From 7b2a6fe78fd6c258fc9e29d5089129dc0595eec9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0tetiar?= Date: Sat, 30 Nov 2024 10:31:54 +0000 Subject: [PATCH 1/7] build_project.py: get_git_commit_id: fix missing error reporting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently if get_git_commit_id() fails, its not clear why: Generation for Bootloader to /build_dir has completed. ...snip... File "/usr/lib/python3.11/subprocess.py", line 571, in run raise CalledProcessError(retcode, process.args, subprocess.CalledProcessError: Command '['git', '-C', '/build', 'rev-parse', 'HEAD']' returned non-zero exit status 128. So lets fix it by providing stderr output, thus making the issue obvious: Generation for Bootloader to /build_dir has completed. ...snip... File "/build/tools/build_project.py", line 113, in git raise RuntimeError( RuntimeError: Git command `git -C /build rev-parse HEAD` failed: fatal: detected dubious ownership in repository at '/build' To add an exception for this directory, call: git config --global --add safe.directory /build Signed-off-by: Petr Štetiar --- tools/build_project.py | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/tools/build_project.py b/tools/build_project.py index 6ff69d84..644e06a7 100755 --- a/tools/build_project.py +++ b/tools/build_project.py @@ -103,13 +103,18 @@ def get_git_commit_id(repo: pathlib.Path) -> str: """Get a commit hash for the current git repository.""" def git(*args: str) -> str: - result = subprocess.run( - ["git", "-C", str(repo)] + list(args), - text=True, - capture_output=True, - check=True, - ) - return result.stdout.strip() + try: + result = subprocess.run( + ["git", "-C", str(repo)] + list(args), + text=True, + capture_output=True, + check=True, + ) + return result.stdout.strip() + except subprocess.CalledProcessError as exc: + raise RuntimeError( + f"Git command `git -C {repo} {' '.join(args)}` failed: {exc.stderr.strip()}" + ) from exc # Get the current commit ID commit_id = git("rev-parse", "HEAD")[:8] From 36912d457ad9f88ede627a6b12e7cf340cfcbb2f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0tetiar?= Date: Sat, 30 Nov 2024 10:31:58 +0000 Subject: [PATCH 2/7] Dockerfile: fix extension symlink creation issues under rootless podman MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Using the build workflow with rootless podman containers and volumes results into following permssions issues: $ make build_firmware MANIFESTS=manifests/nabucasa/yellow_openthread_rcp.yaml podman run --rm -it \ -v /silabs/silabs-firmware-builder:/build:z \ -v /silabs/silabs-firmware-builder/outputs:/outputs:z \ -v /silabs/silabs-firmware-builder/build_dir:/build_dir:z silabs-firmware-builder \ bash -c " \ build_firmware.sh \ --build-dir /build_dir \ --output-dir /outputs \ --manifest manifests/nabucasa/skyconnect_openthread_rcp.yaml \ " The sdk /gecko_sdk_4.4.4/ ( com.silabs.sdk.stack.super:4.4.4._1207041799 ) is now trusted. ln: failed to create symbolic link '/gecko_sdk_4.4.4/extension': Permission denied The sdk /simplicity_sdk_2024.6.2/ ( com.silabs.sdk.stack.sisdk:2024.6.2._-620023087 ) is now trusted. ln: failed to create symbolic link '/simplicity_sdk_2024.6.2/extension': Permission denied This is happening due to the user/group mapping between container and the host, where currently the simplicity_sdk and gecko_sdk directories are owned as root, thus builder user won't be able to create an extension symlink, resulting in this failures. So lets fix it by chown-ing the simplicity_sdk and gecko_sdk folders for builder user. References: https://www.redhat.com/en/blog/debug-rootless-podman-mounted-volumes Signed-off-by: Petr Štetiar --- Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Dockerfile b/Dockerfile index 68ecd16c..c5d329ba 100644 --- a/Dockerfile +++ b/Dockerfile @@ -81,5 +81,9 @@ ARG USER_GID=$USER_UID RUN groupadd --gid $USER_GID $USERNAME \ && useradd --uid $USER_UID --gid $USER_GID -m $USERNAME +RUN chown $USERNAME:$USERNAME \ + /gecko_sdk_* \ + /simplicity_sdk_* + USER $USERNAME WORKDIR /build From 3eae968de5d7c3c3c1899add48577b085259ebb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0tetiar?