diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 812927d3..6fb1d288 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,44 +1,91 @@ -# Contributing +The Exciting World of Ledger C +------------------------------ -## Hacking with [Nix](https://nixos.org/nix/) +Knowing C will help you in this adventure. But not as much as it should. There are some fun twists when it comes to Ledger C. Explore them below. Memorize them. There *will* be a quiz... -The `nix/` folder contains helper scripts for working with the ledger via Nix. +### Exceptions -### Installing -`nix/install.sh` will install both the wallet and baking apps. Use -`nix/install.sh s baking` to install just the baking app or -`nix/install.sh s wallet` to install just the wallet. +C doesn't have them. So you don't have to think about bracketing, exception safety, RAII, try/catch, all that. -### Developing -Use `nix/env.sh ` to enter a shell where you can run `make` and it will just work. You can also pass a command instead, e.g. `nix/env.sh s --run "make clean SHELL=bash"`. All `make` commands should be prefixed with `SHELL=bash`. Check the Makefile to see what options exist +Well not on the Ledger. You have exceptions! Which means you also have out-of-band code paths, and you now have to worry about exception safety. -For development, use `nix/watch.sh s make APP=` to incrementally build on every change. Be sure to `nix/env.sh s --run "make clean SHELL=bash"` if you start watching a different `APP`. +You can `THROW` a `uint16_t` like this `THROW(0x9000)`. -#### Debugging -Set `DEBUG=1` in the `Makefile` to so that the user-defined `parse_error()` macro provides a line-number. For `printf` style debugging see [Ledger's official instructions](https://ledger.readthedocs.io/en/latest/userspace/debugging.html) +Handling exceptions looks like this. -### Building -To do a full Nix build run `nix/build.sh`. You can pass `nix-build` arguments to this to build specific attributes, e.g. `nix/build.sh -A nano.s.wallet`. +```c +volatile int something = 0; +BEGIN_TRY { + TRY { + //do something; + } + CATCH(EXC_PARSE_ERROR) { + //do something on parse error + } + CATCH_OTHER(e) { + THROW(e); + } + FINALLY { } +} +END_TRY; +``` -### Using tezos-client -Set environment variable `TEZOS_LOG="client.signer.ledger -> debug"` when running tezos-client to get the byte-level IO being sent -directly to/from the ledger +Exceptions that make it all the way to the top of the application are caught and returned as status codes from the APDU. +#### Gotchas -### Editor Integration + 1. If a variable will be accessed both outside and inside the `BEGIN_TRY`/`END_TRY` block it must be `volatile`. The compiler doesn't expect these shenanigans and will optimize incorrectly if you don't. + 2. Do not `return` in the `TRY` block. It will cause the Ledger to crash. Instead use a `volatile` variable to capture the result you want to `return` at the end. + 3. Don't try to leave out blocks like `CATCH_OTHER(e)` and `FINALLY`. I don't know if that will work right and it's not worth the risk. -#### Visual Studio Code +#### Implications - 1. Install `llvm-vs-code-extensions.vscode-clangd` extension. - 2. Run `nix/setup-vscode.sh` to create local configuration. Note that these files are non-relocatable so you need to rerun this if you move the directory. - 3. Restart Visual Studio Code. + 1. If you have some global state and an exception is thrown then, unless you do something about it, that global state will remain. That might be a *very bad thing*. As long as you use globals our way (see Globals Our Way) you should be safe. -### Releasing -`nix/build.sh -A nano.s.release.all` +### Globals Our Way -`nix/build.sh -A nano.x.release.all` +`static const` globals are fine. `static` non-const are not fine for two reasons: -### Notes on testing + 1. If you try to initialize them (which you would want to do!) then the app will crash. For example `static int my_bool = 3;` crashes whenever you try to read or write `my_bool`... + 2. Instead of getting initialized to 0 like the C standard says, they are initialized to `0xA5`. Yes this can cause the compiler to incorrectly optimize your code. -See `test/README.md` +So just don't use `static` non-const globals. Instead we have `globals.h` which defines a large `struct` wher you can put your globals. At the beginning of the application we `memset(&global, 0, sizeof(global))` to clear it all to zeros. + +Anything inside of `global.apdu` will get cleared when an exception gets to the top of the app (see Exceptions). To benefit from this behavior you should never return an error code via the in-band way of sending bytes back. All errors should be sent via `THROW`. + +### Relocation + +When we said `static const` globals were fine, we meant that they were possible. There is +a major gotcha, however: if you initialize a `static const` value with a pointer to another +`static` or `static const` value, the pointers might be incorrect and require relocation. + +For example: + +``` +static const char important_string[] = "Important!"; +static const char **important_string_ptrs = { important_string, NULL }; +const char *str1 = important_string_ptrs[0]; +const char *str2 = important_string; +``` + +`str` will now have the wrong value. `str2` will not. The reason `str1` +has the wrong value is that the linker gets confused with a reference +from one `static const` variable to another `static` variable on this +platform. To resolve, you can use the `PIC` macro, which will fix broken +pointers but never break a good pointer. Because of this, you can use +it liberally and not have to worry about breaking anything: + +``` +static const char important_string[] = "Important!"; +static const char **important_string_ptrs = { important_string, NULL }; +const char *str1 = PIC(important_string_ptrs[0]); // necessary use of PIC +const char *str2 = PIC(important_string); // unnecessary but harmless use of PIC +``` + +Many of the UI functions call `PIC` for you, so just because a UI function +accepts a data structure, doesn't mean that data structure is valid. + +### Dynamic Allocation + +Nope. Don't even try. No `malloc`/`calloc`/`free`. Use globals (see Globals). diff --git a/MacInstallation.md b/MacInstallation.md deleted file mode 100644 index 78fc30f3..00000000 --- a/MacInstallation.md +++ /dev/null @@ -1,111 +0,0 @@ -# Installing Tezos Applications on the Ledger Nano S - -## Overview -These installation instructions have been adapted from our [README](https://github.com/obsidiansystems/ledger-app-tezos/blob/master/README.md) to be mac-specific. If you have questions regarding this installation, we recommend you refer to those instructions. - -**Note** - this guide makes 2 assumptions: -1. You have [XCode](https://developer.apple.com/xcode/) and [Homebrew](https://brew.sh/) installed. Both are available for free to download via those links. -2. You have updated your Ledger firmware to 1.4.2. You can do so through [Ledger Manager](https://www.ledgerwallet.com/apps/manager) or [Ledger Live](https://www.ledgerwallet.com/live). - -### Installing Python3 - -First, check if you have Python3 installed: - -`python3 --version` - -If this returns a version, such as `Python 3.6.5`, you can skip to the next section. If it returns nothing or you get an error, such as ‘command not found’, you’ll need to install it with homebrew: - -`brew install python` - -This step may take some time. When complete, you can confirm with `python3 --version`. It should now return a version. - -### Installing Virtualenv - -Check if you have virtualenv installed: - -`virtualenv --version` - -If this returns a version, such as `16.0.0`, you can skip to the next section. If it returns nothing or you get an error, such as ‘command not found’, you’ll need to install it: - -`pip3 install virtualenv` - -After that successfully installs, running `virtualenv --version` should now return it’s version number. - -### Clone This Repo - -Clone the Obsidian Systems Ledger App repo: - -`git clone https://github.com/obsidiansystems/ledger-app-tezos.git` - -This gives you all the tools to install the applications, but not the app files themselves. We’ll get those later. Enter the folder you just downloaded. - -`cd ledger-app-tezos` - -### Run virtualenv - -From within `/ledger-app-tezos`, run the following two commands: - -`virtualenv ledger -p python3` - -`source ledger/bin/activate` - -Your terminal session (and only that terminal session) will now be in the `virtualenv`. To have a new terminal session enter the `virtualenv`, run the above source command only in the same directory in the new terminal session. -In the shell that starts with (ledger), run (don’t use `sudo` or `pip3`!): - -`pip install ledgerblue` - -If you have to use `sudo` or `pip3` here, that is an indication that you have not correctly set up `virtualenv`. It will still work in such a situation, but please research other material on troubleshooting `virtualenv` setup. - -### Download the Application(s) - -Next you'll use the installation script to install the app on your Ledger Nano S. Let’s start by downloading the application(s) from here - `https://github.com/obsidiansystems/ledger-app-tezos/releases/`. Download the most recent version (currently 1.1 at the time of this writing). To download, use the `release.tar.gz` link - that’s where you’ll find the application hex files. Once you’ve downloaded them, move them into the `/ledger-app-tezos` folder. - -### Install the Application(s) - -We’re now ready to do the installation! The Ledger must be in the following state: -- Plugged into your computer -- Unlocked (enter your PIN) -- On the home screen (do not have any app open) -- Not asleep (you should not see vires in numeris is scrolling across the screen) - -In `virtualenv`, in the `/ledger-app-tezos` folder, run the following: -- To install the Baking app - `./install.sh "Tezos Baking" baking.hex` -- To install the Wallet App - `./install.sh "Tezos Wallet" wallet.hex` - -Pay attention to your Ledger during this process, as you’ll be prompted to confirm the installation. - -You should now see the applications on your Ledger! - -# Upgrading Applications - -Periodically, we’ll update these applications. To do the upgrade yourself, run the same commands you used for the installation! Just make sure to update the hex files you are upgrading to the new version by moving the new `baking.hex` or `wallet.hex` file to `/ledger-app-tezos`. The installation script will automatically remove the old version of the app. - -# Deleting Applications - -In that same `virtualenv` we created to install the applications, run the following command to delete them: - -`python -m ledgerblue.deleteApp --targetId 0x31100003 --appName "Tezos Baking"` - -**Note**: The part in quotes needs to be the name of the application you are trying to delete. So if you are trying to delete the Wallet App, you should change it to say “Tezos Wallet” - -# Troubleshooting - -### Ledger Prompt: “Allow unknown manager?” - -This prompt indicates that the application interacting with the Ledger is not the Ledger Manager or Ledger Live. It is expected, and not a cause for concern. - -### Ledger Prompt: “Open non-genuine app?” - -As these applications are not coming directly from Ledger Live or Ledger Manager, you should expect to see this prompt under all circumstances when following these instructions. If the ledger says “Open non-genuine app?” then freezes, this is a sign that the install was unsuccessful. You probably need to update your Ledger’s firmware to 1.4.2, then restart the process. - -### “Broken certificate chain - loading from user key” - -If you are running the installation script and you already have a version of the application on your Ledger, you will see this message. This is normal, and not a cause for concern. - -### Removing a virtualenv - -Each time you create a virtualenv, it makes a folder with that instance in it with the name you chose to call it. In these docs, we called it ledger. If you try and run virtualenv ledger and you’ve already made a ledger virtualenv, you’ll need