Merge branch 'support_WalletConnect'

.cirrus.yml

@@ -0,0 +1,27 @@
+common: &COMMON_TEMPLATE
+  timeout_in: 120m
+  clone_script: |
+    if [ -z "$CIRRUS_PR" ]; then
+      git clone --recursive --branch=$CIRRUS_BRANCH https://x-access-token:${CIRRUS_REPO_CLONE_TOKEN}@github.com/${CIRRUS_REPO_FULL_NAME}.git $CIRRUS_WORKING_DIR
+      git reset --hard $CIRRUS_CHANGE_IN_REPO
+    else
+      git clone --recursive https://x-access-token:${CIRRUS_REPO_CLONE_TOKEN}@github.com/${CIRRUS_REPO_FULL_NAME}.git $CIRRUS_WORKING_DIR
+      git fetch origin pull/$CIRRUS_PR/head:pull/$CIRRUS_PR
+      git reset --hard $CIRRUS_CHANGE_IN_REPO
+    fi
+  env:
+    GIT_REPO: $CIRRUS_WORKING_DIR
+
+task:
+  name: "Build MacOS DMG"
+  << : *COMMON_TEMPLATE
+  macos_instance:
+    image: catalina-base
+  brew_script:
+    - brew update
+    - brew install coreutils gettext pyenv
+  test_script:
+    - cd contrib/osx && ./make_osx
+  binaries_artifacts:
+    path: "dist/*.dmg"
+  trigger_type: manual

.gitignore

@@ -1,7 +1,10 @@
 satochip_bridge/__pycache__/
 satochip_bridge/satochip_bridge.ini
+satochip_bridge/api_keys.ini
 .venv/
 dist/
+build/
+*.egg-info/
 contrib/build-linux/appimage/build/
 contrib/build-linux/appimage/.cache/
 contrib/build-wine/.cache/
@@ -12,4 +15,9 @@ contrib/build-wine/*.spec
 contrib/build-windows/dist/
 contrib/build-windows/build/
 contrib/build-windows/__pycache__/
-contrib/build-windows/*.spec
+contrib/build-windows/*.spec
+
+.DS_Store
+contrib/osx/.DS_Store
+contrib/osx/.cache/
+contrib/osx/build-venv/

contrib/build-linux/appimage/build.sh

@@ -93,6 +93,9 @@ python='appdir_python'
 info "installing pip."
 "$python" -m ensurepip
 
+info "DEBUG: update pip and setuptools"
+"$python" -m pip install --upgrade pip
+
 #todo
 info "installing Satochip-Bridge and its dependencies."
 mkdir -p "$CACHEDIR/pip_cache"
@@ -201,19 +204,19 @@ rm -rf "$PYDIR"/site-packages/PySide2/Qt.so
 info "removing some unneeded stuff (not deterministic)"
 find "$APPDIR" -path '*/__pycache__*' -delete
 #rm "$APPDIR"/usr/lib/libsecp256k1.a
+# warning, packages such as eth-utils that use 'pkg_resources.get_distribution' need *.dist-info folders!
 # note that jsonschema-*.dist-info is needed by that package as it uses 'pkg_resources.get_distribution'
 # Import exception for eth_keys keyAPI
 # DistributionNotFound(Requirement.parse('eth-utils'), None)
 #for f in "$PYDIR"/site-packages/jsonschema-*.dist-info; do mv "$f" "$(echo "$f" | sed s/\.dist-info/\.dist-info2/)"; done
 #for f in "$PYDIR"/site-packages/eth_utils-*.dist-info; do mv "$f" "$(echo "$f" | sed s/\.dist-info/\.dist-info2/)"; done
-rm -rf "$PYDIR"/site-packages/*.dist-info/
-rm -rf "$PYDIR"/site-packages/*.egg-info/
+#rm -rf "$PYDIR"/site-packages/*.dist-info/
+#rm -rf "$PYDIR"/site-packages/*.egg-info/
 #for f in "$PYDIR"/site-packages/jsonschema-*.dist-info2; do mv "$f" "$(echo "$f" | sed s/\.dist-info2/\.dist-info/)"; done
 #for f in "$PYDIR"/site-packages/eth_utils-*.dist-info2; do mv "$f" "$(echo "$f" | sed s/\.dist-info2/\.dist-info/)"; done
 
 find -exec touch -h -d '2000-11-11T11:11:11+00:00' {} +
 
-
 info "creating the AppImage."
 (
     cd "$BUILDDIR"