= Date: Sat, 30 Nov 2024 10:32:02 +0000 Subject: [PATCH 3/7] tools: add build_firmware.sh providing common firmware build functionality MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently its not possible to easily reuse the steps taken on the GitHub CI to build the firmware, so lets factor out those common bits into new build_firmware.sh script help which basically mimics the current firmware build flow on the GitHub CI and can be as well reused for example in local container based workflow. Signed-off-by: Petr Štetiar --- .gitignore | 2 + Dockerfile | 6 +- tools/build_firmware.sh | 140 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 147 insertions(+), 1 deletion(-) create mode 100755 tools/build_firmware.sh diff --git a/.gitignore b/.gitignore index 7a24addf..f65b1652 100644 --- a/.gitignore +++ b/.gitignore @@ -9,6 +9,8 @@ autogen/ *.project.mak *.Makefile build/ +outputs/ +build_dir/ artifact/ artifacts/ trashed_modified_files/ diff --git a/Dockerfile b/Dockerfile index c5d329ba..9eb8bdd4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,6 +22,7 @@ RUN \ xz-utils COPY requirements.txt /tmp/ +COPY tools/build_firmware.sh /usr/bin/build_firmware.sh RUN \ virtualenv /opt/venv \ @@ -81,9 +82,12 @@ ARG USER_GID=$USER_UID RUN groupadd --gid $USER_GID $USERNAME \ && useradd --uid $USER_UID --gid $USER_GID -m $USERNAME +RUN mkdir -p /build_dir /outputs RUN chown $USERNAME:$USERNAME \ /gecko_sdk_* \ - /simplicity_sdk_* + /simplicity_sdk_* \ + /build_dir \ + /outputs USER $USERNAME WORKDIR /build diff --git a/tools/build_firmware.sh b/tools/build_firmware.sh new file mode 100755 index 00000000..36ee8ea5 --- /dev/null +++ b/tools/build_firmware.sh @@ -0,0 +1,140 @@ +#!/bin/bash +set -euo pipefail + +build_dir="build_dir" +output_dir="outputs" +work_dir="/build" +manifest_files=() +python_interpreter="/opt/venv/bin/python3" + +# Show help message +show_help() { + echo "Usage: $0 [OPTIONS]" + echo + echo "Build firmware images from manifest files" + echo + echo "Options:" + echo " -h, --help Show this help message" + echo " -m, --manifest FILE YAML manifest file describing the firmware to build" + echo " (can be specified multiple times)" + echo " -b, --build-dir DIR Directory for build files (default: ${build_dir})" + echo " -o, --output-dir DIR Directory for output files (default: ${output_dir})" + echo " -w, --work-dir DIR Working directory for build process (default: ${work_dir})" + echo " -p, --python PATH Python interpreter path (default: ${python_interpreter})" + exit 0 +} + +# Parse command line arguments +while [[ $# -gt 0 ]]; do + case $1 in + -h | --help) + show_help + ;; + -m | --manifest) + if [ -z "${2:-}" ]; then + echo "Error: --manifest requires a file argument" + exit 1 + fi + manifest_files+=("$2") + shift + ;; + -b | --build-dir) + if [ -z "${2:-}" ]; then + echo "Error: --build-dir requires a directory argument" + exit 1 + fi + build_dir="$2" + shift + ;; + -o | --output-dir) + if [ -z "${2:-}" ]; then + echo "Error: --output-dir requires a directory argument" + exit 1 + fi + output_dir="$2" + shift + ;; + -w | --work-dir) + if [ -z "${2:-}" ]; then + echo "Error: --work-dir requires a directory argument" + exit 1 + fi + work_dir="$2" + shift + ;; + -p | --python) + if [ -z "${2:-}" ]; then + echo "Error: --python requires a path argument" + exit 1 + fi + python_interpreter="$2" + shift + ;; + *) + echo "Error: Unknown argument: $1" + echo "Use -h or --help for usage information" + exit 1 + ;; + esac + shift +done + +# Check that Python3 with ruamel.yaml is available +if ! "$python_interpreter" -c "import ruamel.yaml" &>/dev/null; then + echo "Error: Python3 with ruamel.yaml is not available at $python_interpreter" + echo "Install ruamel.yaml with 'pip install