kmwebnet/OpenSK
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
d47ca7fa5437e879b25f5b77e17f83118c4f1b51
OpenSK/.github/workflows/reproducible.yml
Jean-Michel Picod c1f2551d0d Bump Tock kernel version (#374) 
* Bump Tock kernel version

* Update boards to new kernel

* Update patches to new kernel

* Update PR template

* Bump libtock-rs

* Use new layout from libtock-rs

* Fix clippy warnings due to updated toolchain

* Fix new toolchain file format

* Bump elf2tab to v0.7.0

* Fix worklow and setup.sh script to use the TOML rust-toolchain file

* New libtock-rs style of declaring the stack.

* Fix padding in layout file.

The layout from libtock-rs generates invalid flash padding.
The value is 32-bit and therefore setting padding to 0xff yields
0xff000000 instead of 0xffffffff that we want.

* adds tock patch for app break hard fault

* sets in deploy, removed patch 04-mpu-fix

* fixed the if deploy

* fixes indentation

* updates board names in install.md

* fix docs and deploy style

Co-authored-by: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Co-authored-by: kaczmarczyck <43844792+kaczmarczyck@users.noreply.github.com>
2021-09-10 08:32:34 +02:00

46 lines
1.4 KiB
YAML
Raw Blame History

---
name: Check that binaries are reproducible
on:
push:
pull_request:
types: [opened, synchronize, reopened]
jobs:
check_hashes:
strategy:
matrix:
os: [ubuntu-18.04, macos-10.15]
fail-fast: false
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v2
with:
submodules: "true"
- name: Install Rust toolchain
run: rustup show
- uses: actions/setup-python@v1
with:
python-version: 3.7
- name: Install Python dependencies
run: python -m pip install --upgrade pip setuptools wheel
- name: Set up OpenSK
run: ./setup.sh
- name: Use sample cryptographic material
run: rm -R crypto_data/ && cp -r reproducible/sample_crypto_data crypto_data
- name: Computing cryptographic hashes
run: ./maintainers/reproduce_hashes.sh
- name: Upload reproduced binaries
uses: actions/upload-artifact@v1
with:
name: reproduced-${{ matrix.os }}
path: reproducible/reproduced.tar
- name: Comparing binary sizes
if: always()
run: git diff --no-index reproducible/reference_elf2tab_${{ matrix.os }}.txt reproducible/elf2tab.txt || true
- name: Comparing cryptographic hashes
if: always()
run: git diff --no-index reproducible/reference_binaries_${{ matrix.os }}.sha256sum reproducible/binaries.sha256sum || true
Reference in New Issue View Git Blame Copy Permalink