Lock down reproducible make targets and use in docker build
This commit is contained in:
Nicolas Stalder
parent
6b97807f51
commit
de31924be3
4
Makefile
4
Makefile
@ -75,10 +75,10 @@ fido2-test: venv
|
|||||||
venv/bin/python tools/ctap_test.py
|
venv/bin/python tools/ctap_test.py
|
||||||
|
|
||||||
DOCKER_IMAGE := "solokeys/solo-firmware:local"
|
DOCKER_IMAGE := "solokeys/solo-firmware:local"
|
||||||
SOLO_VERSION := "master"
|
SOLO_VERSIONISH := "master"
|
||||||
docker-build:
|
docker-build:
|
||||||
docker build -t $(DOCKER_IMAGE) .
|
docker build -t $(DOCKER_IMAGE) .
|
||||||
docker run --rm -v$(PWD)/builds:/builds -v$(PWD)/docker-build.sh:/build.sh $(DOCKER_IMAGE) /build.sh $(SOLO_VERSION)
|
docker run --rm -v$(PWD)/builds:/builds -v$(PWD)/in-docker-build.sh:/in-docker-build.sh $(DOCKER_IMAGE) /in-docker-build.sh $(SOLO_VERSIONISH)
|
||||||
|
|
||||||
CPPCHECK_FLAGS=--quiet --error-exitcode=2
|
CPPCHECK_FLAGS=--quiet --error-exitcode=2
|
||||||
|
|
||||||
|
|||||||
@ -1,22 +0,0 @@
|
|||||||
#!/bin/bash -xe
|
|
||||||
|
|
||||||
version=${1:-master}
|
|
||||||
|
|
||||||
export PREFIX=/opt/gcc-arm-none-eabi-8-2018-q4-major/bin/
|
|
||||||
|
|
||||||
cd /solo/targets/stm32l432
|
|
||||||
git fetch
|
|
||||||
git checkout ${version}
|
|
||||||
version=$(git describe)
|
|
||||||
make cbor
|
|
||||||
make all-hacker
|
|
||||||
|
|
||||||
cd /
|
|
||||||
|
|
||||||
out_dir="builds"
|
|
||||||
out_hex="solo-${version}.hex"
|
|
||||||
out_sha2="solo-${version}.sha2"
|
|
||||||
cp /solo/targets/stm32l432/solo.hex ${out_dir}/${out_hex}
|
|
||||||
cd ${out_dir}
|
|
||||||
sha256sum ${out_hex} > ${out_sha2}
|
|
||||||
|
|
||||||
37
in-docker-build.sh
Executable file
37
in-docker-build.sh
Executable file
@ -0,0 +1,37 @@
|
|||||||
|
#!/bin/bash -xe
|
||||||
|
|
||||||
|
version=${1:-master}
|
||||||
|
|
||||||
|
export PREFIX=/opt/gcc-arm-none-eabi-8-2018-q4-major/bin/
|
||||||
|
|
||||||
|
cd /solo/targets/stm32l432
|
||||||
|
git fetch
|
||||||
|
git checkout ${version}
|
||||||
|
version=$(git describe)
|
||||||
|
|
||||||
|
make cbor
|
||||||
|
|
||||||
|
out_dir="/builds"
|
||||||
|
|
||||||
|
function build() {
|
||||||
|
part=${1}
|
||||||
|
variant=${2}
|
||||||
|
output=${3:-${part}}
|
||||||
|
what="${part}-${variant}"
|
||||||
|
|
||||||
|
make full-clean
|
||||||
|
|
||||||
|
make ${what}
|
||||||
|
|
||||||
|
out_hex="${what}-${version}.hex"
|
||||||
|
out_sha2="${what}-${version}.sha2"
|
||||||
|
|
||||||
|
mv ${output}.hex ${out_hex}
|
||||||
|
sha256sum ${out_hex} > ${out_sha2}
|
||||||
|
cp ${out_hex} ${out_sha2} ${out_dir}
|
||||||
|
}
|
||||||
|
|
||||||
|
build bootloader nonverifying
|
||||||
|
build bootloader verifying
|
||||||
|
build firmware hacker solo
|
||||||
|
build firmware secure solo
|
||||||
@ -13,10 +13,10 @@ merge_hex=../../tools/solotool.py mergehex
|
|||||||
# The following are the main targets for reproducible builds.
|
# The following are the main targets for reproducible builds.
|
||||||
# TODO: better explanation
|
# TODO: better explanation
|
||||||
firmware-hacker:
|
firmware-hacker:
|
||||||
$(MAKE) -f $(APPMAKE) -j8 solo.hex PREFIX=$(PREFIX) DEBUG=$(DEBUG) EXTRA_DEFINES='-DSOLO_HACKER -DFLASH_ROP=1'
|
$(MAKE) -f $(APPMAKE) -j8 solo.hex PREFIX=$(PREFIX) DEBUG=0 EXTRA_DEFINES='-DSOLO_HACKER -DFLASH_ROP=1'
|
||||||
|
|
||||||
firmware-secure:
|
firmware-secure:
|
||||||
$(MAKE) -f $(APPMAKE) -j8 solo.hex PREFIX=$(PREFIX) DEBUG=$(DEBUG) EXTRA_DEFINES='-DUSE_SOLOKEYS_CERT -DFLASH_ROP=2'
|
$(MAKE) -f $(APPMAKE) -j8 solo.hex PREFIX=$(PREFIX) DEBUG=0 EXTRA_DEFINES='-DUSE_SOLOKEYS_CERT -DFLASH_ROP=2'
|
||||||
|
|
||||||
bootloader-nonverifying:
|
bootloader-nonverifying:
|
||||||
$(MAKE) -f $(BOOTMAKE) -j8 bootloader.hex PREFIX=$(PREFIX) EXTRA_DEFINES='-DSOLO_HACKER' DEBUG=0
|
$(MAKE) -f $(BOOTMAKE) -j8 bootloader.hex PREFIX=$(PREFIX) EXTRA_DEFINES='-DSOLO_HACKER' DEBUG=0
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user