arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-07-13 01:58:08 +00:00
Code Issues Releases Wiki Activity

build: Refactor Docker build

Browse Source
This commit is contained in:
Saleem Rashid 2018-06-25 17:09:52 +01:00 committed by Pavol Rusnak
parent d1a48f32ce
commit 8f6a2045e6
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
5 changed files with 146 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Dockerfile
View File

@ -10,7 +10,10 @@ RUN apt-get update && \
ENV PROTOBUF_VERSION=3.4.0 ENV PROTOBUF_VERSION=3.4.0
RUN curl -LO "https://github.com/google/protobuf/releases/download/v${PROTOBUF_VERSION}/protoc-${PROTOBUF_VERSION}-linux-x86_64.zip" RUN curl -LO "https://github.com/google/protobuf/releases/download/v${PROTOBUF_VERSION}/protoc-${PROTOBUF_VERSION}-linux-x86_64.zip"
RUN unzip "protoc-${PROTOBUF_VERSION}-linux-x86_64.zip" -d /usr
# use zipfile module to extract files world-readable
RUN python3 -m zipfile -e "protoc-${PROTOBUF_VERSION}-linux-x86_64.zip" /usr/local && chmod 755 /usr/local/bin/protoc
RUN pip3 install "protobuf==${PROTOBUF_VERSION}" ecdsa RUN pip3 install "protobuf==${PROTOBUF_VERSION}" ecdsa
RUN ln -s python3 /usr/bin/python RUN ln -s python3 /usr/bin/python

75
build.sh
View File

@ -3,74 +3,9 @@ set -e
IMAGE=trezor-mcu-build IMAGE=trezor-mcu-build
BOOTLOADER_TAG=${1:-master} BOOTLOADER_COMMIT=${1:-HEAD}
FIRMWARE_TAG=${2:-master} FIRMWARE_COMMIT=${2:-HEAD}
REPOSITORY=${3:-trezor}
if [ "$REPOSITORY" = "local" ]; then docker build -t "$IMAGE" .
REPOSITORY=file:///local/ docker run -it -v $(pwd):/src:z --user="$(stat -c "%u:%g" .)" "$IMAGE" \
else /src/script/fullbuild "$BOOTLOADER_COMMIT" "$FIRMWARE_COMMIT"
REPOSITORY=https://github.com/$REPOSITORY/trezor-mcu.git
fi
BOOTLOADER_BINFILE=build/bootloader-$BOOTLOADER_TAG.bin
BOOTLOADER_ELFFILE=build/bootloader-$BOOTLOADER_TAG.elf
FIRMWARE_BINFILE=build/trezor-$FIRMWARE_TAG.bin
FIRMWARE_ELFFILE=build/trezor-$FIRMWARE_TAG.elf
docker build -t $IMAGE .
echo
echo "STARTING BUILD:"
echo
echo "Building bootloader '$BOOTLOADER_TAG' + firmware '$FIRMWARE_TAG' from repo: $REPOSITORY"
echo
docker run -i -t -v $(pwd):/local -v $(pwd)/build:/build:z $IMAGE /bin/sh -c "\
cd /tmp && \
git clone $REPOSITORY trezor-mcu-bl && \
cd trezor-mcu-bl && \
git checkout $BOOTLOADER_TAG && \
git submodule update --init --recursive && \
make -C vendor/libopencm3 && \
make && \
make -C bootloader align && \
cp bootloader/bootloader.bin /$BOOTLOADER_BINFILE && \
cp bootloader/bootloader.elf /$BOOTLOADER_ELFFILE && \
cd /tmp && \
git clone $REPOSITORY trezor-mcu-fw && \
cd trezor-mcu-fw && \
git checkout $FIRMWARE_TAG && \
git submodule update --init --recursive && \
make -C vendor/libopencm3 && \
make -C vendor/nanopb/generator/proto && \
make -C firmware/protob && \
make && \
cp /tmp/trezor-mcu-bl/bootloader/bootloader.bin bootloader/bootloader.bin
make -C firmware sign && \
cp firmware/trezor.bin /$FIRMWARE_BINFILE && \
cp firmware/trezor.elf /$FIRMWARE_ELFFILE
"
echo
echo "FINISHED BUILD"
echo
/usr/bin/env python -c "
from __future__ import print_function
import hashlib
import sys
for arg in sys.argv[1:]:
(fn, fprint_start, hashing, max_size) = arg.split(':')
fprint_start = int(fprint_start)
max_size = int(max_size)
data = open(fn, 'rb').read()
if hashing == 'd':
fprint = hashlib.sha256(hashlib.sha256(data[fprint_start:]).digest()).hexdigest()
else:
fprint = hashlib.sha256(data[fprint_start:]).hexdigest()
print('Filename :', fn)
print('Fingerprint :', fprint)
print('Size : %d bytes (out of %d maximum)' % (len(data), max_size))
" $BOOTLOADER_BINFILE:0:d:32768 $FIRMWARE_BINFILE:256:s:491520

