Add tool for applying/saving Tock patches

2021-08-05 11:26:55 +02:00
parent 69f1b672f1
commit d25f65c565
4 changed files with 82 additions and 0 deletions
--- a/maintainers/patches
+++ b/maintainers/patches
@@ -0,0 +1,82 @@
+#!/bin/zsh
+
+PROGRAM=$0
+
+success() {
+  echo "\e[1;32mDone:\e[m $1"
+  exit 0
+}
+
+fail() {
+  echo "\e[1;31mError:\e[m $1"
+  exit 1
+}
+
+help() {
+  cat <<EOF
+Usage: $PROGRAM {apply|save}
+
+  apply       Applies the patches to the Tock submodule.
+  save        Saves the Tock submodule to the patches.
+EOF
+  exit 0
+}
+
+commit() {
+  local message=$1
+  git add .
+  git commit -qm$message
+}
+
+get_root() {
+  git ls-tree HEAD:third_party | sed -n 's/^.* \([^ ]\+\)\ttock$/\1/p'
+}
+
+get_head() {
+  git rev-parse HEAD
+}
+
+apply() {
+  git submodule -q update third_party/tock
+  ( cd third_party/tock
+    git reset -q --hard
+    git clean -qfxd
+    rsync -a ../../boards .
+    commit '00-boards'
+    for file in ../../patches/tock/*; do
+      patch -sp1 < $file
+      commit "${${file#../../patches/tock/}%.patch}"
+    done
+  )
+  success 'Applied the patches to the Tock submodule.'
+}
+
+save() {
+  local root=$(get_root)
+  ( cd third_party/tock
+    [[ -z "$(git status -s)" ]] || fail 'The Tock submodule is not clean.'
+    rm ../../patches/tock/*.patch
+    for file in $(git format-patch $root); do
+      sed -n '/^diff/,$p' $file | head -n-3 > ../../patches/tock/${file#*-}
+    done
+    git clean -qfxd
+    top=$(get_head)
+    git checkout -q $root
+    rm -r boards
+    patch -sp1 < ../../patches/tock/00-boards.patch
+    rm ../../patches/tock/00-boards.patch
+    rsync -a --delete boards ../..
+    git reset -q --hard
+    git clean -qfxd
+    git checkout -q $top
+  ) || exit
+  success 'Saved the Tock submodule to the patches.'
+}
+
+[[ $(basename $PWD) == OpenSK ]] || fail 'Not running from OpenSK directory.'
+[[ $# -eq 1 ]] || help
+case $1 in
+  apply) apply ;;
+  save) save ;;
+  *) fail 'Unexpected argument. Run without argument for help.' ;;
+esac
--- a/maintainers/reproduce_board.sh
+++ b/maintainers/reproduce_board.sh
@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -ex
+
+echo "Board: $BOARD"
+echo "========================================" >> reproducible/elf2tab.txt
+echo "Board: $BOARD" >> reproducible/elf2tab.txt
+echo "----------------------------------------" >> reproducible/elf2tab.txt
+
+./deploy.py --verbose-build --board=$BOARD --no-app --programmer=none
+./third_party/tock/tools/sha256sum/target/debug/sha256sum third_party/tock/target/thumbv7em-none-eabi/release/$BOARD.bin >> reproducible/binaries.sha256sum
+tar -rvf reproducible/reproduced.tar third_party/tock/target/thumbv7em-none-eabi/release/$BOARD.bin
+
+./deploy.py --verbose-build --board=$BOARD --opensk --programmer=none --elf2tab-output=reproducible/elf2tab.txt
+./third_party/tock/tools/sha256sum/target/debug/sha256sum target/${BOARD}_merged.hex >> reproducible/binaries.sha256sum
+tar -rvf reproducible/reproduced.tar target/${BOARD}_merged.hex
--- a/maintainers/reproduce_hashes.sh
+++ b/maintainers/reproduce_hashes.sh
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+# Copyright 2019 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -ex
+
+rm -f reproducible/binaries.sha256sum
+rm -f reproducible/elf2tab.txt
+
+echo "Creating reproducible/reproduced.tar"
+touch empty_file
+tar -cvf reproducible/reproduced.tar empty_file
+rm empty_file
+
+echo "Building sha256sum tool..."
+cargo build --manifest-path third_party/tock/tools/sha256sum/Cargo.toml
+
+echo "Computing SHA-256 sums of the boards..."
+for board in nrf52840dk_opensk nrf52840_dongle_opensk nrf52840_dongle_dfu nrf52840_mdk_dfu
+do
+  BOARD=$board ./reproduce_board.sh
+done
+
+echo "Computing SHA-256 sum of the TAB file..."
+./third_party/tock/tools/sha256sum/target/debug/sha256sum target/tab/ctap2.tab >> reproducible/binaries.sha256sum
+tar -rvf reproducible/reproduced.tar target/tab/ctap2.tab
+
+tar -rvf reproducible/reproduced.tar reproducible/elf2tab.txt
+tar -rvf reproducible/reproduced.tar reproducible/binaries.sha256sum
--- a/maintainers/update_hashes.sh
+++ b/maintainers/update_hashes.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -eux
+
+mkdir -p tmp
+
+for OS in macos-10.15 ubuntu-18.04
+do
+  unzip reproduced-$OS.zip -d tmp/reproduced-$OS/
+  tar -C tmp/reproduced-$OS/ -xvf tmp/reproduced-$OS/reproduced.tar
+  cp tmp/reproduced-$OS/reproducible/binaries.sha256sum reproducible/reference_binaries_$OS.sha256sum
+  cp tmp/reproduced-$OS/reproducible/elf2tab.txt reproducible/reference_elf2tab_$OS.txt
+done
+
+rm -R tmp