From 52a6f2f504db8a7c03acaea23f04568a77e2b28d Mon Sep 17 00:00:00 2001 From: Charles-Edouard de la Vergne Date: Thu, 3 Oct 2024 12:12:11 +0200 Subject: [PATCH 1/5] Bump speculos & Ragger versions --- dev-tools/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev-tools/Dockerfile b/dev-tools/Dockerfile index d2a7963..6c216ee 100644 --- a/dev-tools/Dockerfile +++ b/dev-tools/Dockerfile @@ -20,4 +20,4 @@ ARG PYTHON_BUILD_DEPS=libffi-dev,python3-dev,py3-virtualenv RUN apk add $(echo -n "$PYTHON_BUILD_DEPS" | tr , ' ') # Install test tools (Ragger framework, Speculos emulator, Ledgerblue...) -RUN pip3 install --no-cache-dir "ragger[tests,all_backends]==1.23.0" "speculos==0.9.7" +RUN pip3 install --no-cache-dir "ragger[tests,all_backends]==1.24.0" "speculos==0.10.0" From 481fbfae7c69ff89f1bc628cda1703fb2b8c80ab Mon Sep 17 00:00:00 2001 From: Charles-Edouard de la Vergne Date: Thu, 3 Oct 2024 12:13:06 +0200 Subject: [PATCH 2/5] Add script allowing to call Guideline_Enforcer in ledger-app-workflow --- dev-tools/Dockerfile | 3 + dev-tools/enforcer.sh | 138 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 141 insertions(+) create mode 100755 dev-tools/enforcer.sh diff --git a/dev-tools/Dockerfile b/dev-tools/Dockerfile index 6c216ee..835504c 100644 --- a/dev-tools/Dockerfile +++ b/dev-tools/Dockerfile @@ -21,3 +21,6 @@ RUN apk add $(echo -n "$PYTHON_BUILD_DEPS" | tr , ' ') # Install test tools (Ragger framework, Speculos emulator, Ledgerblue...) RUN pip3 install --no-cache-dir "ragger[tests,all_backends]==1.24.0" "speculos==0.10.0" + +# Add the enforcer script +ADD ./dev-tools/enforcer.sh /opt/enforcer.sh diff --git a/dev-tools/enforcer.sh b/dev-tools/enforcer.sh new file mode 100755 index 0000000..523bd1f --- /dev/null +++ b/dev-tools/enforcer.sh @@ -0,0 +1,138 @@ +#!/usr/bin/env bash +# +# script to run Guideline_enforcer checks +# + +exeName=$(readlink -f "$0") + +VERBOSE=false +IS_RUST=false + +# All available checks (to be updated from the ledger-app-workflows repository) +ALL_CHECKS="icons app_load_params makefile readme scan" + +APP_MANIFEST="ledger_app.toml" + +#=============================================================================== +# +# help - Prints script help and usage +# +#=============================================================================== +# shellcheck disable=SC2154 # var is referenced but not assigned +help() { + echo + echo "Usage: ${exeName} " + echo + echo "Options:" + echo + echo " -c : Requested check from (${ALL_CHECKS}). Default is all." + echo " -d : Database directory" + echo " -w : Workflows directory" + echo " -a : Application directory" + echo " -b : Application build directory" + echo " -t : Targeted device" + echo " -g : Git reference to clone ledger-app-workflows repository" + echo " -v : Verbose mode" + echo " -h : Displays this help" + echo + exit 1 +} + +#=============================================================================== +# +# Parsing parameters +# +#=============================================================================== + +while getopts ":a:b:c:d:w:t:g:vh" opt; do + case ${opt} in + a) APP_DIR=${OPTARG} ;; + b) BUILD_DIR=${OPTARG} ;; + c) REQUESTED_CHECK=${OPTARG} ;; + d) DATABASE_DIR=${OPTARG} ;; + w) WORKFLOW_DIR=${OPTARG} ;; + t) TARGET=${OPTARG} ;; + g) GIT_REF=(-b "${OPTARG}") ;; + v) VERBOSE=true ;; + h) help ;; + + \?) echo "Unknown option: -${OPTARG}" >&2; exit 1;; + : ) echo "Missing option argument for -${OPTARG}" >&2; exit 1;; + * ) echo "Unimplemented option: -${OPTARG}" >&2; exit 1;; + esac +done + +#=============================================================================== +# +# Checking parameters +# +#=============================================================================== + +# Init verbose options +[[ ${VERBOSE} == false ]] && verbose_mode=(-q) + +if [[ -z "${APP_DIR}" ]]; then + if [[ -f /app/ledger_app.toml ]]; then + APP_DIR="/app" + elif [[ -f ./app-repository/ledger_app.toml ]]; then + APP_DIR="./app-repository" + elif [[ -f ./ledger_app.toml ]]; then + APP_DIR=$(dirname "$(readlink -f .)") + fi +fi + +#=============================================================================== +# +# get_app_metadata - Retrieve application metadata from manifest +# +#=============================================================================== +get_app_metadata() { + if [[ ! -f "${APP_DIR}/${APP_MANIFEST}" ]]; then + echo "/!