contrib/build-wine/build-electrum-git.sh

@@ -50,8 +50,8 @@ info "Running pyinstaller..."
 # ls
 # ls ../..
 #wine "$PYHOME/scripts/pyinstaller.exe" --noconfirm --ascii --clean --name $NAME_ROOT-$VERSION -w deterministic.spec
-wine "$PYHOME/scripts/pyinstaller.exe" -cF --clean --name SatochipBridge-console-v.exe --additional-hooks-dir=. --add-data "../../satochip_bridge/*.png;."  "../../satochip_bridge/SatochipBridge.py" -i "../../satochip_bridge/satochip.ico" 
-wine "$PYHOME/scripts/pyinstaller.exe" -wF --clean --name SatochipBridge-v.exe --additional-hooks-dir=. --add-data "../../satochip_bridge/*.png;."  "../../satochip_bridge/SatochipBridge.py" -i "../../satochip_bridge/satochip.ico" 
+wine "$PYHOME/scripts/pyinstaller.exe" -cF --clean --name SatochipBridge-console-v.exe --additional-hooks-dir=. --hidden-import=eth_hash.backends.pycryptodome --add-data "../../satochip_bridge/*.png;." --add-data "../../satochip_bridge/api_keys.ini;." "../../satochip_bridge/SatochipBridge.py" -i "../../satochip_bridge/satochip.ico"
+wine "$PYHOME/scripts/pyinstaller.exe" -wF --clean --name SatochipBridge-v.exe --additional-hooks-dir=. --hidden-import=eth_hash.backends.pycryptodome --add-data "../../satochip_bridge/*.png;." --add-data "../../satochip_bridge/api_keys.ini;." "../../satochip_bridge/SatochipBridge.py" -i "../../satochip_bridge/satochip.ico" 
 
 # set timestamps in dist, in order to make the installer reproducible
 pushd dist

contrib/build-wine/prepare-wine.sh

@@ -21,6 +21,11 @@ PYSCARD_FILENAME=pyscard-1.9.9-cp36-cp36m-win32.whl  # python 3.6, 32-bit
 PYSCARD_URL=https://github.com/cculianu/Electron-Cash-Build-Tools/releases/download/v1.0/pyscard-1.9.9-cp36-cp36m-win32.whl
 PYSCARD_SHA256=99d2b450f322f9ed9682fd2a99d95ce781527e371006cded38327efca8158fe7
 
+# cytoolz (for eth-utils)
+CYTOOLZ_FILENAME=cytoolz-0.11.0-cp36-cp36m-win32.whl
+CYTOOLZ_URL=https://github.com/Toporin/binaries/raw/main/cytoolz-0.11.0-cp36-cp36m-win32.whl
+CYTOOLZ_SHA256=62609c2a414fc868dcbbab770512dffc420441107a3e072ad8317443172c390a
+
 
 PYTHON_VERSION=3.6.8
 
@@ -61,6 +66,10 @@ for msifile in core dev exe lib pip tools; do
     wine msiexec /i "$PYTHON_DOWNLOADS/${msifile}.msi" /qb TARGETDIR=$PYHOME
 done
 
+info "DEBUG update pip and setuptools"
+$PYTHON -m pip install --upgrade pip
+$PYTHON -m pip install --upgrade setuptools
+
 info "Installing dependencies specific to binaries."
 # note that this also installs pinned versions of both pip and setuptools
 #$PYTHON -m pip install --no-warn-script-location -r "$CONTRIB"/deterministic-build/requirements-binaries.txt
@@ -71,6 +80,11 @@ download_if_not_exist $PYSCARD_FILENAME "$PYSCARD_URL"
 verify_hash $PYSCARD_FILENAME "$PYSCARD_SHA256"
 $PYTHON -m pip install "$CACHEDIR/$PYSCARD_FILENAME"
 
+info "Installing cytoolz..."
+download_if_not_exist $CYTOOLZ_FILENAME "$CYTOOLZ_URL"
+verify_hash $CYTOOLZ_FILENAME "$CYTOOLZ_SHA256"
+$PYTHON -m pip install "$CACHEDIR/$CYTOOLZ_FILENAME"
+
 # info "Installing NSIS."
 # download_if_not_exist "$CACHEDIR/$NSIS_FILENAME" "$NSIS_URL"
 # verify_hash "$CACHEDIR/$NSIS_FILENAME" "$NSIS_SHA256"