to delete it first: - -`/ledger-app-tezos$ rm -rf ledger` - -Another alternative is to create future virtualenvs with a different name, such as ledger1. diff --git a/README.md b/README.md index 8692f551..9a28a58a 100644 --- a/README.md +++ b/README.md @@ -2,142 +2,23 @@ ## Investigation -### Building - -Use the docker container `ledger-app-dev-tools` to access to the SDK - -``` -docker run --rm -ti -v $(pwd):/app ghcr.io/ledgerhq/ledger-app-builder/ledger-app-dev-tools:latest -``` - -Then build the baking app: - -``` -BOLOS_SDK=$NANOS_SDK make -``` - -You can replace `NANOS` with `NANOSP`, `NANOX`, `STAX` for the other devices. ## Overview -Whether you're baking or just trading XTZ, you want to store your keys securely. -This is what a "hardware wallet" like the -[Ledger Nano S/X](https://www.ledgerwallet.com/products) is for. -Your private keys never leave the device, and it performs the signing -operations. To use a Ledger Nano device with [Tezos](https://www.tezos.com/), you need to -load Tezos-specific software onto it. - -The term "hardware wallet" can refer to several devices that store your private -keys in a secure way. The term "wallet" refers to the fact that it stores your -"money" -- in the case of Tezos, it stores your tez. Remember, storing your -tokens means storing the private keys that control your tokens. But the wallet -also has other uses, including an application that helps you securely and easily -interact with the network, including creating Tezos transactions and baking -blocks. - -This repository contains two Ledger Nano applications: +This repository contains Ledger application to support baking on Tezos blockchain: 1. The "Tezos Baking" application (Nano S only) is for baking: signing new blocks and endorsements. For more information about baking, see *[Benefits and Risks of Home Baking](https://medium.com/@tezos_91823/benefits-and-risks-of-home-baking-a631c9ca745)*. -2. The "Tezos Wallet" application (Nano S and X) is for making XTZ transactions, originating contracts, delegation, and voting. Basically everything you might want to use the Ledger Nano S/X for on Tezos besides baking. It is possible to do all of these things without a hardware wallet, but using a hardware wallet provides you better security against key theft. -This documentation was originally written when there was no GUI support, so everything is -tailored towards the command line. We recommend you read this entire -document to understand the commands available, and which commands are -most appropriate to your situation. This will require judgment on how -best to meet your needs, and this document will also provide context to -help you understand that. - -This document is not a comprehensive guide to setting up Tezos -software. While it covers some aspects of setting up and installing -Tezos nodes and clients, especially as it interacts with the Ledger Nano S/X, -you should familiarize yourself with the [Tezos Documentation](https://tezos.gitlab.io/master/) and community resources such as Tezos Community's guide on [building a node](https://github.com/tezoscommunity/FAQ/blob/master/Compile_Mainnet.md). If you have questions, please ask them on the [Tezos Stack Exchange](https://tezos.stackexchange.com/). - -This document is also not a guide on how to use Linux. It assumes you -know how to install and configure a Linux system to your general needs, -use the command line, or configure GitHub access. Occasionally, it will -recommend things like editing a script to match your configuration. -Learning how to run commands on Linux, edit scripts, or configure your -user accounts to enable groups, is outside the scope of this document, -but resources for all of those things are available on the Internet. - -The commands in these instructions have only been tested on Linux. If -you use any form of virtualization, e.g. docker or VirtualBox, please -consult the documentation of that virtualization system to determine -how to access USB from inside the virtualization, as that can be a -complicated and difficult process. - -The commands in this document have been tested as is, and have the correct -privileges. If you find yourself using `sudo` to run commands that are not -listed as requiring `sudo`, that likely indicates a problem with your -configuration, most often the `udev` configuration. Using `sudo` for commands -that should not require it can create security vulnerabilities and corrupt -your configuration. ## Hacking See [CONTRIBUTING.md](CONTRIBUTING.md) -## Set up your Ledger device - -Tezos recommends two hardware wallets: Ledger Nano S and Ledger Nano X. When you first get a device and set it up, part of the setup process is generating a keypair. The keypair -will be associated with a rather long seed phrase that you must write down and -keep securely. We'll discuss that seed phrase more below. You also set a PIN -code that allows you to unlock the device so that it will sign messages. You can -then install the Tezos application to use the Ledger device to interact directly with the -Tezos network (see more about this in the application instructions, forthcoming). -However, your Ledger device will ask for confirmation before it sends your keys to sign -transactions or blocks, and you must confirm by physically pushing a button on -the device, and that provides some security against an attacker taking control -over your keys. - -### Protecting your key - -The seed phrase is an encoding of your private key itself and can be used to -restore your key. If you lose your Ledger device or destroy it somehow, you can buy a -new one and set it up with the seed phrase from your old one, hence restoring -your tokens. - -Consequently, it is extremely important that you keep your seed phrase written -down somewhere safe. Losing it can mean you lose control of your account should -you, for example, lose your Ledger device. Keeping it somewhere a hacker could find it -(such as in a file on your internet-connected computer) means your private key -can fall into the wrong hands. - -You will write it down on paper, along with your PIN, and store it. If you will -have a large amount of money, consider putting your paper in a safe or safe -deposit box, but at the very least keep it away from places where children, -dogs, housekeepers, or obnoxious neighbors could inadvertently destroy it. - -### Protecting Your Key -- Further Advanced Reading - -More advanced techniques for those interested in even more layers of security -or plausible deniability features should look at -[Ledger's documentation on this](https://support.ledgerwallet.com/hc/en-us/articles/115005214529-Advanced-Passphrase-options). - -Note that Ledger devices with different seeds will appear to `tezos-client` to be -different hardware wallets. Note also that it can change what key is authorized in -Tezos Baking. When using these features in a Ledger device used for baking, -please exit and re-start Tezos Baking right before baking is supposed to -happen, and manually verify that it displays the key you expect to bake for. - -Tezos Wallet does not require such extra steps, and so these extra -protections are more appropriate for keys used for transaction than -they are for keys used for baking. If you do use these features, one -technique is that your tez be stored in the passphrase-protected and -deniable account, and that you delegate them to a baking account. This -way, the baking account won't actually store the vast majority of the tez. - -### Ledger device firmware update - -To use these apps, you must be sure to have [up-to-date -firmware](https://support.ledgerwallet.com/hc/en-us/articles/360002731113) -on the Ledger device. This code was tested with version -1.6.0. Please use [Ledger Live](https://www.ledger.com/pages/ledger-live) to do this. ### udev rules (Linux only) @@ -182,112 +63,58 @@ take effect. ## Installing the Applications with Ledger Live The easiest way to obtain and install the Tezos Ledger apps is to download them -from [Ledger Live](https://www.ledger.com/pages/ledger-live). Tezos Wallet is readily available -in Ledger Live's Manager. To download Tezos Baking, you'll need to enable 'Developer Mode' in Settings. +from [Ledger Live](https://www.ledger.com/pages/ledger-live). Tezos Baking is available when you enable 'Developer Mode' in Settings. -If you've used Ledger Live for application installation, you can skip ahead to [Registering the Ledger Device with the node](#registering-the-ledger-device-with-the-node). +If you've used Ledger Live for application installation, you can skip the following section. ## Obtaining the Applications without Ledger Live -If you are using the [Nix package manager](https://nixos.org/nix/), you can skip -this section and the next one; go directly to the -[nix directory](nix/) -for simpler Nix-based installation, where documentation is in [CONTRIBUTING.md](CONTRIBUTING.md). -Then return to this document and continue reading at *Registering the Ledger Nano S with the node* - -The second easiest way to obtain both applications (after Ledger Live) is to download `.hex` files -from the [releases](https://github.com/obsidiansystems/ledger-app-tezos/releases) -page of this repo. After doing so, skip ahead to *[Installing the apps onto your Ledger device without Ledger Live](#installing-the-apps-onto-your-ledger-device-without-ledger-live)*. -You will need to expand the releases tarball somewhere and copy the -baking.hex and wallet.hex files into the ledger-app-tezos directory. -If you want to compile the applications yourself, keep reading this section. +Download the source code for application from github repository [App-tezos-baking](https://github.com/LedgerHQ/app-tezos). -### Compiling the `.hex` files - -The first thing you'll need to do is clone this repository: +### Building ``` -$ git clone https://github.com/obsidiansystems/ledger-app-tezos.git +$ git clone https://github.com/LedgerHQ/app-tezos.git +$ cd app-tezos ``` - -You will need to have the -[BOLOS SDK](http://ledger.readthedocs.io/en/latest/userspace/getting_started.html) -to use the Makefile, which can be cloned from Ledger's -[nanos-secure-sdk](https://github.com/LedgerHQ/nanos-secure-sdk) git repository. -You will also need to download two compilers for use with the SDK. -Note that these are specialized compilers to cross-compile for the ARM-based -platform of the Ledger device; please don't use the versions of `clang` and `gcc` that -come with your system. - - * [CLANG](http://releases.llvm.org/4.0.0/clang+llvm-4.0.0-x86_64-linux-gnu-ubuntu-16.10.tar.xz) - * [GCC](https://launchpadlibrarian.net/251687888/gcc-arm-none-eabi-5_3-2016q1-20160330-linux.tar.bz2) - -All of the environment setup can be accomplished with the following commands. - -Obtain the BOLOS SDK and the compilers it needs: +Then run the following command to enter into docker container provided by Ledger. You will need to have docker cli installed. +Use the docker container `ledger-app-dev-tools` provided by Ledger to build the app. ``` -$ git clone https://github.com/LedgerHQ/nanos-secure-sdk -$ wget -O clang.tar.xz http://releases.llvm.org/4.0.0/clang+llvm-4.0.0-x86_64-linux-gnu-ubuntu-16.10.tar.xz -$ wget -O gcc.tar.bz2 https://launchpadlibrarian.net/251687888/gcc-arm-none-eabi-5_3-2016q1-20160330-linux.tar.bz2 +docker run --rm -ti -v $(pwd):/app ghcr.io/ledgerhq/ledger-app-builder/ledger-app-dev-tools:latest ``` - -Unzip the compilers and move them to appropriately-named directories: +Then build the baking app inside the docker container shell as follows : ``` -$ mkdir bolos_env -$ tar -xJf clang.tar.xz --directory bolos_env -$ mv bolos_env/clang+llvm-4.0.0-x86_64-linux-gnu-ubuntu-16.10 bolos_env/clang-arm-fropi -$ tar -xjf gcc.tar.bz2 --directory bolos_env -``` - -Set environment variables: - -``` -$ export BOLOS_SDK=$PWD/nanos-secure-sdk -$ export BOLOS_ENV=$PWD/bolos_env +BOLOS_SDK=$NANOS_SDK make ``` - -To build the Tezos Wallet app: - +To enable debugging and log output, use ``` -$ APP=tezos_wallet make -$ mv bin/app.hex wallet.hex +BOLOS_SDK=$NANOS_SDK make DEBUG=1 ``` -If