From 4347b61ce3b405b9b5c64a780b4a4c8a7032bbc1 Mon Sep 17 00:00:00 2001 From: Timo Sairiala Date: Thu, 7 Dec 2023 13:43:38 +0200 Subject: [PATCH] build px4 custom signed binaries - build custom signed px4 - package fpga binaries to px4 container - bootloader is now included in fpga bitstream so no need to package it anymore - build from added tag: v1.14.0-* --- .../tiiuae-pixhawk-and-saluki-builder.yaml | 6 +++++ .../workflows/tiiuae-pixhawk-and-saluki.yaml | 19 ++++++++++----- Tools/px_uploader.Dockerfile | 3 --- build.sh | 24 ++++++++++++++++++- 4 files changed, 42 insertions(+), 10 deletions(-) diff --git a/.github/workflows/tiiuae-pixhawk-and-saluki-builder.yaml b/.github/workflows/tiiuae-pixhawk-and-saluki-builder.yaml index 9cb571d435c2..ab6e7726b126 100644 --- a/.github/workflows/tiiuae-pixhawk-and-saluki-builder.yaml +++ b/.github/workflows/tiiuae-pixhawk-and-saluki-builder.yaml @@ -4,6 +4,9 @@ on: product: required: true type: string + keys: + required: true + type: string enabled: required: false type: boolean @@ -27,6 +30,9 @@ jobs: - name: Run px4-firmware ${{ inputs.product }} build run: | set -eux + if [ -n ${{ inputs.keys }} ]; then + export SIGNING_ARGS=${{ inputs.keys }} + fi mkdir -p bin cd px4-firmware/ # run clone_public.sh if clone_public flag is provided diff --git a/.github/workflows/tiiuae-pixhawk-and-saluki.yaml b/.github/workflows/tiiuae-pixhawk-and-saluki.yaml index ccf110261429..b8a078d657af 100644 --- a/.github/workflows/tiiuae-pixhawk-and-saluki.yaml +++ b/.github/workflows/tiiuae-pixhawk-and-saluki.yaml @@ -3,6 +3,8 @@ name: tiiuae-pixhawk-and-saluki on: push: branches: [ main ] + tags: + - 'v1.14.0-*' pull_request: branches: [ main ] # Allows you to run this workflow manually from the Actions tab @@ -19,10 +21,9 @@ permissions: packages: write env: - saluki_pi_fpga_version: "sha-6dc384d" - saluki_v2_fpga_version: "sha-6dc384d" - saluki_v3_fpga_version: "sha-6dc384d" - bootloader_v2_version: "master" + saluki_pi_fpga_version: "sha-d4ab4c3" + saluki_v2_fpga_version: "sha-d4ab4c3" + saluki_v3_fpga_version: "sha-d4ab4c3" jobs: fc_matrix: @@ -30,10 +31,18 @@ jobs: fail-fast: false matrix: product: [pixhawk, saluki-v2_default, saluki-v2_amp, saluki-v2_protected, saluki-v2_kernel, saluki-pi_default, saluki-pi_amp, saluki-pi_protected, saluki-v3_default, saluki-v3_amp] + include: + - product: saluki-v2_custom_keys + keys: Tools/saluki-sec-scripts/custom_keys/saluki-v2/px4_bin_ed25519_private.pem + - product: saluki-v3_custom_keys + keys: Tools/saluki-sec-scripts/custom_keys/saluki-v3/px4_bin_ed25519_private.pem + - product: saluki-pi_custom_keys + keys: Tools/saluki-sec-scripts/custom_keys/saluki-pi/px4_bin_ed25519_private.pem uses: ./.github/workflows/tiiuae-pixhawk-and-saluki-builder.yaml with: product: ${{ matrix.product }} + keys: ${{ matrix.keys }} # old workflow had condition to run only if PR is done to current repo (or triggered with other event) enabled: ${{ github.event.pull_request.head.repo.full_name == github.repository || github.event_name == 'push' || github.event_name == 'workflow_dispatch' }} secrets: inherit @@ -113,7 +122,6 @@ jobs: "saluki_pi_fpga_version=${{ env.saluki_pi_fpga_version }}" "saluki_v2_fpga_version=${{ env.saluki_v2_fpga_version }}" "saluki_v3_fpga_version=${{ env.saluki_v3_fpga_version }}" - "bootloader_v2_version=${{ env.bootloader_v2_version }}" upload-px4fwupdater-uae: name: upload px4fwupdater to UAE docker registry @@ -166,7 +174,6 @@ jobs: "saluki_pi_fpga_version=${{ env.saluki_pi_fpga_version }}" "saluki_v2_fpga_version=${{ env.saluki_v2_fpga_version }}" "saluki_v3_fpga_version=${{ env.saluki_v3_fpga_version }}" - "bootloader_v2_version=${{ env.bootloader_v2_version }}" artifactory: name: upload builds to artifactory diff --git