1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-22 07:28:10 +00:00

ci: add check that Bitcoin only firmware does not contain non-Bitcoin functionality

This commit is contained in:
Pavol Rusnak 2019-08-26 14:50:28 +02:00
parent 32edf7b6b9
commit 2fe34aa33b
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
2 changed files with 33 additions and 6 deletions

View File

@ -32,6 +32,8 @@ build core firmware bitcoinonly:
- cd core
- pipenv run make build_firmware
- mv build/firmware/firmware.bin build/firmware/firmware-bitcoinonly.bin
- cd ..
- pipenv run ./tools/check-bitcoin-only core/build/firmware/firmware-bitcoinonly.bin
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
@ -54,7 +56,7 @@ build core unix frozen:
paths:
- core/build/unix/micropython
- core/src/trezor/res/resources.py
expire_in: 1 day
expire_in: 1 week
build core unix frozen bitcoinonly:
stage: build
@ -69,7 +71,7 @@ build core unix frozen bitcoinonly:
paths:
- core/build/unix/micropython-bitcoinonly
- core/src/trezor/res/resources.py
expire_in: 1 day
expire_in: 1 week
build core unix frozen debug:
stage: build
@ -81,7 +83,7 @@ build core unix frozen debug:
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
untracked: true
expire_in: 1 day
expire_in: 1 week
# Crypto
@ -98,7 +100,7 @@ build crypto:
- crypto/tests/libtrezor-crypto.so
- crypto/tests/test_check
- crypto/tests/test_openssl
expire_in: 1 day
expire_in: 1 week
# Legacy
@ -111,6 +113,11 @@ build legacy firmware:
- pipenv run script/cibuild
- pipenv run make -C bootloader
- pipenv run make -C demo
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- legacy/firmware/trezor.bin
expire_in: 1 week
build legacy firmware debug:
stage: build
@ -127,6 +134,14 @@ build legacy firmware bitcoinonly:
script:
- cd legacy
- pipenv run script/cibuild
- mv firmware/trezor.bin firmware/trezor-bitcoinonly.bin
- cd ..
- pipenv run ./tools/check-bitcoin-only legacy/firmware/trezor-bitcoinonly.bin
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- legacy/firmware/trezor-bitcoinonly.bin
expire_in: 1 week
build legacy emu:
stage: build
@ -140,7 +155,7 @@ build legacy emu:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- legacy/firmware/trezor.elf
expire_in: 1 day
expire_in: 1 week
build legacy emu bitcoinonly:
stage: build
@ -156,4 +171,4 @@ build legacy emu bitcoinonly:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- legacy/firmware/trezor-bitcoinonly.elf
expire_in: 1 day
expire_in: 1 week

12
tools/check-bitcoin-only Executable file
View File

@ -0,0 +1,12 @@
#!/bin/sh
RETURN=0
# dump all coins except the first 3 (Bitcoin, Testnet, Regtest)
./common/tools/cointool.py dump -l -p -t | grep '"name"' | cut -d '"' -f 4 | tail -n +4 | while read altcoin; do
# echo :"$altcoin":
if strings $1 | grep "$altcoin" | grep -v TEXT_MARGIN_LEFT | grep -v _MIN_MNEMONIC_LENGTH_WORD ; then
RETURN=1
fi
done
exit $RETURN