trezor · vdovhanych · Aug 25, 2024 · Aug 2, 2024 · Aug 2, 2024 · Aug 2, 2024
diff --git a/.github/workflows/build-tenv-regtest.yml b/.github/workflows/build-tenv-regtest.yml
@@ -13,25 +13,20 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ github.repository_owner == 'trezor' }}
     steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ secrets.TREZOR_BOT_USERNAME }}
           password: ${{ secrets.TREZOR_BOT_TOKEN }}
-      -
-        name: Build and push bitcoin-regtest
-        uses: docker/build-push-action@v3
+      - name: Build and push bitcoin-regtest
+        uses: docker/build-push-action@v6
         with:
           context: .
           file: ./docker/bitcoin-regtest/Dockerfile

diff --git a/.github/workflows/build-tenv-test.yml b/.github/workflows/build-tenv-test.yml
@@ -8,23 +8,23 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ github.repository_owner == 'trezor' }}
     steps:
-      - name: Checkout
-        uses: actions/checkout@v2
+      - name: Checkout code
+        uses: actions/checkout@v4
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ secrets.TREZOR_BOT_USERNAME }}
           password: ${{ secrets.TREZOR_BOT_TOKEN }}
       - name: Build and push trezor-user-env
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v6
         with:
           context: .
-          file: ./docker/Dockerfile
+          file: ./docker/Dockerfile-debian
           platforms: linux/amd64,linux/arm64
           push: true
           tags: |

diff --git a/.github/workflows/build-tenv.yml b/.github/workflows/build-tenv.yml
@@ -11,28 +11,23 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ github.repository_owner == 'trezor' }}
     steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Login to GitHub Container Registry
-        uses: docker/login-action@v2
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ secrets.TREZOR_BOT_USERNAME }}
           password: ${{ secrets.TREZOR_BOT_TOKEN }}
-      -
-        name: Build and push bitcoin-regtest
-        uses: docker/build-push-action@v3
+      - name: Build and push bitcoin-regtest
+        uses: docker/build-push-action@v6
         with:
           context: .
-          file: ./docker/Dockerfile
+          file: ./docker/Dockerfile-debian
           platforms: linux/amd64,linux/arm64
           push: true
           tags: |

diff --git a/.github/workflows/check-validation.yml b/.github/workflows/check-validation.yml
@@ -3,13 +3,12 @@ name: "[Check] validate trezor-user-env"
 on: [pull_request]
 
 jobs:
-  # Run code validation
   validation-check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Setup Nix
-        uses: cachix/install-nix-action@v18
+        uses: cachix/install-nix-action@v27
         with:
           nix_path: nixpkgs=channel:nixos-unstable
 

diff --git a/.gitignore b/.gitignore
@@ -6,6 +6,7 @@ __pycache__
 src/binaries/firmware/bin/*
 !src/binaries/firmware/bin/download.sh
 !src/binaries/firmware/bin/download_latest_gh.py
+!src/binaries/firmware/bin/patch-bin.sh
 !src/binaries/firmware/bin/arm
 !src/binaries/trezord-go/bin/download.sh
 emulator.img

