You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
101 lines
3.0 KiB
101 lines
3.0 KiB
4 years ago
|
export DOCKER_REGISTRY_BASE := ''
|
||
|
|
|
||
|
|
commit_sha := `git rev-parse HEAD`
|
||
|
|
docker_image := 'foundation-devices/firmware-builder:' + commit_sha
|
||
|
|
base_path := 'ports/stm32'
|
||
|
|
firmware_path := base_path + '/build-Passport/firmware.bin'
|
||
|
|
|
||
|
|
# build the docker image and then the firmware and bootloader
|
||
|
|
build: docker-build firmware-build bootloader-build
|
||
|
|
|
||
|
|
# build the dependency docker image
|
||
|
|
docker-build:
|
||
|
|
#!/usr/bin/env bash
|
||
|
|
set -exo pipefail
|
||
|
|
docker build -t ${DOCKER_REGISTRY_BASE}{{ docker_image }} .
|
||
|
|
|
||
|
|
# build the firmware inside docker
|
||
|
|
firmware-build:
|
||
|
|
#!/usr/bin/env bash
|
||
|
|
set -exo pipefail
|
||
|
|
docker run --rm -v "$PWD":/workspace \
|
||
|
|
-w /workspace/{{ base_path }} \
|
||
|
|
--entrypoint bash \
|
||
|
|
${DOCKER_REGISTRY_BASE}{{ docker_image }} \
|
||
|
|
-c 'make BOARD=Passport MPY_CROSS=/usr/bin/mpy-cross'
|
||
|
|
|
||
|
|
# build the bootloader inside docker
|
||
|
|
bootloader-build:
|
||
|
|
#!/usr/bin/env bash
|
||
|
|
set -exo pipefail
|
||
|
|
docker run --rm -v "$PWD":/workspace \
|
||
|
|
-w /workspace/{{ base_path }} \
|
||
|
|
--entrypoint bash \
|
||
|
|
${DOCKER_REGISTRY_BASE}{{ docker_image }} \
|
||
|
|
-c 'make -C boards/Passport/bootloader'
|
||
|
|
|
||
|
|
# build the docker image and get the tools from it
|
||
|
|
tools: docker-build cosign-tool add-secrets-tool word-list-gen-tool
|
||
|
|
|
||
|
|
# get cosign tool from built docker image
|
||
|
|
cosign-tool:
|
||
|
|
#!/usr/bin/env bash
|
||
|
|
set -exo pipefail
|
||
|
|
docker run --rm -v "$PWD":/workspace \
|
||
|
|
-w /workspace \
|
||
|
|
--entrypoint bash \
|
||
|
|
${DOCKER_REGISTRY_BASE}{{ docker_image }} \
|
||
|
|
-c 'cp /usr/bin/cosign cosign'
|
||
|
|
|
||
|
|
# get add-secrets tool from built docker image
|
||
|
|
add-secrets-tool:
|
||
|
|
#!/usr/bin/env bash
|
||
|
|
set -exo pipefail
|
||
|
|
docker run --rm -v "$PWD":/workspace \
|
||
|
|
-w /workspace \
|
||
|
|
--entrypoint bash \
|
||
|
|
${DOCKER_REGISTRY_BASE}{{ docker_image }} \
|
||
|
|
-c 'make -C ports/stm32/boards/Passport/tools/add-secrets'
|
||
|
|
|
||
|
|
# get word_list_gen tool from built docker image
|
||
|
|
word-list-gen-tool:
|
||
|
|
#!/usr/bin/env bash
|
||
|
|
set -exo pipefail
|
||
|
|
docker run --rm -v "$PWD":/workspace \
|
||
|
|
-w /workspace/ports/stm32/boards/Passport/tools/word_list_gen \
|
||
|
|
--entrypoint bash \
|
||
|
|
${DOCKER_REGISTRY_BASE}{{ docker_image }} \
|
||
|
|
-c 'gcc word_list_gen.c bip39_words.c bytewords_words.c -o word_list_gen'
|
||
|
|
|
||
|
|
# run the built firmware through SHA256
|
||
|
|
verify-sha sha: build
|
||
|
|
#!/usr/bin/env bash
|
||
|
|
sha=$(shasum -a 256 {{ firmware_path }} | awk '{print $1}')
|
||
|
|
|
||
|
|
echo -e "Expected SHA:\t{{ sha }}"
|
||
|
|
echo -e "Actual SHA:\t${sha}"
|
||
|
|
if [ "$sha" = "{{ sha }}" ]; then
|
||
|
|
echo "Hashes match!"
|
||
|
|
else
|
||
|
|
echo "ERROR: Hashes DO NOT match!"
|
||
|
|
fi
|
||
|
|
|
||
|
|
# sign the built firmware using a private key and the cosign tool
|
||
|
|
sign keypath version filepath=firmware_path: firmware-build
|
||
|
|
#!/usr/bin/env bash
|
||
|
|
set -exo pipefail
|
||
|
|
|
||
|
|
docker run --rm -v "$PWD":/workspace \
|
||
|
|
-w /workspace \
|
||
|
|
--entrypoint bash \
|
||
|
|
${DOCKER_REGISTRY_BASE}{{ docker_image }} \
|
||
|
|
-c "cosign -f {{ filepath }} -k {{ keypath }} -v {{ version }}"
|
||
|
|
|
||
|
|
# clean firmware build
|
||
|
|
clean:
|
||
|
|
docker run --rm -v "$PWD":/workspace \
|
||
|
|
-w /workspace/{{ base_path }} \
|
||
|
|
--entrypoint bash \
|
||
|
|
${DOCKER_REGISTRY_BASE}{{ docker_image }} \
|
||
|
|
-c "make clean BOARD=Passport"
|