export PYTHON38VER="3.8.0" ; \
|
|
||||||
export PYTHONSUBVER="b3"; \
|
|
||||||
wget --no-verbose https://www.python.org/ftp/python/${PYTHON38VER}/Python-${PYTHON38VER}${PYTHONSUBVER}.tgz ; \
|
|
||||||
tar zxf Python-${PYTHON38VER}${PYTHONSUBVER}.tgz ; \
|
|
||||||
cd Python-${PYTHON38VER}${PYTHONSUBVER}/ && ./configure && make && make install ; \
|
|
||||||
fi
|
|
||||||
|
|
||||||
# remove symlinks to newly installed pythons
|
|
||||||
RUN cd /usr/local/bin; \
|
|
||||||
rm -f 2to3; \
|
|
||||||
rm -f python3; \
|
|
||||||
rm -f python3-config; \
|
|
||||||
rm -f pydoc3; \
|
|
||||||
rm -f pip3; \
|
|
||||||
rm -f pyvenv;
|
|
||||||
|
|
||||||
# install dependencies from toolchain source build
|
|
||||||
|
|
||||||
RUN if [ "${TOOLCHAIN_FLAVOR}" = "src" ]; then \
|
|
||||||
apt-get install -y autoconf autogen bison dejagnu \
|
|
||||||
flex flip gawk git gperf gzip nsis \
|
|
||||||
openssh-client p7zip-full perl python-dev \
|
|
||||||
libisl-dev tcl tofrodos zip \
|
|
||||||
texinfo texlive texlive-extra-utils; \
|
|
||||||
fi
|
|
||||||
|
|
||||||
# download toolchain
|
|
||||||
|
|
||||||
ENV TOOLCHAIN_LONGVER=gcc-arm-none-eabi-9-2019-q4-major
|
|
||||||
ENV TOOLCHAIN_SUBDIR="9-2019q4/RC2.1"
|
|
||||||
ENV TOOLCHAIN_URL=https://developer.arm.com/-/media/Files/downloads/gnu-rm/${TOOLCHAIN_SUBDIR}/${TOOLCHAIN_LONGVER}-${TOOLCHAIN_FLAVOR}.tar.bz2
|
|
||||||
ENV TOOLCHAIN_HASH_linux=bcd840f839d5bf49279638e9f67890b2ef3a7c9c7a9b25271e83ec4ff41d177a
|
|
||||||
ENV TOOLCHAIN_HASH_src=f162a655f222319f75862d7aba9ff8a4a86f752392e4f3c5d9ef2ee8bc13be58
|
|
||||||
|
|
||||||
# extract toolchain
|
|
||||||
|
|
||||||
RUN cd /opt && wget --no-verbose ${TOOLCHAIN_URL}
|
|
||||||
RUN cd /opt && echo "${TOOLCHAIN_HASH_linux} ${TOOLCHAIN_LONGVER}-x86_64-linux.tar.bz2\n${TOOLCHAIN_HASH_src} ${TOOLCHAIN_LONGVER}-src.tar.bz2" | sha256sum -c --ignore-missing
|
|
||||||
RUN cd /opt && tar xfj ${TOOLCHAIN_LONGVER}-${TOOLCHAIN_FLAVOR}.tar.bz2
|
|
||||||
|
|
||||||
# build toolchain (if required)
|
|
||||||
|
|
||||||
RUN if [ "${TOOLCHAIN_FLAVOR}" = "src" ]; then \
|
|
||||||
pushd /opt/${TOOLCHAIN_LONGVER} ; \
|
|
||||||
./install-sources.sh --skip_steps=mingw32 ; \
|
|
||||||
./build-prerequisites.sh --skip_steps=mingw32 ; \
|
|
||||||
./build-toolchain.sh --skip_steps=mingw32,manual ; \
|
|
||||||
popd ; \
|
|
||||||
fi
|
|
||||||
|
|
||||||
# download protobuf
|
|
||||||
|
|
||||||
ENV PROTOBUF_VERSION=3.6.1
|
|
||||||
ENV PROTOBUF_HASH=6003de742ea3fcf703cfec1cd4a3380fd143081a2eb0e559065563496af27807
|
|
||||||
RUN wget --no-verbose "https://github.com/google/protobuf/releases/download/v${PROTOBUF_VERSION}/protoc-${PROTOBUF_VERSION}-linux-x86_64.zip"
|
|
||||||
RUN echo "${PROTOBUF_HASH} protoc-${PROTOBUF_VERSION}-linux-x86_64.zip" | sha256sum -c
|
|
||||||
|
|
||||||
# setup toolchain
|
|
||||||
|
|
||||||
ENV PATH=/opt/${TOOLCHAIN_LONGVER}/bin:${PATH}
|
|
||||||
|
|
||||||
ENV LC_ALL=C.UTF-8 LANG=C.UTF-8
|
|
||||||
|
|
||||||
ENV PYTHON=python3
|
|
||||||
|
|
||||||
# use zipfile module to extract files world-readable
|
|
||||||
RUN ${PYTHON} -m zipfile -e "protoc-${PROTOBUF_VERSION}-linux-x86_64.zip" /usr/local && chmod 755 /usr/local/bin/protoc
|
|
||||||
|
|
||||||
# download monero tests binary
|
# download monero tests binary
|
||||||
|
|
||||||
ENV TREZOR_MONERO_TESTS_SHA256SUM=5b35342c79eb91265f5f427224016a52994fff32c8ea078de5d502b37d3022d6
|
|
||||||
ENV TREZOR_MONERO_TESTS_URL="https://github.com/ph4r05/monero/releases/download/v0.15.0.0-tests-u18.04-03/trezor_tests"
