1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-21 23:18:13 +00:00

ci: various fixes and updates

- fix Nix build on macOS Big Sur (by updating to nixpkgs-unstable)
- update gcc-arm-embedded from 9.x to 10.x
- update nix to 2.3.10
- update Alpine Linux to 3.12.3
- allow to change arch in Docker
This commit is contained in:
Pavol Rusnak 2020-12-27 21:28:52 +01:00
parent 9a9f23c54e
commit 453df567d3
5 changed files with 22 additions and 18 deletions

View File

@ -7,7 +7,7 @@ CONTAINER_NAME=${CONTAINER_NAME:-trezor-firmware-env.nix}
ALPINE_CDN=${ALPINE_CDN:-http://dl-cdn.alpinelinux.org/alpine} ALPINE_CDN=${ALPINE_CDN:-http://dl-cdn.alpinelinux.org/alpine}
ALPINE_RELEASE=${ALPINE_RELEASE:-3.12} ALPINE_RELEASE=${ALPINE_RELEASE:-3.12}
ALPINE_ARCH=${ALPINE_ARCH:-x86_64} ALPINE_ARCH=${ALPINE_ARCH:-x86_64}
ALPINE_VERSION=${ALPINE_VERSION:-3.12.0} ALPINE_VERSION=${ALPINE_VERSION:-3.12.3}
CONTAINER_FS_URL=${CONTAINER_FS_URL:-"$ALPINE_CDN/v$ALPINE_RELEASE/releases/$ALPINE_ARCH/alpine-minirootfs-$ALPINE_VERSION-$ALPINE_ARCH.tar.gz"} CONTAINER_FS_URL=${CONTAINER_FS_URL:-"$ALPINE_CDN/v$ALPINE_RELEASE/releases/$ALPINE_ARCH/alpine-minirootfs-$ALPINE_VERSION-$ALPINE_ARCH.tar.gz"}
TAG=${1:-master} TAG=${1:-master}
@ -16,7 +16,7 @@ PRODUCTION=${PRODUCTION:-1}
MEMORY_PROTECT=${MEMORY_PROTECT:-1} MEMORY_PROTECT=${MEMORY_PROTECT:-1}
wget --no-config -nc -P ci/ "$CONTAINER_FS_URL" wget --no-config -nc -P ci/ "$CONTAINER_FS_URL"
docker build -t "$CONTAINER_NAME" ci/ docker build --platform "linux/$ALPINE_ARCH" --build-arg ALPINE_VERSION="$ALPINE_VERSION" --build-arg ALPINE_ARCH="$ALPINE_ARCH" -t "$CONTAINER_NAME" ci/
# stat under macOS has slightly different cli interface # stat under macOS has slightly different cli interface
USER=$(stat -c "%u" . 2>/dev/null || stat -f "%u" .) USER=$(stat -c "%u" . 2>/dev/null || stat -f "%u" .)
@ -54,7 +54,7 @@ for BITCOIN_ONLY in 0 1; do
chown -R $USER:$GROUP /build chown -R $USER:$GROUP /build
EOF EOF
docker run -it --rm \ docker run --platform "linux/$ALPINE_ARCH" -it --rm \
-v "$DIR:/local" \ -v "$DIR:/local" \
-v "$DIR/build/core$DIRSUFFIX":/build:z \ -v "$DIR/build/core$DIRSUFFIX":/build:z \
--env BITCOIN_ONLY="$BITCOIN_ONLY" \ --env BITCOIN_ONLY="$BITCOIN_ONLY" \
@ -94,7 +94,7 @@ for BITCOIN_ONLY in 0 1; do
chown -R $USER:$GROUP /build chown -R $USER:$GROUP /build
EOF EOF
docker run -it --rm \ docker run --platform "linux/$ALPINE_ARCH" -it --rm \
-v "$DIR:/local" \ -v "$DIR:/local" \
-v "$DIR/build/legacy$DIRSUFFIX":/build:z \ -v "$DIR/build/legacy$DIRSUFFIX":/build:z \
--env BITCOIN_ONLY="$BITCOIN_ONLY" \ --env BITCOIN_ONLY="$BITCOIN_ONLY" \

