build-docker.sh: print fw fingerprints after build (#1209)

build-docker.sh

@@ -45,6 +45,9 @@ for BITCOIN_ONLY in 0 1; do
       git submodule update --init --recursive && \
       pipenv install && \
       pipenv run make clean vendor build_firmware && \
+      pipenv run ../python/tools/firmware-fingerprint.py \
+          -o build/firmware/firmware.bin.fingerprint \
+          build/firmware/firmware.bin && \
       chown -R $USER:$GROUP /build"
 
 done
@@ -74,6 +77,24 @@ for BITCOIN_ONLY in 0 1; do
       mkdir -p build/firmware && \
       cp firmware/trezor.bin build/firmware/firmware.bin && \
       cp firmware/trezor.elf build/firmware/firmware.elf && \
+      pipenv run ../python/tools/firmware-fingerprint.py \
+          -o build/firmware/firmware.bin.fingerprint \
+          build/firmware/firmware.bin && \
       chown -R $USER:$GROUP /build"
 
 done
+
+# all built, show fingerprints
+
+echo "Fingerprints:"
+for VARIANT in core legacy; do
+  for BITCOIN_ONLY in 0 1; do
+
+    DIRSUFFIX=${BITCOIN_ONLY/1/-bitcoinonly}
+    DIRSUFFIX=${DIRSUFFIX/0/}
+
+    FWPATH=build/${VARIANT}${DIRSUFFIX}/firmware/firmware.bin
+    FINGERPRINT=$(tr -d '\n' < $FWPATH.fingerprint)
+    echo "$FINGERPRINT $FWPATH"
+  done
+done

python/tools/firmware-fingerprint.py

@@ -0,0 +1,27 @@
+#!/usr/bin/env python3
+
+import sys
+import click
+
+from trezorlib import firmware
+
+
+@click.command()
+@click.argument("filename", type=click.File("rb"))
+@click.option("-o", "--output", type=click.File("w"), default="-")
+def firmware_fingerprint(filename, output):
+    """Display fingerprint of a firmware file."""
+    data = filename.read()
+
+    try:
+        version, fw = firmware.parse(data)
+    except Exception as e:
+        click.echo(e, err=True)
+        sys.exit(2)
+
+    fingerprint = firmware.digest(version, fw).hex()
+    click.echo(fingerprint, file=output)
+
+
+if __name__ == "__main__":
+    firmware_fingerprint()