Merge pull request #12 from LedgerHQ/develop

v2.4.2

.github/workflows/codeql_check.yml

@@ -18,7 +18,7 @@ jobs:
     name: Analyse
     strategy:
       matrix:
-        sdk: ["$NANOS_SDK", "$NANOX_SDK", "$NANOSP_SDK", "$STAX_SDK"]
+        sdk: ["$NANOS_SDK", "$NANOX_SDK", "$NANOSP_SDK", "$STAX_SDK","$FLEX_SDK"]
         # 'cpp' covers C and C++
         language: ['cpp']
     runs-on: ubuntu-latest

.github/workflows/main.yml

@@ -6,6 +6,8 @@ on:
     branches:
       - main
       - develop
+      - master # for safety reasons
+      - dev  # for safety reasons
 
 jobs:
   configure:
@@ -20,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Install deps
@@ -41,7 +43,7 @@ jobs:
       size: ${{steps.build.outputs.size}}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Build Standard app
@@ -70,24 +72,23 @@ jobs:
           echo $HOME
           echo $DISPLAY
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - run: sudo apt-get update -y && sudo apt-get install -y libusb-1.0.0 libudev-dev
       - name: Install node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
+        with:
+          node-version: 18
       - name: Install yarn
         run: |
           npm install -g yarn
-      - name: Build Ledger app
-        run: make
-      - name: Build/Install build js deps
-        run: make zemu_install
-      - name: Run zemu tests
-        run: "cd tests_zemu; yarn test"
+      - name: Build and run zemu tests
+        run: |
+          make test_all
       - name: Upload Snapshots (only failure)
         if: ${{ failure() }}
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: snapshots-tmp
           path: tests_zemu/snapshots-tmp/
@@ -103,7 +104,7 @@ jobs:
         BOLOS_SDK: /opt/nanos-secure-sdk
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Install deps
@@ -139,7 +140,7 @@ jobs:
         BOLOS_SDK: /opt/nanosplus-secure-sdk
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Install deps
@@ -163,3 +164,71 @@ jobs:
           tag_name: ${{ steps.nanosp.outputs.tag_name }}
           draft: false
           prerelease: false
+
+  build_package_stax:
+    needs: [configure, build, build_ledger, test_zemu]
+    if: ${{ github.ref == 'refs/heads/main' }}
+    runs-on: ubuntu-latest
+    container:
+      image: zondax/ledger-app-builder:latest
+      options: --user ${{ needs.configure.outputs.uid_gid }}
+      env:
+        BOLOS_SDK: /opt/stax-secure-sdk
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Install deps
+        run: pip install ledgerblue
+
+      - name: Build Stax
+        shell: bash -l {0}
+        run: make
+      - name: Set tag
+        id: stax
+        run: echo "tag_name=$(./app/pkg/installer_stax.sh version)" >> $GITHUB_OUTPUT
+      - name: Update Release
+        id: update_release_2
+        uses: softprops/action-gh-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
+        with:
+          files: ./app/pkg/installer_stax.sh
+          tag_name: ${{ steps.stax.outputs.tag_name }}
+          draft: false
+          prerelease: false
+
+  build_package_flex:
+    needs: [configure, build, build_ledger, test_zemu]
+    if: ${{ github.ref == 'refs/heads/main' }}
+    runs-on: ubuntu-latest
+    container:
+      image: zondax/ledger-app-builder:latest
+      options: --user ${{ needs.configure.outputs.uid_gid }}
+      env:
+        BOLOS_SDK: /opt/flex-secure-sdk
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Install deps
+        run: pip install ledgerblue
+
+      - name: Build Flex
+        shell: bash -l {0}
+        run: make
+      - name: Set tag
+        id: flex
+        run: echo "tag_name=$(./app/pkg/installer_flex.sh version)" >> $GITHUB_OUTPUT
+      - name: Update Release
+        id: update_release_2
+        uses: softprops/action-gh-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
+        with:
+          files: ./app/pkg/installer_flex.sh
+          tag_name: ${{ steps.flex.outputs.tag_name }}
+          draft: false
+          prerelease: false

.gitignore

@@ -66,6 +66,8 @@ CMakeFiles/
 CMakeCache.txt
 unittests
 *.cmake
+!\cmake/Hunter/config.cmake
+!\cmake/HunterGate.cmake
 Testing/
 cmake-build-fuzz/
 