this results in an error message that includes this line (possibly repeatedly): +You can replace `NANOS` with `NANOSP`, `NANOX`, `STAX` for the other devices in BOLOS_SDK environmental variable. +### Testing +To test the application you need to enable python virtual environment and some dependencies. On any operating system, create a python virtual environment and activate it. ``` -#include +$ sudo apt-get update && sudo apt-get install -y qemu-user-static tesseract-ocr libtesseract-dev python3-pip libgmp-dev libsodium-dev git +$ python3 -m venv env +$ source env/bin/activate ``` -you may need to run: - +Inside the virtualenv, load the requirements.txt file. ``` -$ sudo apt-get install libc6-dev gcc-multilib g++-multilib +(env)$ pip install -r test/python/requirements.txt ``` -and then re-run the `make` command. - -Note that if you build *both* apps, you need to run `make clean` before building -the second one. So, to build both apps run: - +Now you can run ragger tests for any perticular ledger device. Please make sure you have built the app.elf files for that perticular device first. Then run following command: ``` -$ APP=tezos_wallet make -$ mv bin/app.hex wallet.hex -$ make clean -$ APP=tezos_baking make -$ mv bin/app.hex baking.hex +(env)$ pytest test/python --device nanosp ``` +Replace nanosp with any of the following for respective device: nanos, nanosp, nanox , stax. -To build just the Tezos Baking App: - -``` -$ APP=tezos_baking make -$ mv bin/app.hex baking.hex -``` ### Installing the apps onto your Ledger device without Ledger Live -Manually installing the apps requires a command-line tool called the -[BOLOS Python Loader](https://ledger.readthedocs.io/projects/blue-loader-python/en/0.1.16/index.html). +Manually installing the apps requires a command-line tool called LedgerBlue ### Installing BOLOS Python Loader @@ -299,34 +126,12 @@ Ubuntu, you can do this with: ``` $ sudo apt-get install libusb-1.0.0-dev libudev-dev # Ubuntu example ``` - -Then, install `pip3`. You must install `pip3` for this and not `pip`. On Ubuntu: - -``` -$ sudo apt-get install python3-pip # Ubuntu example -``` - -Now, on any operating system, install `virtualenv` using `pip3`. It is important -to use `pip3` and not `pip` for this, as this module requires `python3` support. - -``` -$ sudo pip3 install virtualenv # Any OS -``` - -Then create a Python virtual environment (abbreviated *virtualenv*). You could -call it anything, but we shall call it "ledger". This will create a directory -called "ledger" containing the virtualenv: - -``` -$ virtualenv ledger # Any OS -``` - -Then, you must enter the `virtualenv`. If you do not successfully enter the `virtualenv`, +Then, you must enter the `env`. If you do not successfully enter the `env`, future commands will fail. You can tell you have entered the virtualenv when your prompt is -prefixed with `(ledger)`. +prefixed with `(ledger)`. Use the following command to enter `env`. ``` -$ source ledger/bin/activate +$ source env/bin/activate ``` Your terminal session -- and only that terminal session -- will now be in the @@ -337,18 +142,14 @@ virtual env. To have a new terminal session enter the virtualenv, run the above We can now install `ledgerblue`, which is a Python module designed originally for Ledger Blue, but also is needed for the Ledger Nano S/X. +``` +$ python3 -m pip install ledgerblue +``` -Although we do not yet support Ledger Blue, you must still install the following python package. -Within the virtualenv environment -- making sure that `(ledger)` is showing up -before your prompt -- use pip to install the `ledgerblue` [Python package](https://pypi.org/project/ledgerblue/). This will install the Ledger Python packages into the virtualenv; they will be available only in a shell where the virtualenv has been activated. -``` -$ pip install ledgerblue -``` - If you have to use `sudo` or `pip3` here, that is an indication that you have not correctly set up `virtualenv`. It will still work in such a situation, but please research other material on troubleshooting `virtualenv` setup. @@ -362,7 +163,7 @@ The Ledger device must be in the following state: * Plugged into your computer * Unlocked (enter your PIN) * On the home screen (do not have any application open) - * Not asleep (you should not see *vires in numeris* is scrolling across the + * Not asleep (you should not see Ledger screensaver across the screen) If you are already in an application or the Ledger device is asleep, your installation process @@ -373,12 +174,10 @@ as you continue. You may want to read the rest of these instructions before you begin installing, as you will need to confirm and verify a few things during the process. -Still within the virtualenv, run the `./install.sh` command included in the `release.tar.gz` -that you downloaded. - -This `./install.sh` script takes the path to an application directory. Two such directories -were included in the downloaded `release.tar.gz`. -Install both apps like this: `./install.sh wallet baking`. +Make sure you have built the appropriate device files by following the 'Building' section. We will be using the `app.apdu` and `app.elf` from `build/` directory. Here `` can take values nanos, nanos2 (for Nanosp), nanox and stax. +``` +$ python3 -m ledgerblue.runScript --scp --fileName build//bin/app.apdu --elfFile build//bin/app.elf +``` The first thing that should come up in your terminal is a message that looks like this: @@ -420,7 +219,7 @@ If you'd like to remove your app, you can do this. In the virtualenv described in the last sections, run this command: ``` -$ python -m ledgerblue.deleteApp --targetId 0x31100004 --appName 'Tezos Wallet' +$ python -m ledgerblue.deleteApp --targetId 0x31100004 --appName 'Tezos Baking' ``` Replace the `appName` parameter "Tezos" with whatever application name you used when you loaded the application onto the device. @@ -429,359 +228,7 @@ Then follow the prompts on the Ledger device screen. ### Confirming the Installation Worked -You should now have two apps, `Tezos Baking` and `Tezos Wallet`. The `Tezos -Baking` application should display a `0` on the screen, which is the highest block -level baked so far (`0` in case of no blocks). The `Tezos Wallet` application will just -display `Tezos`. - -## Registering the Ledger device with the node - -For the remainder of this document, we assume you have a Tezos node running and -`tezos-client` installed. Also, Docker has some issues working with the Ledger device, -so unless you're willing to troubleshoot them, we don't recommend it. - -Currently there are two other ways to do this: - - 1. If you have the Nix package manager, use the - [Tezos baking platform](https://gitlab.com/obsidian.systems/tezos-baking-platform). - 2. Build tezos from the tezos repo with [these instructions](http://tezos.gitlab.io/introduction/howtoget.html#build-from-sources). - -Depending on how you build it, you might need to prefix `./` to your commands, and the names -of some of the binaries might be different. - -### What is tezos-client - -We can call the network at large "Tezos." Tezos consists of a bunch of nodes, -one of which is yours. Your node can be thought of as your gateway to the wider -network. - -You can't do anything with the Ledger hardware wallet without using `tezos-client`. Tezos-client -is the program you use to access information about the network, -which you ultimately get through your node. See the -[command documentation](http://doc.tzalpha.net/api/cli-commands.html) -for the full array of features that tezos-client supports. - -In summary: - -* Tezos is the network -* We connect to the network through a node -* We access that node through tezos-client -* We store our client's keys on the Ledger device - -Note that `tezos-client` will not only not support certain commands unless the node is installed, -but the error messages for those commands will not even indicate that those commands are possible. -If a command documented here gives an `Unrecognized command` error, make sure you have a node -running. - -### Side note about key generation - -Every Ledger hardware wallet generates public and private keys for `ed25519`, `secp256k1`, or -`P-256` encryption systems based on a seed (represented by and encoded in -the words associated with that Ledger device) and a BIP32 ("hierarchical deterministic -wallet") path. - -The same seed and BIP32 path will always result in the same key for the same -systems. This means that, to keep your Bitcoin application from knowing your Tezos keys, -and vice versa, different BIP32 paths have to be used for the same Ledger device. This -also means that, in order to sync two Ledger devices, you can set them to the same -seed, represented as 24 or some other number of natural language words (English -by default). - -All Tezos BIP32 paths begin with `44'/1729'` (the `'` indicates it is -"hardened"). Which Ledger device is intended to be used, as well as choice of -encryption system, is indicated by a root key hash, the Tezos-specific base58 -encoding of the hash of the public key at `44'/1729'` on that Ledger device. Because -all Tezos paths start with this, in `tezos-client` commands it is implied. - -Beginning in Tezos Wallet V2.2.0, there is also support for a `ed25519-bip32` derivation -method, which was made available in V1.5.5 of the Nano firmware. The existing `ed25519` -operation was purposefully not changed to preserve backwards compatibility. If you do -nothing, expect no changes. However, it is recommended that all new accounts use the `bip25519` -command instead of the legacy `ed25519`. After it is imported, the address can be treated -the same as any other. - -### Importing the key from the Ledger device - -This section must be done regardless of whether you're going to be baking or -only using the Tezos Wallet application. - -Please run with a Tezos application open on your device (either Tezos Baking or Tezos Wallet will do): - -``` -$ tezos-client list connected ledgers -``` - -The output of this command includes four Tezos addresses derived from the secret -stored on the device, via different signing curves and BIP32 paths. - -``` -## Ledger `major-squirrel-thick-hedgehog` -Found a Tezos Wallet 2.1.0 (git-description: "091e74e9") application running -on Ledger Nano S at -[IOService:/AppleACPIPlatformExpert/PCI0@0/AppleACPIPCI/XHC1@14/XHC1@14000000/HS03@14300000/Nano -S@14300000/Nano S@0/IOUSBHostHIDDevice@14300000,0]. - -To use keys at BIP32 path m/44'/1729'/0'/0' (default Tezos key path), use one -of: - -tezos-client import secret key ledger_username "ledger://major-squirrel-thick-hedgehog/bip25519/0h/0h" -tezos-client import secret key ledger_username "ledger://major-squirrel-thick-hedgehog/ed25519/0h/0h" -tezos-client import secret key ledger_username "ledger://major-squirrel-thick-hedgehog/secp256k1/0h/0h" -tezos-client import secret key ledger_username "ledger://major-squirrel-thick-hedgehog/P-256/0h/0h" - -``` - -These show you how to import keys with a specific signing curve (e.g. `bip25519`) and derivation path (e.g. `/0'/0'`). The -animal-based name (e.g. `major-squirrel-thick-hedgehog`) is a unique identifier for your -Ledger device enabling the client to distinguish different Ledger devices. This is combined with -a derivation path (e.g. `/0'/0'`) to indicate one of the possible keys on the Ledger device. Your *root* key is the full identifier without the derivation path (e.g. `major-squirrel-thick-hedgehog/bip25519` by itself) but you should not use the root key directly\*. - -\* *NOTE:* If you have used your root key in the past and need to import it, you can do so by simply running one of the commands but without the last derivation portion. From the example above, you would import your root key by running `tezos-client import secret key ledger_user "ledger://major-squirrel-thick-hedgehog/bip25519"`. You should avoid using your root key. - -The Ledger device does not currently support non-hardened path components. All -components of all paths must be hardened, which is indicated by following them -with a `'` character. This character may need to be escaped from the shell -through backslashes `\` or double-quotes `"`. - -You'll need to choose one of the four commands starting with -`tezos-client import secret key ...