|
|
||||||
ENV TREZOR_MONERO_TESTS_PATH="/opt/trezor_monero_tests"
|
|
||||||
|
|
||||||
RUN if [ "${FULLDEPS_TESTING}" = "1" ]; then \
|
RUN if [ "${FULLDEPS_TESTING}" = "1" ]; then \
|
||||||
|
TREZOR_MONERO_TESTS_SHA256SUM=1e5dfdb07de4ea46088f4a5bdb0d51f040fe479019efae30f76427eee6edb3f7 ; \
|
||||||
|
TREZOR_MONERO_TESTS_URL="https://github.com/ph4r05/monero/releases/download/v0.15.0.0-tests-u18.04-03/trezor_tests" ; \
|
||||||
wget --no-verbose "${TREZOR_MONERO_TESTS_URL}" -O "${TREZOR_MONERO_TESTS_PATH}" ; \
|
wget --no-verbose "${TREZOR_MONERO_TESTS_URL}" -O "${TREZOR_MONERO_TESTS_PATH}" ; \
|
||||||
chmod +x "${TREZOR_MONERO_TESTS_PATH}" ; \
|
chmod +x "${TREZOR_MONERO_TESTS_PATH}" ; \
|
||||||
echo "${TREZOR_MONERO_TESTS_SHA256SUM} ${TREZOR_MONERO_TESTS_PATH}" | sha256sum -c ; \
|
echo "${TREZOR_MONERO_TESTS_SHA256SUM} ${TREZOR_MONERO_TESTS_PATH}" | sha256sum -c ; \
|
||||||
|
nix-shell -p patchelf --run 'patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" "${TREZOR_MONERO_TESTS_PATH}"' ; \
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# install python dependencies
|
|
||||||
|
|
||||||
ENV WORKON_HOME=/tmp/.venvs
|
|
||||||
ENV PIPENV_CACHE_DIR=/tmp/.pipenv-cache
|
|
||||||
|
|
||||||
RUN ${PYTHON} -m pip install pipenv
|
|
||||||
|
|
||||||
RUN ${PYTHON} --version
|
|
||||||
RUN ${PYTHON} -m pip --version
|
|
||||||
RUN pipenv --version
|
|
||||||
|
29
ci/shell.nix
Normal file
29
ci/shell.nix
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
# nixos-unstable from 2020-06-02
|
||||||
|
with import (builtins.fetchTarball https://github.com/NixOS/nixpkgs/archive/467ce5a9f45aaf96110b41eb863a56866e1c2c3c.tar.gz) {};
|
||||||
|
|
||||||
|
stdenv.mkDerivation {
|
||||||
|
name = "trezor-firmware-docker";
|
||||||
|
buildInputs = [
|
||||||
|
SDL2
|
||||||
|
SDL2_image
|
||||||
|
autoflake
|
||||||
|
check
|
||||||
|
clang-tools
|
||||||
|
gcc
|
||||||
|
gcc-arm-embedded
|
||||||
|
git
|
||||||
|
gnumake
|
||||||
|
graphviz
|
||||||
|
libffi
|
||||||
|
libjpeg
|
||||||
|
libressl
|
||||||
|
libusb1
|
||||||
|
pipenv
|
||||||
|
pkgconfig
|
||||||
|
protobuf3_6
|
||||||
|
valgrind
|
||||||
|
zlib
|
||||||
|
];
|
||||||
|
LD_LIBRARY_PATH = "${libffi}/lib:${libjpeg.out}/lib:${libusb1}/lib:${libressl.out}/lib";
|
||||||
|
NIX_ENFORCE_PURITY = 0;
|
||||||
|
}
|
@ -1,4 +1,5 @@
|
|||||||
with import <nixpkgs> {};
|
# nixos-unstable from 2020-06-02
|
||||||
|
with import (builtins.fetchTarball https://github.com/NixOS/nixpkgs/archive/467ce5a9f45aaf96110b41eb863a56866e1c2c3c.tar.gz) {};
|
||||||
|
|
||||||
stdenv.mkDerivation {
|
stdenv.mkDerivation {
|
||||||
name = "trezor-firmware-dev";
|
name = "trezor-firmware-dev";
|
||||||
@ -9,6 +10,7 @@ stdenv.mkDerivation {
|
|||||||
check
|
check
|
||||||
clang-tools
|
clang-tools
|
||||||
gcc
|
gcc
|
||||||
|
gcc-arm-embedded
|
||||||
git
|
git
|
||||||
gnumake
|
gnumake
|
||||||
graphviz
|
graphviz
|
||||||
@ -21,8 +23,6 @@ stdenv.mkDerivation {
|
|||||||
protobuf3_6
|
protobuf3_6
|
||||||
valgrind
|
valgrind
|
||||||
zlib
|
zlib
|
||||||
] ++ stdenv.lib.optionals (!stdenv.isDarwin) [
|
|
||||||
gcc-arm-embedded
|
|
||||||
] ++ stdenv.lib.optionals (stdenv.isDarwin) [
|
] ++ stdenv.lib.optionals (stdenv.isDarwin) [
|
||||||
darwin.apple_sdk.frameworks.CoreAudio
|
darwin.apple_sdk.frameworks.CoreAudio
|
||||||
darwin.apple_sdk.frameworks.AudioToolbox
|
darwin.apple_sdk.frameworks.AudioToolbox
|
||||||
|
Loading…
Reference in New Issue
Block a user