Since the WalletScrutiny review for Passport FE is outdated and the Passport Batch 2 build wasn't verified yet, I decided to quickly try it myself and write instructions for everyone to replicate it.
FE:
https://walletscrutiny.com/hardware/passport/ "Review might be outdated"
Batch 2:
https://walletscrutiny.com/hardware/foundation.passport2/ "Review is Work in Progress"
First of all,
the script by WalletScrutiny does still work for the latest v1 firmware version v1.1.0 (Founders Edition). Since the latest verified version was v1.0.8, I thought it may be worth verifying it, even though it has now been superseded by v2.x.x.
v1.1.0 verified reproducible:#install dependency
sudo apt install podman
#download the script
wget https://gitlab.com/walletscrutiny/walletScrutinyCom/-/raw/master/scripts/test/hardware/passport.sh?inline=false -O passport.sh
#make executable
chmod +x passport.sh
#execute the script
./passport.sh 1.1.0 e32dcb154e9be8156d3106443f23453691e22b1e575633cc44d10b83082c4f24
[...]
e32dcb154e9be8156d3106443f23453691e22b1e575633cc44d10b83082c4f24 build-Passport/firmware.bin
e32dcb154e9be8156d3106443f23453691e22b1e575633cc44d10b83082c4f24
For the
passport2 firmware,
I could not yet reproduce the builds. Since I wanted to contribute to WalletScrutiny's project, I did not follow
Foundation Devices' instructions, but adapted the old WalletScrutiny script to work with
passport2 and may have done something wrong in the process.
The firmware compiles fine, but checksum doesn't match. I'm not entirely sure whether we are meant to select development flags or not, but the hashes did not match with either option.
Maybe someone from Foundation can give me a hint where my issue is...
I compared your build scripts (Justfile) and mine and they
should be equivalent now.
#!/bin/bash
### provide this script with the version without "v" and the published buildHash
version=$1
buildHash=$2
rm -rf /tmp/passport/
rm /tmp/passport-fw-${version}.bin
cd /tmp
wget https://github.com/Foundation-Devices/passport2/releases/download/v${version}/v${version}-passport.bin
sha256sum v${version}-passport.bin
mkdir passport
cd passport
podman run --rm -it --volume=$(pwd):/work/ ubuntu:22.04 bash -c "apt update; \
apt install --yes git python3-pip gcc-arm-none-eabi autotools-dev automake libusb-1.0-0-dev libtool curl; \
RUSTUP_HOME='/rustup'; CARGO_HOME='/cargo'; mkdir -p /rustup /cargo; \
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal --default-toolchain 1.67.1; \
PATH='/cargo/bin:${PATH}'; source '$HOME/.cargo/env'; \
rustup component add clippy rustfmt; \
rustup target add aarch64-unknown-none thumbv7em-none-eabihf x86_64-unknown-none; \
cargo install cbindgen@^0.24; \
git clone https://github.com/Foundation-Devices/passport2.git; \
cd passport2; \
git checkout v${version}; \
make -C mpy-cross; \
cd ports/stm32/; \
make -j $(nproc) \
LV_CFLAGS='-DLV_COLOR_DEPTH=16 -DLV_COLOR_16_SWAP -DLV_TICK_CUSTOM=1 -DSCREEN_MODE_COLOR -DHAS_FUEL_GAUGE' SCREEN_MODE=COLOR \
BOARD=Passport \
FROZEN_MANIFEST='boards/Passport/manifest.py'; \
sha256sum build-Passport/firmware-COLOR.bin; echo $buildHash; \
mv build-Passport/firmware-COLOR.bin /work/firmware-passport-v${version}.bin; \
bash;"
tail -c +2049 ../v${version}-passport.bin | sha256sum ; \
sha256sum firmware-passport-v${version}.bin; \
echo $buildHash
Running this script, I get the following build hash for v2.0.7:
./passport2.sh 2.0.7 2c59a27300a20eccb27dc387be782f68b13fdb30499ab58901b9cd80484869f4
[...]
8276e80a5446b0219b448676028d7e52604c8b5db1b92fd5033ab17cf2545a45 firmware-passport-v2.0.7.bin
2c59a27300a20eccb27dc387be782f68b13fdb30499ab58901b9cd80484869f4
And for v2.1.2:
./passport2.sh 2.1.2 08959d69338eb33ab008ae6e74e111838cc60f39ef17befe401e77d1cc274520
[...]
0c27c5e0767988aff1b32d72ad02f89baf3f6b047d37a68e604ac013fa2f851f build-Passport/firmware-COLOR.bin
08959d69338eb33ab008ae6e74e111838cc60f39ef17befe401e77d1cc274520
Compared to the old WalletScrutiny script, it doesn't contain the actual build commands itself, but just downloads your Justfile script and runs that instead. I'd really like to be able to reproduce it with my own script, instead.
