From 37e55bf5a63efaffef092ffa40bbbc95d28ebc56 Mon Sep 17 00:00:00 2001
From: Pavol Rusnak <stick@gk2.sk>
Date: Mon, 24 Jul 2017 19:44:10 +0200
Subject: [PATCH] build: rework docker build scripts, update readme

---
 .gitignore                 |  1 +
 README.md                  | 14 ++++++--------
 bootloader-docker-build.sh | 23 -----------------------
 build-bootloader.sh        | 30 ++++++++++++++++++++++++++++++
 build-firmware.sh          | 30 ++++++++++++++++++++++++++++++
 firmware-docker-build.sh   | 24 ------------------------
 firmware-fingerprint.sh    | 18 ------------------
 7 files changed, 67 insertions(+), 73 deletions(-)
 delete mode 100755 bootloader-docker-build.sh
 create mode 100755 build-bootloader.sh
 create mode 100755 build-firmware.sh
 delete mode 100755 firmware-docker-build.sh
 delete mode 100755 firmware-fingerprint.sh

diff --git a/.gitignore b/.gitignore
index 02982714d..4490fece6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
 _attic/
+build/
 *.o
 *.a
 *.d
diff --git a/README.md b/README.md
index 0b1c82d7a..62d2377bb 100644
--- a/README.md
+++ b/README.md
@@ -9,25 +9,23 @@ https://trezor.io/
 1. <a href="https://docs.docker.com/engine/installation/">Install Docker</a>
 2. `git clone https://github.com/trezor/trezor-mcu.git`
 3. `cd trezor-mcu`
-4. `./firmware-docker-build.sh TAG` (where TAG is v1.3.2 for example, if left blank the script builds latest commit)
+4. `./build-firmware.sh TAG` (where TAG is v1.5.0 for example, if left blank the script builds latest commit in master branch)
 
-This creates file `output/trezor-TAG.bin` and prints its fingerprint at the last line of the build log.
+This creates file `build/trezor-TAG.bin` and prints its fingerprint and size at the end of the build log.
 
 ## How to build TREZOR bootloader?
 
 1. <a href="https://docs.docker.com/engine/installation/">Install Docker</a>
 2. `git clone https://github.com/trezor/trezor-mcu.git`
 3. `cd trezor-mcu`
-4. `./bootloader-docker-build.sh`
+4. `./build-bootloader.sh TAG` (where TAG is bl1.3.2 for example, if left blank the script builds latest commit in master branch)
 
-This creates file `output/bootloader.bin` and prints its fingerprint and size at the last line of the build log.
+This creates file `build/bootloader-TAG.bin` and prints its fingerprint and size at the end of the build log.
 
 ## How to get fingerprint of firmware signed and distributed by SatoshiLabs?
 
 1. Pick version of firmware binary listed on https://wallet.trezor.io/data/firmware/releases.json
 2. Download it: `wget -O trezor.signed.bin https://wallet.trezor.io/data/firmware/trezor-1.3.6.bin`
-3. `./firmware-fingerprint.sh trezor.signed.bin`
+3. Compute fingerprint: `tail -c +257 trezor.signed.bin | sha256sum`
 
