From 9159c54c2f2264e6dbc7cabb611435f4d1b681e8 Mon Sep 17 00:00:00 2001 From: Andreas Griffin <116060138+andreasgriffin@users.noreply.github.com> Date: Sat, 9 Nov 2024 22:12:37 +0100 Subject: [PATCH] Bumped build dep and added build workflow (#27) see: https://github.com/andreasgriffin/bitcoin-safe/security/dependabot/27 and https://github.com/andreasgriffin/bitcoin-safe/security/dependabot/26 --- .github/workflows/build-appimage-test.yml | 66 +++++++++++++++++ .github/workflows/build-windows-test.yml | 73 +++++++++++++++++++ bitcoin_safe/dynamic_lib_load.py | 4 +- poetry.lock | 14 ++-- pyproject.toml | 2 +- tools/build-linux/appimage/run_in_docker.sh | 2 +- tools/build-wine/run_in_docker.sh | 2 +- tools/build.py | 9 +-- .../requirements-build-base.txt | 6 +- .../requirements-build-wine.txt | 6 +- 10 files changed, 159 insertions(+), 25 deletions(-) create mode 100644 .github/workflows/build-appimage-test.yml create mode 100644 .github/workflows/build-windows-test.yml diff --git a/.github/workflows/build-appimage-test.yml b/.github/workflows/build-appimage-test.yml new file mode 100644 index 0000000..ea4801e --- /dev/null +++ b/.github/workflows/build-appimage-test.yml @@ -0,0 +1,66 @@ +name: Build AppImage Test + +on: + workflow_dispatch: + pull_request: + types: [labeled] + branches: + - main + +jobs: + build: + if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.label.name == 'run-build-test') + runs-on: ubuntu-latest + - name: Checkout repository + uses: actions/checkout@v3 + with: + fetch-depth: 0 # Fetch all history for all branches and tags + + + - name: Set up Python environment + uses: actions/setup-python@v4 + with: + python-version: '3.10' + + - name: Setup xvfb (Linux) + if: runner.os == 'Linux' + run: | + sudo apt-get update + sudo apt-get install -y xvfb \ + libxkbcommon-x11-0 \ + libxcb-icccm4 \ + libxcb-image0 \ + libxcb-keysyms1 \ + libxcb-randr0 \ + libxcb-render-util0 \ + libxcb-xinerama0 \ + libxcb-xinput0 \ + libxcb-xfixes0 \ + libxcb-shape0 \ + libglib2.0-0 \ + libgl1-mesa-dev \ + '^libxcb.*-dev' \ + libx11-xcb-dev \ + libglu1-mesa-dev \ + libxrender-dev \ + libxi-dev \ + libxkbcommon-dev \ + libxkbcommon-x11-dev \ + libsecp256k1-0 + + - name: Install Python dependencies + run: | + python -m pip install --upgrade pip + pip install poetry + poetry install + + - name: Run build script + run: poetry run python tools/build.py --targets appimage --commit None + + + - name: Check for AppImage file + run: | + if [ -z "$(find dist -type f -name '*.AppImage')" ]; then + echo "AppImage file is missing" + exit 1 + fi diff --git a/.github/workflows/build-windows-test.yml b/.github/workflows/build-windows-test.yml new file mode 100644 index 0000000..d9dbea2 --- /dev/null +++ b/.github/workflows/build-windows-test.yml @@ -0,0 +1,73 @@ +name: Build Windows Test + +on: + workflow_dispatch: + pull_request: + types: [labeled] + branches: + - main + +jobs: + build: + if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.label.name == 'run-build-test') + runs-on: ubuntu-latest + - name: Checkout repository + uses: actions/checkout@v3 + with: + fetch-depth: 0 # Fetch all history for all branches and tags + + + - name: Set up Python environment + uses: actions/setup-python@v4 + with: + python-version: '3.10' + + - name: Setup xvfb (Linux) + if: runner.os == 'Linux' + run: | + sudo apt-get update + sudo apt-get install -y xvfb \ + libxkbcommon-x11-0 \ + libxcb-icccm4 \ + libxcb-image0 \ + libxcb-keysyms1 \ + libxcb-randr0 \ + libxcb-render-util0 \ + libxcb-xinerama0 \ + libxcb-xinput0 \ + libxcb-xfixes0 \ + libxcb-shape0 \ + libglib2.0-0 \ + libgl1-mesa-dev \ + '^libxcb.