CMakeLists.txt

@@ -14,12 +14,22 @@
 #*  limitations under the License.
 #********************************************************************************
 cmake_minimum_required(VERSION 3.0)
+include("cmake/HunterGate.cmake")
+HunterGate(
+    URL "https://github.com/cpp-pm/hunter/archive/v0.25.5.tar.gz"
+    SHA1 "a20151e4c0740ee7d0f9994476856d813cdead29"
+    LOCAL
+)
+
 project(ledger-thorchain VERSION 0.0.0)
 enable_testing()
 
 cmake_policy(SET CMP0025 NEW)
 set(CMAKE_CXX_STANDARD 11)
 
+set(HUNTER_STATUS_DEBUG ON)
+set(HUNTER_TLS_VERIFY OFF)
+
 option(ENABLE_FUZZING "Build with fuzzing instrumentation and build fuzz targets" OFF)
 option(ENABLE_COVERAGE "Build with source code coverage instrumentation" OFF)
 option(ENABLE_SANITIZERS "Build with ASAN and UBSAN" OFF)
@@ -30,6 +40,13 @@ string(APPEND CMAKE_LINKER_FLAGS " -fno-omit-frame-pointer -g")
 
 add_definitions(-DAPP_STANDARD)
 
+hunter_add_package(fmt)
+find_package(fmt CONFIG REQUIRED)
+hunter_add_package(jsoncpp)
+find_package(jsoncpp CONFIG REQUIRED)
+hunter_add_package(GTest)
+find_package(GTest CONFIG REQUIRED)
+
 if(ENABLE_FUZZING)
     add_definitions(-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1)
     SET(ENABLE_SANITIZERS ON CACHE BOOL "Sanitizer automatically enabled" FORCE)
@@ -71,8 +88,7 @@ if(ENABLE_SANITIZERS)
     string(APPEND CMAKE_LINKER_FLAGS " -fsanitize=address,undefined -fsanitize-recover=address,undefined")
 endif()
 
-include(cmake/conan/CMakeLists.txt)
-add_subdirectory(cmake/gtest)
+
 
 string(APPEND CMAKE_CXX_FLAGS " -fsanitize=address -fno-omit-frame-pointer")
 string(APPEND CMAKE_LINKER_FLAGS " -fsanitize=address -fno-omit-frame-pointer")
@@ -106,6 +122,7 @@ file(GLOB_RECURSE LIB_SRC
         ${CMAKE_CURRENT_SOURCE_DIR}/app/src/tx_parser.c
         ${CMAKE_CURRENT_SOURCE_DIR}/app/src/tx_display.c
         ${CMAKE_CURRENT_SOURCE_DIR}/app/src/tx_validate.c
+        ${CMAKE_CURRENT_SOURCE_DIR}/app/src/coin.c
         ${CMAKE_CURRENT_SOURCE_DIR}/deps/tinykeccak/keccak-tiny.c
         )
 
@@ -135,23 +152,19 @@ file(GLOB_RECURSE TESTS_SRC
 
 add_executable(unittests ${TESTS_SRC})
 target_include_directories(unittests PRIVATE
-        ${gtest_SOURCE_DIR}/include
-        ${gmock_SOURCE_DIR}/include
-        ${CONAN_INCLUDE_DIRS_FMT}
-        ${CONAN_INCLUDE_DIRS_JSONCPP}
         ${CMAKE_CURRENT_SOURCE_DIR}/deps/jsmn/src
         ${CMAKE_CURRENT_SOURCE_DIR}/deps/tinycbor/src
         )
 
 target_link_libraries(unittests PRIVATE
-        gtest_main
+        GTest::gtest_main
         app_lib
-        CONAN_PKG::fmt
-        CONAN_PKG::jsoncpp)
+        fmt::fmt
+        JsonCpp::JsonCpp)
 
 add_compile_definitions(TESTVECTORS_DIR="${CMAKE_CURRENT_SOURCE_DIR}/tests/")
 add_compile_definitions(APP_TESTING=1)
-add_test(unittests ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/unittests)
+add_test(NAME unittests COMMAND unittests)
 set_tests_properties(unittests PROPERTIES WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/tests)
 
 ##############################################################

Makefile

@@ -20,6 +20,7 @@
 
 ifeq ($(BOLOS_SDK),)
 ZXLIB_COMPILE_STAX ?= 1
+PRODUCTION_BUILD ?= 1
 include $(CURDIR)/deps/ledger-zxlib/dockerized_build.mk
 else
 default:
@@ -32,4 +33,4 @@ endif
 test_all:
 	make zemu_install
 	make
-	make zemu_test
+	make zemu_test

README.md

@@ -7,9 +7,9 @@ Forked from [Cosmos App](https://github.com/LedgerHQ/app-cosmos) by Zondax
 
 ---
 
-This project contains the THORChain app for Ledger Nano S, Nano S+, X and Stax.
+This project contains the THORChain app for Ledger Nano S, Nano S+, X, Flex and Stax.
 