diff --git a/docker/Dockerfile b/docker/Dockerfile
diff --git a/docker/Dockerfile-debian b/docker/Dockerfile-debian
@@ -0,0 +1,54 @@
+# Start with a base Debian image
+FROM debian:bookworm-slim
+
+# Set environment variables
+ENV TERM=xterm \
+    XDG_RUNTIME_DIR="/var/tmp" \
+    LC_ALL=C.UTF-8 \
+    LANG=C.UTF-8 \
+    GIT_SSL_CAINFO=/etc/ssl/certs/ca-certificates.crt \
+    NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
+
+# Install required packages
+RUN curl -sL https://deb.nodesource.com/setup_22.x  | bash -
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    openssl \
+    bash \
+    git \
+    nodejs \
+    python3 \
+    python3-dev \
+    python3-pip \
+    python3-venv \
+    python3-poetry \
+    libsdl2-2.0-0 \
+    libsdl2-image-2.0-0 \
+    x11-xserver-utils \
+    wget \
+    unzip \
+    curl \
+    procps \
+    build-essential \
+    g++ \
+    libc6 \
+    libc6-dev \
+    patchelf \
+    && apt-get clean && rm -rf /var/lib/apt/lists/*
+
+
+# Add basic trezor-user-env files
+COPY ./ /trezor-user-env
+WORKDIR /trezor-user-env
+
+# Install Python dependencies using poetry
+RUN poetry cache clear --all pypi
+RUN poetry install --no-dev --no-root
+
+# Execute scripts and clean up
+RUN ./src/binaries/firmware/bin/download.sh
+RUN ./src/binaries/trezord-go/bin/download.sh
+# Patch emulator binaries
+RUN cd src/binaries/firmware/bin && ./patch-bin.sh
+
+# Command to run on container start
+CMD poetry run python src/main.py
diff --git a/docker/alpine-minirootfs-3.15.0-x86_64.tar.gz b/docker/alpine-minirootfs-3.15.0-x86_64.tar.gz
diff --git a/docker/compose.yml b/docker/compose.yml
@@ -1,4 +1,3 @@
-version: '3'
 services:
   trezor-user-env-unix:
     container_name: trezor-user-env.unix

diff --git a/docs/controller.md b/docs/controller.md
@@ -24,10 +24,11 @@
   - **response**: `{"bridge_status": bool, "emulator_status": bool}`
 
 - **emulator-start**
-  - **action**: start the specified version of emulator (and if one already runs, kills it)
+  - **action**: start the specified emulator (identified by model + version) (and if one already runs, kills it)
   - **arguments**:
-    - **version**: `str` (1.9.4, 2.4.0., etc.) - default is the latest TT (`2-main`)
-      - `1-latest` and `2-latest` can be used to get the latest released version of that model
+    - **model**: `str` (enum of new model names - `["T1B1", "T2T1", "T2B1", "T3T1"]`) - needs to be supplied
+    - **version**: `str` (1.9.4, 2.4.0., etc.) - default is the latest version from master/main branch (`-main`)
+      - `-latest` can be used to get the latest released version of that model (by release tag, e.g. 2.9.0)
     - **wipe**: `bool` (default=False) whether to delete the emulator profile before starting it
     - **output_to_logfile**: `bool` (default=True) whether the debug output should go to a logfile - otherwise it goes to stdout
     - **save_screenshots**: `bool` (default=False) whether to save screenshots to enable calling **emulator-get-screenshot**
@@ -36,7 +37,7 @@
   - **action**: downloads emulator from specified URL and runs it
   - **arguments**:
     - **url**: `str` from where to download the emulator
-    - **model**: `str` which emulator it is - either "1" for T1 or "2" for T2
+    - **model**: `str` which emulator it is - `["T1B1", "T2T1", "T2B1", "T3T1"]`
     - **wipe**: `bool` (default=False) whether to delete the emulator profile before starting it
     - **output_to_logfile**: `bool` (default=True) whether the debug output should go to a logfile - otherwise it goes to stdout
     - **save_screenshots**: `bool` (default=False) whether to save screenshots to enable calling **emulator-get-screenshot**

diff --git a/patch_emulators.sh b/patch_emulators.sh
diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -7,7 +7,7 @@ authors = ["SatoshiLabs <[email protected]>"]
 [tool.poetry.dependencies]
 python = "^3.11"
 termcolor = "^1.1.0"
-trezor = { git = "https://github.com/trezor/trezor-firmware.git", branch = "main", subdirectory = "python" }
+trezor = "^0.13.9"
 websockets = "^10.1"
 psutil = "^5.8.0"
 Pillow = "^9.1.0"

diff --git a/shell.nix b/shell.nix
@@ -21,7 +21,6 @@ stdenv.mkDerivation {
     xorg.xhost
     wget
     git
-    unzip
     curl
     procps
   ];