@ -1,27 +1,31 @@
#!/usr/bin/env bash
set -e
set -e -o pipefail
CONTAINER_NAME = trezor-firmware-env.nix
cd " $( dirname " ${ BASH_SOURCE [0] } " ) "
CONTAINER_NAME = ${ CONTAINER_NAME :- trezor -firmware-env.nix }
ALPINE_CDN = ${ ALPINE_CDN :- http : //dl-cdn.alpinelinux.org/alpine }
ALPINE_RELEASE = ${ ALPINE_RELEASE :- 3 .12 }
ALPINE_ARCH = ${ ALPINE_ARCH :- x86_64 }
ALPINE_VERSION = ${ ALPINE_VERSION :- 3 .12.0 }
CONTAINER_FS_URL = ${ CONTAINER_FS_URL :- " $ALPINE_CDN /v $ALPINE_RELEASE /releases/ $ALPINE_ARCH /alpine-minirootfs- $ALPINE_VERSION - $ALPINE_ARCH .tar.gz " }
TAG = ${ 1 :- master }
REPOSITORY = ${ 2 :- local }
REPOSITORY = ${ 2 :- / local}
PRODUCTION = ${ PRODUCTION :- 1 }
MEMORY_PROTECT = ${ MEMORY_PROTECT :- 1 }
if [ " $REPOSITORY " = "local" ] ; then
REPOSITORY = file:///local/
else
REPOSITORY = https://github.com/$REPOSITORY /trezor-firmware.git
fi
wget -nc -P ci/ http://dl-cdn.alpinelinux.org/alpine/v3.12/releases/x86_64/alpine-minirootfs-3.12.0-x86_64.tar.gz
wget --no-config -nc -P ci/ " $CONTAINER_FS_URL "
docker build -t " $CONTAINER_NAME " ci/
USER = $( ls -lnd . | awk '{ print $3 }' )
GROUP = $( ls -lnd . | awk '{ print $4 }' )
# stat under macOS has slightly different cli interface
USER = $( stat -c "%u" . 2>/dev/null || stat -f "%u" .)
GROUP = $( stat -c "%g" . 2>/dev/null || stat -f "%g" .)
mkdir -p build/core build/legacy
mkdir -p build/core-bitcoinonly build/legacy-bitcoinonly
mkdir -p $( pwd ) /build/core $( pwd ) /build/legacy
mkdir -p $( pwd ) /build/core-bitcoinonly $( pwd ) /build/legacy-bitcoinonly
DIR = $( pwd )
# build core
@ -30,26 +34,34 @@ for BITCOIN_ONLY in 0 1; do
DIRSUFFIX = ${ BITCOIN_ONLY /1/-bitcoinonly }
DIRSUFFIX = ${ DIRSUFFIX /0/ }
SCRIPT_NAME = " .build_core_ $BITCOIN_ONLY .sh "
cat <<EOF > "build/$SCRIPT_NAME "
# DO NOT MODIFY!
# this file was generated by ${BASH_SOURCE[0]}
# variant: core build BITCOIN_ONLY=$BITCOIN_ONLY
set -e -o pipefail
cd /tmp
git clone " $REPOSITORY " trezor-firmware
cd trezor-firmware/core
ln -s /build build
git checkout " $TAG "
git submodule update --init --recursive
poetry install
poetry run make clean vendor build_firmware
poetry run ../python/tools/firmware-fingerprint.py \
-o build/firmware/firmware.bin.fingerprint \
build/firmware/firmware.bin
chown -R $USER :$GROUP /build
EOF
docker run -it --rm \
-v $( pwd ) :/local \
-v $( pwd ) /build/core" ${ DIRSUFFIX } " :/build:z \
-v " $DIR :/local " \
-v " $DIR /build/core $DIRSUFFIX " :/build:z \
--env BITCOIN_ONLY = " $BITCOIN_ONLY " \
--env PRODUCTION = " $PRODUCTION " \
--init \
" $CONTAINER_NAME " \
/nix/var/nix/profiles/default/bin/nix-shell --run " \
cd /tmp && \
git clone $REPOSITORY trezor-firmware && \
cd trezor-firmware/core && \
ln -s /build build &&
git checkout $TAG && \
git submodule update --init --recursive && \
poetry install && \
poetry run make clean vendor build_firmware && \
poetry run ../python/tools/firmware-fingerprint.py \
-o build/firmware/firmware.bin.fingerprint \
build/firmware/firmware.bin && \
chown -R $USER :$GROUP /build"
/nix/var/nix/profiles/default/bin/nix-shell --run " bash /local/build/ $SCRIPT_NAME "
done
# build legacy
@ -59,28 +71,37 @@ for BITCOIN_ONLY in 0 1; do
DIRSUFFIX = ${ BITCOIN_ONLY /1/-bitcoinonly }
DIRSUFFIX = ${ DIRSUFFIX /0/ }
SCRIPT_NAME = " .build_legacy_ $BITCOIN_ONLY .sh "
cat <<EOF > "build/$SCRIPT_NAME "
# DO NOT MODIFY!
# this file was generated by ${BASH_SOURCE[0]}
# variant: legacy build BITCOIN_ONLY=$BITCOIN_ONLY
set -e -o pipefail
cd /tmp
git clone " $REPOSITORY " trezor-firmware
cd trezor-firmware/legacy
ln -s /build build
git checkout " $TAG "
git submodule update --init --recursive
poetry install
poetry run script/cibuild
mkdir -p build/firmware
cp firmware/trezor.bin build/firmware/firmware.bin
cp firmware/trezor.elf build/firmware/firmware.elf
poetry run ../python/tools/firmware-fingerprint.py \
-o build/firmware/firmware.bin.fingerprint \
build/firmware/firmware.bin
chown -R $USER :$GROUP /build
EOF
docker run -it --rm \
-v $( pwd ) :/local \
-v $( pwd ) /build/legacy" ${ DIRSUFFIX } " :/build:z \
-v " $DIR :/local " \
-v " $DIR /build/legacy $DIRSUFFIX " :/build:z \
--env BITCOIN_ONLY = " $BITCOIN_ONLY " \
--env MEMORY_PROTECT = " $MEMORY_PROTECT " \
--init \
" $CONTAINER_NAME " \
/nix/var/nix/profiles/default/bin/nix-shell --run " \
cd /tmp && \
git clone $REPOSITORY trezor-firmware && \
cd trezor-firmware/legacy && \
ln -s /build build &&
git checkout $TAG && \
git submodule update --init --recursive && \
poetry install && \
poetry run script/cibuild && \
mkdir -p build/firmware && \
cp firmware/trezor.bin build/firmware/firmware.bin && \
cp firmware/trezor.elf build/firmware/firmware.elf && \
poetry run ../python/tools/firmware-fingerprint.py \
-o build/firmware/firmware.bin.fingerprint \
build/firmware/firmware.bin && \
chown -R $USER :$GROUP /build"
/nix/var/nix/profiles/default/bin/nix-shell --run " bash /local/build/ $SCRIPT_NAME "
done