1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-24 23:38:09 +00:00

ci: various fixes and updates

- fix Nix build on macOS Big Sur (by updating to nixpkgs-unstable)
- update gcc-arm-embedded from 9.x to 10.x
- update nix to 2.3.10
- update Alpine Linux to 3.12.3
- allow to change arch in Docker
This commit is contained in:
Pavol Rusnak 2020-12-27 21:28:52 +01:00
parent 9a9f23c54e
commit 453df567d3
5 changed files with 22 additions and 18 deletions

View File

@ -7,7 +7,7 @@ CONTAINER_NAME=${CONTAINER_NAME:-trezor-firmware-env.nix}
ALPINE_CDN=${ALPINE_CDN:-http://dl-cdn.alpinelinux.org/alpine}
ALPINE_RELEASE=${ALPINE_RELEASE:-3.12}
ALPINE_ARCH=${ALPINE_ARCH:-x86_64}
ALPINE_VERSION=${ALPINE_VERSION:-3.12.0}
ALPINE_VERSION=${ALPINE_VERSION:-3.12.3}
CONTAINER_FS_URL=${CONTAINER_FS_URL:-"$ALPINE_CDN/v$ALPINE_RELEASE/releases/$ALPINE_ARCH/alpine-minirootfs-$ALPINE_VERSION-$ALPINE_ARCH.tar.gz"}
TAG=${1:-master}
@ -16,7 +16,7 @@ PRODUCTION=${PRODUCTION:-1}
MEMORY_PROTECT=${MEMORY_PROTECT:-1}
wget --no-config -nc -P ci/ "$CONTAINER_FS_URL"
docker build -t "$CONTAINER_NAME" ci/
docker build --platform "linux/$ALPINE_ARCH" --build-arg ALPINE_VERSION="$ALPINE_VERSION" --build-arg ALPINE_ARCH="$ALPINE_ARCH" -t "$CONTAINER_NAME" ci/
# stat under macOS has slightly different cli interface
USER=$(stat -c "%u" . 2>/dev/null || stat -f "%u" .)
@ -54,7 +54,7 @@ for BITCOIN_ONLY in 0 1; do
chown -R $USER:$GROUP /build
EOF
docker run -it --rm \
docker run --platform "linux/$ALPINE_ARCH" -it --rm \
-v "$DIR:/local" \
-v "$DIR/build/core$DIRSUFFIX":/build:z \
--env BITCOIN_ONLY="$BITCOIN_ONLY" \
@ -94,7 +94,7 @@ for BITCOIN_ONLY in 0 1; do
chown -R $USER:$GROUP /build
EOF
docker run -it --rm \
docker run --platform "linux/$ALPINE_ARCH" -it --rm \
-v "$DIR:/local" \
-v "$DIR/build/legacy$DIRSUFFIX":/build:z \
--env BITCOIN_ONLY="$BITCOIN_ONLY" \

View File

@ -1,8 +1,9 @@
# install the latest Alpine linux from scratch
FROM scratch
ARG ALPINE_VERSION=3.12.0
ADD alpine-minirootfs-${ALPINE_VERSION}-x86_64.tar.gz /
ARG ALPINE_VERSION=3.12.3
ARG ALPINE_ARCH=x86_64
ADD alpine-minirootfs-${ALPINE_VERSION}-${ALPINE_ARCH}.tar.gz /
# the following is adapted from https://github.com/NixOS/docker/blob/master/Dockerfile
@ -11,16 +12,16 @@ RUN apk add --no-cache --update openssl \
&& echo hosts: dns files > /etc/nsswitch.conf
# Download Nix and install it into the system.
ARG NIX_VERSION=2.3.6
RUN wget https://nixos.org/releases/nix/nix-${NIX_VERSION}/nix-${NIX_VERSION}-x86_64-linux.tar.xz \
&& tar xf nix-${NIX_VERSION}-x86_64-linux.tar.xz \
ARG NIX_VERSION=2.3.10
RUN wget https://nixos.org/releases/nix/nix-${NIX_VERSION}/nix-${NIX_VERSION}-${ALPINE_ARCH}-linux.tar.xz \
&& tar xf nix-${NIX_VERSION}-${ALPINE_ARCH}-linux.tar.xz \
&& addgroup -g 30000 -S nixbld \
&& for i in $(seq 1 30); do adduser -S -D -h /var/empty -g "Nix build user $i" -u $((30000 + i)) -G nixbld nixbld$i ; done \
&& mkdir -m 0755 /etc/nix \
&& echo 'sandbox = false' > /etc/nix/nix.conf \
&& mkdir -m 0755 /nix && USER=root sh nix-${NIX_VERSION}-x86_64-linux/install \
&& mkdir -m 0755 /nix && USER=root sh nix-${NIX_VERSION}-${ALPINE_ARCH}-linux/install \
&& ln -s /nix/var/nix/profiles/default/etc/profile.d/nix.sh /etc/profile.d/ \
&& rm -r /nix-${NIX_VERSION}-x86_64-linux* \
&& rm -r /nix-${NIX_VERSION}-${ALPINE_ARCH}-linux* \
&& rm -rf /var/cache/apk/* \
&& /nix/var/nix/profiles/default/bin/nix-collect-garbage --delete-old \
&& /nix/var/nix/profiles/default/bin/nix-store --optimise \