a/Tools/px_uploader.Dockerfile b/Tools/px_uploader.Dockerfile index 0d64093738aa..8dd5c5a5c19d 100644 --- a/Tools/px_uploader.Dockerfile +++ b/Tools/px_uploader.Dockerfile @@ -1,12 +1,10 @@ ARG saluki_pi_fpga_version ARG saluki_v2_fpga_version ARG saluki_v3_fpga_version -ARG bootloader_v2_version FROM ghcr.io/tiiuae/saluki-pi-fpga:$saluki_pi_fpga_version AS SALUKI_PI FROM ghcr.io/tiiuae/saluki-pi-fpga:$saluki_v2_fpga_version AS SALUKI_V2 FROM ghcr.io/tiiuae/saluki-pi-fpga:$saluki_v3_fpga_version AS SALUKI_V3 -FROM ghcr.io/tiiuae/saluki_bootloader_v2:$bootloader_v2_version AS BOOTLOADER_V2 FROM python:alpine3.14 @@ -30,7 +28,6 @@ FROM python:alpine3.14 COPY --from=SALUKI_PI /firmware/saluki_pi-fpga /firmware/fpga/saluki_pi COPY --from=SALUKI_V2 /firmware/saluki_v2-fpga /firmware/fpga/saluki_v2 COPY --from=SALUKI_V3 /firmware/saluki_v3-fpga /firmware/fpga/saluki_v3 -COPY --from=BOOTLOADER_V2 firmware/bootloader_v2 /firmware/bootloader_v2 WORKDIR /firmware diff --git a/build.sh b/build.sh index 1f2f8c4ee25e..f8545656e931 100755 --- a/build.sh +++ b/build.sh @@ -23,6 +23,11 @@ usage() { echo exit 1 } +if [ -z ${SIGNING_ARGS+x} ]; then + SIGNING_ARGS="" +else + echo "using custom signing keys: ${SIGNING_ARGS}" +fi dest_dir="${1:-}" target="${2:-}" @@ -40,7 +45,7 @@ mkdir -p ${dest_dir} pushd ${script_dir} build_env="docker build --build-arg UID=$(id -u) --build-arg GID=$(id -g) --pull -f ./packaging/Dockerfile.build_env -t ${iname_env} ." -build_cmd_fw="docker run --rm -v ${script_dir}:/px4-firmware/sources ${iname_env} ./packaging/build_px4fw.sh" +build_cmd_fw="docker run --rm -e SIGNING_ARGS=${SIGNING_ARGS} -v ${script_dir}:/px4-firmware/sources ${iname_env} ./packaging/build_px4fw.sh" build_cmd_px4fwupdater="${script_dir}/packaging/build_px4fwupdater.sh -v ${version} -i ${dest_dir}" # Generate build_env @@ -86,6 +91,12 @@ case $target in cp ${script_dir}/build/ssrc_saluki-v2_kernel/ssrc_saluki-v2_kernel.bin ${dest_dir}/ssrc_saluki-v2_kernel-${version}.bin cp ${script_dir}/build/ssrc_saluki-v2_kernel/ssrc_saluki-v2_kernel_kernel.elf ${dest_dir}/ssrc_saluki-v2_kernel-${version}.elf ;; + "saluki-v2_custom_keys") + # on custom keys case we build _default target but SIGNING_ARGS env variable is set above in build_cmd_fw + $build_cmd_fw ssrc_saluki-v2_default + cp ${script_dir}/build/ssrc_saluki-v2_default/ssrc_saluki-v2_default.px4 ${dest_dir}/ssrc_saluki-v2_custom_keys-${version}.px4 + ;; + "saluki-v3_default") $build_cmd_fw ssrc_saluki-v3_default cp ${script_dir}/build/ssrc_saluki-v3_default/ssrc_saluki-v3_default.px4 ${dest_dir}/ssrc_saluki-v3_default-${version}.px4 @@ -94,6 +105,11 @@ case $target in $build_cmd_fw ssrc_saluki-v3_amp cp ${script_dir}/build/ssrc_saluki-v3_amp/ssrc_saluki-v3_amp.bin ${dest_dir}/ssrc_saluki-v3_amp-${version}.bin ;; + "saluki-v3_custom_keys") + # on custom keys case we build _default target but SIGNING_ARGS env variable is set above in build_cmd_fw + $build_cmd_fw ssrc_saluki-v3_default + cp ${script_dir}/build/ssrc_saluki-v3_default/ssrc_saluki-v3_default.px4 ${dest_dir}/ssrc_saluki-v3_custom_keys-${version}.px4 + ;; "saluki-pi_default") $build_cmd_fw ssrc_saluki-pi_default cp ${script_dir}/build/ssrc_saluki-pi_default/ssrc_saluki-pi_default.px4 ${dest_dir}/ssrc_saluki-pi_default-${version}.px4 @@ -106,6 +122,12 @@ case $target in $build_cmd_fw ssrc_saluki-pi_amp cp ${script_dir}/build/ssrc_saluki-pi_amp/ssrc_saluki-pi_amp.bin ${dest_dir}/ssrc_saluki-pi_amp-${version}.bin ;; + "saluki-pi_custom_keys") + # on custom keys case we build _default target but SIGNING_ARGS env variable is set above in build_cmd_fw + $build_cmd_fw ssrc_saluki-pi_default + cp ${script_dir}/build/ssrc_saluki-pi_default/ssrc_saluki-pi_default.px4 ${dest_dir}/ssrc_saluki-pi_custom_keys-${version}.px4 + ;; + *) usage ;;