1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-11-22 23:48:12 +00:00
trezor-firmware/ci/Dockerfile
Martin Milata 9ed25a718a ci: handle full dependencies in shell.nix
Handling of full dependencies (multiple python versions, Monero tests)
was moved from Dockerfile to shell.nix.

The Python packages are installed from the pinned nixpkgs revision and
do not depend on channel state at the time of docker build anymore.

The Monero test binary is now downloaded using fetchurl which fails the
build if checksum doesn't match.
2020-10-15 15:59:20 +02:00

48 lines
2.0 KiB
Docker

# install the latest Alpine linux from scratch
FROM scratch
ARG ALPINE_VERSION=3.12.0
ADD alpine-minirootfs-${ALPINE_VERSION}-x86_64.tar.gz /
# the following is adapted from https://github.com/NixOS/docker/blob/master/Dockerfile
# Enable HTTPS support in wget and set nsswitch.conf to make resolution work within containers
RUN apk add --no-cache --update openssl \
&& echo hosts: dns files > /etc/nsswitch.conf
# Download Nix and install it into the system.
ARG NIX_VERSION=2.3.6
RUN wget https://nixos.org/releases/nix/nix-${NIX_VERSION}/nix-${NIX_VERSION}-x86_64-linux.tar.xz \
&& tar xf nix-${NIX_VERSION}-x86_64-linux.tar.xz \
&& addgroup -g 30000 -S nixbld \
&& for i in $(seq 1 30); do adduser -S -D -h /var/empty -g "Nix build user $i" -u $((30000 + i)) -G nixbld nixbld$i ; done \
&& mkdir -m 0755 /etc/nix \
&& echo 'sandbox = false' > /etc/nix/nix.conf \
&& mkdir -m 0755 /nix && USER=root sh nix-${NIX_VERSION}-x86_64-linux/install \
&& ln -s /nix/var/nix/profiles/default/etc/profile.d/nix.sh /etc/profile.d/ \
&& rm -r /nix-${NIX_VERSION}-x86_64-linux* \
&& rm -rf /var/cache/apk/* \
&& /nix/var/nix/profiles/default/bin/nix-collect-garbage --delete-old \
&& /nix/var/nix/profiles/default/bin/nix-store --optimise \
&& /nix/var/nix/profiles/default/bin/nix-store --verify --check-contents
ENV \
USER=root \
PATH=/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin \
GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt \
NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt \
NIX_PATH=/nix/var/nix/profiles/per-user/root/channels
# Trezor specific stuff starts here
COPY shell.nix shell.nix
# to make multiple python versions and monero test suite available, run docker build
# with the following argument: "--build-arg FULLDEPS_TESTING=1"
ARG FULLDEPS_TESTING=0
ENV FULLDEPS_TESTING=${FULLDEPS_TESTING}
RUN nix-shell --arg fullDeps "$([ ${FULLDEPS_TESTING} = 1 ] && echo true || echo false)" --run "echo deps pre-installed"
CMD [ "nix-shell" ]