Building bootloader with just build color results in error

[hugoender]

Tried building the bootloader as per the DEVELOPMENT.md documentation and it results in the following error:

error: Justfile does not contain recipes 'build' or 'color'.

[jeandudey]

Sorry, the instruction is a bit outdated, to build the bootloader you need to do:

just build-bootloader color # or mono

Building the mono bootloader is not currently supported, however if you still want to build it in the https://github.com/Foundation-Devices/passport-firmware it can be done.

[hugoender]

@jeandudey I tried that and it gave another error:

docker run --rm -v "$PWD":/workspace -u $(id -u):$(id -g) -v $(pwd):/workspace -w /workspace -e MPY_CROSS="/workspace/mpy-cross/mpy-cross-docker" --entrypoint bash ${DOCKER_IMAGE} -c 'export PATH=$PATH:/workspace/ports/stm32/boards/Passport/tools/cosign/x86/release;just ports/stm32/boards/Passport/bootloader/build color'
docker: permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/create": dial unix /var/run/docker.sock: connect: permission denied.
See 'docker run --help'.
error: Recipe `run-in-docker` failed on line 86 with exit code 126

Based on the error message it seems like it's a permission issue and maybe I have to add my username to some Docker permission? If so, might want to update the documentation to handle this error.

[hugoender]

Any help with this would be greatly appreciated. Building firmware and bootloader from source are the two remaining obstacles preventing me from ordering a Passport.

[jeandudey]

Based on the error message it seems like it's a permission issue and maybe I have to add my username to some Docker permission?

Yes, you have to add your user to the docker group in your system, it may vary per system (different distributions use different commands to add users to groups) so it isn't included in the documentation to add the user to the docker group, it also can have security implications for some people.

For example, any user in the docker group can be used to perform privilege escalation:

https://fosterelli.co/privilege-escalation-via-docker.html

An alternative to adding yourself to the docker group would be running the just build-bootloader color as root but that comes with other implications, e.g. just has to be installed system-wide and output files of the compilation will be owned by the root user.

That said, I will look into making it easier to compile with Docker without resorting to adding an user to the docker group.

[hugoender]

Thank you for the detailed response. I learned something new. I guess I'll wait for you to make it not require adding user to docker group before I buy a Passport so I can ensure that I can build from source without any security implications.

[jeandudey]

The #355 pull request should allow to build the firmware without using Docker, instead Podman can be used and is rootless by default.

This will be available when the 2.3.0 firmware is released.

[jeandudey]

@hugoender closing this one as just build-bootloader color should work now with the 2.3.0 release (also on main branch). If it doesn't work please re-open it and I will look into it. Thanks!