|
|
|
|
@ -52,12 +52,13 @@ function help_and_die() {
|
|
|
|
|
echo " --skip-normal - do not build regular firmwares"
|
|
|
|
|
echo " --skip-core - do not build core"
|
|
|
|
|
echo " --skip-legacy - do not build legacy"
|
|
|
|
|
echo " --prodtest - build core prodtest"
|
|
|
|
|
echo " --repository path/to/repo - checkout the repository from the given path/url"
|
|
|
|
|
echo " --no-init - do not recreate docker environments"
|
|
|
|
|
echo " --models - comma-separated list of models. default: --models R,T"
|
|
|
|
|
echo " --targets - comma-separated list of targets for core build. default: --targets boardloader,bootloader,firmware"
|
|
|
|
|
echo " --help"
|
|
|
|
|
echo
|
|
|
|
|
echo "Option --prodtest is deprecated. Use "--targets prodtest" to build prodtest."
|
|
|
|
|
echo "Set PRODUCTION=0 to run non-production builds."
|
|
|
|
|
echo "Set VENDOR_HEADER=vendorheader_prodtest_unsigned.bin to use the specified vendor header for prodtest."
|
|
|
|
|
exit 0
|
|
|
|
|
@ -67,9 +68,9 @@ OPT_BUILD_CORE=1
|
|
|
|
|
OPT_BUILD_LEGACY=1
|
|
|
|
|
OPT_BUILD_NORMAL=1
|
|
|
|
|
OPT_BUILD_BITCOINONLY=1
|
|
|
|
|
OPT_BUILD_PRODTEST=0
|
|
|
|
|
INIT=1
|
|
|
|
|
MODELS=(R T)
|
|
|
|
|
CORE_TARGETS=(boardloader bootloader firmware)
|
|
|
|
|
|
|
|
|
|
REPOSITORY="/local"
|
|
|
|
|
|
|
|
|
|
@ -94,10 +95,6 @@ while true; do
|
|
|
|
|
OPT_BUILD_LEGACY=0
|
|
|
|
|
shift
|
|
|
|
|
;;
|
|
|
|
|
--prodtest)
|
|
|
|
|
OPT_BUILD_PRODTEST=1
|
|
|
|
|
shift
|
|
|
|
|
;;
|
|
|
|
|
--repository)
|
|
|
|
|
REPOSITORY="$2"
|
|
|
|
|
shift 2
|
|
|
|
|
@ -111,6 +108,11 @@ while true; do
|
|
|
|
|
IFS=',' read -r -a MODELS <<< "$2"
|
|
|
|
|
shift 2
|
|
|
|
|
;;
|
|
|
|
|
--targets)
|
|
|
|
|
# take comma-separated next argument and turn it into an array
|
|
|
|
|
IFS=',' read -r -a CORE_TARGETS <<< "$2"
|
|
|
|
|
shift 2
|
|
|
|
|
;;
|
|
|
|
|
*)
|
|
|
|
|
break
|
|
|
|
|
;;
|
|
|
|
|
@ -267,6 +269,11 @@ for TREZOR_MODEL in ${MODELS[@]}; do
|
|
|
|
|
DIRSUFFIX=${DIRSUFFIX/0/}
|
|
|
|
|
DIRSUFFIX="-${TREZOR_MODEL}${DIRSUFFIX}"
|
|
|
|
|
|
|
|
|
|
MAKE_TARGETS=""
|
|
|
|
|
for TARGET in ${CORE_TARGETS[@]}; do
|
|
|
|
|
MAKE_TARGETS="$MAKE_TARGETS build_$TARGET"
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
SCRIPT_NAME=".build_core_${TREZOR_MODEL}_${BITCOIN_ONLY}.sh"
|
|
|
|
|
cat <<EOF > "build/$SCRIPT_NAME"
