Merge pull request #14 from obsidiansystems/v2.2.5

Version 2.2.5

.gitignore

@@ -5,6 +5,7 @@ obj
 src/u2f_crypto_data.h
 src/glyphs.h
 src/glyphs.c
+src/delegates.h
 
 #ide
 *.code-workspace

CONTRIBUTING.md

@@ -8,9 +8,9 @@ The `nix/` folder contains helper scripts for working with the ledger via Nix.
 Use `./nix/install.sh` to install the apps onto the ledger using Nix.
 
 ### Developing
-Use `nix/env.sh <s or x> to enter a shell where you can run `make` and it will just work. You can also pass a command instead, e.g. `nix/env.sh s make clean`.
+Use `nix/env.sh <s or x> to enter a shell where you can run `make` and it will just work. You can also pass a command instead, e.g. `nix/env.sh s --run "make clean SHELL=bash"`.
 
-For development, use `nix/watch.sh s make APP=<tezos_baking|tezos_wallet>` to incrementally build on every change. Be sure to `nix/env.sh s make clean` if you start watching a different `APP`.
+For development, use `nix/watch.sh s make APP=<tezos_baking|tezos_wallet>` to incrementally build on every change. Be sure to `nix/env.sh s --run "make clean SHELL=bash"` if you start watching a different `APP`.
 
 ### Building
 To do a full Nix build run `nix/build.sh`. You can pass `nix-build` arguments to this to build specific attributes, e.g. `nix/build.sh -A nano.s.wallet`.

Makefile

@@ -19,7 +19,7 @@ GIT_DESCRIBE ?= $(shell git describe --tags --abbrev=8 --always --long --dirty 2
 VERSION_TAG ?= $(shell echo "$(GIT_DESCRIBE)" | cut -f1 -d-)
 APPVERSION_M=2
 APPVERSION_N=2
-APPVERSION_P=1
+APPVERSION_P=5
 APPVERSION=$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)
 
 # Only warn about version tags if specified/inferred
@@ -170,3 +170,8 @@ dep/%.d: %.c Makefile
 
 listvariants:
 	@echo VARIANTS APP tezos_wallet tezos_baking
+
+# Generate delegates from baker list
+src/delegates.h: tools/gen-delegates.sh tools/BakersRegistryCoreUnfilteredData.json
+	bash ./tools/gen-delegates.sh ./tools/BakersRegistryCoreUnfilteredData.json
+dep/to_string.d: src/delegates.h

README.md

@@ -426,7 +426,7 @@ Currently there are two other ways to do this:
 
   1. If you have the Nix package manager, use the
      [Tezos baking platform](https://gitlab.com/obsidian.systems/tezos-baking-platform).
-  2. Build tezos from the tezos repo with [these instructions](http://tezos.gitlab.io/mainnet/introduction/howtoget.html#build-from-sources).
+  2. Build tezos from the tezos repo with [these instructions](http://tezos.gitlab.io/introduction/howtoget.html#build-from-sources).
 
 Depending on how you build it, you might need to prefix `./` to your commands, and the names
 of some of the binaries might be different.
@@ -981,6 +981,42 @@ If the Ledger application crashes when you load it, there are two primary causes
   * Out of date firmware: If the Ledger application doesn't work at all, make sure you are running firmware
     version 1.5.5.
 
