forked from OneKeyHQ/firmware
-
Notifications
You must be signed in to change notification settings - Fork 0
/
build-docker.sh
executable file
·190 lines (156 loc) · 5.03 KB
/
build-docker.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
#!/usr/bin/env bash
set -e -o pipefail
cd "$(dirname "${BASH_SOURCE[0]}")"
if [ -z "$ALPINE_ARCH" ]; then
arch="$(uname -m)"
case "$arch" in
aarch64|arm64)
ALPINE_ARCH="aarch64"
;;
x86_64)
ALPINE_ARCH="x86_64"
;;
*)
echo "Unsupported arch"
exit
esac
fi
if [ -z "$ALPINE_CHECKSUM" ]; then
case "$ALPINE_ARCH" in
aarch64)
ALPINE_CHECKSUM="a5de8f89f3851d929704feafda9ff0d7402ae138176bba8b3f6a25ecbb0b8f46"
;;
x86_64)
ALPINE_CHECKSUM="4591f811a5515b13d60ab76f78bb8fd1cb9d9857a98cf7e2e5b200e89701e62c"
;;
*)
exit
esac
fi
CONTAINER_NAME=${CONTAINER_NAME:-trezor-firmware-env.nix}
ALPINE_CDN=${ALPINE_CDN:-https://dl-cdn.alpinelinux.org/alpine}
ALPINE_RELEASE=${ALPINE_RELEASE:-3.14}
ALPINE_VERSION=${ALPINE_VERSION:-3.14.2}
ALPINE_TARBALL=${ALPINE_FILE:-alpine-minirootfs-$ALPINE_VERSION-$ALPINE_ARCH.tar.gz}
NIX_VERSION=${NIX_VERSION:-2.3.15}
CONTAINER_FS_URL=${CONTAINER_FS_URL:-"$ALPINE_CDN/v$ALPINE_RELEASE/releases/$ALPINE_ARCH/$ALPINE_TARBALL"}
VARIANTS_core=(0 1)
VARIANTS_legacy=(0 1)
if [ "$1" == "--skip-core" ]; then
VARIANTS_core=()
shift
fi
if [ "$1" == "--skip-legacy" ]; then
VARIANTS_legacy=()
shift
fi
if [ "$1" == "--skip-bitcoinonly" ]; then
VARIANTS_core=(0)
VARIANTS_legacy=(0)
shift
fi
TAG=${1:-master}
REPOSITORY=${2:-/local}
PRODUCTION=${PRODUCTION:-1}
MEMORY_PROTECT=${MEMORY_PROTECT:-1}
if which wget > /dev/null ; then
wget --no-config -nc -P ci/ "$CONTAINER_FS_URL"
else
if ! [ -f "ci/$ALPINE_TARBALL" ]; then
curl -L -o "ci/$ALPINE_TARBALL" "$CONTAINER_FS_URL"
fi
fi
# check alpine checksum
if command -v sha256sum &> /dev/null ; then
echo "${ALPINE_CHECKSUM} ci/${ALPINE_TARBALL}" | sha256sum -c
else
echo "${ALPINE_CHECKSUM} ci/${ALPINE_TARBALL}" | shasum -a 256 -c
fi
docker build --build-arg ALPINE_VERSION="$ALPINE_VERSION" --build-arg ALPINE_ARCH="$ALPINE_ARCH" --build-arg NIX_VERSION="$NIX_VERSION" -t "$CONTAINER_NAME" ci/
# stat under macOS has slightly different cli interface
USER=$(stat -c "%u" . 2>/dev/null || stat -f "%u" .)
GROUP=$(stat -c "%g" . 2>/dev/null || stat -f "%g" .)
mkdir -p build/core build/legacy
mkdir -p build/core-bitcoinonly build/legacy-bitcoinonly
DIR=$(pwd)
# build core
for BITCOIN_ONLY in ${VARIANTS_core[@]}; do
DIRSUFFIX=${BITCOIN_ONLY/1/-bitcoinonly}
DIRSUFFIX=${DIRSUFFIX/0/}
SCRIPT_NAME=".build_core_$BITCOIN_ONLY.sh"
cat <<EOF > "build/$SCRIPT_NAME"
# DO NOT MODIFY!
# this file was generated by ${BASH_SOURCE[0]}
# variant: core build BITCOIN_ONLY=$BITCOIN_ONLY
set -e -o pipefail
cd /tmp
git clone "$REPOSITORY" trezor-firmware
cd trezor-firmware/core
ln -s /build build
git checkout "$TAG"
git submodule update --init --recursive
poetry install
poetry run make clean vendor build_firmware
poetry run ../python/tools/firmware-fingerprint.py \
-o build/firmware/firmware.bin.fingerprint \
build/firmware/firmware.bin
chown -R $USER:$GROUP /build
EOF
docker run -it --rm \
-v "$DIR:/local" \
-v "$DIR/build/core$DIRSUFFIX":/build:z \
--env BITCOIN_ONLY="$BITCOIN_ONLY" \
--env PRODUCTION="$PRODUCTION" \
--init \
"$CONTAINER_NAME" \
/nix/var/nix/profiles/default/bin/nix-shell --run "bash /local/build/$SCRIPT_NAME"
done
# build legacy
for BITCOIN_ONLY in ${VARIANTS_legacy[@]}; do
DIRSUFFIX=${BITCOIN_ONLY/1/-bitcoinonly}
DIRSUFFIX=${DIRSUFFIX/0/}
SCRIPT_NAME=".build_legacy_$BITCOIN_ONLY.sh"
cat <<EOF > "build/$SCRIPT_NAME"
# DO NOT MODIFY!
# this file was generated by ${BASH_SOURCE[0]}
# variant: legacy build BITCOIN_ONLY=$BITCOIN_ONLY
set -e -o pipefail
cd /tmp
git clone "$REPOSITORY" trezor-firmware
cd trezor-firmware/legacy
ln -s /build build
git checkout "$TAG"
git submodule update --init --recursive
poetry install
poetry run script/cibuild
mkdir -p build/bootloader build/firmware build/intermediate_fw
cp bootloader/*.bin build/bootloader/bootloader.bin
cp intermediate_fw/*.bin build/intermediate_fw/inter.bin
cp firmware/*.bin build/firmware/firmware.bin
cp firmware/*.elf build/firmware/firmware.elf
poetry run ../python/tools/firmware-fingerprint.py \
-o build/firmware/firmware.bin.fingerprint \
build/firmware/firmware.bin
chown -R $USER:$GROUP /build
EOF
docker run -it --rm \
-v "$DIR:/local" \
-v "$DIR/build/legacy$DIRSUFFIX":/build:z \
--env BITCOIN_ONLY="$BITCOIN_ONLY" \
--env MEMORY_PROTECT="$MEMORY_PROTECT" \
--init \
"$CONTAINER_NAME" \
/nix/var/nix/profiles/default/bin/nix-shell --run "bash /local/build/$SCRIPT_NAME"
done
# all built, show fingerprints
echo "Fingerprints:"
for VARIANT in core legacy; do
VARIANTS="VARIANTS_$VARIANT[@]"
for BITCOIN_ONLY in ${!VARIANTS}; do
DIRSUFFIX=${BITCOIN_ONLY/1/-bitcoinonly}
DIRSUFFIX=${DIRSUFFIX/0/}
FWPATH=build/${VARIANT}${DIRSUFFIX}/firmware/firmware.bin
FINGERPRINT=$(tr -d '\n' < $FWPATH.fingerprint)
echo "$FINGERPRINT $FWPATH"
done
done