-- Ledger Nano S/S+/X/Stax THORChain app
+- Ledger Nano S/S+/X/Flex/Stax THORChain app
 - Specs / Documentation
 - C++ unit tests
 - Zemu tests

app/Makefile

@@ -27,6 +27,19 @@ include $(CURDIR)/../deps/ledger-zxlib/makefiles/Makefile.installer_script
 include $(BOLOS_SDK)/Makefile.defines
 include $(CURDIR)/Makefile.version
 
+# Set the default value for PRODUCTION_BUILD to 1 if not already defined
+PRODUCTION_BUILD ?= 1
+
+# Display whether this is a production build or for internal use
+ifeq ($(PRODUCTION_BUILD), 1)
+    $(info ************ PRODUCTION_BUILD  = [PRODUCTION BUILD])
+else
+    $(info ************ PRODUCTION_BUILD  = [INTERNAL USE])
+endif
+
+# Add the PRODUCTION_BUILD definition to the compiler flags
+DEFINES += PRODUCTION_BUILD=$(PRODUCTION_BUILD)
+
 $(info ************ TARGET_NAME  = [$(TARGET_NAME)])
 
 include $(CURDIR)/../deps/ledger-zxlib/makefiles/Makefile.app_testing
@@ -52,10 +65,17 @@ endif
 
 APP_LOAD_PARAMS = --curve secp256k1 $(COMMON_LOAD_PARAMS) --path $(APPPATH)
 
-ENABLE_PENDING_REVIEW_SCREEN ?= 1
+ENABLE_PENDING_REVIEW_SCREEN ?= 0
 
 include $(CURDIR)/../deps/ledger-zxlib/makefiles/Makefile.devices
 
+ifeq ($(TARGET_NAME),TARGET_NANOS)
+	APP_STACK_MIN_SIZE := 1600
+else ifeq ($(TARGET_NAME),TARGET_NANOX)
+# the previous value (5000) was too high and caused the app to crash, i reduced it until it worked
+	APP_STACK_MIN_SIZE :=  1730
+endif
+
 $(info TARGET_NAME  = [$(TARGET_NAME)])
 $(info ICONNAME  = [$(ICONNAME)])
 

app/Makefile.version

@@ -1,6 +1,6 @@
 # This is the `transaction_version` field of `Runtime`
 APPVERSION_M=2
 # This is the `spec_version` field of `Runtime`
-APPVERSION_N=3
+APPVERSION_N=4
 # This is the patch version of this release
-APPVERSION_P=3
+APPVERSION_P=2

app/src/coin.c

@@ -0,0 +1,16 @@
+#include "coin.h"
+#include <stdint.h>
+#include <stddef.h>
+
+#define MAX_CHAIN_ID_LEN 20
+
+static const char SUPPORTED_CHAIN_IDS[SUPPORTED_CHAIN_COUNT][MAX_CHAIN_ID_LEN] = {
+    "thorchain",
+    "thorchain-1",
+    "thorchain-stagenet-2"
+};
+
+const char* get_supported_chain(uint8_t index) {
+    if (index >= SUPPORTED_CHAIN_COUNT) return NULL;
+    return SUPPORTED_CHAIN_IDS[index];
+}

app/src/coin.h

@@ -19,6 +19,7 @@
 extern "C" {
 #endif
 
+#include <stdint.h>
 #define CLA                  0x55u
 
 #define HDPATH_LEN_DEFAULT   5
@@ -53,10 +54,9 @@ typedef enum {
 #define APPVERSION_LINE1                   "Version:"
 #define APPVERSION_LINE2                   ("v" APPVERSION)
 
-#define COIN_DEFAULT_CHAINID                "thorchain"
-
 #define COIN_DEFAULT_DENOM_BASE             "rune"
 #define COIN_DEFAULT_DENOM_REPR             "RUNE"
+#define COIN_DEFAULT_DENOM_REPR_2           "THOR.RUNE"
 #define COIN_DEFAULT_DENOM_FACTOR           8u
 #define COIN_DEFAULT_DENOM_TRIMMING         0u
 
@@ -79,6 +79,10 @@ typedef enum {
 #define INS_SIGN_SECP256K1              0x02u
 #define INS_GET_ADDR_SECP256K1          0x04u
 
+#define SUPPORTED_CHAIN_COUNT 3
+
+const char* get_supported_chain(uint8_t index);
+
 #ifdef __cplusplus
 }
 #endif