+### Error "Unexpected sequence number (expected 0, got 191)" on macOS
+
+If `tezos-client` on macOS intermittently fails with an error that looks like
+
+```
+client.signer.ledger: APDU level error: Unexpected sequence number (expected 0, got 191)
+```
+
+then your installation of `tezos-client` was built with an older version of HIDAPI that doesn't work well with macOS (see [#30](https://github.com/obsidiansystems/ledger-app-tezos/issues/30)).
+
+To fix this you need to get the yet-unreleased fixes from the [HIDAPI library](https://github.com/signal11/hidapi) and rebuild `tezos-client`.
+
+If you got HIDAPI from Homebrew, you can update to the `master` branch of HIDAPI like this:
+
+```shell
+$ brew install hidapi --HEAD
+```
+
+Then start a full rebuild of `tezos-client` with HIDAPI's `master` branch:
+
+```shell
+$ brew unlink hidapi   # remove the current one
+$ brew install autoconf automake libtool  # Just keep installing stuff until the following command succeeds:
+$ brew install hidapi --HEAD
+```
+
+Finally, rebuild `ocaml-hidapi` with Tezos. In the `tezos` repository:
+
+```shell
+$ opam reinstall hidapi
+$ make all build-test
+$ ./tezos-client list connected ledgers  # should now work consistently
+```
+
+Note that you may still see warnings similar to `Unexpected sequence number (expected 0, got 191)` even after this update. The reason is that there is a separate, more cosmetic, issue in `tezos-client` itself which has already been fixed but may not be in your branch yet (see the [merge request](https://gitlab.com/tezos/tezos/merge_requests/600)).
+
 ### Contact Us
  You can email us at [email protected] and request to join our Slack.
 We have several channels about baking and one specifically for our Ledger applications.

default.nix

@@ -1,4 +1,4 @@
-{ pkgs ? import nix/nixpkgs.nix {}, gitDescribe ? "TEST-dirty", nanoXSdk ? null, ... }:
+{ pkgs ? import ./nix/dep/nixpkgs {}, gitDescribe ? "TEST-dirty", nanoXSdk ? null, ... }:
 let
   fetchThunk = p:
     if builtins.pathExists (p + /git.json)
@@ -20,9 +20,6 @@ let
         } ''
           python ${sdk + /icon.py} '${icons/nano-s-tezos.gif}' hexbitmaponly > "$out"
         '';
-        nvramDataSize = appDir: pkgs.runCommand "${name}-nvram-data-size" {} ''
-          grep _nvram_data_size '${appDir + /debug/app.map}' | tr -s ' ' | cut -f2 -d' ' > "$out"
-        '';
       };
       x = rec {
         name = "x";
@@ -37,15 +34,10 @@ let
         } ''
           python '${sdk + /icon3.py}' --hexbitmaponly '${icons/nano-x-tezos.gif}' > "$out"
         '';
-        nvramDataSize = appDir: pkgs.runCommand "${name}-nvram-data-size" {} ''
-          envram_data="0x$(cat  | grep _envram_data '${appDir + /debug/app.map}' | cut -f1 -d' ')"
-          nvram_data="0x$(grep _nvram_data '${appDir + /debug/app.map}' | cut -f1 -d' ')"
-          echo "$(($envram_data - $nvram_data))" > "$out"
-        '';
       };
     };
 
-  src = pkgs.lib.sources.sourceFilesBySuffices (pkgs.lib.sources.cleanSource ./.) [".c" ".h" ".gif" "Makefile"];
+  src = pkgs.lib.sources.sourceFilesBySuffices (pkgs.lib.sources.cleanSource ./.) [".c" ".h" ".gif" "Makefile" ".sh" ".json"];
 
   build = bolos:
     let
@@ -57,6 +49,7 @@ let
         '';
         nativeBuildInputs = [
           (pkgs.python3.withPackages (ps: [ps.pillow ps.ledgerblue]))
+          pkgs.jq
         ];
         TARGET = bolos.target;
         GIT_DESCRIBE = gitDescribe;
@@ -75,14 +68,19 @@ let
           size $out/bin/app.elf
         '';
       };
+      nvramDataSize = appDir: pkgs.runCommand "nvram-data-size" {} ''
+        envram_data="$(grep _envram_data '${appDir + /debug/app.map}' | tr -s ' ' | cut -f2 -d' ')"
+        nvram_data="$(grep _nvram_data '${appDir + /debug/app.map}' | tr -s ' ' | cut -f2 -d' ')"
+        echo "$(($envram_data - $nvram_data))" > "$out"
+      '';
       mkRelease = short_name: name: appDir: pkgs.runCommand "${short_name}-nano-${bolos.name}-release-dir" {} ''
         mkdir -p "$out"
 