View File

@ -5,12 +5,15 @@ environment:
variables:
GIT_SUBMODULE_STRATEGY: none # no need to fetch submodules
CONTAINER_NAME: "$CI_REGISTRY/satoshilabs/trezor/trezor-firmware/trezor-firmware-env.nix"
ALPINE_RELEASE: "3.12"
ALPINE_ARCH: "x86_64"
ALPINE_VERSION: "3.12.3"
services:
- docker:dind
before_script:
- docker login $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD
script:
- wget -nc -P ci/ http://dl-cdn.alpinelinux.org/alpine/v3.12/releases/x86_64/alpine-minirootfs-3.12.0-x86_64.tar.gz
- docker build --tag $CONTAINER_NAME:$CI_COMMIT_SHA --tag $CONTAINER_NAME:latest --build-arg FULLDEPS_TESTING=1 ci/
- wget -nc -P ci/ http://dl-cdn.alpinelinux.org/alpine/v$ALPINE_RELEASE/releases/$ALPINE_ARCH/alpine-minirootfs-$ALPINE_VERSION-$ALPINE_ARCH.tar.gz
- docker build --tag $CONTAINER_NAME:$CI_COMMIT_SHA --tag $CONTAINER_NAME:latest --platform "linux/$ALPINE_ARCH" --build-arg ALPINE_VERSION="$ALPINE_VERSION" --build-arg ALPINE_ARCH="$ALPINE_ARCH" --build-arg FULLDEPS_TESTING=1 ci/
- docker push $CONTAINER_NAME:$CI_COMMIT_SHA
- docker push $CONTAINER_NAME:latest

View File

@ -1,10 +1,10 @@
{ fullDeps ? false }:
# the last successful build of nixos-20.09 (stable) as of 2020-12-15
# the last successful build of nixpkgs-unstable as of 2020-12-30
with import
(builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/647cc06986c1ae4a2bb05298e0cf598723e42970.tar.gz";
sha256 = "1n1sd5lbds08vxy8x9l94w0z8bbq39fh2rrr6mnq0rmhf4xb2mj1";
url = "https://github.com/NixOS/nixpkgs/archive/bea44d5ebe332260aa34a1bd48250b6364527356.tar.gz";
sha256 = "14sfk04iyvyh3jl1s2wayw1y077dwpk2d712nhjk1wwfjkdq03r3";
})
{ };
@ -51,11 +51,11 @@ stdenv.mkDerivation ({
pkgconfig
poetry
protobuf3_6
valgrind
wget
zlib
] ++ stdenv.lib.optionals (!stdenv.isDarwin) [
procps
valgrind
] ++ stdenv.lib.optionals (stdenv.isDarwin) [
darwin.apple_sdk.frameworks.CoreAudio
darwin.apple_sdk.frameworks.AudioToolbox

2
vendor/nanopb vendored

@ -1 +1 @@
Subproject commit 1466e6f953835b191a7f5acf0c06c941d4cd33d9
Subproject commit 2b48a361786dfb1f63d229840217a93aae064667