ruamel.yaml'" + exit 1 +fi + +# Check if any manifest files were provided +if [ ${#manifest_files[@]} -eq 0 ]; then + echo "Error: No manifest files provided" + echo "Use -h or --help for usage information" + exit 1 +fi + +git config --global --add safe.directory "$work_dir" + +# Install SDK extensions +for sdk in /*_sdk_*; do + slc signature trust --sdk "$sdk" + ln -s "$(pwd)"/gecko_sdk_extensions "$sdk"/extension + for ext in "$sdk"/extension/*/; do + slc signature trust --sdk "$sdk" --extension-path "$ext" + done +done + +# Build SDK arguments +sdk_args=() +for sdk_dir in /*_sdk*; do + sdk_args+=(--sdk "$sdk_dir") +done + +# Build toolchain arguments +toolchain_args=() +for toolchain_dir in /opt/*arm-none-eabi*; do + toolchain_args+=(--toolchain "$toolchain_dir") +done + +# Determine if we should keep the SLC daemon running +keep_daemon="" +if [ ${#manifest_files[@]} -gt 1 ]; then + keep_daemon="--keep-slc-daemon" +fi + +# Build firmware +for manifest_file in "${manifest_files[@]}"; do + echo "Building firmware manifest $manifest_file, using build directory $build_dir and output directory $output_dir" + + "$python_interpreter" tools/build_project.py \ + "${sdk_args[@]}" \ + "${toolchain_args[@]}" \ + $keep_daemon \ + --manifest "$manifest_file" \ + --build-dir "$build_dir" \ + --output-dir "$output_dir" \ + --build-system makefile \ + --output gbl \ + --output hex \ + --output out +done From 4995ab59d1e4ec02c88d16405a8c207f9671774f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0tetiar?= Date: Sat, 30 Nov 2024 10:32:08 +0000 Subject: [PATCH 4/7] Add Makefile providing container based build workflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently it needs a lot of steps to build single firmware, so lets streamline this workflow by using container. Usage: make [all|build_container|build_firmware] Targets: all Build container and firmware build_container Build container build_firmware Build firmware help Show this help message Options: build_firmware MANIFESTS= Override default manifest files (default: all .yaml/.yml files in manifests/) Examples: # Build the container image make build_container # Build all firmware manifests make build_firmware # Build a specific firmware manifest make build_firmware MANIFESTS=manifests/nabucasa/yellow_bootloader.yaml Signed-off-by: Petr Štetiar --- Makefile | 75 +++++++++++++++++++++++++++++++++++ README.md | 114 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 189 insertions(+) create mode 100644 Makefile diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..1d13d44e --- /dev/null +++ b/Makefile @@ -0,0 +1,75 @@ +TOPDIR = $(shell pwd) +DOCKER_CHECK := $(shell command -v docker 2> /dev/null) +PODMAN_CHECK := $(shell command -v podman 2> /dev/null) + +ifdef PODMAN_CHECK + CONTAINER_ENGINE ?= podman +else ifdef DOCKER_CHECK + CONTAINER_ENGINE ?= docker +else + $(error "No container engine found, please install docker or podman") +endif + +CONTAINER_NAME ?= silabs-firmware-builder +CONTAINER_USER_GROUP ?= $(shell id -u):$(shell id -g) + +ifeq ($(CONTAINER_ENGINE),docker) + VOLUME_OPTS= +else + VOLUME_OPTS=:z +endif + +define run_in_container + $(CONTAINER_ENGINE) \ + run --rm \ + --user $(CONTAINER_USER_GROUP) \ + -v $(TOPDIR):/build$(VOLUME_OPTS) \ + -v $(TOPDIR)/outputs:/outputs$(VOLUME_OPTS) \ + -v $(TOPDIR)/build_dir:/build_dir$(VOLUME_OPTS) \ + $(CONTAINER_NAME) +endef + +MANIFESTS ?