` to run. `bip25519` is the standard recommended curve. - -The BIP32 path is the part that in the example commands read `0'/0'`. You -can change it, but if you do (and even if you don't), be sure to write -down. You need the full address to use your tez. This means that if you -lose all your devices and need to set everything up again, you will need -three things: - - 1. The mnemonic phrase -- this is the phrase from your Ledger device itself when you set it up, not the animal mnemonic you see on the command line. They are different. - 2. Which signing curve you chose - 3. The BIP32 path, if you used one - -The `tezos-client import secret key` operation copies only the public key; it -says "import secret key" to indicate that the Ledger hardware wallet's secret key will be -considered available for signing from them on, but it does not leave the Ledger device. - -This sends a BIP32 path to the device. You then need to click a button on the -Ledger device and it sends the public key back to the computer. - -After you perform this step, if you run the `list known addresses` command, you -should see the key you chose in the list: - -``` -3$ tezos-client list known addresses -ledger_<...>_ed_0_0: tz1ccbGmKKwucwfCr846deZxGeDhiaTykGgK (ledger sk known) -``` - -We recommend reading as much as possible about BIP32 to ensure you fully understand -this. - -## Using the Tezos Wallet application (Nano S and X) - -This application and the Tezos Baking Application constitute complementary apps -for different use cases -- which could be on paired devices and therefore use -the same key, or which could also be used in different scenarios for different -accounts. Baking is rejected by this app. The Tezos Wallet Application is available -on the Nano S (all versions) and the Nano X (V2.0.1 and later) - -The "provide address" command on the Tezos Wallet application shows the address -the first time the command is run for any given session. Subsequently, it -provides the address without prompting. To display addresses again, exit the -Wallet Application and restart it. This is again provided for testing/initial -set up purposes. - -The sign command for the Wallet Application prompts every time for transactions -and other "unsafe" operations, with the generic prompt saying "Sign?" We hope to -eventually display more transaction details along with this. When block headers -and endorsements are sent to the Ledger device, they are rejected silently as if the -user rejected them. - -### Faucet (test networks only) - -On the Tezos test networks, you will need to use the [Tezos Faucet](https://faucet.tzalpha.net/) -to obtain some tez. Tell them you're not a robot, then click "Get alphanet tz." -It works on zeronet and babylonnet (even though the URL says "alpha"). - -Run the following command, where `` is some alias you want to use for -this wallet, and `tz1<...>.json` is the name of the file you just downloaded -from the faucet. - -``` -$ tezos-client activate account with ~/downloads/tz1<...>.json -Node is bootstrapped, ready for injecting operations. -Operation successfully injected in the node. -Operation hash is 'onxJStKxK1oMPgGskkzc2gDBDyKeQ7CbBYTrcK4TMMySvKZq6vF'. -Waiting for the operation to be included... -Operation found in block: BMRjW94ge499sCPAMUTvrp3ku2UjWy9kB2LsjtuJhL1bkcQ85Ny (pass: 2, offset: 0) -This sequence of operations was run: - Genesis account activation: - Account: tz1Vntj2aVpqcQEeHq2CEmNrSGw8finvbFcX - Balance updates: - tz1Vntj2aVpqcQEeHq2CEmNrSGw8finvbFcX ... +ꜩ66835.212314 - -Account (tz1Vntj2aVpqcQEeHq2CEmNrSGw8finvbFcX) activated with ꜩ66835.212314. -``` - -You can then check your account balance like this: - -``` -$ tezos-client get balance for -66835.212314 ꜩ -``` - -### Transfer - -Now transfer the balance to the account whose key resides on your Ledger device: - -``` -$ tezos-client transfer 66000 from chris-martin2 to ledger_<...>_ed_0_0 -``` - -### Further transaction details - -In general, to send tez, you'll need to: - - * Have a node running - * Open the Tezos Wallet application on your hardware wallet - * Know the alias of your account or its public key hash - * Know the public key hash of the account you are sending tez to - -The command you run has the form: - -``` -tezos-client transfer QTY from SRC to DST -``` - - * `QTY` is the amount of tez. It's best to not include commas and to include 6 - decimal points (ie. 1000000.000000). If you'd prefer to include commas, you can: - `1,000,000.000,000`. - * `SRC` is the source, or where the money is coming from. This should be your - alias or public key has. - * `DST` is the destination, or where the money is going. You should use the - public key hash, as your computer likely doesn't know any aliases for that - account. - -Some options which you can consider: - - * `--fee ` - The fee defaults to 0.05 tez. If you'd like to select - another amount, either because you think that's too high or the network is - crowded and a higher fee is needed to ensure it goes through, you can - include this with the amount of fee you want to pay (ie. `--fee 0.05` for - the default). - * `-D` or `--dry-run` - Use this if you just want to display what would happen - and not actually do the transaction. - * `-G` or `--gas-limit` - This sets the gas limit of the transaction instead. - -There are other options which you can read up about more in the docs, but these -are the main ones you'd potentially want to use when just sending tez to -someone. - -### Delegation - -If you want to delegate tez controlled by an account on the Ledger device to another account to bake, that requires the Wallet App. This is distinct from registering the Ledger device -account itself to bake, which is also called "delegation," and which is covered -in the section on the baking application below. - -#### since Babylon protocol upgrade (005) - -Since Babylon protocol upgrade, it is now possible to delegate directly from -an implicit account without creating an originated account. - -``` -$ tezos-client set delegate for to -``` - - * `SRC` is the implicit account that you want to delegate from - * `DELEGATE` is the baker that you want to delegate to - -#### pre-Babylon - -To delegate tez controlled by a Ledger device to someone else, -you must first originate an account. Please read more -about this in the Tezos documentation, [How to use Tezos](https://tezos.gitlab.io/master/introduction/howtouse.html), to -understand why this is necessary and the semantics of delegation. - -To originate an account, the command is: -``` -$ tezos-client originate account for transferring from --delegatable -``` - - * `NEW` is the alias you will now give to the originated account. Only originated accounts can - be delegated, and even then only if originated with this `--delegatable` flag. - * `MGR` is the name of the key you will use to manage the account. If you want to manage it - with a Ledger device, it should be an existing imported key from the Ledger hardware wallet. - * `QTY` is the initial amount of tez to give to the originated account. - * `SRC` is the account where you'll be getting the tez from. - -Subsequently, every transaction made with `` will require the Ledger hardware wallet mentioned in `` -to sign it. This is done with the wallet application, and includes setting a delegate with: - -``` -$ tezos-client set delegate for to -``` - -Originated accounts have names beginning with `KT1` rather than `tz1`, `tz2` or `tz3`. - -### Signing Michelson -The wallet app allows you to sign packed Michelson values. This can be useful when interacting with a Michelson contract that -uses `PACK` and `CHECK_SIGNATURE` (multisig contracts use this functionality). - -Here is an example: -``` -tezos-client hash data '"hello world!"' of type string -tezos-client sign bytes for -``` -The ledger will prompt with `Unrecognized Michelson: Sign Hash` and the hash of the data - -### Proposals and Voting - -To submit (or upvote) a proposal during the Proposal Period, open the Wallet application on your ledger and run - -``` -$ tezos-client submit proposals for -``` - -The Wallet application will then ask you to confirm the various details of the proposal submission. - -**Note:** While `tezos-client` will let you submit multiple proposals at once with this command, submitting more than one will cause the Wallet application to show "Sign Hash" instead of showing each field of each proposal for your confirmation. Signing an operation that you can't confirm is not safe and it is highly recommended that you simply submit each proposal one at a time so you can properly confirm the fields on the ledger device. To manually confirm the hash, refer to [Manually Confirming Operation Hashes](#Manually-Confirming-Operation-Hashes). - -Voting for a proposal during the Exploration or Promotion Vote Period also requires that you have the Wallet application open. You can then run - -``` -$ tezos-client submit ballot for -``` - -The Wallet application will ask you to confirm the details of your vote. - -Keep in mind that only registered delegate accounts can submit proposals and vote. Each account can submit up to 20 proposals per proposal period and vote only once per voting period. For a more detailed post on participating during each phase of the amendment process, see this [Medium post](https://medium.com/@obsidian.systems/voting-on-tezos-with-your-ledger-nano-s-8d75f8c1f076). For a full description of how voting works, refer to the [Tezos documentation](https://gitlab.com/tezos/tezos/blob/master/docs/whitedoc/voting.rst). - -### Manually Confirming Operation Hashes - -Many operations are too large or complex for Tezos Wallet to show you enough detail on the device that you could safely confirm it. For example, it is possible to create an operation that includes hundreds of transactions. It is not feasible to confirm all of them on a tiny device screen. For any operation that Tezos Wallet can't easily confirm via screen prompts, it will instead show you the "Sign Hash" prompt. This shows you a *hash* of the entire operation that you should cross-check with another source. `tezos-client` will show you this hash if you ask it to run the operation with `--verbose-signing`. This will include additional output like the following: - -``` -Pre-signature information (verbose signing): - * Branch: BMRELbkCkHvCAr2vZfavjYUKXLbKrGvX6oN3qNEDKPjp8aJHqRm - * Watermark: `Generic-operation` (0x03) - * Operation bytes: - e0ac9e16f0005865f71bcf039d10ec2bb8d604210c9139968949f64ea5c9d1320500aed01 - 1841ffbb0bcc3b51c80f2b6c333a1be3df00000000000000040ab22e46e7872aa13e366e4 - 55bb4f5dbede856ab0864e1da7e122554579ee71f876cd995a324193bbe09ac2d5c53f69f - 93778f8d608f1fea885f9b53e0abdb6e4 - * Blake 2B Hash (raw): Hnw7wQsfv8fvMUejXNJ31NauapEtzLZg859JwqNUEDEE - * Blake 2B Hash (ledger-style, with operation watermark): - C5Qkk9tTwaUbhnrN29JpXSmsYCEi1uhM8rSsentBwmbN - * JSON encoding: - { "branch": "BMRELbkCkHvCAr2vZfavjYUKXLbKrGvX6oN3qNEDKPjp8aJHqRm", - "contents": - [ { "kind": "proposals", - "source": "tz1baMXLyDZ7nx7v96P2mEwM9U5Rhj5xJUnJ", "period": 0, - "proposals": - [ "Pt24m4xiPbLDhVgVfABUjirbmda3yohdN82Sp9FeuAXJ4eV9otd", - "Psd1ynUBhMZAeajwcZJAeq5NrxorM6UCU4GJqxZ7Bx2e9vUWB6z" ] } ] } -``` - -Here, the hash under `Blake 2B Hash (ledger-style, with operation watermark)` is `C5Qkk9tTwaUbhnrN29JpXSmsYCEi1uhM8rSsentBwmbN` and should match the hash on the Ledger screen. - -To be truly confident in the correctness of this operation, run the same operation multiple times from different places. `tezos-client` has two options to help with this: `--dry-run` which skips the last step of injecting the operation into the chain, and `--block ` to pin an operation to a specific block. +You should now have `Tezos Baking` app installed on the device. The `Tezos Baking` application should display a `0` under screen on the screen ,`Highest Watermark` which is the highest block level baked so far (`0` in case of no blocks). ## Using the Tezos Baking Application (Nano S only) @@ -805,27 +252,61 @@ afford to have your baker offline temporarily, then switching to the Tezos Wallet application on the same Ledger device should suffice. -### Start the baking daemon +### Setup Ledger with Tezos client +To connect ledger with Tezos client, you need to download [Tezos](https://www.gitlab.com/tezos/tezos). +You need to have nix installed on your system. Build tezos with following commands: ``` -$ tezos-baker-005-PsBabyM1 run with local node ~/.tezos-node ledger_<...