diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000000..6f5b532c44 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,100 @@ +variables: + GIT_SUBMODULE_STRATEGY: "recursive" + +stages: + - environment + - build + - test + +environment: + stage: environment + image: docker:latest + variables: + CONTAINER_NAME: "$CI_REGISTRY/trezor/trezor-firmware/environment" + services: + - docker:dind + before_script: + - docker login $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD + when: manual + script: + - docker pull $CONTAINER_NAME:latest || true + - docker build --cache-from $CONTAINER_NAME:latest --tag $CONTAINER_NAME:$CI_COMMIT_SHA --tag $CONTAINER_NAME:latest . + - docker push $CONTAINER_NAME:$CI_COMMIT_SHA + - docker push $CONTAINER_NAME:latest + +image: registry.corp.sldev.cz/trezor/trezor-firmware/environment + +before_script: + - pipenv install + +build core firmware: + stage: build + script: + - cd core + - pipenv run make build_cross + - pipenv run make build_boardloader + - pipenv run make build_bootloader + - pipenv run make build_prodtest + - pipenv run make build_firmware + # - test "$TREZOR_MODEL" = "1" || pipenv run make sizecheck + artifacts: + paths: + - core/build/firmware/firmware.bin + - core/build/bootloader/bootloader.bin + - core/build/boardloader/boardloader.bin + expire_in: 1 week + +build core unix: + stage: build + script: + - cd core + - pipenv run make build_unix_noui + +test style: + stage: test + script: + - pipenv run make style_check + - cd core && pipenv run make templates_check # TODO + +test core unix unit: + stage: test + script: + - cd core + - pipenv run make build_unix_noui + - pipenv run make test + +test core unix device: + stage: test + script: + - cd core + - pipenv run make build_unix_noui + - pipenv run make test_emu + +test core unix monero: + stage: test + script: + - cd core + - pipenv run make build_unix_noui + - pipenv run make test_emu_monero + +test common: + stage: test + script: + - cd common + - pipenv run jsonlint defs/*.json + - pipenv run jsonlint defs/*/*.json + - pipenv run python tools/cointool.py check + - pipenv run python tools/support.py check --ignore-missing + - pipenv run python protob/check.py + - pipenv run python protob/graph.py protob/*.proto # TODO: artifacts? + +test crypto: + stage: test + script: + - cd crypto + - pipenv run make + - ./tests/aestst + - ./tests/test_check + - CK_TIMEOUT_MULTIPLIER=20 valgrind -q --error-exitcode=1 ./tests/test_check + - ./tests/test_openssl 1000 + - ITERS=10 pipenv run pytest tests/ # TODO are ITERS=10 propagated? diff --git a/core/Dockerfile b/Dockerfile similarity index 84% rename from core/Dockerfile rename to Dockerfile index 3f5aa1c863..f416150c22 100644 --- a/core/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # initialize from the image -FROM debian:9 +FROM python ARG TOOLCHAIN_FLAVOR=linux ENV TOOLCHAIN_FLAVOR=$TOOLCHAIN_FLAVOR @@ -8,7 +8,10 @@ ENV TOOLCHAIN_FLAVOR=$TOOLCHAIN_FLAVOR # install build tools and dependencies RUN apt-get update && apt-get install -y \ - build-essential wget git python3-pip + build-essential wget git libsodium-dev graphviz \ + valgrind check libssl-dev libusb-1.0-0-dev libudev-dev + +# TODO are all apt packages actually needed? # install dependencies from toolchain source build @@ -57,13 +60,17 @@ RUN echo "${PROTOBUF_HASH} protoc-${PROTOBUF_VERSION}-linux-x86_64.zip" | sha256 ENV PATH=/opt/$TOOLCHAIN_LONGVER/bin:$PATH -ENV PYTHON=python3 ENV LC_ALL=C.UTF-8 LANG=C.UTF-8 -RUN ln -s /usr/bin/python3 /usr/bin/python # use zipfile module to extract files world-readable -RUN $PYTHON -m zipfile -e "protoc-${PROTOBUF_VERSION}-linux-x86_64.zip" /usr/local && chmod 755 /usr/local/bin/protoc +RUN python -m zipfile -e "protoc-${PROTOBUF_VERSION}-linux-x86_64.zip" /usr/local && chmod 755 /usr/local/bin/protoc + +#ENV WORKON_HOME=/tmp/.venvs # install python dependencies -RUN $PYTHON -m pip install scons trezor +RUN pip install pipenv + +RUN python --version +RUN pip --version +RUN pipenv --version diff --git a/Pipfile b/Pipfile index ff26d37038..0147386fd3 100644 --- a/Pipfile +++ b/Pipfile @@ -4,31 +4,45 @@ name = "pypi" verify_ssl = true [packages] -trezor = {git = "https://github.com/trezor/python-trezor", editable = true, ref = "master"} +# all +trezor = {editable = true, path = "./python"} +scons = "*" protobuf = "==3.4.0" - -# python-trezor tests +pyblake2 = "*" +## tests pytest = "*" mock = "*" - -# make style +## style isort = "*" flake8 = "*" black = "*" +mako = ">=1.0.7" +munch = ">=2.3.2" -# trezor-common cointool +# common +demjson = "*" +graphviz = "*" # TODO this was '8' do we need that? +## cointool click = ">=6" "ed25519" = ">=1.4" requests = ">=2.19" -munch = ">=2.3.2" termcolor = ">=0.1.2" Pillow = ">=5.2.0" -Mako = ">=1.0.7" -# monero +# crypto +ecdsa = "*" +curve25519-donna = "*" +pyasn1 = "*" + +# core +## monero monero_agent = {version = ">=2.0.1", extras = ["tcry", "dev"]} py_trezor_crypto_ph4 = {version = ">=0.1.1"} +# legacy +setuptools = ">=24.2.0" +typing = "*" + [dev-packages] scan-build = "*" diff --git a/Pipfile.lock b/Pipfile.lock index fff4d0e178..c54a1be0a7 100644 --- a/Pipfile.lock +++ b/Pipfile.lock @@ -1,7 +1,7 @@ { "_meta": { "hash": { - "sha256": "f3c2800ccd4e8ec7e07444b9bc81ce5c5f426ce15dcd6d55729ff81e7214525d" + "sha256": "4dd20b0598ed7b7cde01121a5c79aa21d756f6ca98d5a0aca1db8f57c673303c" }, "pipfile-spec": 6, "requires": {}, @@ -79,36 +79,36 @@ }, "cffi": { "hashes": [ - "sha256:00b97afa72c233495560a0793cdc86c2571721b4271c0667addc83c417f3d90f", - "sha256:0ba1b0c90f2124459f6966a10c03794082a2f3985cd699d7d63c4a8dae113e11", - "sha256:0bffb69da295a4fc3349f2ec7cbe16b8ba057b0a593a92cbe8396e535244ee9d", - "sha256:21469a2b1082088d11ccd79dd84157ba42d940064abbfa59cf5f024c19cf4891", - "sha256:2e4812f7fa984bf1ab253a40f1f4391b604f7fc424a3e21f7de542a7f8f7aedf", - "sha256:2eac2cdd07b9049dd4e68449b90d3ef1adc7c759463af5beb53a84f1db62e36c", - "sha256:2f9089979d7456c74d21303c7851f158833d48fb265876923edcb2d0194104ed", - "sha256:3dd13feff00bddb0bd2d650cdb7338f815c1789a91a6f68fdc00e5c5ed40329b", - "sha256:4065c32b52f4b142f417af6f33a5024edc1336aa845b9d5a8d86071f6fcaac5a", - "sha256:51a4ba1256e9003a3acf508e3b4f4661bebd015b8180cc31849da222426ef585", - "sha256:59888faac06403767c0cf8cfb3f4a777b2939b1fbd9f729299b5384f097f05ea", - "sha256:59c87886640574d8b14910840327f5cd15954e26ed0bbd4e7cef95fa5aef218f", - "sha256:610fc7d6db6c56a244c2701575f6851461753c60f73f2de89c79bbf1cc807f33", - "sha256:70aeadeecb281ea901bf4230c6222af0248c41044d6f57401a614ea59d96d145", - "sha256:71e1296d5e66c59cd2c0f2d72dc476d42afe02aeddc833d8e05630a0551dad7a", - "sha256:8fc7a49b440ea752cfdf1d51a586fd08d395ff7a5d555dc69e84b1939f7ddee3", - "sha256:9b5c2afd2d6e3771d516045a6cfa11a8da9a60e3d128746a7fe9ab36dfe7221f", - "sha256:9c759051ebcb244d9d55ee791259ddd158188d15adee3c152502d3b69005e6bd", - "sha256:b4d1011fec5ec12aa7