= $(shell find manifests -type f \( -name "*.yaml" -o -name "*.yml" \) -print) + +all: build_container build_firmware + +help: + @echo "Usage: make [all|build_container|build_firmware]" + @echo "" + @echo "Targets:" + @echo " all Build container and firmware" + @echo " build_container Build container" + @echo " build_firmware Build firmware" + @echo " help Show this help message" + @echo "" + @echo "Options:" + @echo " build_firmware MANIFESTS= Override default manifest files (default: all .yaml/.yml files in manifests/)" + @echo "" + @echo "Examples:" + @echo " # Build the container image" + @echo " make build_container" + @echo "" + @echo " # Build all firmware manifests" + @echo " make build_firmware" + @echo "" + @echo " # Build a specific firmware manifest" + @echo " make build_firmware MANIFESTS=manifests/nabucasa/yellow_bootloader.yaml" + @echo "" + +./outputs ./build_dir: + mkdir -p $@ +ifneq ($(CONTAINER_ENGINE),docker) + $(CONTAINER_ENGINE) unshare chown -R $(shell id -u):$(shell id -g) $@ +endif + +build_container: + $(CONTAINER_ENGINE) build -t $(CONTAINER_NAME) . + +build_firmware: ./outputs ./build_dir + $(run_in_container) \ + bash -c " \ + build_firmware.sh \ + --build-dir /build_dir \ + --output-dir /outputs \ + $(foreach manifest,$(MANIFESTS),--manifest $(manifest)) \ + " diff --git a/README.md b/README.md index dfc212c5..b7e5ccc3 100644 --- a/README.md +++ b/README.md @@ -90,3 +90,117 @@ python tools/build_project.py \ ``` Once the build is complete, the firmwares will be in the `output` directory. + +## Building with a container (for development) + +This is a convenience GNU Make based wrapper around the build process that is being used on the GitHub Actions CI pipeline, but can also be used for local development. + +### Prerequisites + +- [GNU Make](https://www.gnu.org/software/make/) +- [Docker](https://docs.docker.com/get-docker/) or [Podman](https://podman-desktop.io/) + +| Prerequisite | macOS | Windows | Debian/Ubuntu | Fedora | +|-------------|--------|---------|---------------|---------| +| GNU Make | `brew install make` | Via [Chocolatey](https://chocolatey.org/): `choco install make` | `sudo apt install make` | `sudo dnf install make` | +| Docker | Download [Docker Desktop](https://www.docker.com/products/docker-desktop/) | Download [Docker Desktop](https://www.docker.com/products/docker-desktop/) | `sudo apt install docker.io` | `sudo dnf install docker-ce docker-ce-cli containerd.io` | +| Podman | `brew install podman` | Download [Podman Desktop](https://podman-desktop.io/downloads) | `sudo apt install podman` | `sudo dnf install podman` | + +### Usage + +#### Help + +Provides a list of commands and options. + +```bash +make help + +Usage: make [all|build_container|build_firmware] + +Targets: + all Build container and firmware + build_container Build container + build_firmware Build firmware + help Show this help message + +Options: + build_firmware MANIFESTS= Override default manifest files (default: all .yaml/.yml files in manifests/) + +Examples: + # Build the container image + make build_container + + # Build all firmware manifests + make build_firmware + + # Build a specific firmware manifest + make build_firmware MANIFESTS=manifests/nabucasa/yellow_bootloader.yaml +``` + +#### Build everything + +Builds the container image and all available firmware manifests. + +```bash +make +``` + +Once this command completes, the firmwares will be in the `outputs` directory. + +```bash +ls -w 80 outputs | head -3 +skyconnect_bootloader_2.4.2.gbl +skyconnect_bootloader_2.4.2.hex +skyconnect_bootloader_2.4.2.out +``` + +#### Build the container + +Builds only the container image. + +```bash +make build_container +``` + +#### Build all available firmware manifests + +Builds all available firmware manifests in the `manifests` directory. + +```bash +make build_firmware +``` + +#### Build a specific firmware manifest + +Builds a specific firmware manifest by providing the path to the manifest file. + +```bash +make build_firmware MANIFESTS=manifests/nabucasa/yellow_openthread_ncp.yaml +``` + +Once this command completes, the firmwares will be in the `outputs` directory. + +```bash +ls -w 80 outputs +yellow_openthread_rcp_2.4.4.0_GitHub-7074a43e4_gsdk_4.4.4.gbl +yellow_openthread_rcp_2.4.4.0_GitHub-7074a43e4_gsdk_4.4.4.hex +yellow_openthread_rcp_2.4.4.0_GitHub-7074a43e4_gsdk_4.4.4.out +``` + +#### Build with a custom container image + +Builds the firmware with a custom container image by providing the