View File

@ -1,8 +1,9 @@
# install the latest Alpine linux from scratch # install the latest Alpine linux from scratch
FROM scratch FROM scratch
ARG ALPINE_VERSION=3.12.0 ARG ALPINE_VERSION=3.12.3
ADD alpine-minirootfs-${ALPINE_VERSION}-x86_64.tar.gz / ARG ALPINE_ARCH=x86_64
ADD alpine-minirootfs-${ALPINE_VERSION}-${ALPINE_ARCH}.tar.gz /
# the following is adapted from https://github.com/NixOS/docker/blob/master/Dockerfile # the following is adapted from https://github.com/NixOS/docker/blob/master/Dockerfile
@ -11,16 +12,16 @@ RUN apk add --no-cache --update openssl \
&& echo hosts: dns files > /etc/nsswitch.conf && echo hosts: dns files > /etc/nsswitch.conf
# Download Nix and install it into the system. # Download Nix and install it into the system.
ARG NIX_VERSION=2.3.6 ARG NIX_VERSION=2.3.10
RUN wget https://nixos.org/releases/nix/nix-${NIX_VERSION}/nix-${NIX_VERSION}-x86_64-linux.tar.xz \ RUN wget https://nixos.org/releases/nix/nix-${NIX_VERSION}/nix-${NIX_VERSION}-${ALPINE_ARCH}-linux.tar.xz \
&& tar xf nix-${NIX_VERSION}-x86_64-linux.tar.xz \ && tar xf nix-${NIX_VERSION}-${ALPINE_ARCH}-linux.tar.xz \
&& addgroup -g 30000 -S nixbld \ && addgroup -g 30000 -S nixbld \
&& for i in $(seq 1 30); do adduser -S -D -h /var/empty -g "Nix build user $i" -u $((30000 + i)) -G nixbld nixbld$i ; done \ && for i in $(seq 1 30); do adduser -S -D -h /var/empty -g "Nix build user $i" -u $((30000 + i)) -G nixbld nixbld$i ; done \
&& mkdir -m 0755 /etc/nix \ && mkdir -m 0755 /etc/nix \
&& echo 'sandbox = false' > /etc/nix/nix.conf \ && echo 'sandbox = false' > /etc/nix/nix.conf \
&& mkdir -m 0755 /nix && USER=root sh nix-${NIX_VERSION}-x86_64-linux/install \ && mkdir -m 0755 /nix && USER=root sh nix-${NIX_VERSION}-${ALPINE_ARCH}-linux/install \
&& ln -s /nix/var/nix/profiles/default/etc/profile.d/nix.sh /etc/profile.d/ \ && ln -s /nix/var/nix/profiles/default/etc/profile.d/nix.sh /etc/profile.d/ \
&& rm -r /nix-${NIX_VERSION}-x86_64-linux* \ && rm -r /nix-${NIX_VERSION}-${ALPINE_ARCH}-linux* \
&& rm -rf /var/cache/apk/* \ && rm -rf /var/cache/apk/* \
&& /nix/var/nix/profiles/default/bin/nix-collect-garbage --delete-old \ && /nix/var/nix/profiles/default/bin/nix-collect-garbage --delete-old \
&& /nix/var/nix/profiles/default/bin/nix-store --optimise \ && /nix/var/nix/profiles/default/bin/nix-store --optimise \

View File

@ -5,12 +5,15 @@ environment:
variables: variables:
GIT_SUBMODULE_STRATEGY: none # no need to fetch submodules GIT_SUBMODULE_STRATEGY: none # no need to fetch submodules
CONTAINER_NAME: "$CI_REGISTRY/satoshilabs/trezor/trezor-firmware/trezor-firmware-env.nix" CONTAINER_NAME: "$CI_REGISTRY/satoshilabs/trezor/trezor-firmware/trezor-firmware-env.nix"
ALPINE_RELEASE: "3.12"
ALPINE_ARCH: "x86_64"
ALPINE_VERSION: "3.12.3"
services: services:
- docker:dind - docker:dind
before_script: before_script:
- docker login $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD - docker login $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD
script: script:
- wget -nc -P ci/ http://dl-cdn.alpinelinux.org/alpine/v3.12/releases/x86_64/alpine-minirootfs-3.12.0-x86_64.tar.gz - wget -nc -P ci/ http://dl-cdn.alpinelinux.org/alpine/v$ALPINE_RELEASE/releases/$ALPINE_ARCH/alpine-minirootfs-$ALPINE_VERSION-$ALPINE_ARCH.tar.gz
- docker build --tag $CONTAINER_NAME:$CI_COMMIT_SHA --tag $CONTAINER_NAME:latest --build-arg FULLDEPS_TESTING=1 ci/ - docker build --tag $CONTAINER_NAME:$CI_COMMIT_SHA --tag $CONTAINER_NAME:latest --platform "linux/$ALPINE_ARCH" --build-arg ALPINE_VERSION="$ALPINE_VERSION" --build-arg ALPINE_ARCH="$ALPINE_ARCH" --build-arg FULLDEPS_TESTING=1 ci/
- docker push $CONTAINER_NAME:$CI_COMMIT_SHA - docker push $CONTAINER_NAME:$CI_COMMIT_SHA
- docker push $CONTAINER_NAME:latest - docker push $CONTAINER_NAME:latest

View File

@ -1,10 +1,10 @@
{ fullDeps ? false }: { fullDeps ? false }:
# the last successful build of nixos-20.09 (stable) as of 2020-12-15 # the last successful build of nixpkgs-unstable as of 2020-12-30
with import with import
(builtins.fetchTarball { (builtins.fetchTarball {
url = "https://github.com/NixOS/nixpkgs/archive/647cc06986c1ae4a2bb05298e0cf598723e42970.tar.gz"; url = "https://github.com/NixOS/nixpkgs/archive/bea44d5ebe332260aa34a1bd48250b6364527356.tar.gz";
sha256 = "1n1sd5lbds08vxy8x9l94w0z8bbq39fh2rrr6mnq0rmhf4xb2mj1"; sha256 = "14sfk04iyvyh3jl1s2wayw1y077dwpk2d712nhjk1wwfjkdq03r3";
}) })
{ }; { };
@ -51,11 +51,11 @@ stdenv.mkDerivation ({
pkgconfig pkgconfig
poetry poetry
protobuf3_6 protobuf3_6
valgrind
wget wget
zlib zlib
] ++ stdenv.lib.optionals (!stdenv.isDarwin) [ ] ++ stdenv.lib.optionals (!stdenv.isDarwin) [
procps procps
valgrind
] ++ stdenv.lib.optionals (stdenv.isDarwin) [ ] ++ stdenv.lib.optionals (stdenv.isDarwin) [
darwin.apple_sdk.frameworks.CoreAudio darwin.apple_sdk.frameworks.CoreAudio
darwin.apple_sdk.frameworks.AudioToolbox darwin.apple_sdk.frameworks.AudioToolbox

2
vendor/nanopb vendored

@ -1 +1 @@
Subproject commit 1466e6f953835b191a7f5acf0c06c941d4cd33d9 Subproject commit 2b48a361786dfb1f63d229840217a93aae064667