>_ed_0_0 +$ git clone https://gitlab.com/tezos/tezos.git +$ cd tezos +$ nix-shell -j auto +$ make ``` +This will build the latest version of tezos repo. +Now connect the ledger device to USB port of your computer and run following command: +``` +$ ./octez-client list connected ledgger +``` +It will given output as follows: +``` +## Ledger `masculine-pig-stupendous-dugong` +Found a Tezos Baking 2.4.7 (git-description: "v2.4.7-70-g3195b4d2") +application running on Ledger Nano S Plus at [1-1.4.6:1.0]. -This won't actually be able to bake successfully yet until you run the rest of -these setup steps. This will run indefinitely, so you might want to do it in -a dedicated terminal or in a `tmux` or `screen` session. - -You will also want to start the endorser and accuser daemons: +To use keys at BIP32 path m/44'/1729'/0'/0' (default Tezos key path), use one +of: + octez-client import secret key ledger_username "ledger://masculine-pig-stupendous-dugong/ed25519/0h/0h" + octez-client import secret key ledger_username "ledger://masculine-pig-stupendous-dugong/secp256k1/0h/0h" + octez-client import secret key ledger_username "ledger://masculine-pig-stupendous-dugong/P-256/0h/0h" + octez-client import secret key ledger_username "ledger://masculine-pig-stupendous-dugong/bip25519/0h/0h" +``` +Here the last four lines give information about the available keys you can use to sign blocks/attestations etc. in baking. The names in front of ledger:// are generated randomly and represent a unique path to key derivations in ledger. Choose one of the keys listed above as follows: +``` +$ ./octez-client import secret key ledger_username "ledger://masculine-pig-stupendous-dugong/bip25519/0h/0h" +``` +Here we have chosen the last key type bip25519. You can choose any one of the available keys. +You can verify that you have successfully setup ledger with following command: +``` +$ ./octez-client list known addresses +``` +It will show output as follows: ``` -$ tezos-endorser-005-PsBabyM1 run ledger_<...>_ed_0_0 -$ tezos-accuser-005-PsBabyM1 run +ledger_<...>: tz1N4GQ8gYgMdq6gUsja783KJButHUHn5K7z (ledger sk known) ``` +You can use the address ledger_<...> for further commands to setup the baking operations with Ledger. -Again, each of these will run indefinitely, and each should be in its own terminal -`tmux`, or `screen` window. +### Setup Node and baker -*Note*: The binaries shown above all correspond to current Tezos mainnet protocol. When the Tezos protocol upgrades, the binaries shown above will update to, for instance, `tezos-baker-006-********`. +It is recommended to practice baking on tezos testnet before you acutally start baking on mainnet with real money. You can get more information +about baking on testnet at [Baking-setup-Tutorial](https://docs.tezos.com/tutorials/join-dal-baker). +Here we only give information about changes you have to make in above tutorial to bake with Ledger instead of an auto generated key. + +In the tutorial skip the command `octez-client gen keys my_baker` and instead use the ledger_<...> in place of my_baker. +Use the following command to store your address in environmental variable `MY_BAKER` +``` +$ MY_BAKER="$(./octez-client show address ledger_<...> | head -n 1 | cut -d ' ' -f 2)" +``` ### Setup ledger device to bake and endorse @@ -839,7 +320,7 @@ time. In order to authorize a public key for baking, use the APDU for setting up the ledger device to bake: ``` - $ tezos-client setup ledger to bake for + $ octez-client setup ledger to bake for ledger_<...> ``` This only authorizes the key for baking on the Ledger device, but does @@ -859,12 +340,17 @@ delegate to itself. Open the Tezos Baking Application on the device, and then run this: ``` -$ tezos-client register key as delegate +$ octez-client register key ledger_<...> as delegate ``` This command is intended to inform the blockchain itself of your intention to -bake with this key. It can be signed with either Tezos Wallet or Tezos Baking, however -Tezos Baking can only sign self-delegations. +bake with this key. + +### Stake tez to get baking rights +Currently baking app does not support signing transactions. You need to stake certain amount of tez to get baking rights. Install Tezos wallet app on the same ledger device and run following command. No setup is needed as we have already setup the address from which we are deducting the amount. +``` +$ octez-client stake ledger_<...> +``` ### Sign @@ -893,6 +379,10 @@ signing. Tezos Baking will only ever sign without prompting or reject an attempt at signing; this operation is designed to be used unsupervised. As mentioned, the only exception to this is self-delegation. +### Security during baking + +The Tezos-Baking app needs to be kept open during baking and ledger is unlocked during that time. To prevent screen burn, the baking app goes into blank screen when it starts signing blocks/attestation as baker. But the app remains unlocked. One can not sign any transaction operation using baking app, therefore there is no need of any concern. But to exit the baking app, one needs to enter PIN. This restriction is in place to avoid misuse of physical ledger device when its kept unattended during baking process. + ### Reset High Watermark When updating the version of Tezos Baking you are using or if you are switching baking to @@ -901,7 +391,7 @@ This can be accomplished with the reset command. The following command requires confirmation from the user: ``` -$ tezos-client set ledger high watermark for "ledger:///" to +$ octez-client set ledger high watermark for "ledger:///" to ``` `` indicates the new high watermark to reset to. Both the main and test chain HWMs will be @@ -910,7 +400,7 @@ simultaneously changed to this value. If you would like to know the current high watermark of the ledger device, you can run: ``` -$ tezos-client get ledger high watermark for "ledger:///" +$ octez-client get ledger high watermark for "ledger:///" ``` While the ledger device's UI displays the HWM of the main chain it is signing on, it will not @@ -923,7 +413,7 @@ When you want to upgrade to a new version, whether you built it yourself from so or whether it's a new release of the `app.hex` files, use the same commands as you did to originally install it. As the keys are generated from the device's seeds and the derivation paths, you will have the same keys with every version of this Ledger hardware wallet app, -so there is no need to re-import the keys with `tezos-client`. +so there is no need to re-import the keys with `octez-client`. You may need to run command `octez-client setup ledger to bake for ...` again as HWM and chain information would be erased after reinstalling the app. ### Special Upgrading Considerations for Bakers @@ -933,43 +423,26 @@ this command to remind the hardware wallet what key you intend to authorize for also set the HWM: ``` -$ tezos-client setup ledger to bake for --main-hwm +$ octez-client setup ledger to bake for ledger_<...> --main-hwm ``` Alternatively, you can also set the High Watermark to the level of the most recently baked block with a separate command: ``` -$ tezos-client set ledger high watermark for "ledger:///" to +$ octez-client set ledger high watermark for "ledger:///" to ``` The latter will require the correct URL for the Ledger device acquired from: ``` -$ tezos-client list connected ledgers +$ octez-client list connected ledgers ``` ## Troubleshooting ### Display Debug Logs -If you are worried about bugs, you should configure your system to display debug logs. Add the -following line to `~/.bashrc` and to `~/.bash_profile`, or set the equivalent environment -variable in whatever system you use to launch your daemons: - -``` -export TEZOS_LOG="client.signer.ledger -> debug" -``` - -If you have a bug report, it is far more likely we'll be able to fix it if you include the -entire output of the transaction, including debug messages enabled by that command above. -Please copy and paste the entire run of the command (for `tezos-client`) or everything -involving the failed block level and the previous one (for baking); if you need to anonymize -the PKH then please do so by using `XXX` or similar rather than by removing those entire lines. -We need as much context as possible to help troubleshoot. - -`script` is also a useful command for logging all the output of a long-running process. -If you run `script ` it opens a new shell where everything output and typed -is also output to that file, giving you a transcript of your terminal session. +To debug the application you need to compile the application with `DEBUG=1` ### Importing a Fundraiser Account to a Ledger Device @@ -978,7 +451,7 @@ You currently cannot directly import a fundraiser account to the Ledger device. ### Two Ledger Devices at the Same Time Two Ledger devices with the same seed should not ever be plugged in at the same time. This confuses -`tezos-client` and other client programs. Instead, you should plug only one of a set of paired +`octez-client` and other client programs. Instead, you should plug only one of a set of paired ledgers at a time. Two Ledger devices of different seeds are fine and are fully supported, and the computer will automatically determine which one to send information to. @@ -990,7 +463,7 @@ computer for wallet transactions. ### unexpected seq num ``` -$ client/bin/tezos-client list connected ledgers +$ octez-client list connected ledgers Fatal error: Header.check: unexpected seq num ``` @@ -999,7 +472,7 @@ This means you do not have the Tezos application open on your device. ### No device found ``` -$ tezos-client list connected ledgers +$ octez-client list connected ledgers No device found. Make sure a Ledger device is connected and in the Tezos Wallet app. ``` @@ -1009,36 +482,22 @@ mean that your udev rules are not set up correctly. ### Unrecognized command -If you see an `Unrecognized command` error, it might be because there is no node for `tezos-client` +If you see an `Unrecognized command` error, it might be because there is no node for `octez-client` to connect to. Please ensure that you are running a node. `ps aux | grep tezos-node` should display the process information for the current node. If it displays nothing, or just displays a `grep` command, then there is no node running on your machine. -### Ledger Application Crashes - -If the Ledger application crashes when you load it, there are two primary causes: - - * Quitting the `tezos-client` process before the device responds. Even if you meant to cancel - the operation in question, cancel it from the device before pressing Ctrl-C, otherwise you - might have to restart the Ledger device. - * Out of date firmware: If the Ledger application doesn't work at all, make sure you are running firmware - version 1.6.0. - -### Tezos Baking: Screen does blank and the device no longer responds to requests - -On Ledger firmware 1.6.0 with the default MCU firmware, the device's screen can go blank while running Tezos Baking and the device may stop responding to requests. This is due to an issue in the device's MCU firmware. Please upgrade it using this tool, distributed by Ledger - https://ledger-live-tools.now.sh/mcu-repair. You will need to use a browser with webHID, such as Chrome. After a successful upgrade, the device's MCU firmware should report as 1.12. - ### Error "Unexpected sequence number (expected 0, got 191)" on macOS -If `tezos-client` on macOS intermittently fails with an error that looks like +If `octez-client` on macOS intermittently fails with an error that