-Step 3 should produce the same sha256 fingerprint like your local build (for the same version tag).
-
-The reasoning for `firmware-fingerprint.sh` script is that signed firmware has special header holding signatures themselves, which must be avoided while calculating the fingerprint.
+Step 3 should produce the same sha256 fingerprint like your local build (for the same version tag). Firmware has a special header (of length 256 bytes) holding signatures themselves, which must be avoided while calculating the fingerprint, that's why tail command has to be used.
diff --git a/bootloader-docker-build.sh b/bootloader-docker-build.sh
deleted file mode 100755
index 28778464e..000000000
--- a/bootloader-docker-build.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-#!/bin/bash
-set -e
-
-IMAGETAG=trezor-mcu-build
-FIRMWARETAG=${1:-master}
-
-docker build -t $IMAGETAG .
-docker run -t -v $(pwd)/output:/output $IMAGETAG /bin/sh -c "\
-	git clone https://github.com/trezor/trezor-mcu && \
-	cd trezor-mcu && \
-	git checkout $FIRMWARETAG && \
-	git submodule update --init && \
-	CFLAGS='-std=c99' make -C vendor/libopencm3 && \
-	make && \
-	make -C bootloader align && \
-	cp bootloader/bootloader.bin /output/bootloader-$FIRMWARETAG.bin"
-
-echo "---------------------"
-echo "Bootloader fingerprint:"
-FILENAME=output/bootloader-$FIRMWARETAG.bin
-/usr/bin/env python -c "import hashlib ; print(hashlib.sha256(hashlib.sha256(open('$FILENAME', 'rb').read()).digest()).hexdigest())"
-FILESIZE=$(stat -c%s "$FILENAME")
-echo "Bootloader size: $FILESIZE bytes (out of 32768 maximum)"
diff --git a/build-bootloader.sh b/build-bootloader.sh
new file mode 100755
index 000000000..1b268935d
--- /dev/null
+++ b/build-bootloader.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+set -e
+
+IMAGE=trezor-mcu-build
+TAG=${1:-master}
+BINFILE=build/bootloader-$TAG.bin
+
+docker build -t $IMAGE .
+docker run -t -v $(pwd)/build:/build $IMAGE /bin/sh -c "\
+	git clone https://github.com/trezor/trezor-mcu && \
+	cd trezor-mcu && \
+	git checkout $TAG && \
+	git submodule update --init && \
+	CFLAGS='-std=c99' make -C vendor/libopencm3 && \
+	make && \
+	make -C bootloader && \
+	make -C bootloader align && \
+	cp bootloader/bootloader.bin /$BINFILE"
+
+/usr/bin/env python -c "
+from __future__ import print_function
+import hashlib
+import sys
+fn = sys.argv[1]
+data = open(fn, 'rb').read()
+print('\n\n')
+print('Filename    :', fn)
+print('Fingerprint :', hashlib.sha256(hashlib.sha256(data).digest()).hexdigest())
+print('Size        : %d bytes (out of %d maximum)' % (len(data), 32768))
+" $BINFILE
diff --git a/build-firmware.sh b/build-firmware.sh
new file mode 100755
index 000000000..0603504ae
--- /dev/null
+++ b/build-firmware.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+set -e
+
+IMAGE=trezor-mcu-build
+TAG=${1:-master}
+BINFILE=build/trezor-$TAG.bin
+
+docker build -t $IMAGE .
+docker run -t -v $(pwd)/build:/build $IMAGE /bin/sh -c "\
+	git clone https://github.com/trezor/trezor-mcu && \
+	cd trezor-mcu && \
+	git checkout $TAG && \
+	git submodule update --init && \
+	CFLAGS='-std=c99' make -C vendor/libopencm3 && \
+	make && \
+	make -C firmware && \
+	make -C firmware sign && \
+	cp firmware/trezor.bin /$BINFILE"
+
+/usr/bin/env python -c "
+from __future__ import print_function
+import hashlib
+import sys
+fn = sys.argv[1]
+data = open(fn, 'rb').read()
+print('\n\n')
+print('Filename    :', fn)
+print('Fingerprint :', hashlib.sha256(data[256:]).hexdigest())
+print('Size        : %d bytes (out of %d maximum)' % (len(data), 491520))
+" $BINFILE
diff --git a/firmware-docker-build.sh b/firmware-docker-build.sh
deleted file mode 100755
index 7738a98c0..000000000
--- a/firmware-docker-build.sh
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/bin/bash
-set -e
-
-IMAGETAG=trezor-mcu-build
-FIRMWARETAG=${1:-master}
-
-docker build -t $IMAGETAG .
-docker run -t -v $(pwd)/output:/output $IMAGETAG /bin/sh -c "\
-	git clone https://github.com/trezor/trezor-mcu && \
-	cd trezor-mcu && \
-	git checkout $FIRMWARETAG && \
-	git submodule update --init && \
-	CFLAGS='-std=c99' make -C vendor/libopencm3 && \
-	make && \
-	make -C firmware && \
-	make -C firmware sign && \
-	cp firmware/trezor.bin /output/trezor-$FIRMWARETAG.bin"
-
-echo "---------------------"
-echo "Firmware fingerprint:"
-FILENAME=output/trezor-$FIRMWARETAG.bin
-tail -c +257 "$FILENAME" | sha256sum
-FILESIZE=$(stat -c%s "$FILENAME")
-echo "Firmware size: $FILESIZE bytes (out of 491520 maximum)"
diff --git a/firmware-fingerprint.sh b/firmware-fingerprint.sh
deleted file mode 100755
index 3e48bcdb0..000000000
--- a/firmware-fingerprint.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/bash
-set -e
-
-if [ -z "$1" ]; then
-    echo "Please provide filename as argument"
-    exit 1
-fi
-
-MAGIC=`head -c +4 $1`
-
-if [ "x$MAGIC" != "xTRZR" ]; then
-    echo "Missing magic characters 'TRZR', invalid firmware"
-    exit 1
-fi
-
-echo "---------------------"
-echo "Firmware fingerprint:"
-tail -c +257 $1 | sha256sum