|
|
|
|
|
# DO NOT MODIFY!
|
|
|
|
|
@ -275,11 +282,13 @@ for TREZOR_MODEL in ${MODELS[@]}; do
|
|
|
|
|
set -e -o pipefail
|
|
|
|
|
cd /reproducible-build/trezor-firmware/core
|
|
|
|
|
$GIT_CLEAN_REPO
|
|
|
|
|
poetry run make clean vendor build_boardloader build_bootloader build_firmware
|
|
|
|
|
for item in bootloader firmware; do
|
|
|
|
|
poetry run ../python/tools/firmware-fingerprint.py \
|
|
|
|
|
-o build/\$item/\$item.bin.fingerprint \
|
|
|
|
|
build/\$item/\$item.bin
|
|
|
|
|
poetry run make clean vendor $MAKE_TARGETS
|
|
|
|
|
for item in bootloader firmware prodtest; do
|
|
|
|
|
if [ -f build/\$item/\$item.bin ]; then
|
|
|
|
|
poetry run ../python/tools/firmware-fingerprint.py \
|
|
|
|
|
-o build/\$item/\$item.bin.fingerprint \
|
|
|
|
|
build/\$item/\$item.bin
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
rm -rf /build/*
|
|
|
|
|
cp -r build/* /build
|
|
|
|
|
@ -288,6 +297,7 @@ EOF
|
|
|
|
|
|
|
|
|
|
echo
|
|
|
|
|
echo ">>> DOCKER RUN core BITCOIN_ONLY=$BITCOIN_ONLY TREZOR_MODEL=$TREZOR_MODEL PRODUCTION=$PRODUCTION"
|
|
|
|
|
echo " (targets: ${CORE_TARGETS[@]})"
|
|
|
|
|
echo
|
|
|
|
|
|
|
|
|
|
$DOCKER run \
|
|
|
|
|
@ -299,6 +309,7 @@ EOF
|
|
|
|
|
--env BITCOIN_ONLY="$BITCOIN_ONLY" \
|
|
|
|
|
--env TREZOR_MODEL="$TREZOR_MODEL" \
|
|
|
|
|
--env PRODUCTION="$PRODUCTION" \
|
|
|
|
|
--env VENDOR_HEADER="$VENDOR_HEADER" \
|
|
|
|
|
--init \
|
|
|
|
|
"$SNAPSHOT_NAME" \
|
|
|
|
|
/nix/var/nix/profiles/default/bin/nix-shell --run "bash /local/build/$SCRIPT_NAME"
|
|
|
|
|
@ -351,46 +362,6 @@ EOF
|
|
|
|
|
/nix/var/nix/profiles/default/bin/nix-shell --run "bash /local/build/$SCRIPT_NAME"
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
if [ "$OPT_BUILD_PRODTEST" -eq "1" ]; then
|
|
|
|
|
for TREZOR_MODEL in ${MODELS[@]}; do
|
|
|
|
|
DIRSUFFIX="-${TREZOR_MODEL}-prodtest"
|
|
|
|
|
SCRIPT_NAME=".build_${TREZOR_MODEL}-prodtest.sh"
|
|
|
|
|
cat <<EOF > "build/$SCRIPT_NAME"
|
|
|
|
|
# DO NOT MODIFY!
|
|
|
|
|
# this file was generated by ${BASH_SOURCE[0]}
|
|
|
|
|
# variant: core build prodtest
|
|
|
|
|
set -e -o pipefail
|
|
|
|
|
cd /reproducible-build/trezor-firmware/core
|
|
|
|
|
$GIT_CLEAN_REPO
|
|
|
|
|
poetry run make clean vendor build_prodtest
|
|
|
|
|
poetry run ../python/tools/firmware-fingerprint.py \
|
|
|
|
|
-o build/prodtest/prodtest.bin.fingerprint \
|
|
|
|
|
build/prodtest/prodtest.bin
|
|
|
|
|
rm -rf /build/*
|
|
|
|
|
cp -r build/* /build
|
|
|
|
|
chown -R $USER:$GROUP /build
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
echo
|
|
|
|
|
echo ">>> DOCKER RUN core prodtest TREZOR_MODEL=$TREZOR_MODEL PRODUCTION=$PRODUCTION"
|
|
|
|
|
echo
|
|
|
|
|
|
|
|
|
|
$DOCKER run \
|
|
|
|
|
--network=host \
|
|
|
|
|
-it \
|
|
|
|
|
--rm \
|
|
|
|
|
-v "$DIR:/local" \
|
|
|
|
|
-v "$DIR/build/core$DIRSUFFIX":/build:z \
|
|
|
|
|
--env TREZOR_MODEL="$TREZOR_MODEL" \
|
|
|
|
|
--env PRODUCTION="$PRODUCTION" \
|
|
|
|
|
--env VENDOR_HEADER="$VENDOR_HEADER" \
|
|
|
|
|
--init \
|
|
|
|
|
"$SNAPSHOT_NAME" \
|
|
|
|
|
/nix/var/nix/profiles/default/bin/nix-shell --run "bash /local/build/$SCRIPT_NAME"
|
|
|
|
|
done
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
echo
|
|
|
|
|
echo "Docker image retained as $SNAPSHOT_NAME"
|
|
|
|
|
echo "To remove it, run:"
|
|
|
|
|
@ -403,8 +374,8 @@ echo "Built from commit $COMMIT_HASH"
|
|
|
|
|
echo
|
|
|
|
|
echo "Fingerprints:"
|
|
|
|
|
for VARIANT in core legacy; do
|
|
|
|
|
for MODEL in "R" "T"; do
|
|
|
|
|
for DIRSUFFIX in "" "-bitcoinonly" "-prodtest"; do
|
|
|
|
|
for MODEL in ${MODELS[@]}; do
|
|
|
|
|
for DIRSUFFIX in "" "-bitcoinonly"; do
|
|
|
|
|
BUILD_DIR=build/${VARIANT}-${MODEL}${DIRSUFFIX}
|
|
|
|
|
for file in $BUILD_DIR/*/*.fingerprint; do
|
|
|
|
|
if [ -f "$file" ]; then
|
|
|
|
|
|
matejcik
3 weeks ago