looks like ``` client.signer.ledger: APDU level error: Unexpected sequence number (expected 0, got 191) ``` -then your installation of `tezos-client` was built with an older version of HIDAPI that doesn't work well with macOS (see [#30](https://github.com/obsidiansystems/ledger-app-tezos/issues/30)). +then your installation of `octez-client` was built with an older version of HIDAPI that doesn't work well with macOS (see [#30](https://github.com/obsidiansystems/ledger-app-tezos/issues/30)). -To fix this you need to get the yet-unreleased fixes from the [HIDAPI library](https://github.com/signal11/hidapi) and rebuild `tezos-client`. +To fix this you need to get the yet-unreleased fixes from the [HIDAPI library](https://github.com/signal11/hidapi) and rebuild `octez-client`. If you got HIDAPI from Homebrew, you can update to the `master` branch of HIDAPI like this: @@ -1046,7 +505,7 @@ If you got HIDAPI from Homebrew, you can update to the `master` branch of HIDAPI $ brew install hidapi --HEAD ``` -Then start a full rebuild of `tezos-client` with HIDAPI's `master` branch: +Then start a full rebuild of `octez-client` with HIDAPI's `master` branch: ```shell $ brew unlink hidapi # remove the current one @@ -1059,17 +518,15 @@ Finally, rebuild `ocaml-hidapi` with Tezos. In the `tezos` repository: ```shell $ opam reinstall hidapi $ make all build-test -$ ./tezos-client list connected ledgers # should now work consistently +$ ./octez-client list connected ledgers # should now work consistently ``` -Note that you may still see warnings similar to `Unexpected sequence number (expected 0, got 191)` even after this update. The reason is that there is a separate, more cosmetic, issue in `tezos-client` itself which has already been fixed but may not be in your branch yet (see the [merge request](https://gitlab.com/tezos/tezos/merge_requests/600)). +Note that you may still see warnings similar to `Unexpected sequence number (expected 0, got 191)` even after this update. The reason is that there is a separate, more cosmetic, issue in `octez-client` itself which has already been fixed but may not be in your branch yet (see the [merge request](https://gitlab.com/tezos/tezos/merge_requests/600)). ### Command Line Installations: "This app is not genuine" If you install a Ledger application, such as Tezos Wallet or Tezos Baking, outside of Ledger Live you will see the message "This app is not genuine" followed by an Indentifier when opening the app. This message is generated by the device firmware as a warning to the user whenever an application is installed outside Ledger Live. Ledger signs the applications available in Ledger Live to verify their authenticity, but the same applications available elsewhere, such as from this repo, are not signed by Ledger. As a result, the user is warned that the app is not "genuine", i.e. signed by Ledger. This helps protect users who may have accidentally downloaded an app from a malicious client without knowing it. Note that the application available from this repo's [releases page](https://github.com/obsidiansystems/ledger-app-tezos/releases/tag/v2.2.7) is otherwise no different from the one downloaded from Ledger Live. -## Contact Us -You can email us at tezos@obsidian.systems and request to join our Slack. -We have several channels about baking and one specifically for our Ledger applications. -You can ask questions and get answers from Obsidian staff or from the community. +## Feedback +To give feedback and report an error, create an issue on github repository [Trillitech-App-Tezos](https://github.com/trillitech/ledger-app-tezos-baking). diff --git a/Release-1.3.md b/Release-1.3.md deleted file mode 100644 index f4aacd01..00000000 --- a/Release-1.3.md +++ /dev/null @@ -1,173 +0,0 @@ -# Version 1.3 of the Tezos Wallet and Baking Applications for Ledger Nano S - -## Release Highlights - -### Ledger Nano S Wallet Application -- [x] Transactions now display with: source, destination, amount and fee -- [x] Delegations now display with: source, delegate, amount and fee -- [x] Account originations now display with: source, manager, fee, amount and delegation -- [x] Support for browser access through U2F - -In addition to the improved user experience, these changes are important security enablers, as it -can help a cautious user protect against a certain type of attack. There are also instances where the Ledger device will not display operation information listed above. See more details below. - -### Ledger Nano S Baking Application -- [x] High watermark feature extended to protect against double-endorsing as well as double-baking. - -## Ledger Nano S Wallet Application -- Release Details -### Operation Display -The new version of the Wallet App will display certain fields of most -transactions, delegations, and account origination in the prompt where -the user is asked to approve or reject the delegation. In addition to the -improved user experience, this is an important security improvement, as it -can help a cautious user protect against a certain type of attack. Without -this measure, an attacker with control over your computer can replace a -legitimate transaction with a falsified transaction, which could send -any amount of tez from any wallet on the Ledger hardware wallet (with any derivation -path) to the attacker, and the user would approve it thinking it was the -transaction they intended. The security benefit is only realized if the -user manually verifies the relevant fields. - -The fields are displayed in sequence, one after another. To verify all -the fields, you must wait for all of the fields to display in order. -The sequence is repeated 3 times, after which the app will default to -a rejection of the transaction. - -#### Transactions -* Source: -This is the account from which the tez are to be transferred. Because -the ledger embodies as many accounts as there are derivation paths, -it might be important to verify that the transaction originates from -the intended account. - -* Destination: -This is the account to which the tez are to be transferred. If this were -faked, the attacker could send to their own account instead. - -* Amount: -This is the amount of tez to be sent. If this were faked, an attacker -with a relationship with the recipient could cause more tez to be sent -than desired. - -* Fee: -This is the fee given to the baker of the block on which the transaction -will be included. If this were faked, a baker with a relationship to -the attacker could end up with the stolen tez, especially if the fee -were astronomical. - -#### Delegations -* Source: -This is which account is to be delegated. If this were faked, the attacker -could prevent the user from using a delegation service or registering -for delegation, or change the delegation on a different account to the -delegation service. - -* Delegate: -This is the address to which the user is delegating baking rights. If -this were faked, the attacker could substitute their own delegation -service for the intended one. We also indicate the distinction between -delegating and withdrawing delegation. - -* Fee: See above. - -#### Originations -* Source: -This is where the original funding of the originated account comes -from. If this were faked, an attacker could affect the allocation of -the user's tez between accounts. - -* Manager: -This is what key will be used to manage the originated account. If this -were faked, the attacker could set it to their own key, and gain control -over the new account and its tez. - -* Fee: See above. - -* Amount: -This is the amount that will be transferred into the new, originated -account. If this were faked, it could prevent the user from using the -new account as intended. - -* Delegation: -We display both whether the originated account is set up to allow -delegation, and which account it is originally set up to delegate to. If -it is set up to allow delegation but not set up with an initial delegate, -we display "Any" as the delegate. If it is set up to delegate but not -to change delegation, we display "Fixed Delegate" as the label for the -account. Any changes to the delegation settings on an originated account -could cause various inconveniences to the user, and potentially could -be useful in a sophisticated attack. - -### Unverified Operations - -Sometimes the wallet app will not be able to parse an operation, and -will prompt for an unverified signature. In this case, most users will -want to reject the operation. - -The wallet app may not capable of parsing the message because of -advanced features in it. In this case, it displays a special prompt: -"Unrecognized Operation, Sign Unverified?" This should not happen with -ordinary transactions and delegations, but may happen in the presence -of optional information like fields that will be sent to contracts or -smart contract originations. If you are not using these features, you -should reject the transaction. You should only approve it if you are -using these features, and are confident in your computer's security. -Among advanced features is included non-zero storage limits. This -is because storage limits can cost additional tez, and so we want -to make sure that users are not surprised by these additional costs. - -The wallet app also allows the signing of prehashed data, which it will -not be able to parse. In this situation, it will display "Pre-hashed -Operation, Sign Unverified?" You should not approve this transaction -unless you intentionally sent pre-hashed data to the ledger and are -confident in your computer's security. Pre-hashed data is not -exposed as a feature in `tezos-client`, and can only be sent -manually. Most users will never need to use this feature. - -### U2F Support - -The Wallet Application now supports U2F protocol, the standard method for enabling -browser access by 3rd party wallet providers for all tokens. Recent versions -of Ledger Nano S firmware (v1.4.1+) allow us to support browsers seamlessly without the need -to toggle it in settings; the app will automatically detect which protocol is -being used. - -#### APDU level error: Unexpected sequence number (expect 0, got 191) - -As a side effect of adding U2F support, users will see this error when sending operations -to the Wallet Application. There are two situations where this error will fire: - -* If you send an operation to the Tezos Wallet Application. `tezos-client` might interpret -the presence of U2F support as a sequence number error, but it will recover from this error -and successfully be able to communicate with the device over APDU protocol. In our experience, -the operation always succeeds despite this error. We intend to have the error message from `tezos-client` -adjusted to reflect the success of these operations. -* If you send an operation to the Ledger device and neither Tezos Application is open. -You'll be communicating with the ledger OS, not one of the Tezos Applications. - -## Baking Application -- Release Details -The new version of the Baking Application extends the concept of the high watermark to -endorsements as well as block headers, as a precaution against double -baking and double endorsing. No block header or endorsement will be signed at a lower block -level than a previous block or endorsement. Furthermore, only one block -and one endorsement is allowed at each level, and the block must come -before the endorsement. Both block headers and endorsements are -signed without prompting if they satisfy the high watermark requirement, -and rejected without prompting if they do not. - -This covers all legitimate operation of a baker in a single chain. -If a single baker has multiple endorsement slots at the same block -level, only one endorsement will actually need to be signed, and you -will receive the reward for all the endorsement slots at that level. - -As before, you may reset the high watermark with a reset command -(`tezos-client set ledger high watermark for to `), which -will prompt "Reset HWM" and the new value. Legitimate reasons to change the high -watermark include switching to a test network at