From ae6cda0ace70a8cd98017c2a769a0d34b9b1c39d Mon Sep 17 00:00:00 2001 From: Alekos Filini Date: Mon, 29 Apr 2024 21:36:27 +0200 Subject: [PATCH] Make firmware builds reproducible --- .github/workflows/ci.yml | 3 ++- flake.nix | 14 +++++++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7d49df5..bc9088a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -81,7 +81,8 @@ jobs: ./target ./firmware/target key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} - - run: nix develop .#embedded --command bash -c "cd firmware && cargo build --no-default-features --features ${{ matrix.target }} --release" + - run: nix develop .#embedded-reproducible --command bash -c "cd firmware && cargo build --no-default-features --features ${{ matrix.target }} --release" + - run: sha256sum ./firmware/target/thumbv7em-none-eabihf/release/firmware - uses: actions/upload-artifact@v2 with: name: firmware-${{ matrix.target }} diff --git a/flake.nix b/flake.nix index d4fb3b3..f16fad3 100644 --- a/flake.nix +++ b/flake.nix @@ -75,7 +75,7 @@ }; defaultDeps = with pkgs; [ cmake SDL2 fltk pango rust-analyzer pkg-config libusb ]; - embeddedDeps = with pkgs; [ probe-rs gcc-arm-embedded qemu gdb openocd clang (getRust { withEmbedded = true; }) ]; + embeddedDeps = with pkgs; [ probe-rs gcc-arm-embedded qemu gdb openocd clang_17 (getRust { withEmbedded = true; }) ]; androidDeps = with pkgs; [ cargo-ndk jdk gnupg (getRust { fullAndroid = true; }) ]; iosDeps = with pkgs; [ (getRust { withIos = true; }) ]; in @@ -89,6 +89,18 @@ CC_thumbv7em_none_eabihf = "${pkgs.gcc-arm-embedded}/bin/arm-none-eabi-gcc"; }; + devShells.embedded-reproducible = pkgs.mkShell { + buildInputs = defaultDeps ++ embeddedDeps; + + CC_thumbv7em_none_eabihf = "clang-17"; + + shellHook = '' + export MAIN_DIR=$PWD + + export CFLAGS_thumbv7em_none_eabihf="-fno-PIC -fno-stack-protector -frandom-seed=22 -I${pkgs.clang_17}/resource-root/include/ -I${pkgs.gcc-arm-embedded}/arm-none-eabi/include -target thumbv7em-none-eabihf -ffile-prefix-map=$HOME/.cargo=" + export RUSTFLAGS="-Clink-arg=-Tlink.x --remap-path-prefix $HOME/.cargo= --remap-path-prefix $MAIN_DIR/firmware=firmware --remap-path-prefix $MAIN_DIR/model=model --remap-path-prefix $MAIN_DIR/gui=gui"; + ''; + }; devShells.android = pkgs.mkShell rec { buildInputs = defaultDeps ++ androidDeps;