\ No ${APP_MANIFEST} manifest detected in App directory ${APP_DIR}!" + echo "This file is mandatory, please add it on your repository" + echo "Documentation here: https://github.com/LedgerHQ/ledgered/blob/master/doc/utils/manifest.md" + exit 1; + fi + + # 'ledger_app.toml' exists + echo "Manifest detected." + # checking the manifest with the repo + ledger-manifest --check "${APP_DIR}" "${APP_DIR}/${APP_MANIFEST}" + + # build directory + if [[ -z "${BUILD_DIR}" ]]; then + BUILD_DIR=$(ledger-manifest --output-build-directory "${APP_DIR}/${APP_MANIFEST}") + fi + + # SDK language + [[ "$(ledger-manifest --output-sdk "${APP_DIR}/${APP_MANIFEST}")" == "rust" ]] && IS_RUST=true +} + +#=============================================================================== +# +# Main +# +#=============================================================================== + +get_app_metadata + +if [[ -z "${WORKFLOW_DIR}" ]]; then + # Clone the Worflows repository + WORKFLOW_DIR="/tmp/ledger-app-workflows" + if [[ ! -d "${WORKFLOW_DIR}" ]]; then + git clone "${verbose_mode[@]}" https://github.com/LedgerHQ/ledger-app-workflows.git "${GIT_REF[@]}" "${WORKFLOW_DIR}" + fi +fi + +# Formatting the parameters +parameters=() +[[ -n "${REQUESTED_CHECK}" ]] && parameters+=(-c "${REQUESTED_CHECK}") +[[ -n "${DATABASE_DIR}" ]] && parameters+=(-D "${DATABASE_DIR}") +[[ -n "${APP_DIR}" ]] && parameters+=(-a "${APP_DIR}") +[[ -n "${BUILD_DIR}" ]] && parameters+=(-b "${BUILD_DIR}") +[[ -n "${TARGET}" ]] && parameters+=(-t "${TARGET}") +[[ "${IS_RUST}" == true ]] && parameters+=(-r) +[[ "${VERBOSE}" == true ]] && parameters+=(-v) + +# Calling the workflow script with same parameters +"${WORKFLOW_DIR}"/scripts/check_all.sh "${parameters[@]}" From 4089b1b8460287f3a8d73aaf7b93251b7f8e85e1 Mon Sep 17 00:00:00 2001 From: Charles-Edouard de la Vergne Date: Thu, 3 Oct 2024 12:14:15 +0200 Subject: [PATCH 3/5] Add missing tools to check icons (identify) and makefile (grep - classic, not busybox) --- dev-tools/Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dev-tools/Dockerfile b/dev-tools/Dockerfile index 835504c..e595aaf 100644 --- a/dev-tools/Dockerfile +++ b/dev-tools/Dockerfile @@ -19,6 +19,9 @@ ARG PYTHON_BUILD_DEPS=libffi-dev,python3-dev,py3-virtualenv # Install the building dependencies. RUN apk add $(echo -n "$PYTHON_BUILD_DEPS" | tr , ' ') +# Install packahes to allow Guideline Enforcer to run +RUN apk add imagemagick grep + # Install test tools (Ragger framework, Speculos emulator, Ledgerblue...) RUN pip3 install --no-cache-dir "ragger[tests,all_backends]==1.24.0" "speculos==0.10.0" From ed6294d125a51d74c8dabe443518c1510dd92d41 Mon Sep 17 00:00:00 2001 From: Charles-Edouard de la Vergne Date: Thu, 3 Oct 2024 12:14:38 +0200 Subject: [PATCH 4/5] Update CHANGELOG --- CHANGELOG.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6c95643..0c8571d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,14 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [3.38.0] - 2024-10-03 + +### Added + - New script to call guideline enforcer from ledger-app-worflow + +### Changed + - Bump Speculos & Ragger versions + ## [3.37.0] - 2024-09-30 ### Changed From a70efa5557813c58e6633217242e0d2c9a62286f Mon Sep 17 00:00:00 2001 From: tdejoigny-ledger Date: Thu, 17 Oct 2024 18:41:34 +0200 Subject: [PATCH 5/5] Bump Flex and Stax SDK versions --> v21.3.5 --- CHANGELOG.md | 1 + lite/Dockerfile | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0c8571d..ee5d4ed 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed - Bump Speculos & Ragger versions + - Bump Flex and Stax SDK versions ## [3.37.0] - 2024-09-30 diff --git a/lite/Dockerfile b/lite/Dockerfile index 6742ccb..073907e 100644 --- a/lite/Dockerfile +++ b/lite/Dockerfile @@ -88,12 +88,12 @@ RUN echo nanos2 > $NANOSP_SDK/.target # Latest Stax SDK (OS stax_1.5.0 => based on API_LEVEL 21) ENV STAX_SDK=/opt/stax-secure-sdk -RUN git -C "$LEDGER_SECURE_SDK" worktree add "$STAX_SDK" v21.3.4 +RUN git -C "$LEDGER_SECURE_SDK" worktree add "$STAX_SDK" v21.3.5 RUN echo stax > $STAX_SDK/.target # Latest Flex SDK (OS flex_1.1.1 => based on API_LEVEL 21) ENV FLEX_SDK=/opt/flex-secure-sdk -RUN git -C "$LEDGER_SECURE_SDK" worktree add "$FLEX_SDK" v21.3.4 +RUN git -C "$LEDGER_SECURE_SDK" worktree add "$FLEX_SDK" v21.3.5 RUN echo flex > $FLEX_SDK/.target # Default SDK