         cp '${appDir + /bin/app.hex}' "$out/app.hex"
 
         cat > "$out/app.manifest" <<EOF
         name='${name}'
-        nvram_size=$(cat '${bolos.nvramDataSize appDir}')
+        nvram_size=$(cat '${nvramDataSize appDir}')
         target='nano_${bolos.name}'
         target_id=${bolos.targetId}
         version=$(echo '${gitDescribe}' | cut -f1 -d- | cut -f2 -dv)

nix/dep/flextesa-dev/default.nix

@@ -0,0 +1,4 @@
+# DO NOT HAND-EDIT THIS FILE
+let fetchGit = {url, rev, ref ? null, branch ? null, sha256 ? null, fetchSubmodules ? null}:
+  assert !fetchSubmodules; (import <nixpkgs> {}).fetchgit { inherit url rev sha256; };
+in import (fetchGit (builtins.fromJSON (builtins.readFile ./git.json)))

nix/dep/flextesa-dev/git.json

@@ -0,0 +1,7 @@
+{
+  "url": "https://gitlab.com/obsidian.systems/tezos.git",
+  "rev": "08c288ebe13d3647294a8603358ad98771eea7b1",
+  "sha256": "0kdnzd3ib93r63h509jd5c85svj0wyqcyi1v85xkghg94raswj0b",
+  "fetchSubmodules": false,
+  "branch": "flextesa-dev-master"
+}

nix/dep/nanos-secure-sdk/github.json

@@ -1,7 +1,7 @@
 {
   "owner": "LedgerHQ",
   "repo": "nanos-secure-sdk",
-  "branch": "master",
-  "rev": "f9e1c7b8904df2eee0ae7e603f552b876c169334",
-  "sha256": "1wzra32zkqw521a5cmvqsblpkbkfzgx2pbngqpymcgf8db20p50i"
+  "branch": "og-1.6.0-1",
+  "rev": "5844b50daaf70108ef5464b7004561be0442edd1",
+  "sha256": "0r5bnn46ay01imxzsg0iy30aa6yaa9rx7j54ifj3a4ahlfw51nkc"
 }

nix/dep/nixpkgs/default.nix

@@ -0,0 +1,7 @@
+# DO NOT HAND-EDIT THIS FILE
+import ((import <nixpkgs> {}).fetchFromGitHub (
+  let json = builtins.fromJSON (builtins.readFile ./github.json);
+  in { inherit (json) owner repo rev sha256;
+       private = json.private or false;
+     }
+))

nix/dep/nixpkgs/github.json

@@ -0,0 +1,7 @@
+{
+  "owner": "NixOS",
+  "repo": "nixpkgs",
+  "branch": "nixos-unstable",
+  "rev": "41d921292e922a6cd1aba64259341c244d4c2cc7",
+  "sha256": "01iq7phnmyz78qddxsjy6lnpgmzcffxk9h7k69sy61dbjsyy9b4q"
+}

nix/env.sh

@@ -8,5 +8,5 @@ root="$(git rev-parse --show-toplevel)"
 if [ $# -eq 0 ]; then
   exec nix-shell "$root" -A "nano.${target}.wallet"
 else
-  exec nix-shell "$root" -A "nano.${target}.wallet" --run "$(echo "$@")"
+  exec nix-shell "$root" -A "nano.${target}.wallet" "$@"
 fi

nix/ledgerblue.nix

@@ -1,4 +1,4 @@
-{ pkgs ? import ../nix/nixpkgs.nix {}, ... }:
+{ pkgs ? import ../nix/dep/nixpkgs {}, ... }:
 rec {
   withLedgerblue = (pkgs.python36.withPackages (ps: with ps; [
     ecpy hidapi pycrypto python-u2flib-host requests ledgerblue pillow pkgs.hidapi protobuf

nix/setup-vscode.sh

@@ -7,6 +7,6 @@ cd "$root"
 cp -f "$(nix-build -A env.s.ide.config.vscode --no-out-link)" "vscode.code-workspace"
 chmod +w "vscode.code-workspace"
 