a different block level or -restoring a baker after an attacker or software error caused a block to be signed -with too high a level. - -## Acknowledgements - -Thank you to everyone in the tezos-baking Slack channel, especially Tom -Knudsen and Tom Jack, for their testing and bug reports. diff --git a/WELCOME.md b/WELCOME.md deleted file mode 100644 index 6fb1d288..00000000 --- a/WELCOME.md +++ /dev/null @@ -1,91 +0,0 @@ -The Exciting World of Ledger C ------------------------------- - -Knowing C will help you in this adventure. But not as much as it should. There are some fun twists when it comes to Ledger C. Explore them below. Memorize them. There *will* be a quiz... - -### Exceptions - -C doesn't have them. So you don't have to think about bracketing, exception safety, RAII, try/catch, all that. - -Well not on the Ledger. You have exceptions! Which means you also have out-of-band code paths, and you now have to worry about exception safety. - -You can `THROW` a `uint16_t` like this `THROW(0x9000)`. - -Handling exceptions looks like this. - -```c -volatile int something = 0; -BEGIN_TRY { - TRY { - //do something; - } - CATCH(EXC_PARSE_ERROR) { - //do something on parse error - } - CATCH_OTHER(e) { - THROW(e); - } - FINALLY { } -} -END_TRY; -``` - -Exceptions that make it all the way to the top of the application are caught and returned as status codes from the APDU. - -#### Gotchas - - 1. If a variable will be accessed both outside and inside the `BEGIN_TRY`/`END_TRY` block it must be `volatile`. The compiler doesn't expect these shenanigans and will optimize incorrectly if you don't. - 2. Do not `return` in the `TRY` block. It will cause the Ledger to crash. Instead use a `volatile` variable to capture the result you want to `return` at the end. - 3. Don't try to leave out blocks like `CATCH_OTHER(e)` and `FINALLY`. I don't know if that will work right and it's not worth the risk. - -#### Implications - - 1. If you have some global state and an exception is thrown then, unless you do something about it, that global state will remain. That might be a *very bad thing*. As long as you use globals our way (see Globals Our Way) you should be safe. - - -### Globals Our Way - -`static const` globals are fine. `static` non-const are not fine for two reasons: - - 1. If you try to initialize them (which you would want to do!) then the app will crash. For example `static int my_bool = 3;` crashes whenever you try to read or write `my_bool`... - 2. Instead of getting initialized to 0 like the C standard says, they are initialized to `0xA5`. Yes this can cause the compiler to incorrectly optimize your code. - -So just don't use `static` non-const globals. Instead we have `globals.h` which defines a large `struct` wher you can put your globals. At the beginning of the application we `memset(&global, 0, sizeof(global))` to clear it all to zeros. - -Anything inside of `global.apdu` will get cleared when an exception gets to the top of the app (see Exceptions). To benefit from this behavior you should never return an error code via the in-band way of sending bytes back. All errors should be sent via `THROW`. - -### Relocation - -When we said `static const` globals were fine, we meant that they were possible. There is -a major gotcha, however: if you initialize a `static const` value with a pointer to another -`static` or `static const` value, the pointers might be incorrect and require relocation. - -For example: - -``` -static const char important_string[] = "Important!"; -static const char **important_string_ptrs = { important_string, NULL }; -const char *str1 = important_string_ptrs[0]; -const char *str2 = important_string; -``` - -`str` will now have the wrong value. `str2` will not. The reason `str1` -has the wrong value is that the linker gets confused with a reference -from one `static const` variable to another `static` variable on this -platform. To resolve, you can use the `PIC` macro, which will fix broken -pointers but never break a good pointer. Because of this, you can use -it liberally and not have to worry about breaking anything: - -``` -static const char important_string[] = "Important!"; -static const char **important_string_ptrs = { important_string, NULL }; -const char *str1 = PIC(important_string_ptrs[0]); // necessary use of PIC -const char *str2 = PIC(important_string); // unnecessary but harmless use of PIC -``` - -Many of the UI functions call `PIC` for you, so just because a UI function -accepts a data structure, doesn't mean that data structure is valid. - -### Dynamic Allocation - -Nope. Don't even try. No `malloc`/`calloc`/`free`. Use globals (see Globals). diff --git a/default.nix b/default.nix deleted file mode 100644 index cf7f8d5c..00000000 --- a/default.nix +++ /dev/null @@ -1,231 +0,0 @@ -{ pkgs ? import ./nix/dep/nixpkgs {}, gitDescribe ? "TEST-dirty", nanoXSdk ? null, ... }: -let - fetchThunk = p: - if builtins.pathExists (p + /git.json) - then pkgs.fetchgit { inherit (builtins.fromJSON (builtins.readFile (p + /git.json))) url rev sha256; } - else if builtins.pathExists (p + /github.json) - then pkgs.fetchFromGitHub { inherit (builtins.fromJSON (builtins.readFile (p + /github.json))) owner repo rev sha256; } - else p; - - targets = - { - s = rec { - name = "s"; - sdk = fetchThunk ./nix/dep/nanos-secure-sdk; - env = pkgs.callPackage ./nix/bolos-env.nix { clangVersion = 4; }; - target = "TARGET_NANOS"; - targetId = "0x31100004"; - iconHex = pkgs.runCommand "nano-s-icon-hex" { - nativeBuildInputs = [ (pkgs.python.withPackages (ps: [ps.pillow])) ]; - } '' - python ${sdk + /icon.py} '${icons/nano-s-tezos.gif}' hexbitmaponly > "$out" - ''; - }; - x = rec { - name = "x"; - sdk = if nanoXSdk == null - then throw "No NanoX SDK" - else assert builtins.typeOf nanoXSdk == "path"; nanoXSdk; - env = pkgs.callPackage ./nix/bolos-env.nix { clangVersion = 7; }; - target = "TARGET_NANOX"; - targetId = "0x33000004"; - iconHex = pkgs.runCommand "${name}-icon-hex" { - nativeBuildInputs = [ (pkgs.python3.withPackages (ps: [ps.pillow])) ]; - } '' - python '${sdk + /icon3.py}' --hexbitmaponly '${icons/nano-x-tezos.gif}' > "$out" - ''; - }; - }; - - src = pkgs.lib.sources.sourceFilesBySuffices (pkgs.lib.sources.cleanSource ./.) [".c" ".h" ".gif" "Makefile" ".sh" ".json"]; - - build = bolos: - let - app = bakingApp: pkgs.stdenv.mkDerivation { - name = "ledger-app-tezos-nano-${bolos.name}-${if bakingApp then "baking" else "wallet"}"; - inherit src; - postConfigure = '' - PATH="$BOLOS_ENV/clang-arm-fropi/bin:$PATH" - ''; - nativeBuildInputs = [ - (pkgs.python3.withPackages (ps: [ps.pillow ps.ledgerblue])) - pkgs.jq - ]; - TARGET = bolos.target; - GIT_DESCRIBE = gitDescribe; - BOLOS_SDK = bolos.sdk; - BOLOS_ENV = bolos.env; - makeFlags = [ - "APP=${if bakingApp then "tezos_baking" else "tezos_wallet"}" - ]; - installPhase = '' - mkdir -p $out - cp -R bin $out - cp -R debug $out - - echo - echo ">>>> Application size: <<<<" - size $out/bin/app.elf - ''; - }; - nvramDataSize = appDir: pkgs.runCommand "nvram-data-size" {} '' - envram_data="$(grep _envram_data '${appDir + /debug/app.map}' | tr -s ' ' | cut -f2 -d' ')" - nvram_data="$(grep _nvram_data '${appDir + /debug/app.map}' | tr -s ' ' | cut -f2 -d' ')" - echo "$(($envram_data - $nvram_data))" > "$out" - ''; - mkRelease = short_name: name: appDir: pkgs.runCommand "${short_name}-nano-${bolos.name}-release-dir" {} '' - mkdir -p "$out" - - cp '${appDir + /bin/app.hex}' "$out/app.hex" - - cat > "$out/app.manifest" <Analyzer Report

Clang Static Analyzer Results

" - printf "

App: ${if bakingApp then "tezos_baking" else "tezos_wallet"}

" - printf "

File-results:

" - for html in "$out"/report*.html ; do - echo "

" - printf "" - grep BUGFILE "$html" | sed 's/^$/\1/' - printf "" - printf "+" - grep BUGLINE "$html" | sed 's/^$/\1/' - printf "
" - grep BUGDESC "$html" | sed 's/^$/\1/' - printf " → full-report" "$(basename "$html")" - echo "

" - done - echo "" - } > "$out/index.html" - ''; - }); - - mkTargets = mk: { - s = mk targets.s; - x = mk targets.x; - }; -in rec { - nano = mkTargets build; - - wallet = { - s = nano.s.wallet; - x = nano.x.wallet; - }; - baking = { - s = nano.s.baking; - x = nano.x.baking; - }; - - clangAnalysis = mkTargets (bolos: { - baking = runClangStaticAnalyzer true bolos; - wallet = runClangStaticAnalyzer false bolos; - }); - - env = mkTargets (bolos: { - ide = { - config = { - vscode = pkgs.writeText "vscode-nano-${bolos.name}.code-workspace" (builtins.toJSON { - folders = [ { path = "."; } ]; - settings = { - "clangd.path" = pkgs.llvmPackages.clang-unwrapped + /bin/clangd; - }; - }); - }; - }; - - inherit (bolos.env) clang gcc; - inherit (bolos) sdk; - }); -} diff --git a/install.sh b/install.sh deleted file mode 100755 index 631c788c..00000000 --- a/install.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/usr/bin/env bash -set -Eeuo pipefail - -root="$(git rev-parse --show-toplevel)" - -app_name=Tezos -if [ "${1:-}X" != X ]; then - app_name="$1" -fi - -app_dir="$root" -if [ "${2:-}X" != X ]; then - app_dir="$2" -fi - -if [ "${3:-}X" = X ]; then - version="$(git -C "$root" describe --tags | cut -f1 -d- | cut -f2 -dv)" -else - version="$3" -fi - -set -x -python -m ledgerblue.loadApp \ - --appFlags 0x00 \ - --dataSize "$(grep _nvram_data_size "$app_dir/debug/app.map" | tr -s ' ' | cut -f2 -d' ')" \ - --tlv \ - --curve ed25519 \ - --curve secp256k1 \ - --curve secp256r1 \ - --targetId "${TARGET_ID:-0x31100004}" \ - --delete \ - --path 44"'"/1729"'" \ - --fileName "$app_dir/bin/app.hex" \ - --appName "$app_name" \ - --appVersion "$version" \ - --icon "$(cat "$root/dist/icon.hex")" \ - --targetVersion "" diff --git a/nix/bolos-env.nix b/nix/bolos-env.nix deleted file mode 100644 index d15c6d15..00000000 --- a/nix/bolos-env.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ pkgs, clangVersion, ... }: -let - clangTar = { - version7 = pkgs.fetchurl { - url = http://releases.llvm.org/7.0.0/clang+llvm-7.0.0-x86_64-linux-gnu-ubuntu-16.04.tar.xz; - sha256 = "1lk0qqkrjsjk6dqhzfibvmb9dbd6217lc0j0wd6a13nj7j1mrf39"; - }; - version4 = pkgs.fetchurl { - url = http://releases.llvm.org/4.0.0/clang+llvm-4.0.0-x86_64-linux-gnu-ubuntu-16.10.tar.xz; - sha256 = "0j0kc73xvm2dl84f7gd2kh6a8nxlr7alk91846m0im77mvm631rv"; - }; - }; - - gccTar = pkgs.fetchurl { - url = https://launchpadlibrarian.net/251687888/gcc-arm-none-eabi-5_3-2016q1-20160330-linux.tar.bz2; - sha256 = "08x2sv2mhx3l3adw8kgcvmrs10qav99al410wpl18w19yfq50y11"; - }; - - clang = - let - tarFile = - if clangVersion == 7 then clangTar.version7 - else if clangVersion == 4 then clangTar.version4 - else throw "clang version ${toString clangVersion} not supported"; - in pkgs.runCommandCC "bolos-env-clang-${toString clangVersion}" { - buildInputs = [pkgs.autoPatchelfHook pkgs.ncurses5 pkgs.gcc.cc.lib pkgs.python]; - } '' - mkdir -p "$out" - tar xavf '${tarFile}' --strip-components=1 -C "$out" - rm -f $out/bin/clang-query - addAutoPatchelfSearchPath $out/lib - autoPatchelf $out - ''; - - gcc = pkgs.pkgsi686Linux.runCommandCC "bolos-env-gcc" { - buildInputs = [ - pkgs.autoPatchelfHook - pkgs.pkgsi686Linux.ncurses5 - pkgs.pkgsi686Linux.gcc.cc.lib - pkgs.pkgsi686Linux.python - ]; - } '' - mkdir -p "$out" - tar xavf '${gccTar}' --strip-components=1 -C "$out" - addAutoPatchelfSearchPath $out/lib - autoPatchelf $out - ''; - -in pkgs.runCommand "bolos-env" {} '' - mkdir -p "$out" - ln -s '${clang}' "$out/clang-arm-fropi" - ln -s '${gcc}' "$out/gcc-arm-none-eabi-5_3-2016q1" -'' // { - inherit clang gcc; -} diff --git a/nix/build.sh b/nix/build.sh deleted file mode 100755 index 80ed0d38..00000000 --- a/nix/build.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/env bash -set -Eeuo pipefail - -root="$(git rev-parse --show-toplevel)" - -# Override package set by passing --arg pkgs - -descr=$(git describe --tags --abbrev=8 --always --long --dirty 2>/dev/null) -echo >&2 "Git description: $descr" -exec nix-build "$root" --no-out-link --argstr gitDescribe "$descr" "$@" ${NIX_BUILD_ARGS:-} diff --git a/nix/dep/flextesa-dev/default.nix b/nix/dep/flextesa-dev/default.nix deleted file mode 100644 index 2b4d4ab1..00000000 --- a/nix/dep/flextesa-dev/default.nix +++ /dev/null @@ -1,2 +0,0 @@ -# DO NOT HAND-EDIT THIS FILE -import (import ./thunk.nix) \ No newline at end of file diff --git a/nix/dep/flextesa-dev/git.json b/nix/dep/flextesa-dev/git.json deleted file mode 100644 index 0827a76f..00000000 --- a/nix/dep/flextesa-dev/git.