4
script/cibuild
View File

@ -14,9 +14,11 @@ else
fi fi
make make
if [ "$EMULATOR" != 1 ]; then if [ "$EMULATOR" != 1 ]; then
make -C bootloader make -C bootloader align
fi fi
make -C vendor/nanopb/generator/proto make -C vendor/nanopb/generator/proto
make -C firmware/protob make -C firmware/protob

41
script/fingerprint Executable file
View File

@ -0,0 +1,41 @@
#!/usr/bin/env python
from __future__ import print_function
import binascii
import hashlib
def H(x):
return hashlib.sha256(x).digest()
def compute_fingerprint(x, double):
digest = H(H(x)) if double else H(x)
return binascii.hexlify(digest).decode()
if __name__ == "__main__":
import argparse
parser = argparse.ArgumentParser()
parser.add_argument("file", type=argparse.FileType("rb"),
help="input file")
parser.add_argument("--offset", type=int, default=0,
help="skip bytes at start of input")
parser.add_argument("--max-size", type=int,
help="maximum input file size")
parser.add_argument("--double", action="store_true",
help="use SHA-256d instead of SHA-256")
args = parser.parse_args()
data = args.file.read()
size = len(data)
fingerprint = compute_fingerprint(data[args.offset:], args.double)
print("Filename :", args.file.name)
print("Fingerprint :", fingerprint)
print("Size : {} bytes (out of {} maximum)"
.format(size, args.max_size))

93
script/fullbuild Executable file
View File

@ -0,0 +1,93 @@
#!/bin/bash
# script/build: Build the TREZOR firmware in a clean working tree.
#
set -eu
cd "$(dirname "$0")/.."
readonly ARTIFACT_EXTENSIONS=(bin elf)
readonly BUILD_DIR="$(readlink -f build)"
readonly BOOTLOADER_DIR="$BUILD_DIR/bootloader"
readonly BOOTLOADER_FILENAME="bootloader/bootloader.bin"
readonly BOOTLOADER_PATH="$BOOTLOADER_DIR/$BOOTLOADER_FILENAME"
readonly FIRMWARE_DIR="$BUILD_DIR/firmware"
readonly FIRMWARE_FILENAME="firmware/trezor.bin"
readonly FIRMWARE_PATH="$FIRMWARE_DIR/$FIRMWARE_FILENAME"
worktree_setup() {
local path="$1"
local commit="$2"
rm -rf "$path"
git clone -n --reference=. . "$path" --recurse-submodules
# Use `git rev-parse` so that we can use any reference from the working repository.
git -C "$path" checkout "$(git rev-parse "$commit")"
( cd "$path" && script/setup )
}
worktree_build() {
local path="$1"
( cd "$path" && script/cibuild )
}
worktree_copy() {
local path="$1"
local filename="$2"
local pattern="$3"
local describe="$(git -C "$path" describe --tags --match "$pattern")"
local src="$path/$filename"
local basename="$(basename "$filename")"
local dest="$BUILD_DIR/${basename%.*}-$describe.${basename##*.}"
for extension in "${ARTIFACT_EXTENSIONS[@]}"; do
install -Dm0644 \
"${src%.*}.$extension" \
"${dest%.*}.$extension"
done
printf "%s" "$dest"
}
main() {
local bootloader_commit="$1"
local firmware_commit="$2"
worktree_setup "$BOOTLOADER_DIR" "$bootloader_commit"
worktree_build "$BOOTLOADER_DIR"
local bootloader_path="$(worktree_copy \
"$BOOTLOADER_DIR" \
"$BOOTLOADER_FILENAME" \
"bl*")"
worktree_setup "$FIRMWARE_DIR" "$firmware_commit"
cp "$BOOTLOADER_PATH" "$FIRMWARE_DIR/$BOOTLOADER_FILENAME"
worktree_build "$FIRMWARE_DIR"
local firmware_path="$(worktree_copy \
"$FIRMWARE_DIR" \
"$FIRMWARE_FILENAME" \
"v*")"
printf "\n\n"; script/fingerprint \
"$bootloader_path" \
--max-size 32768 \
--double
printf "\n\n"; script/fingerprint \
"$firmware_path" \
--offset 256 \
--max-size 491520
}
main "$@"