contrib/deterministic-build/requirements-binaries.txt

@@ -1,6 +1,6 @@
-pip==19.1.1 \
-    --hash=sha256:44d3d7d3d30a1eb65c7e5ff1173cdf8f7467850605ac7cc3707b6064bddd0958 \
-    --hash=sha256:993134f0475471b91452ca029d4390dc8f298ac63a712814f101cd1b6db46676
+pip==22.0.4 \
+    --hash=sha256:b3a9de2c6ef801e9247d1527a4b16f92f2cc141cd1489f3fffaf6a9e96729764 \
+    --hash=sha256:c6aca0f2f081363f689f041d90dab2a07a9a07fb840284db2218117a52da800b
 pyside2==5.14.1 \
     --hash=sha256:36cfcbcab02b580d51c710b3014ee91e5b88f518e296b9a3784f331525450cac \
     --hash=sha256:5b0cf7f0a9cb8fb11881b8615c7d979f5d02bdab6c3f428bf40956537c87071c \

contrib/osx/README.md

@@ -0,0 +1,127 @@
+Building macOS binaries
+=======================
+
+✓ _This binary should be reproducible, meaning you should be able to generate
+   binaries that match the official releases._
+
+This guide explains how to build Electrum binaries for macOS systems.
+
+
+## Building the binary
+
+This needs to be done on a system running macOS or OS X.
+
+Notes about compatibility with different macOS versions:
+- In general the binary is not guaranteed to run on an older version of macOS
+  than what the build machine has. This is due to bundling the compiled Python into
+  the [PyInstaller binary](https://github.com/pyinstaller/pyinstaller/issues/1191).
+- The [bundled version of Qt](https://github.com/spesmilo/electrum/issues/3685) also
+  imposes a minimum supported macOS version.
+- If you want to build binaries that conform to the macOS "Gatekeeper", so as to
+  minimise the warnings users get, the binaries need to be codesigned with a
+  certificate issued by Apple, and starting with macOS 10.15 the binaries also
+  need to be notarized by Apple's central server. The catch is that to be able to build
+  binaries that Apple will notarise (due to the requirements on the binaries themselves,
+  e.g. hardened runtime) the build machine needs at least macOS 10.14.
+  See [#6128](https://github.com/spesmilo/electrum/issues/6128).
+
+We currently build the release binaries on macOS 10.14.6, and these seem to run on
+10.13 or newer.
+
+Before starting, you should install `brew`.
+
+
+#### Notes about reproducibility
+
+- We recommend creating a VM with a macOS guest, e.g. using VirtualBox,
+  and building there.
+- The guest should run macOS 10.14.6 (that specific version).
+- The unix username should be `vagrant`, and `electrum` should be cloned directly
+  to the user's home dir: `/Users/vagrant/electrum`.
+- Builders need to use the same version of Xcode; and note that
+  full Xcode and Xcode commandline tools differ!
+  - Xcode CLI tools are sufficient for everything, except it is missing `altool`,
+    which is needed for the release-manager to notarise the `.dmg`.
+  - so full Xcode is needed, to have `altool`.
+  - however, brew now consider macOS 10.14 too old, and for some reason it
+    requires Xcode CLI tools. (`Error: Xcode alone is not sufficient on Mojave.`)
+
+  So, we need *both* full Xcode and Xcode CLI tools. Both with version 11.3.1.
+  The two Xcodes should be located exactly as follows:
+    ```
+    $ xcode-select -p
+    /Users/vagrant/Downloads/Xcode.app/Contents/Developer
+    $ xcrun --show-sdk-path
+    /Library/Developer/CommandLineTools/SDKs/MacOSX10.14.sdk
+    ```
+- Make sure that you are building from a fresh clone of electrum
+  (or run e.g. `git clean -ffxd` to rm all local changes).
+
+
+#### 1. Get Xcode
+
+Notarizing the application requires full Xcode
+(not just command line tools as that is missing `altool`).
+
+Get it from [here](https://developer.apple.com/download/more/).
+Unfortunately, you need an "Apple ID" account.
+
+(note: the last Xcode that runs on macOS 10.14.6 is Xcode 11.3.1)
+
+Install full Xcode:
+```
+$ shasum -a 256 "$HOME/Downloads/Xcode_11.3.1.xip"
+9a92379b90734a9068832f858d594d3c3a30a7ddc3bdb6da49c738aed9ad34b5  /Users/vagrant/Downloads/Xcode_11.3.1.xip
+$ xip -x "$HOME/Downloads/Xcode_11.3.1.xip"
+$ sudo xcode-select -s "$HOME/Downloads/Xcode.app/Contents/Developer/"
+$ # agree with licence
+$ sudo xcodebuild -license
+```
+
+(note: unsure if needed:)
+```
+$ # try this to install additional component:
+$ sudo xcodebuild -runFirstLaunch
+```
+
+Install Xcode CLI tools:
+```
+$ shasum -a 256 "$HOME/Downloads/Command_Line_Tools_for_Xcode_11.3.1.dmg"
+1c4b477285641cca5313f456b712bf726aca8db77f38793420e1d451588673f9  /Users/vagrant/Downloads/Command_Line_Tools_for_Xcode_11.3.1.dmg
+$ hdiutil attach "$HOME/Downloads/Command_Line_Tools_for_Xcode_11.3.1.dmg"
+$ sudo installer -package "/Volumes/Command Line Developer Tools/Command Line Tools.pkg" -target /
+$ hdiutil detach "/Volumes/Command Line Developer Tools"
+```
+
+#### 2. Build Electrum
+
+    cd electrum
+    ./contrib/osx/make_osx
+
+This creates both a folder named Electrum.app and the .dmg file.
+
+If you want the binaries codesigned for MacOS and notarised by Apple's central server,
+provide these env vars to the `make_osx` script:
+
+    CODESIGN_CERT="Developer ID Application: Electrum Technologies GmbH (L6P37P7P56)" \
+    APPLE_ID_USER="me@email.com" \
+    APPLE_ID_PASSWORD="1234" \
+    ./contrib/osx/make_osx
+
+
+## Verifying reproducibility and comparing against official binary
+
+Every user can verify that the official binary was created from the source code in this 
+repository.
+
+1. Build your own binary as described above.
+2. Use the provided `compare_dmg` script to compare the binary you built with
+   the official release binary.
+    ```
+    $ ./contrib/osx/compare_dmg dist/electrum-*.dmg electrum_dmg_official_release.dmg
+    ```
+   The `compare_dmg` script is mostly only needed as the official release binary is
+   codesigned and notarized. Otherwise, the built `.app` bundles should be byte-identical.
+   (Note that we are using `hdutil` to create the `.dmg`, and its output is not
+   deterministic, but we cannot compare the `.dmg` files directly anyway as they contain
+   codesigned files)