-bear="$(nix-build -E '(import nix/nixpkgs.nix {}).bear' --no-out-link)/bin/bear"
+bear="$(nix-build -E '(import ./nix/dep/nixpkgs {}).bear' --no-out-link)/bin/bear"
 # c.f. https://github.com/rizsotto/Bear/issues/182
-nix/env.sh s "export LANG=C.UTF-8; export LC_CTYPE=C.UTF-8; make clean && \"$bear\" make; make clean"
+nix/env.sh s --run "export LANG=C.UTF-8; export LC_CTYPE=C.UTF-8; make clean && \"$bear\" make; make clean"

nix/watch.sh

@@ -13,11 +13,9 @@ root="$(git rev-parse --show-toplevel)"
 
 watchdirs=("$root/default.nix" "$root/nix" "$root/Makefile" "$root/src" "$root/icons")
 
-inotifywait="$(nix-build "$root/nix/nixpkgs.nix" -A inotify-tools --no-out-link)/bin/inotifywait"
+inotifywait="$(nix-build "$root/nix/dep/nixpkgs" -A inotify-tools --no-out-link)/bin/inotifywait"
 while true; do
-  "$root/nix/env.sh" "$target" <<EOF
-    $@
-EOF
+  "$root/nix/env.sh" "$target" "--run" "$@"
   if ! "$inotifywait" -qre close_write "${watchdirs[@]}"; then
     fail "inotifywait failed"
   fi

release.nix

@@ -0,0 +1,9 @@
+let
+  ledger-app-tezos = import ./. {};
+in {
+  analysis-nanos-wallet = ledger-app-tezos.clangAnalysis.s.wallet;
+  analysis-nanos-baking = ledger-app-tezos.clangAnalysis.s.baking;
+  release-nanos-wallet = ledger-app-tezos.nano.s.release.wallet;
+  release-nanos-baking = ledger-app-tezos.nano.s.release.baking;
+  release-nanos-all = ledger-app-tezos.nano.s.release.all;
+}

src/apdu.c

@@ -79,12 +79,14 @@ void main_loop(apdu_handler const *const handlers, size_t const handlers_size) {
                 clear_apdu_globals(); // IMPORTANT: Application state must not persist through errors
 
                 uint16_t sw = e;
+		PRINTF("Error caught at top level, number: %x\n", sw);
                 switch (sw) {
                 default:
                     sw = 0x6800 | (e & 0x7FF);
                     // FALL THROUGH
                 case 0x6000 ... 0x6FFF:
                 case 0x9000 ... 0x9FFF: {
+                        PRINTF("Line number: %d", sw & 0x0FFF);
                         size_t tx = 0;
                         G_io_apdu_buffer[tx++] = sw >> 8;
                         G_io_apdu_buffer[tx++] = sw;

src/apdu_baking.c

@@ -19,7 +19,7 @@ static bool reset_ok(void);
 size_t handle_apdu_reset(__attribute__((unused)) uint8_t instruction) {
     uint8_t *dataBuffer = G_io_apdu_buffer + OFFSET_CDATA;
     uint32_t dataLength = G_io_apdu_buffer[OFFSET_LC];
-    if (dataLength != sizeof(int)) {
+    if (dataLength != sizeof(level_t)) {
         THROW(EXC_WRONG_LENGTH_FOR_INS);
     }
     level_t const lvl = READ_UNALIGNED_BIG_ENDIAN(level_t, dataBuffer);

src/apdu_pubkey.c

@@ -7,6 +7,9 @@
 #include "protocol.h"
 #include "to_string.h"
 #include "ui.h"
+#ifdef BAKING_APP
+#include "baking_auth.h"
+#endif // BAKING_APP
 
 #include <string.h>