container image name. + +```bash +make build_firmware CONTAINER_NAME=ghcr.io/nabucasa/silabs-firmware-builder +``` + +### Makefile variables + +The following variables can be customized when running make commands: + +| Variable | Default Value | Description | +|----------|---------------|-------------| +| CONTAINER_NAME | silabs-firmware-builder | Name of the container image to build/use | +| CONTAINER_ENGINE | docker | Container engine to use (docker or podman) | +| MANIFESTS | every file in `manifests` directory| Which firmware manifests to build | \ No newline at end of file From 750b0f28c13e5050df1b0b0b412091c1186037fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0tetiar?= Date: Sat, 30 Nov 2024 10:59:45 +0000 Subject: [PATCH 5/7] ci: add QA for shell scripts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In commit 3eae968de5d ("tools: add build_firmware.sh providing firmware build functionality") new build_firmware.sh shell script was added, so lets keep the code quality with reviewdog's shfmt and shellcheck based GitHub actions. Signed-off-by: Petr Štetiar --- .github/workflows/shellcheck.yml | 34 ++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 .github/workflows/shellcheck.yml diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml new file mode 100644 index 00000000..00a79987 --- /dev/null +++ b/.github/workflows/shellcheck.yml @@ -0,0 +1,34 @@ +name: reviewdog / shellscripts + +on: + push: + paths: + - tools/build_firmware.sh + + pull_request: + paths: + - tools/build_firmware.sh + +jobs: + + shellcheck: + name: Check shell scripts with shellcheck + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: shellcheck + uses: reviewdog/action-shellcheck@v1 + with: + reporter: github-pr-review + path: tools + pattern: "*.sh" + + shfmt: + name: Check shell scripts with shfmt + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: reviewdog/action-shfmt@v1 + with: + level: warning + shfmt_flags: '-i 0 ' \ No newline at end of file From 65ee95e4beefbe4e094bd33021edfc86e5cf08e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0tetiar?= Date: Sat, 30 Nov 2024 11:00:22 +0000 Subject: [PATCH 6/7] ci: build: use tools/build_firmware.sh script MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use new build_firmware.sh script in GitHub actions as well, so the build steps are shared with local container based workflow. Signed-off-by: Petr Štetiar --- .github/workflows/build.yaml | 42 +++--------------------------------- 1 file changed, 3 insertions(+), 39 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 736375e1..f14af916 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -127,48 +127,12 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Install SDK extensions - run: | - # XXX: slc-cli does not actually work when the extensions aren't in the SDK! - for sdk in /*_sdk_*; do - slc signature trust --sdk "$sdk" - - ln -s $PWD/gecko_sdk_extensions "$sdk"/extension - - for ext in "$sdk"/extension/*/; do - slc signature trust --sdk "$sdk" --extension-path "$ext" - done - done - - name: Build firmware id: build-firmware run: | - # Fix `fatal: detected dubious ownership in repository at` - git config --global --add safe.directory "$GITHUB_WORKSPACE" - - # Pass all SDKs as consecutive `--sdk ...` arguments - sdk_args="" - for sdk_dir in /*_sdk*; do - sdk_args="$sdk_args --sdk $sdk_dir" - done - - # Pass all toolchains as consecutive `--toolchain ...` arguments - toolchain_args="" - for toolchain_dir in /opt/*arm-none-eabi*; do - toolchain_args="$toolchain_args --toolchain $toolchain_dir" - done - - # Build it - /opt/venv/bin/python3 tools/build_project.py \ - $sdk_args \ - $toolchain_args \ - --manifest "${{ matrix.manifest }}" \ - --build-dir build \ - --build-system makefile \ - --output-dir outputs \ - --output gbl \ - --output hex \ - --output out + build_firmware.sh \ + --work-dir "$GITHUB_WORKSPACE" \ + --manifest "${{ matrix.manifest }}" # Get the basename of the GBL in `outputs` output_basename=$(basename -- $(basename -- $(ls -1 outputs/*.gbl | head -n 1)) .gbl) From c20b59a376452356951df5ae92e4654f8709eb6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0tetiar?