contrib/osx/apply_sigs.sh

@@ -0,0 +1,58 @@
+#!/bin/sh
+# Copyright (c) 2014-2019 The Bitcoin Core developers
+# Distributed under the MIT software license, see the accompanying
+# file COPYING or http://www.opensource.org/licenses/mit-license.php.
+#
+# This script is based on https://github.com/bitcoin/bitcoin/blob/194b9b8792d9b0798fdb570b79fa51f1d1f5ebaf/contrib/macdeploy/detached-sig-apply.sh
+
+export LC_ALL=C
+set -e
+
+if [ $(uname) != "Darwin" ]; then
+    echo "This script needs to be run on macOS."
+    exit 1
+fi
+
+CP=gcp
+
+UNSIGNED="$1"
+SIGNATURE="$2"
+ARCH=x86_64
+OUTDIR="/tmp/electrum_compare_dmg/signed_app"
+
+if [ -z "$UNSIGNED" ]; then
+    echo "usage: $0 <unsigned app> <path to mac_extracted_sigs.tar.gz>"
+    exit 1
+fi
+
+if [ -z "$SIGNATURE" ]; then
+    echo "usage: $0 <unsigned app> <path to mac_extracted_sigs.tar.gz>"
+    exit 1
+fi
+
+rm -rf ${OUTDIR} && mkdir -p ${OUTDIR}
+${CP} -rf ${UNSIGNED} ${OUTDIR}
+tar xf "${SIGNATURE}" -C ${OUTDIR}
+
+find ${OUTDIR} -name "*.sign" | while read i; do
+    SIZE=$(gstat -c %s "${i}")
+    TARGET_FILE="$(echo "${i}" | sed 's/\.sign$//')"
+
+    if [ -z ${QUIET} ]; then
+        echo "Allocating space for the signature of size ${SIZE} in ${TARGET_FILE}"
+    fi
+    codesign_allocate -i "${TARGET_FILE}" -a ${ARCH} ${SIZE} -o "${i}.tmp"
+
+    OFFSET=$(pagestuff "${i}.tmp" -p | tail -2 | grep offset | sed 's/[^0-9]*//g')
+    if [ -z ${QUIET} ]; then
+        echo "Attaching signature at offset ${OFFSET}"
+    fi
+
+    dd if="$i" of="${i}.tmp" bs=1 seek=${OFFSET} count=${SIZE} 2>/dev/null
+    mv "${i}.tmp" "${TARGET_FILE}"
+    rm "${i}"
+    if [ -z ${QUIET} ]; then
+        echo "Success."
+    fi
+done
+echo "Done. .app with sigs applied is at: ${OUTDIR}"