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "url": "https://gitlab.com/obsidian.systems/tezos.git", - "rev": "5e69e0eca82f0b13e5fb1c424180007f1e4b9f1a", - "sha256": "1sxnhif1yhhzclcxflh2hbp76cnbjnm95rqka2b8y9pdwzksgwvq", - "private": false, - "fetchSubmodules": false, - "branch": "flextesa-dev-master" -} diff --git a/nix/dep/flextesa-dev/thunk.nix b/nix/dep/flextesa-dev/thunk.nix deleted file mode 100644 index e3b8c830..00000000 --- a/nix/dep/flextesa-dev/thunk.nix +++ /dev/null @@ -1,14 +0,0 @@ -# DO NOT HAND-EDIT THIS FILE -let fetch = {url, rev, branch ? null, sha256 ? null, fetchSubmodules ? false, private ? false, ...}: - let realUrl = let firstChar = builtins.substring 0 1 url; in - if firstChar == "/" then /. + url - else if firstChar == "." then ./. + url - else url; - in if !fetchSubmodules && private then builtins.fetchGit { - url = realUrl; inherit rev; - ${if branch == null then null else "ref"} = branch; - } else (import {}).fetchgit { - url = realUrl; inherit rev sha256; - }; - json = builtins.fromJSON (builtins.readFile ./git.json); -in fetch json \ No newline at end of file diff --git a/nix/dep/nanos-secure-sdk/default.nix b/nix/dep/nanos-secure-sdk/default.nix deleted file mode 100644 index 2b4d4ab1..00000000 --- a/nix/dep/nanos-secure-sdk/default.nix +++ /dev/null @@ -1,2 +0,0 @@ -# DO NOT HAND-EDIT THIS FILE -import (import ./thunk.nix) \ No newline at end of file diff --git a/nix/dep/nanos-secure-sdk/github.json b/nix/dep/nanos-secure-sdk/github.json deleted file mode 100644 index 82b7d16f..00000000 --- a/nix/dep/nanos-secure-sdk/github.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "owner": "LedgerHQ", - "repo": "nanos-secure-sdk", - "branch": "og-1.6.0-1", - "private": false, - "rev": "5844b50daaf70108ef5464b7004561be0442edd1", - "sha256": "0r5bnn46ay01imxzsg0iy30aa6yaa9rx7j54ifj3a4ahlfw51nkc" -} diff --git a/nix/dep/nanos-secure-sdk/thunk.nix b/nix/dep/nanos-secure-sdk/thunk.nix deleted file mode 100644 index bbf2dc18..00000000 --- a/nix/dep/nanos-secure-sdk/thunk.nix +++ /dev/null @@ -1,9 +0,0 @@ -# DO NOT HAND-EDIT THIS FILE -let fetch = { private ? false, fetchSubmodules ? false, owner, repo, rev, sha256, ... }: - if !fetchSubmodules && !private then builtins.fetchTarball { - url = "https://github.com/${owner}/${repo}/archive/${rev}.tar.gz"; inherit sha256; - } else (import {}).fetchFromGitHub { - inherit owner repo rev sha256 fetchSubmodules private; - }; - json = builtins.fromJSON (builtins.readFile ./github.json); -in fetch json \ No newline at end of file diff --git a/nix/dep/nixpkgs/default.nix b/nix/dep/nixpkgs/default.nix deleted file mode 100644 index 2b4d4ab1..00000000 --- a/nix/dep/nixpkgs/default.nix +++ /dev/null @@ -1,2 +0,0 @@ -# DO NOT HAND-EDIT THIS FILE -import (import ./thunk.nix) \ No newline at end of file diff --git a/nix/dep/nixpkgs/github.json b/nix/dep/nixpkgs/github.json deleted file mode 100644 index 85f13235..00000000 --- a/nix/dep/nixpkgs/github.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "owner": "NixOS", - "repo": "nixpkgs", - "branch": "nixos-unstable", - "private": false, - "rev": "41d921292e922a6cd1aba64259341c244d4c2cc7", - "sha256": "01iq7phnmyz78qddxsjy6lnpgmzcffxk9h7k69sy61dbjsyy9b4q" -} diff --git a/nix/dep/nixpkgs/thunk.nix b/nix/dep/nixpkgs/thunk.nix deleted file mode 100644 index bbf2dc18..00000000 --- a/nix/dep/nixpkgs/thunk.nix +++ /dev/null @@ -1,9 +0,0 @@ -# DO NOT HAND-EDIT THIS FILE -let fetch = { private ? false, fetchSubmodules ? false, owner, repo, rev, sha256, ... }: - if !fetchSubmodules && !private then builtins.fetchTarball { - url = "https://github.com/${owner}/${repo}/archive/${rev}.tar.gz"; inherit sha256; - } else (import {}).fetchFromGitHub { - inherit owner repo rev sha256 fetchSubmodules private; - }; - json = builtins.fromJSON (builtins.readFile ./github.json); -in fetch json \ No newline at end of file diff --git a/nix/dep/tezos-baking-platform/default.nix b/nix/dep/tezos-baking-platform/default.nix deleted file mode 100644 index 2b4d4ab1..00000000 --- a/nix/dep/tezos-baking-platform/default.nix +++ /dev/null @@ -1,2 +0,0 @@ -# DO NOT HAND-EDIT THIS FILE -import (import ./thunk.nix) \ No newline at end of file diff --git a/nix/dep/tezos-baking-platform/git.json b/nix/dep/tezos-baking-platform/git.json deleted file mode 100644 index 1cc0ae99..00000000 --- a/nix/dep/tezos-baking-platform/git.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "url": "https://gitlab.com/obsidian.systems/tezos-baking-platform.git", - "rev": "63041f20e7cc6ab0aa46b9573e4c5f703a866f46", - "sha256": "0w8wwjijf79744rgp7rq7fqfarjhmfyzr0i7xwwxska411dyv711", - "private": false, - "fetchSubmodules": false, - "branch": "develop" -} diff --git a/nix/dep/tezos-baking-platform/thunk.nix b/nix/dep/tezos-baking-platform/thunk.nix deleted file mode 100644 index e3b8c830..00000000 --- a/nix/dep/tezos-baking-platform/thunk.nix +++ /dev/null @@ -1,14 +0,0 @@ -# DO NOT HAND-EDIT THIS FILE -let fetch = {url, rev, branch ? null, sha256 ? null, fetchSubmodules ? false, private ? false, ...}: - let realUrl = let firstChar = builtins.substring 0 1 url; in - if firstChar == "/" then /. + url - else if firstChar == "." then ./. + url - else url; - in if !fetchSubmodules && private then builtins.fetchGit { - url = realUrl; inherit rev; - ${if branch == null then null else "ref"} = branch; - } else (import {}).fetchgit { - url = realUrl; inherit rev sha256; - }; - json = builtins.fromJSON (builtins.readFile ./git.json); -in fetch json \ No newline at end of file diff --git a/nix/env.sh b/nix/env.sh deleted file mode 100755 index 293175a3..00000000 --- a/nix/env.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash - -target="${1:?Please specify target, either 's' for Nano S or 'x' for Nano X}" -shift - -root="$(git rev-parse --show-toplevel)" - -if [ $# -eq 0 ]; then - exec nix-shell "$root" -A "nano.${target}.wallet" -else - exec nix-shell "$root" -A "nano.${target}.wallet" "$@" -fi diff --git a/nix/install.sh b/nix/install.sh deleted file mode 100755 index 2352fc11..00000000 --- a/nix/install.sh +++ /dev/null @@ -1,33 +0,0 @@ -#! /usr/bin/env nix-shell -#! nix-shell -i bash ./ledgerblue.nix -A shell - -set -Eeuo pipefail - -root="$(git rev-parse --show-toplevel)" - -target="${1:?Please specify target, either 's' for Nano S or 'x' for Nano X}" -shift - -case "$target" in - s) ;; x) ;; - *) - >&2 echo "Target must either be 's' for Nano S or 'x' for Nano X" - exit 1 -esac - -install() { - local app=$1 - shift - local release_file - release_file=$("$root/nix/build.sh" -A "nano.$target.release.$app" "$@") - bash "$root/release-installer.sh" "$release_file" -} - -if [ $# -eq 0 ]; then - install wallet "$@" - install baking "$@" -else - app="$1" - shift - install "$app" "$@" -fi diff --git a/nix/ledgerblue.nix b/nix/ledgerblue.nix deleted file mode 100644 index 382163e3..00000000 --- a/nix/ledgerblue.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ pkgs ? import ../nix/dep/nixpkgs {}, ... }: -rec { - withLedgerblue = (pkgs.python36.withPackages (ps: with ps; [ - ecpy hidapi pycrypto python-u2flib-host requests ledgerblue pillow pkgs.hidapi protobuf - ])); - shell = withLedgerblue.env; -} diff --git a/nix/release.sh b/nix/release.sh deleted file mode 100755 index c7cfd373..00000000 --- a/nix/release.sh +++ /dev/null @@ -1,30 +0,0 @@ -#! /usr/bin/env nix-shell -#! nix-shell -i bash -p gitAndTools.hub coreutils - -root="$(cd "$(dirname "${BASH_SOURCE[0]}")" && git rev-parse --show-toplevel)" - -nano_s_tarball=$("$root/nix/build.sh" -A "nano.s.release.all" "$@") -nano_x_tarball=$("$root/nix/build.sh" -A "nano.x.release.all" "$@") - -cp -f $nano_s_tarball nano-s-release.tar.gz -cp -f $nano_x_tarball nano-x-release.tar.gz - -# hub release create \ -# -a $nano_s_tarball'#'nano-s-release.tar.gz \ -# -a $nano_x_tarball'#'nano-x-release.tar.gz \ -# -F - - -echo '## Checksums' -echo '### nano-s-release.tar.gz' -echo 'Type | Value' -echo '-- | --' -echo "MD5 | $(md5sum nano-s-release.tar.gz | cut -f1 -d' ')" -echo "SHA256 | $(sha256sum nano-s-release.tar.gz | cut -f1 -d' ')" -echo "SHA512 | $(sha512sum nano-s-release.tar.gz | cut -f1 -d' ')" - -echo '### nano-x-release.tar.gz' -echo 'Type | Value' -echo '-- | --' -echo "MD5 | $(md5sum nano-x-release.tar.gz | cut -f1 -d' ')" -echo "SHA256 | $(sha256sum nano-x-release.tar.gz | cut -f1 -d' ')" -echo "SHA512 | $(sha512sum nano-x-release.tar.gz | cut -f1 -d' ')" diff --git a/nix/setup-vscode.sh b/nix/setup-vscode.sh deleted file mode 100755 index 02de4517..00000000 --- a/nix/setup-vscode.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env bash -set -Eeuo pipefail - -root="$(git rev-parse --show-toplevel)" -cd "$root" - -cp -f "$(nix-build -A env.s.ide.config.vscode --no-out-link)" "vscode.code-workspace" -chmod +w "vscode.code-workspace" - -bear="$(nix-build -E '(import ./nix/dep/nixpkgs {}).bear' --no-out-link)/bin/bear" -# c.f. https://github.com/rizsotto/Bear/issues/182 -nix/env.sh s --run "export LANG=C.UTF-8; export LC_CTYPE=C.UTF-8; make clean && \"$bear\" make; make clean" diff --git a/nix/watch.sh b/nix/watch.sh deleted file mode 100755 index f1dab238..00000000 --- a/nix/watch.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/bin/env bash - -set -uo pipefail - -fail() { unset ___empty; : "${___empty:?$1}"; } - -target="${1:?Please specify target, either 's' for Nano S or 'x' for Nano X}" -shift - -[ -z "${1:-}" ] && fail "No command given; try running $0 make" - -root="$(git rev-parse --show-toplevel)" - -watchdirs=("$root/default.nix" "$root/nix" "$root/Makefile" "$root/src" "$root/icons") - -inotifywait="$(nix-build "$root/nix/dep/nixpkgs" -A inotify-tools --no-out-link)/bin/inotifywait" -while true; do - "$root/nix/env.sh" "$target" "--run" "$@" - if ! "$inotifywait" -qre close_write "${watchdirs[@]}"; then - fail "inotifywait failed" - fi - echo "----------------------" - echo -done diff --git a/release-installer.sh b/release-installer.sh deleted file mode 100644 index 6b782b4a..00000000 --- a/release-installer.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/usr/bin/env bash -set -Eeuo pipefail -: "${1:?Please specify one or more directories or .tar.gz files; they should contain an 'app.manifest'}" - -for arg in "$@"; do - echo - - app_dir="" - if [ -d "$arg" ]; then - app_dir="$arg" - else - app_dir=$(tmp_dir=$(mktemp -d) && tar xf "$arg" -C "$tmp_dir" && echo "$tmp_dir") - echo "App for $arg unpacked in $app_dir" - fi - - source "$app_dir/app.manifest" - - echo "Installing ${name:?manifest file is missing field}" \ - "version ${version:?manifest file is missing field}" - echo - - set -x - - appFlag="0x00" - if [ $target == "nano_x" ]; then - appFlag="0x240" - fi - - python -m ledgerblue.loadApp \ - --appFlags "$appFlag" \ - --dataSize "${nvram_size:?manifest file is missing field}" \ - --tlv \ - --curve ed25519 \ - --curve secp256k1 \ - --curve secp256r1 \ - --targetId "${target_id:?manifest file is missing field}" \ - --delete \ - --path "44'/1729'" \ - --fileName "$app_dir/app.hex" \ - --appName "$name" \ - --appVersion "$version" \ - --icon "${icon_hex:?manifest file is missing field}" \ - --targetVersion "" -done diff --git a/release.nix b/release.nix deleted file mode 100644 index ff14a274..00000000 --- a/release.nix +++ /dev/null @@ -1,9 +0,0 @@ -let - ledger-app-tezos = import ./. {}; -in { - analysis-nanos-wallet = ledger-app-tezos.clangAnalysis.s.wallet; - analysis-nanos-baking = ledger-app-tezos.clangAnalysis.s.baking; - release-nanos-wallet = ledger-app-tezos.nano.s.release.wallet; - release-nanos-baking = ledger-app-tezos.nano.s.release.baking; - release-nanos-all = ledger-app-tezos.nano.s.release.all; -} diff --git a/tezos_wallet.png b/tezos_wallet.png deleted file mode 100644 index 6f94e6c9..00000000 Binary files a/tezos_wallet.png and /dev/null differ