cc10c05a2f2f12dfa0adfe958e56ae38dc140614035804", - "sha256:b4f1d6332339ecc61275bebd1f7b674098a66fea11a00c84d1c58851e618dc0d", - "sha256:c030cda3dc8e62b814831faa4eb93dd9a46498af8cd1d5c178c2de856972fd92", - "sha256:c2e1f2012e56d61390c0e668c20c4fb0ae667c44d6f6a2eeea5d7148dcd3df9f", - "sha256:c37c77d6562074452120fc6c02ad86ec928f5710fbc435a181d69334b4de1d84", - "sha256:c8149780c60f8fd02752d0429246088c6c04e234b895c4a42e1ea9b4de8d27fb", - "sha256:cbeeef1dc3c4299bd746b774f019de9e4672f7cc666c777cd5b409f0b746dac7", - "sha256:e113878a446c6228669144ae8a56e268c91b7f1fafae927adc4879d9849e0ea7", - "sha256:e21162bf941b85c0cda08224dade5def9360f53b09f9f259adb85fc7dd0e7b35", - "sha256:fb6934ef4744becbda3143d30c6604718871495a5e36c408431bf33d9c146889" + "sha256:041c81822e9f84b1d9c401182e174996f0bae9991f33725d059b771744290774", + "sha256:046ef9a22f5d3eed06334d01b1e836977eeef500d9b78e9ef693f9380ad0b83d", + "sha256:066bc4c7895c91812eff46f4b1c285220947d4aa46fa0a2651ff85f2afae9c90", + "sha256:066c7ff148ae33040c01058662d6752fd73fbc8e64787229ea8498c7d7f4041b", + "sha256:2444d0c61f03dcd26dbf7600cf64354376ee579acad77aef459e34efcb438c63", + "sha256:300832850b8f7967e278870c5d51e3819b9aad8f0a2c8dbe39ab11f119237f45", + "sha256:34c77afe85b6b9e967bd8154e3855e847b70ca42043db6ad17f26899a3df1b25", + "sha256:46de5fa00f7ac09f020729148ff632819649b3e05a007d286242c4882f7b1dc3", + "sha256:4aa8ee7ba27c472d429b980c51e714a24f47ca296d53f4d7868075b175866f4b", + "sha256:4d0004eb4351e35ed950c14c11e734182591465a33e960a4ab5e8d4f04d72647", + "sha256:4e3d3f31a1e202b0f5a35ba3bc4eb41e2fc2b11c1eff38b362de710bcffb5016", + "sha256:50bec6d35e6b1aaeb17f7c4e2b9374ebf95a8975d57863546fa83e8d31bdb8c4", + "sha256:55cad9a6df1e2a1d62063f79d0881a414a906a6962bc160ac968cc03ed3efcfb", + "sha256:5662ad4e4e84f1eaa8efce5da695c5d2e229c563f9d5ce5b0113f71321bcf753", + "sha256:59b4dc008f98fc6ee2bb4fd7fc786a8d70000d058c2bbe2698275bc53a8d3fa7", + "sha256:73e1ffefe05e4ccd7bcea61af76f36077b914f92b76f95ccf00b0c1b9186f3f9", + "sha256:a1f0fd46eba2d71ce1589f7e50a9e2ffaeb739fb2c11e8192aa2b45d5f6cc41f", + "sha256:a2e85dc204556657661051ff4bab75a84e968669765c8a2cd425918699c3d0e8", + "sha256:a5457d47dfff24882a21492e5815f891c0ca35fefae8aa742c6c263dac16ef1f", + "sha256:a8dccd61d52a8dae4a825cdbb7735da530179fea472903eb871a5513b5abbfdc", + "sha256:ae61af521ed676cf16ae94f30fe202781a38d7178b6b4ab622e4eec8cefaff42", + "sha256:b012a5edb48288f77a63dba0840c92d0504aa215612da4541b7b42d849bc83a3", + "sha256:d2c5cfa536227f57f97c92ac30c8109688ace8fa4ac086d19d0af47d134e2909", + "sha256:d42b5796e20aacc9d15e66befb7a345454eef794fdb0737d1af593447c6c8f45", + "sha256:dee54f5d30d775f525894d67b1495625dd9322945e7fee00731952e0368ff42d", + "sha256:e070535507bd6aa07124258171be2ee8dfc19119c28ca94c9dfb7efd23564512", + "sha256:e1ff2748c84d97b065cc95429814cdba39bcbd77c9c85c89344b317dc0d9cbff", + "sha256:ed851c75d1e0e043cbf5ca9a8e1b13c4c90f3fbd863dacb01c0808e2b5204201" ], - "version": "==1.12.2" + "version": "==1.12.3" }, "chacha20poly1305": { "hashes": [ @@ -169,6 +169,13 @@ ], "version": "==2.2.2" }, + "demjson": { + "hashes": [ + "sha256:31de2038a0fdd9c4c11f8bf3b13fe77bc2a128307f965c8d5fb4dc6d6f6beb79" + ], + "index": "pypi", + "version": "==2.2.4" + }, "ecdsa": { "hashes": [ "sha256:20c17e527e75acad8f402290e158a6ac178b91b881f941fc6ea305bfdfb9657c", @@ -205,6 +212,14 @@ "index": "pypi", "version": "==3.7.7" }, + "graphviz": { + "hashes": [ + "sha256:0e1744a45b0d707bc44f99c7b8e5f25dc22cf96b6aaf2432ac308ed9822a9cb6", + "sha256:d311be4fddfe832a56986ac5e1d6e8715d7fcb0208560da79d1bb0f72abef41f" + ], + "index": "pypi", + "version": "==0.10.1" + }, "idna": { "hashes": [ "sha256:c357b3f628cf53ae2c4c05627ecc484553142ca23264e593d327bcde5e9c3407", @@ -580,8 +595,7 @@ }, "trezor": { "editable": true, - "git": "https://github.com/trezor/python-trezor", - "ref": "2813522b05cef4e0e545a101f8b3559a3183b45b" + "path": "./python" }, "typing-extensions": { "hashes": [ diff --git a/common/.travis.yml b/common/.travis.yml deleted file mode 100644 index 978c264a1e..0000000000 --- a/common/.travis.yml +++ /dev/null @@ -1,37 +0,0 @@ -language: python - -# Runs jobs on container based infrastructure -sudo: false - -# Saves pip downloads/wheels between builds -cache: - directories: - - $HOME/.cache/pip - -addons: - apt: - packages: - - graphviz - -python: - - "3.6" - -install: - - pip install demjson graphviz - - pip install -r tools/requirements.txt - -script: - - jsonlint defs/*.json - - jsonlint defs/*/*.json - - python tools/cointool.py check - - python tools/support.py check --ignore-missing - - python protob/check.py - - python protob/graph.py protob/*.proto - -notifications: - webhooks: - urls: - - http://ci-bot.satoshilabs.com:5000/travis - on_success: always - on_failure: always - on_start: always diff --git a/common/tools/requirements.txt b/common/tools/requirements.txt deleted file mode 100644 index 59cab2694a..0000000000 --- a/common/tools/requirements.txt +++ /dev/null @@ -1,16 +0,0 @@ -click>=6 - -# for `coin_gen coindefs` and checking icons: -ed25519>=1.4 -Pillow>=5.2.0 -trezor>=0.10 - -# for checking backends, generating coins_details.json -requests>=2.19 - -# for rendering templates: -Mako>=1.0.7 -munch>=2.3.2 - -# for pretty colors in checks -termcolor >= 0.1.2 diff --git a/core/travis-install-libsodium.sh b/core/travis-install-libsodium.sh deleted file mode 100755 index 3e73215fd3..0000000000 --- a/core/travis-install-libsodium.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh -# libsodium-dev replacement -# -# The purpose of this file is to install libsodium in -# the Travis CI environment. Outside this environment, -# you would probably not want to install it like this. - -set -e -export LIBSODIUM_VER="1.0.16" - -# check if libsodium is already installed -if [ ! -d "$HOME/libsodium/lib" ]; then - wget "https://github.com/jedisct1/libsodium/releases/download/${LIBSODIUM_VER}/libsodium-${LIBSODIUM_VER}.tar.gz" - tar xvfz "libsodium-${LIBSODIUM_VER}.tar.gz" - cd "libsodium-${LIBSODIUM_VER}" - ./configure --prefix=$HOME/libsodium - make - make install -else - echo 'Using cached directory.' -fi diff --git a/crypto/.travis.yml b/crypto/.travis.yml deleted file mode 100644 index 090e8af7e2..0000000000 --- a/crypto/.travis.yml +++ /dev/null @@ -1,38 +0,0 @@ -sudo: false -dist: trusty -language: c - -compiler: - - clang - - gcc - -addons: - apt: - packages: - - check - - libssl-dev - - python3-pip - - valgrind - -env: - global: - - PYTHON=python3 - -install: - - $PYTHON -m pip install --user pytest ecdsa curve25519-donna pyasn1 - -script: - - make - - ./tests/aestst - - ./tests/test_check - - CK_TIMEOUT_MULTIPLIER=20 valgrind -q --error-exitcode=1 ./tests/test_check - - ./tests/test_openssl 1000 - - ITERS=10 $PYTHON -m pytest tests/ - -notifications: - webhooks: - urls: - - http://ci-bot.satoshilabs.com:5000/travis - on_success: always - on_failure: always - on_start: always