From 8b53b4513c20e76dfbbe48e8e61c96247c3f3c8e Mon Sep 17 00:00:00 2001 From: Alekos Filini Date: Mon, 29 Apr 2024 21:36:27 +0200 Subject: [PATCH] Make firmware builds reproducible --- .github/workflows/ci.yml | 3 ++- flake.nix | 12 ++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7d49df5..bc9088a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -81,7 +81,8 @@ jobs: ./target ./firmware/target key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} - - run: nix develop .#embedded --command bash -c "cd firmware && cargo build --no-default-features --features ${{ matrix.target }} --release" + - run: nix develop .#embedded-reproducible --command bash -c "cd firmware && cargo build --no-default-features --features ${{ matrix.target }} --release" + - run: sha256sum ./firmware/target/thumbv7em-none-eabihf/release/firmware - uses: actions/upload-artifact@v2 with: name: firmware-${{ matrix.target }} diff --git a/flake.nix b/flake.nix index d4fb3b3..8d2a031 100644 --- a/flake.nix +++ b/flake.nix @@ -89,6 +89,18 @@ CC_thumbv7em_none_eabihf = "${pkgs.gcc-arm-embedded}/bin/arm-none-eabi-gcc"; }; + devShells.embedded-reproducible = pkgs.mkShell { + buildInputs = defaultDeps ++ embeddedDeps; + + CC_thumbv7em_none_eabihf = "${pkgs.clang}/bin/clang"; + + shellHook = '' + export MAIN_DIR=$PWD + + export CFLAGS_thumbv7em_none_eabihf="-fno-PIC -fno-stack-protector -I${pkgs.clang}/resource-root/include -target thumbv7em-none-eabihf -ffile-prefix-map=$HOME/.cargo=" + export RUSTFLAGS="-Clink-arg=-Tlink.x --remap-path-prefix $HOME/.cargo= --remap-path-prefix $MAIN_DIR/firmware=firmware --remap-path-prefix $MAIN_DIR/model=model --remap-path-prefix $MAIN_DIR/gui=gui"; + ''; + }; devShells.android = pkgs.mkShell rec { buildInputs = defaultDeps ++ androidDeps;