Alex Sears
3 years ago
No known key found for this signature in database
GPG Key ID: B00C1DBE761753A4
4 changed files with
58 additions and
0 deletions
-
.dockerignore
-
.github/workflows/validate_and_build.yaml
-
.gitignore
-
Justfile
|
|
|
@ -84,6 +84,11 @@ jobs: |
|
|
|
env: |
|
|
|
D_BASE: localhost:5000/ |
|
|
|
|
|
|
|
- name: Build and make tools available |
|
|
|
run: just DOCKER_REGISTRY_BASE="$D_BASE" tools |
|
|
|
env: |
|
|
|
D_BASE: localhost:5000/ |
|
|
|
|
|
|
|
- name: Upload built firmware file |
|
|
|
uses: actions/upload-artifact@v2 |
|
|
|
with: |
|
|
|
@ -101,3 +106,21 @@ jobs: |
|
|
|
with: |
|
|
|
name: bootloader.bin |
|
|
|
path: ports/stm32/boards/Passport/bootloader/arm/release/bootloader.bin |
|
|
|
|
|
|
|
- name: Upload cosign |
|
|
|
uses: actions/upload-artifact@v2 |
|
|
|
with: |
|
|
|
name: cosign |
|
|
|
path: cosign |
|
|
|
|
|
|
|
- name: Upload add-secrets |
|
|
|
uses: actions/upload-artifact@v2 |
|
|
|
with: |
|
|
|
name: add-secrets |
|
|
|
path: ports/stm32/boards/Passport/tools/add-secrets/x86/release/add-secrets |
|
|
|
|
|
|
|
- name: Upload word_list_gen |
|
|
|
uses: actions/upload-artifact@v2 |
|
|
|
with: |
|
|
|
name: word_list_gen |
|
|
|
path: ports/stm32/boards/Passport/tools/word_list_gen/word_list_gen |
|
|
|
|
|
|
|
@ -58,3 +58,4 @@ ports/stm32/boards/Passport/bootloader/secrets* |
|
|
|
|
|
|
|
*.pem |
|
|
|
.vscode |
|
|
|
cosign |
|
|
|
|
|
|
|
@ -34,6 +34,39 @@ bootloader-build: |
|
|
|
${DOCKER_REGISTRY_BASE}{{ docker_image }} \ |
|
|
|
-c 'make -C boards/Passport/bootloader' |
|
|
|
|
|
|
|
# build the docker image and get the tools from it |
|
|
|
tools: docker-build cosign-tool add-secrets-tool word-list-gen-tool |
|
|
|
|
|
|
|
# get cosign tool from built docker image |
|
|
|
cosign-tool: |
|
|
|
#!/usr/bin/env bash |
|
|
|
set -exo pipefail |
|
|
|
docker run --rm -v "$PWD":/workspace \ |
|
|
|
-w /workspace \ |
|
|
|
--entrypoint bash \ |
|
|
|
${DOCKER_REGISTRY_BASE}{{ docker_image }} \ |
|
|
|
-c 'cp /usr/bin/cosign cosign' |
|
|
|
|
|
|
|
# get add-secrets tool from built docker image |
|
|
|
add-secrets-tool: |
|
|
|
#!/usr/bin/env bash |
|
|
|
set -exo pipefail |
|
|
|
docker run --rm -v "$PWD":/workspace \ |
|
|
|
-w /workspace \ |
|
|
|
--entrypoint bash \ |
|
|
|
${DOCKER_REGISTRY_BASE}{{ docker_image }} \ |
|
|
|
-c 'make -C ports/stm32/boards/Passport/tools/add-secrets' |
|
|
|
|
|
|
|
# get word_list_gen tool from built docker image |
|
|
|
word-list-gen-tool: |
|
|
|
#!/usr/bin/env bash |
|
|
|
set -exo pipefail |
|
|
|
docker run --rm -v "$PWD":/workspace \ |
|
|
|
-w /workspace/ports/stm32/boards/Passport/tools/word_list_gen \ |
|
|
|
--entrypoint bash \ |
|
|
|
${DOCKER_REGISTRY_BASE}{{ docker_image }} \ |
|
|
|
-c 'gcc word_list_gen.c bip39_words.c bytewords_words.c -o word_list_gen' |
|
|
|
|
|
|
|
# run the built firmware through SHA256 |
|
|
|
verify-sha sha: build |
|
|
|
#!/usr/bin/env bash |
|
|
|
|
