From 4bbb46ff32a08d4ac10c6e8074169f18855e53e4 Mon Sep 17 00:00:00 2001 From: Topper Date: Wed, 18 Sep 2024 11:40:58 -0400 Subject: [PATCH] Initial commit --- .github/workflows/publish.yml | 146 ++-------------------------------- README.md | 90 +++------------------ dev-tools/Dockerfile | 23 ------ full/Dockerfile | 52 ------------ full/cargo_global_config.toml | 9 --- legacy/Dockerfile | 2 + lite/Dockerfile | 111 -------------------------- 7 files changed, 20 insertions(+), 413 deletions(-) delete mode 100644 dev-tools/Dockerfile delete mode 100644 full/Dockerfile delete mode 100644 full/cargo_global_config.toml delete mode 100644 lite/Dockerfile diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 69e0776..98c4c91 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,4 +1,4 @@ -# Build the docker images and push them to GitHub Packages +# Build and push only the legacy Docker image name: Publish Docker images @@ -37,13 +37,10 @@ jobs: GHCR_TOKEN=$(echo ${{ secrets.GITHUB_TOKEN }} | base64) # Get tags of all images from GHCR - TAGS_FULL=$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" https://ghcr.io/v2/${REPO_PATH,,}/${REPO_NAME,,}/tags/list) - TAGS_LITE=$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" https://ghcr.io/v2/${REPO_PATH,,}/${REPO_NAME,,}-lite/tags/list) TAGS_LEGACY=$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" https://ghcr.io/v2/${REPO_PATH,,}/${REPO_NAME,,}-legacy/tags/list) - TAGS_DEV_TOOLS=$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" https://ghcr.io/v2/${REPO_PATH,,}/ledger-app-dev-tools/tags/list) # Concatenate all tags from json fields in one string without brackets - ALL_TAGS=$(echo $TAGS_FULL $TAGS_LITE $TAGS_LEGACY $TAGS_DEV_TOOLS | jq -s '.[0].tags + .[1].tags + .[2].tags + .[3].tags' | tr -d '[]') + ALL_TAGS=$(echo $TAGS_LEGACY | jq -s '.[0].tags' | tr -d '[]') # Get the tag to find TAG_TO_FIND=${{ steps.get-current-version.outputs.current_version }} @@ -58,7 +55,6 @@ jobs: outputs: current_version: ${{ steps.get-current-version.outputs.current_version }} - mods_list: name: Get modified files runs-on: ubuntu-latest @@ -74,59 +70,18 @@ jobs: outputs: modified_files: ${{ steps.get-changes.outputs.all_modified_files }} - builder_lite: - name: App Builder Lite + builder_legacy: + name: App Builder Legacy runs-on: ubuntu-latest needs: [mods_list, check_changelog] - if: needs.check_changelog.result == 'success' && contains(needs.mods_list.outputs.modified_files, 'lite/Dockerfile') + if: always() && needs.check_changelog.result == 'success' && (needs.builder_lite.result == 'success' || (contains(needs.mods_list.outputs.modified_files, 'legacy/Dockerfile'))) permissions: packages: write steps: - - name: Clone - uses: actions/checkout@v3 - - - name: Login to registry - uses: docker/login-action@v2 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Make full image name - run: | - echo "IMAGE=${REGISTRY}/${REPO_PATH,,}/${REPO_NAME,,}-lite" >>${GITHUB_ENV} - - - name: Extract metadata - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.IMAGE }} - - - name: Set-up QEMU - uses: docker/setup-qemu-action@v2 - - - name: Set-up Buildx + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - - name: Build and push container - uses: docker/build-push-action@v3 - with: - file: lite/Dockerfile - platforms: ${{ env.BUILD_PLATFORMS }} - tags: ${{ env.IMAGE }}:${{ github.sha }},${{ env.IMAGE }}:latest,${{ env.IMAGE }}:${{ needs.check_changelog.outputs.current_version }} - labels: ${{ steps.meta.outputs.labels }} - push: false - - builder_legacy: - name: App Builder Legacy - runs-on: ubuntu-latest - needs: [mods_list, check_changelog, builder_lite] - if: always() && needs.check_changelog.result == 'success' && (needs.builder_lite.result == 'success' || (needs.builder_lite.result == 'skipped' && contains(needs.mods_list.outputs.modified_files, 'legacy/Dockerfile'))) - permissions: - packages: write - - steps: - name: Clone uses: actions/checkout@v3 @@ -151,94 +106,7 @@ jobs: uses: docker/build-push-action@v3 with: file: legacy/Dockerfile - tags: ${{ env.IMAGE }}:${{ github.sha }},${{ env.IMAGE }}:latest,${{ env.IMAGE }}:${{ needs.check_changelog.outputs.current_version }} - labels: ${{ steps.meta.outputs.labels }} - push: false - - builder: - name: App Builder - runs-on: ubuntu-latest - needs: [mods_list, check_changelog, builder_lite] - if: always() && needs.check_changelog.result == 'success' && (needs.builder_lite.result == 'success' || (needs.builder_lite.result == 'skipped' && contains(needs.mods_list.outputs.modified_files, 'full/Dockerfile'))) - permissions: - packages: write - - steps: - - name: Clone - uses: actions/checkout@v3 - - - name: Login to registry - uses: docker/login-action@v2 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Make full image name - run: | - echo "IMAGE=${REGISTRY}/${REPO_PATH,,}/${REPO_NAME,,}" >>${GITHUB_ENV} - - - name: Extract metadata - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.IMAGE }} - - - name: Set-up QEMU - uses: docker/setup-qemu-action@v2 - - - name: Set-up Buildx - uses: docker/setup-buildx-action@v2 - - - name: Build and push container - uses: docker/build-push-action@v3 - with: - file: full/Dockerfile - platforms: ${{ env.BUILD_PLATFORMS }} - tags: ${{ env.IMAGE }}:${{ github.sha }},${{ env.IMAGE }}:latest,${{ env.IMAGE }}:${{ needs.check_changelog.outputs.current_version }} - labels: ${{ steps.meta.outputs.labels }} - push: false - - dev_tools: - name: App Developer Tools - runs-on: ubuntu-latest - needs: [mods_list, check_changelog, builder] - if: always() && needs.check_changelog.result == 'success' && (needs.builder.result == 'success' || (needs.builder.result == 'skipped' && contains(needs.mods_list.outputs.modified_files, 'dev-tools/Dockerfile'))) - permissions: - packages: write - - steps: - - name: Clone - uses: actions/checkout@v3 - - - name: Login to registry - uses: docker/login-action@v2 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Make full image name - run: | - echo "IMAGE=${REGISTRY}/${REPO_PATH,,}/ledger-app-dev-tools" >>${GITHUB_ENV} - - - name: Extract metadata - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ env.IMAGE }} - - - name: Set-up QEMU - uses: docker/setup-qemu-action@v2 - - - name: Set-up Buildx - uses: docker/setup-buildx-action@v2 - - - name: Build and push container - uses: docker/build-push-action@v3 - with: - file: dev-tools/Dockerfile platforms: ${{ env.BUILD_PLATFORMS }} tags: ${{ env.IMAGE }}:${{ github.sha }},${{ env.IMAGE }}:latest,${{ env.IMAGE }}:${{ needs.check_changelog.outputs.current_version }} labels: ${{ steps.meta.outputs.labels }} - push: false + push: true diff --git a/README.md b/README.md index 25fdacc..e3a1b0d 100644 --- a/README.md +++ b/README.md @@ -2,14 +2,11 @@ These container images contain all dependencies to compile an application for Ledger devices -The four images are stored in the following directories: +The image is stored in the following directory: -- `lite` is based on `Alpine` and is the lightest of the app-builder docker images. It contains the sufficient tools to build and load applications in the `C` language. It does **not** contain the `glibc`, so tools/analyzers using it won't work. -- `full` is the default image. It derives