forked from Foundation-Devices/passport-firmware
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Justfile
100 lines (86 loc) · 2.99 KB
/
Justfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
export DOCKER_REGISTRY_BASE := ''
commit_sha := `git rev-parse HEAD`
docker_image := 'foundation-devices/firmware-builder:' + commit_sha
base_path := 'ports/stm32'
firmware_path := base_path + '/build-Passport/firmware.bin'
# build the docker image and then the firmware and bootloader
build: docker-build firmware-build bootloader-build
# build the dependency docker image
docker-build:
#!/usr/bin/env bash
set -exo pipefail
docker build -t ${DOCKER_REGISTRY_BASE}{{ docker_image }} .
# build the firmware inside docker
firmware-build:
#!/usr/bin/env bash
set -exo pipefail
docker run --rm -v "$PWD":/workspace \
-w /workspace/{{ base_path }} \
--entrypoint bash \
${DOCKER_REGISTRY_BASE}{{ docker_image }} \
-c 'make BOARD=Passport MPY_CROSS=/usr/bin/mpy-cross'
# build the bootloader inside docker
bootloader-build:
#!/usr/bin/env bash
set -exo pipefail
docker run --rm -v "$PWD":/workspace \
-w /workspace/{{ base_path }} \
--entrypoint bash \
${DOCKER_REGISTRY_BASE}{{ docker_image }} \
-c 'make -C boards/Passport/bootloader'
# build the docker image and get the tools from it
tools: docker-build cosign-tool add-secrets-tool word-list-gen-tool
# get cosign tool from built docker image
cosign-tool:
#!/usr/bin/env bash
set -exo pipefail
docker run --rm -v "$PWD":/workspace \
-w /workspace \
--entrypoint bash \
${DOCKER_REGISTRY_BASE}{{ docker_image }} \
-c 'cp /usr/bin/cosign cosign'
# get add-secrets tool from built docker image
add-secrets-tool:
#!/usr/bin/env bash
set -exo pipefail
docker run --rm -v "$PWD":/workspace \
-w /workspace \
--entrypoint bash \
${DOCKER_REGISTRY_BASE}{{ docker_image }} \
-c 'make -C ports/stm32/boards/Passport/tools/add-secrets'
# get word_list_gen tool from built docker image
word-list-gen-tool:
#!/usr/bin/env bash
set -exo pipefail
docker run --rm -v "$PWD":/workspace \
-w /workspace/ports/stm32/boards/Passport/tools/word_list_gen \
--entrypoint bash \
${DOCKER_REGISTRY_BASE}{{ docker_image }} \
-c 'gcc word_list_gen.c bip39_words.c bytewords_words.c -o word_list_gen'
# run the built firmware through SHA256
verify-sha sha: build
#!/usr/bin/env bash
sha=$(shasum -a 256 {{ firmware_path }} | awk '{print $1}')
echo -e "Expected SHA:\t{{ sha }}"
echo -e "Actual SHA:\t${sha}"
if [ "$sha" = "{{ sha }}" ]; then
echo "Hashes match!"
else
echo "ERROR: Hashes DO NOT match!"
fi
# sign the built firmware using a private key and the cosign tool
sign keypath version filepath=firmware_path: firmware-build
#!/usr/bin/env bash
set -exo pipefail
docker run --rm -v "$PWD":/workspace \
-w /workspace \
--entrypoint bash \
${DOCKER_REGISTRY_BASE}{{ docker_image }} \
-c "cosign -f {{ filepath }} -k {{ keypath }} -v {{ version }}"
# clean firmware build
clean:
docker run --rm -v "$PWD":/workspace \
-w /workspace/{{ base_path }} \
--entrypoint bash \
${DOCKER_REGISTRY_BASE}{{ docker_image }} \
-c "make clean BOARD=Passport"