= Date: Mon, 2 Dec 2024 06:51:21 +0000 Subject: [PATCH 7/7] Dockerfile: mitigate certain supply chain attacks using sha256sums MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently, the Dockerfile downloads various tools and SDKs from external sources without verifying their integrity. This poses a potential security risk as the downloaded files could be tampered with during transit or at the source (supply chain attack). This change introduces SHA256 checksums for all downloaded artifacts and verifies them before installation. This ensures that the files we receive match exactly what we expect, mitigating the risk of supply chain attacks where malicious actors might try to inject compromised versions of these tools. Signed-off-by: Petr Štetiar --- Dockerfile | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/Dockerfile b/Dockerfile index 9eb8bdd4..b41172f9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,8 +31,10 @@ RUN \ # Install Simplicity Commander (unfortunately no stable URL available, this # is known to be working with Commander_linux_x86_64_1v15p0b1306.tar.bz). +ARG SIMPLICITY_COMMANDER_SHA256SUM=ce7b9138c54f4fa0a24c48c8347e55e3e5f8b402d7f32615771bd0403c2d8962 RUN \ curl -O https://www.silabs.com/documents/login/software/SimplicityCommander-Linux.zip \ + && echo "${SIMPLICITY_COMMANDER_SHA256SUM} SimplicityCommander-Linux.zip" | sha256sum -c \ && unzip -q SimplicityCommander-Linux.zip \ && tar -C /opt -xjf SimplicityCommander-Linux/Commander_linux_x86_64_*.tar.bz \ && rm -r SimplicityCommander-Linux \ @@ -41,34 +43,44 @@ RUN \ ENV PATH="$PATH:/opt/commander" # Install Silicon Labs Configurator (slc) +ARG SLC_CLI_SHA256SUM=da4faa09ef4cbe385da71e5b95a4e444666cf4aaca6066b1095ca13bf5ebf233 RUN \ curl -O https://www.silabs.com/documents/login/software/slc_cli_linux.zip \ + && echo "${SLC_CLI_SHA256SUM} slc_cli_linux.zip" | sha256sum -c \ && unzip -q -d /opt slc_cli_linux.zip \ && rm slc_cli_linux.zip ENV PATH="$PATH:/opt/slc_cli" # GCC Embedded Toolchain 12.2.rel1 (for Gecko SDK 4.4.0+) +ARG GCC_TOOLCHAIN_SHA256SUM=84be93d0f9e96a15addd490b6e237f588c641c8afdf90e7610a628007fc96867 RUN \ curl -O https://armkeil.blob.core.windows.net/developer/Files/downloads/gnu/12.2.rel1/binrel/arm-gnu-toolchain-12.2.rel1-x86_64-arm-none-eabi.tar.xz \ + && echo "${GCC_TOOLCHAIN_SHA256SUM} arm-gnu-toolchain-12.2.rel1-x86_64-arm-none-eabi.tar.xz" | sha256sum -c \ && tar -C /opt -xf arm-gnu-toolchain-12.2.rel1-x86_64-arm-none-eabi.tar.xz \ && rm arm-gnu-toolchain-12.2.rel1-x86_64-arm-none-eabi.tar.xz # Simplicity SDK 2024.6.2 +ARG SIMPLICITY_SDK_SHA256SUM=7e4337c7cc68262dd3a83c8528095774634a0478d40b1c1fd2b462e86236af8a RUN \ curl -o simplicity_sdk_2024.6.2.zip -L https://github.com/SiliconLabs/simplicity_sdk/releases/download/v2024.6.2/gecko-sdk.zip \ + && echo "${SIMPLICITY_SDK_SHA256SUM} simplicity_sdk_2024.6.2.zip" | sha256sum -c \ && unzip -q -d simplicity_sdk_2024.6.2 simplicity_sdk_2024.6.2.zip \ && rm simplicity_sdk_2024.6.2.zip # Gecko SDK 4.4.4 +ARG GECKO_SDK_SHA256SUM=831ec7c564df4392b18a8cc8ceb228c114dc3bec604be75807961a4289ee9b20 RUN \ curl -o gecko_sdk_4.4.4.zip -L https://github.com/SiliconLabs/gecko_sdk/releases/download/v4.4.4/gecko-sdk.zip \ + && echo "${GECKO_SDK_SHA256SUM} gecko_sdk_4.4.4.zip" | sha256sum -c \ && unzip -q -d gecko_sdk_4.4.4 gecko_sdk_4.4.4.zip \ && rm gecko_sdk_4.4.4.zip # ZCL Advanced Platform (ZAP) v2024.09.27 +ARG ZAP_SHA256SUM=22beeae3cf33b04792be379261d68695b5c96986d3b80700c22b1348f4c0421e RUN \ curl -o zap_2024.09.27.zip -L https://github.com/project-chip/zap/releases/download/v2024.09.27/zap-linux-x64.zip \ + && echo "${ZAP_SHA256SUM} zap_2024.09.27.zip" | sha256sum -c \ && unzip -q -d /opt/zap zap_2024.09.27.zip \ && rm zap_2024.09.27.zip