from `lite` and contains tools allowing `Rust` compilation. -- `dev-tools` is based on the `full` image and contains more tools for testing : the [Ragger](https://github.com/LedgerHQ/ragger) test framework and the [Speculos](https://github.com/LedgerHQ/speculos) emulator. Mostly useful for macOS and Windows users who want to quickly setup a more complete development environment. - `legacy` contains all needed tools to compile `C` and `Rust` applications. This image is quite heavy, but based on Ubuntu 22.04, so it is a good pick for tools using the `glibc`, such as `SonarQube` or `CodeQL`. -## Using Ledger images +## Using Ledger image To use or build these container images, first install Docker on you computer. @@ -17,14 +14,8 @@ The images corresponding to the previous Dockerfiles are built and pushed on [gh They can be pulled via these commands: ```bash -# pull the default, full image, built from `full/Dockerfile` -$ docker pull ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest -# pull the lite image, built from `lite/Dockerfile` -$ docker pull ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-lite:latest -# pull the dev-tools image, built from `dev-tools/Dockerfile` -$ docker pull ghcr.io/ledgerhq/ledger-app-builder/ledger-app-dev-tools:latest # pull the legacy image, built from `legacy/Dockerfile` -$ docker pull ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest +$ docker pull ghcr.io/karlsen-network/ledger-app-builder/ledger-app-builder-legacy:latest ``` ## Compile your app in the container @@ -35,100 +26,40 @@ In the source folder of your application, you can compile with the following com * For Nano S ```bash -$ sudo docker run --rm -ti -v "$(realpath .):/app" --user $(id -u $USER):$(id -g $USER) ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest +$ sudo docker run --rm -ti -v "$(realpath .):/app" --user root ghcr.io/karlsen-network/ledger-app-builder/ledger-app-builder-legacy:latest bash$ BOLOS_SDK=$NANOS_SDK make ``` -* For Nano X -```bash -$ sudo docker run --rm -ti -v "$(realpath .):/app" --user $(id -u $USER):$(id -g $USER) ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest -bash$ BOLOS_SDK=$NANOX_SDK make -``` - * For Nano S+ ```bash -$ sudo docker run --rm -ti -v "$(realpath .):/app" --user $(id -u $USER):$(id -g $USER) ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest +$ sudo docker run --rm -ti -v "$(realpath .):/app" --user root ghcr.io/karlsen-network/ledger-app-builder/ledger-app-builder-legacy:latest bash$ BOLOS_SDK=$NANOSP_SDK make ``` * For Stax ```bash -$ sudo docker run --rm -ti -v "$(realpath .):/app" --user $(id -u $USER):$(id -g $USER) ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest +$ sudo docker run --rm -ti -v "$(realpath .):/app" --user root ghcr.io/karlsen-network/ledger-app-builder/ledger-app-builder-legacy:latest bash$ BOLOS_SDK=$STAX_SDK make ``` -* For Flex -```bash -$ sudo docker run --rm -ti -v "$(realpath .):/app" --user $(id -u $USER):$(id -g $USER) ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest -bash$ BOLOS_SDK=$FLEX_SDK make -``` - ### Code static analysis The Docker images include the [Clang Static Analyzer](https://clang-analyzer.llvm.org/), which can be invoked with: ```bash -$ sudo docker run --rm -ti -v "$(realpath .):/app" --user $(id -u $USER):$(id -g $USER) ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest +$ sudo docker run --rm -ti -v "$(realpath .):/app" --user root ghcr.io/karlsen-network/ledger-app-builder/ledger-app-builder-legacy:latest bash$ BOLOS_SDK=$NANOS_SDK make scan-build ``` -## App testing - -With the `ledger-app-dev-tools` image, whether you are developing on macOS, Windows or Linux, you can quickly test your app with the [Speculos](https://github.com/LedgerHQ/speculos) emulator or the [Ragger](https://github.com/LedgerHQ/ragger) test framework. -For examples of functional tests implemented with Ragger, you can have a look at the [app-boilerplate](https://github.com/LedgerHQ/app-boilerplate) - -First, run the `ledger-app-dev-tools` docker image. Depending on your platform, the command will change slightly : - -**Linux (Ubuntu)** - -```bash -sudo docker run --rm -ti -v "$(realpath .):/app" --user $(id -u):$(id -g) -v "/tmp/.X11-unix:/tmp/.X11-unix" -e DISPLAY=$DISPLAY ghcr.io/ledgerhq/ledger-app-builder/ledger-app-dev-tools:latest -``` - -**Windows (with PowerShell)** - -Assuming you already have a running X server like [VcXsrv](https://sourceforge.net/projects/vcxsrv/) configured to accept client connections. - -```bash -docker run --rm -ti -v "$(Get-Location):/app" -e DISPLAY="host.docker.internal:0" ghcr.io/ledgerhq/ledger-app-builder/ledger-app-dev-tools:latest -``` - -**macOS** - -Assuming you already have a running X server like [XQuartz](https://www.xquartz.org/) configured to accept client connections. - -```bash -sudo docker run --rm -ti -v "$(pwd -P):/app" --user $(id -u):$(id -g) -v "/tmp/.X11-unix:/tmp/.X11-unix" -e DISPLAY="host.docker.internal:0" ghcr.io/ledgerhq/ledger-app-builder/ledger-app-dev-tools:latest -``` - -Then you can test your app either with the Speculos emulator : - -```bash -# Run your app on Speculos -bash$ speculos build/nanos/bin/app.elf --model nanos -``` - -Or you can run your Ragger functional tests if you have implemented them : - -```bash -# Creating a virtualenv so that the non-root user can install Python dependencies -bash$ python -m virtualenv venv --system-site-package -bash$ source ./venv/bin/activate -# Install tests dependencies -(venv) bash$ pip install -r tests/requirements.txt -# Run ragger functional tests -(venv) bash$ python -m pytest tests/ --tb=short -v --device nanos --display -``` - ## Load the app on a physical device -:warning: Only Nano S, Nano S+, Stax and Flex devices allow application side-loading. This section will not work with a Nano X. +:warning: Only Nano S, Nano S+ and Stax devices allow application side-loading. This section will not work with a Nano X. To load the app from the container, you will need additional docker arguments in order to allow Docker to access your USB port. Your physical device must be connected, unlocked and the screen showing the dashboard (not inside an application). Same as for compilation, `BOLOS_SDK` variable is used to specify the target device. Use the following docker command to load the app (here for Nano S device) : ```bash -$ sudo docker run --rm -ti -v "$(realpath .):/app" --privileged -v "/dev/bus/usb:/dev/bus/usb" --user $(id -u $USER):$(id -g $USER) ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest +$ sudo docker run --rm -ti -v "$(realpath .):/app" --privileged -v "/dev/bus/usb:/dev/bus/usb" --user root ghcr.io/karlsen-network/ledger-app-builder/ledger-app-builder-legacy:latest bash$ BOLOS_SDK=$NANOS_SDK make load ``` @@ -142,7 +73,7 @@ If the provided images does not suit your needs or you want to tinker with them, Containers can be built using `Docker`: ```bash -$ (cd full && sudo docker build -t ledger-app-builder:latest .) +$ (cd full && sudo docker build -t ledger-app-builder-legacy:latest .) ``` ### App Scanner @@ -156,3 +87,4 @@ Then, build container from the `coverity/` directory with: ```bash $ (cd full && sudo docker build -t ledger-app-scanner:latest .) ``` + diff --git a/dev-tools/Dockerfile b/dev-tools/Dockerfile deleted file mode 100644 index d2a7963..0000000 --- a/dev-tools/Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -FROM ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest - -RUN apk add libusb \ - ttf-dejavu \ - fontconfig \ - py3-qt5 \ - qemu-arm \ - tesseract-ocr \ - mesa-dri-gallium - -ARG QEMU_BIN=qemu-arm - -# -static version is not available in Alpine repositories -RUN ln -s "$QEMU_BIN" $(dirname $(which "$QEMU_BIN"))/$QEMU_BIN-static - -# Python packages building dependencies -ARG PYTHON_BUILD_DEPS=libffi-dev,python3-dev,py3-virtualenv - -# Install the building dependencies. -RUN apk add $(echo -n "$PYTHON_BUILD_DEPS" | tr , ' ') - -# Install test tools (Ragger framework, Speculos emulator, Ledgerblue...) -RUN pip3 install --no-cache-dir "ragger[tests,all_backends]==1.23.0" "speculos==0.9.7" diff --git a/full/Dockerfile b/full/Dockerfile deleted file mode 100644 index 1189a2b..0000000 --- a/full/Dockerfile +++ /dev/null @@ -1,52 +0,0 @@ -FROM ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-lite:latest - -ARG RUST_STABLE_VERSION=1.75.0 -ARG RUST_NIGHTLY_VERSION=nightly-2023-11-10 - -ENV RUST_STABLE=$RUST_STABLE_VERSION -ENV RUST_NIGHTLY=$RUST_NIGHTLY_VERSION - -# Add curl for Rust buildchain -RUN apk add --update-cache --upgrade curl - -# Define rustup/cargo home directories -ENV RUSTUP_HOME=/opt/rustup \ - CARGO_HOME=/opt/.cargo - -RUN apk add rustup - -# Adding cargo binaries to PATH -ENV PATH=${CARGO_HOME}/bin:${PATH} - -# Installing rustup and setting the default toolchain to the RUST_STABLE_VERSION channel. -RUN rustup-init --default-toolchain $RUST_STABLE_VERSION -y - -# Installing nightly channel version RUST_NIGHTLY_VERSION (for Rust applications). -RUN rustup install $RUST_NIGHTLY_VERSION - -# Adding ARMV6M target to the installed stable and nightly toolchains -RUN rustup target add thumbv6m-none-eabi --toolchain $RUST_STABLE_VERSION -RUN rustup target add thumbv6m-none-eabi --toolchain $RUST_NIGHTLY_VERSION - -# Adding rust-src component to nightly and stable channels -RUN rustup component add rust-src --toolchain $RUST_NIGHTLY_VERSION -RUN rustup component add rust-src --toolchain $RUST_STABLE_VERSION - -# Python packages building dependencies, can be removed afterwards -RUN apk add -t python_build_deps python3-dev \ - libffi-dev - -# Install ledgerctl, which is used by cargo ledger for loading or dumping an APDU app file. -RUN pip3 install ledgerwallet==0.5.1 - -# Cleanup, remove packages that aren't needed anymore -RUN apk del python_build_deps - -# Add cargo ledger -RUN cargo +$RUST_STABLE_VERSION install --version 1.5.1 cargo-ledger - -# Setup cargo ledger (install JSON target files and custom link script) for nightly -RUN cargo +$RUST_NIGHTLY_VERSION ledger setup - -# Add a global Cargo config file (includes mandatory unstable features used to build our apps) -ADD ./full/cargo_global_config.toml $CARGO_HOME/config.toml diff --git a/full/cargo_global_config.toml b/full/cargo_global_config.toml deleted file mode 100644 index b35ab76..0000000 --- a/full/cargo_global_config.toml +++ /dev/null @@ -1,9 +0,0 @@ -[unstable] -# Prevent bindgen tool to fail on Alpine (with '[host]' section) -# see https://ledger.slack.com/archives/C04SY25SREX/p1698055418107969 -host-config = true -target-applies-to-host = true - -[host] -rustflags = ["-Ctarget-feature=-crt-static"] - diff --git a/legacy/Dockerfile b/legacy/Dockerfile index 2ce5a10..bb68f3f 100644 --- a/legacy/Dockerfile +++ b/legacy/Dockerfile @@ -1,3 +1,5 @@ +# Dockerfile for the legacy version + FROM ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-lite:latest AS LITE_BUILDER FROM ubuntu:22.04 diff --git a/lite/Dockerfile b/lite/Dockerfile deleted file mode 100644 index a840674..0000000 --- a/lite/Dockerfile +++ /dev/null @@ -1,111 +0,0 @@ -FROM alpine:3.15 -ENV LANG C.UTF-8 - -RUN apk update -RUN apk upgrade - -# Adding LLVM-15 APT repository and installing it -# LLVM-15 is only present starting from the v3.17 Alpine version -RUN apk add --repository=http://dl-cdn.alpinelinux.org/alpine/v3.17/main llvm15 -RUN ln -s /usr/lib/llvm15/bin/llvm-objcopy /usr/bin/llvm-objcopy-15 -RUN ln -s /usr/lib/llvm15/bin/llvm-nm /usr/bin/llvm-nm-15 - -RUN apk add \ - bash \ - clang \ - clang-analyzer \ - clang-extra-tools \ - cmake \ - cmocka-dev \ - doxygen \ - gcc-arm-none-eabi \ - git \ - jq \ - lld \ - make \ - musl-dev \ - newlib-arm-none-eabi \ - protoc \ - python3 - -# Install pip and wheel -RUN python3 -m ensurepip --upgrade \ - && pip3 install --upgrade pip \ - && pip3 install wheel - -# lcov is only present in the community repository of the edge branch but its perl-json-xs -# dependency won't work on 3.15 so install it (from the 3.15 repo) first -RUN apk add perl-json-xs && \ - apk add --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community lcov - -# This package is required by lcov (but somehow not listed as such in the Alpine package) -RUN apk add gzip - -# So that it still supports things incorrectly pointing to python -RUN ln -s python3 $(dirname $(which python3))/python - -# These packages contain shared libraries which will be needed at runtime -RUN apk add \ - eudev \ - libjpeg \ - libusb \ - zlib - -# Python packages building dependencies, can be removed afterwards -RUN apk add -t python_build_deps eudev-dev \ - jpeg-dev \ - libusb-dev \ - linux-headers \ - python3-dev \ - zlib-dev - -# temporary, until a fixed version of hidapi is released (with https://github.com/trezor/cython-hidapi/commit/749da69) -RUN pip3 install 'Cython<3' - -# Python package to load app onto device -RUN pip3 install "ledgerblue==0.1.54" tomli-w - -ARG GIT_SERVER=https://github.com/LedgerHQ - -# Unified SDK -ENV LEDGER_SECURE_SDK=/opt/ledger-secure-sdk -RUN git clone "$GIT_SERVER/ledger-secure-sdk.git" "$LEDGER_SECURE_SDK" - -# Latest Nano S SDK (OS nanos_2.1.0 => based on API_LEVEL LNS) -ENV NANOS_SDK=/opt/nanos-secure-sdk -RUN git -C "$LEDGER_SECURE_SDK" worktree add "$NANOS_SDK" lns-2.1.0-v22.1 -RUN echo nanos > $NANOS_SDK/.target - -# Latest Nano X SDK (OS nanox_2.2.4 => based on API_LEVEL 5) -ENV NANOX_SDK=/opt/nanox-secure-sdk -RUN git -C "$LEDGER_SECURE_SDK" worktree add "$NANOX_SDK" v5.13.1 -RUN echo nanox > $NANOX_SDK/.target - -# Latest Nano S+ SDK (OS nanos+_1.1.2 => based on API_LEVEL 5) -ENV NANOSP_SDK=/opt/nanosplus-secure-sdk -RUN git -C "$LEDGER_SECURE_SDK" worktree add "$NANOSP_SDK" v5.13.1 -RUN echo nanos2 > $NANOSP_SDK/.target - -# Latest Stax SDK (OS stax_1.5.0 => based on API_LEVEL 21) -ENV STAX_SDK=/opt/stax-secure-sdk -RUN git -C "$LEDGER_SECURE_SDK" worktree add "$STAX_SDK" v21.3.3 -RUN echo stax > $STAX_SDK/.target - -# Latest Flex SDK (OS flex_1.1.1 => based on API_LEVEL 21) -ENV FLEX_SDK=/opt/flex-secure-sdk -RUN git -C "$LEDGER_SECURE_SDK" worktree add "$FLEX_SDK" v21.3.3 -RUN echo flex > $FLEX_SDK/.target - -# Default SDK -ENV BOLOS_SDK=$NANOS_SDK - -# Cleanup, remove packages that aren't needed anymore -RUN apk del python_build_deps - -WORKDIR /app - -# Work around the git security to be able to get informations from repositories -# even if the container is not run with root UID/GID -RUN git config --system --add safe.directory "*" - -CMD ["/usr/bin/env", "bash"]