*-dev' \ + libx11-xcb-dev \ + libglu1-mesa-dev \ + libxrender-dev \ + libxi-dev \ + libxkbcommon-dev \ + libxkbcommon-x11-dev \ + libsecp256k1-0 + + - name: Install Python dependencies + run: | + python -m pip install --upgrade pip + pip install poetry + poetry install + + - name: Run build script + run: poetry run python tools/build.py --targets windows --commit None + + + - name: Check for portable EXE file + run: | + if [ -z "$(find dist -type f -name '*portable.exe')" ]; then + echo "Portable EXE file is missing" + exit 1 + fi + + - name: Check for setup EXE file + run: | + if [ -z "$(find dist -type f -name '*setup.exe')" ]; then + echo "Setup EXE file is missing" + exit 1 + fi diff --git a/bitcoin_safe/dynamic_lib_load.py b/bitcoin_safe/dynamic_lib_load.py index 6a58a37..189a274 100644 --- a/bitcoin_safe/dynamic_lib_load.py +++ b/bitcoin_safe/dynamic_lib_load.py @@ -108,8 +108,10 @@ def setup_libsecp256k1() -> None: logger.info(f"Setting libsecp256k1: {lib_path}") bitcoin_usb.set_custom_secp256k1_path(lib_path) bitcointx.set_custom_secp256k1_path(lib_path) + elif get_libsecp256k1_os_path(): + logger.info(f"libsecp256k1 was found in the OS") else: - logger.info(f"libsecp256k1 could not be found at all. This app will not start") + logger.info(f"libsecp256k1 could not be found.") def ensure_pyzbar_works() -> None: diff --git a/poetry.lock b/poetry.lock index 59d7360..9d6b9c6 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1083,13 +1083,13 @@ qt = ["pyside2 (>=5.14.0,<6.0.0)"] [[package]] name = "identify" -version = "2.6.1" +version = "2.6.2" description = "File identification library for Python" optional = false -python-versions = ">=3.8" +python-versions = ">=3.9" files = [ - {file = "identify-2.6.1-py2.py3-none-any.whl", hash = "sha256:53863bcac7caf8d2ed85bd20312ea5dcfc22226800f6d6881f232d861db5a8f0"}, - {file = "identify-2.6.1.tar.gz", hash = "sha256:91478c5fb7c3aac5ff7bf9b4344f803843dc586832d5f110d672b19aa1984c98"}, + {file = "identify-2.6.2-py2.py3-none-any.whl", hash = "sha256:c097384259f49e372f4ea00a19719d95ae27dd5ff0fd77ad630aa891306b82f3"}, + {file = "identify-2.6.2.tar.gz", hash = "sha256:fab5c716c24d7a789775228823797296a2994b075fb6080ac83a102772a98cbd"}, ] [package.extras] @@ -3094,13 +3094,13 @@ files = [ [[package]] name = "wheel" -version = "0.44.0" +version = "0.45.0" description = "A built-package format for Python" optional = false python-versions = ">=3.8" files = [ - {file = "wheel-0.44.0-py3-none-any.whl", hash = "sha256:2376a90c98cc337d18623527a97c31797bd02bad0033d41547043a1cbfbe448f"}, - {file = "wheel-0.44.0.tar.gz", hash = "sha256:a29c3f2817e95ab89aa4660681ad547c0e9547f20e75b0562fe7723c9a2a9d49"}, + {file = "wheel-0.45.0-py3-none-any.whl", hash = "sha256:52f0baa5e6522155090a09c6bd95718cc46956d1b51d537ea5454249edb671c7"}, + {file = "wheel-0.45.0.tar.gz", hash = "sha256:a57353941a3183b3d5365346b567a260a0602a0f8a635926a7dede41b94c674a"}, ] [package.extras] diff --git a/pyproject.toml b/pyproject.toml index 1b32227..7ec83c1 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -66,7 +66,7 @@ test_sources = [ "tests",] test_requires = [ "pytest",] resources = [ "bitcoin_safe/gui/locales/*.qm",] # these requirements are updated from the poetry lock file automatically -requires = ["altgraph==0.17.4", "appdirs==1.4.4", "arrow==1.3.0", "base58==2.1.1", "bdkpython==0.31.0", "binaryornot==0.4.4", "bitcoin-nostr-chat==0.4.1", "bitcoin-qr-tools==0.14.10", "bitcoin-usb==0.5.3", "briefcase==0.3.19", "build==1.2.2.post1", "cachecontrol==0.14.1", "cbor2==5.6.5", "certifi==2024.8.30", "cffi==1.17.1", "cfgv==3.4.0", "chardet==5.2.0", "charset-normalizer==3.4.0", "cleo==2.1.0", "click==8.1.7", "colorama==0.4.6", "cookiecutter==2.6.0", "crashtest==0.4.1", "cryptography==43.0.3", "defusedxml==0.7.1", "distlib==0.3.9", "dmgbuild==1.6.2", "ds-store==1.3.1", "dulwich==0.21.7", "ecdsa==0.19.0", "exceptiongroup==1.2.2", "fastjsonschema==2.20.0", "filelock==3.16.1", "fonttools==4.54.1", "fpdf2==2.8.1", "gitdb==4.0.11", "gitpython==3.1.43", "hidapi==0.14.0.post3", "hwi==3.1.0", "identify==2.6.1", "idna==3.10", "importlib-metadata==8.5.0", "iniconfig==2.0.0", "installer==0.7.0", "jaraco-classes==3.4.0", "jeepney==0.8.0", "jinja2==3.1.4", "keyring==24.3.1", "libusb1==3.1.0", "lxml==5.3.0", "mac-alias==2.2.2", "macholib==1.16.3", "markdown-it-py==3.0.0", "markupsafe==3.0.2", "mdurl==0.1.2", "mnemonic==0.21", "more-itertools==10.5.0", "msgpack==1.1.0", "mss==9.0.2", "nodeenv==1.9.1", "noiseprotocol==0.3.1", "nostr-sdk==0.32.2", "numpy==2.1.3", "opencv-python-headless==4.10.0.84", "packaging==24.2", "pefile==2023.2.7", "pexpect==4.9.0", "pgpy==0.6.0", "pillow==10.4.0", "pip==24.3.1", "pkginfo==1.11.2", "platformdirs==4.3.6", "pluggy==1.5.0", "poetry-core==1.9.1", "poetry-plugin-export==1.8.0", "pre-commit==3.8.0", "protobuf==4.25.5", "psutil==5.9.8", "ptyprocess==0.7.0", "pyaes==1.6.1", "pyasn1==0.6.1", "pycparser==2.22", "pygame==2.6.1", "pygments==2.18.0", "pyinstaller==6.11.0", "pyinstaller-hooks-contrib==2024.9", "pyprof2calltree==1.4.5", "pyproject-hooks==1.2.0", "pyqrcode==1.2.1", "pyqt6==6.7.1", "pyqt6-charts==6.7.0", "pyqt6-charts-qt6==6.7.3", "pyqt6-qt6==6.7.3", "pyqt6-sip==13.8.0", "pyserial==3.5", "pytest==8.3.3", "pytest-qt==4.4.0", "pytest-xvfb==3.0.0", "python-bitcointx==1.1.4", "python-dateutil==2.9.0.post0", "python-gnupg==0.5.3", "python-slugify==8.0.4", "pyvirtualdisplay==3.0", "pywin32-ctypes==0.2.3", "pyyaml==6.0.2", "pyzbar==0.1.9", "rapidfuzz==3.10.1", "reportlab==4.0.8", "requests==2.32.3", "requests-toolbelt==1.0.0", "rich==13.9.4", "secretstorage==3.3.3", "segno==1.6.1", "semver==3.0.2", "setuptools==75.3.0", "shellingham==1.5.4", "six==1.16.0", "smmap==5.0.1", "snakeviz==2.2.0", "text-unidecode==1.3", "tomli==2.0.2", "tomli-w==1.1.0", "tomlkit==0.13.2", "tornado==6.4.1", "translate-toolkit==3.14.1", "trove-classifiers==2024.10.21.16", "types-python-dateutil==2.9.0.20241003", "typing-extensions==4.12.2", "urllib3==2.2.3", "virtualenv==20.27.1", "wcwidth==0.2.13", "wheel==0.44.0", "zipp==3.20.2"] +requires = ["altgraph==0.17.4", "appdirs==1.4.4", "arrow==1.3.0", "base58==2.1.1", "bdkpython==0.31.0", "binaryornot==0.4.4", "bitcoin-nostr-chat==0.4.1", "bitcoin-qr-tools==0.14.10", "bitcoin-usb==0.5.3", "briefcase==0.3.19", "build==1.2.2.post1", "cachecontrol==0.14.1", "cbor2==5.6.5", "certifi==2024.8.30", "cffi==1.17.1", "cfgv==3.4.0", "chardet==5.2.0", "charset-normalizer==3.4.0", "cleo==2.1.0", "click==8.1.7", "colorama==0.4.6", "cookiecutter==2.6.0", "crashtest==0.4.1", "cryptography==43.0.3", "defusedxml==0.7.1", "distlib==0.3.9", "dmgbuild==1.6.2", "ds-store==1.3.1", "dulwich==0.21.7", "ecdsa==0.19.0", "exceptiongroup==1.2.2", "fastjsonschema==2.20.0", "filelock==3.16.1", "fonttools==4.54.1", "fpdf2==2.8.1", "gitdb==4.0.11", "gitpython==3.1.43", "hidapi==0.14.0.post3", "hwi==3.1.0", "identify==2.6.2", "idna==3.10", "importlib-metadata==8.5.0", "iniconfig==2.0.0", "installer==0.7.0", "jaraco-classes==3.4.0", "jeepney==0.8.0", "jinja2==3.1.4", "keyring==24.3.1", "libusb1==3.1.0", "lxml==5.3.0", "mac-alias==2.2.2", "macholib==1.16.3", "markdown-it-py==3.0.0", "markupsafe==3.0.2", "mdurl==0.1.2", "mnemonic==0.21", "more-itertools==10.5.0", "msgpack==1.1.0", "mss==9.0.2", "nodeenv==1.9.1", "noiseprotocol==0.3.1", "nostr-sdk==0.32.2", "numpy==2.1.3", "opencv-python-headless==4.10.0.84", "packaging==24.2", "pefile==2023.2.7", "pexpect==4.9.0", "pgpy==0.6.0", "pillow==10.4.0", "pip==24.3.1", "pkginfo==1.11.2", "platformdirs==4.3.6", "pluggy==1.5.0", "poetry-core==1.9.1", "poetry-plugin-export==1.8.0", "pre-commit==3.8.0", "protobuf==4.25.5", "psutil==5.9.8", "ptyprocess==0.7.0", "pyaes==1.6.1", "pyasn1==0.6.1", "pycparser==2.22", "pygame==2.6.1", "pygments==2.18.0", "pyinstaller==6.11.0", "pyinstaller-hooks-contrib==2024.9", "pyprof2calltree==1.4.5", "pyproject-hooks==1.2.0", "pyqrcode==1.2.1", "pyqt6==6.7.1", "pyqt6-charts==6.7.0", "pyqt6-charts-qt6==6.7.3", "pyqt6-qt6==6.7.3", "pyqt6-sip==13.8.0", "pyserial==3.5", "pytest==8.3.3", "pytest-qt==4.4.0", "pytest-xvfb==3.0.0", "python-bitcointx==1.1.4", "python-dateutil==2.9.0.post0", "python-gnupg==0.5.3", "python-slugify==8.0.4", "pyvirtualdisplay==3.0", "pywin32-ctypes==0.2.3", "pyyaml==6.0.2", "pyzbar==0.1.9", "rapidfuzz==3.10.1", "reportlab==4.0.8", "requests==2.32.3", "requests-toolbelt==1.0.0", "rich==13.9.4", "secretstorage==3.3.3", "segno==1.6.1", "semver==3.0.2", "setuptools==75.3.0", "shellingham==1.5.4", "six==1.16.0", "smmap==5.0.1", "snakeviz==2.2.0", "text-unidecode==1.3", "tomli==2.0.2", "tomli-w==1.1.0", "tomlkit==0.13.2", "tornado==6.4.1", "translate-toolkit==3.14.1", "trove-classifiers==2024.10.21.16", "types-python-dateutil==2.9.0.20241003", "typing-extensions==4.12.2", "urllib3==2.2.3", "virtualenv==20.27.1", "wcwidth==0.2.13", "wheel==0.45.0", "zipp==3.20.2"] diff --git a/tools/build-linux/appimage/run_in_docker.sh b/tools/build-linux/appimage/run_in_docker.sh index f9e9dd2..eade95d 100755 --- a/tools/build-linux/appimage/run_in_docker.sh +++ b/tools/build-linux/appimage/run_in_docker.sh @@ -16,7 +16,7 @@ POETRY_CACHE_DIR="$CONTRIB_APPIMAGE/.cache/poetry_cache" . "$CONTRIB"/build_tools_util.sh -git -C "$PROJECT_ROOT" rev-parse 2>/dev/null || fail "Building outside a git clone is not supported." +git -C "$PROJECT_ROOT" rev-parse 2>/dev/null || fail "Building outside a git clone is not supported. PROJECT_ROOT contents:\n$(ls -la "$PROJECT_ROOT")" export GCC_STRIP_BINARIES="1" diff --git a/tools/build-wine/run_in_docker.sh b/tools/build-wine/run_in_docker.sh index 6c5f666..9052cd6 100755 --- a/tools/build-wine/run_in_docker.sh +++ b/tools/build-wine/run_in_docker.sh @@ -39,7 +39,7 @@ export WINE_PYTHON="wine $WINE_PYHOME/python.exe -B" . "$CONTRIB"/build_tools_util.sh -git -C "$PROJECT_ROOT" rev-parse 2>/dev/null || fail "Building outside a git clone is not supported." +git -C "$PROJECT_ROOT" rev-parse 2>/dev/null || fail "Building outside a git clone is not supported. PROJECT_ROOT contents:\n$(ls -la "$PROJECT_ROOT")" info "Clearing $here/build and $here/dist..." rm "$here"/build/* -rf diff --git a/tools/build.py b/tools/build.py index 726746d..cb58525 100644 --- a/tools/build.py +++ b/tools/build.py @@ -163,6 +163,7 @@ def build_in_docker( None = uses the cwd commit_hash = clones this commit hash into /tmp """ + PROJECT_ROOT = Path(".").resolve().absolute() PROJECT_ROOT_OR_FRESHCLONE_ROOT = PROJECT_ROOT path_build = PROJECT_ROOT / build_folder @@ -217,14 +218,8 @@ def build_in_docker( Source_Dist_dir = PROJECT_ROOT_OR_FRESHCLONE_ROOT / build_folder / "dist" logger.info("Building binary...") - # Check UID and possibly chown - if build_commit: - if os.getuid() != 1000 or os.getgid() != 1000: - logger.info("Need to chown -R FRESH_CLONE directory. Prompting for sudo.") - run_local(f'sudo chown -R 1000:1000 "{FRESH_CLONE}"') - run_local( - f"docker run -it " + f"docker run " f"--name {docker_image}-container " f'-v "{PROJECT_ROOT_OR_FRESHCLONE_ROOT}":/opt/wine64/drive_c/bitcoin_safe ' f"--rm " diff --git a/tools/deterministic-build/requirements-build-base.txt b/tools/deterministic-build/requirements-build-base.txt index 4d071e7..cd77f24 100644 --- a/tools/deterministic-build/requirements-build-base.txt +++ b/tools/deterministic-build/requirements-build-base.txt @@ -10,9 +10,9 @@ pip==23.3 \ poetry-core==1.9.0 \ --hash=sha256:4e0c9c6ad8cf89956f03b308736d84ea6ddb44089d16f2adc94050108ec1f5a1 \ --hash=sha256:fa7a4001eae8aa572ee84f35feb510b321bd652e5cf9293249d62853e1f935a2 -setuptools==65.5.1 \ - --hash=sha256:d0b9a8433464d5800cbe05094acf5c6d52a91bfac9b52bcfc4d41382be5d5d31 \ - --hash=sha256:e197a19aa8ec9722928f2206f8de752def0e4c9fc6953527360d1c36d94ddb2f +setuptools==75.3.0 \ + --hash=sha256:f2504966861356aa38616760c0f66568e535562374995367b4e69c7143cf6bcd \ + --hash=sha256:fba5dd4d766e97be1b1681d98712680ae8f2f26d7881245f2ce9e40714f1a686 setuptools-scm==8.0.4 \ --hash=sha256:b47844cd2a84b83b3187a5782c71128c28b4c94cad8bfb871da2784a5cb54c4f \ --hash=sha256:b5f43ff6800669595193fd09891564ee9d1d7dcb196cab4b2506d53a2e1c95c7 diff --git a/tools/deterministic-build/requirements-build-wine.txt b/tools/deterministic-build/requirements-build-wine.txt index b9c01b8..1923d2a 100644 --- a/tools/deterministic-build/requirements-build-wine.txt +++ b/tools/deterministic-build/requirements-build-wine.txt @@ -13,9 +13,7 @@ pyinstaller-hooks-contrib==2024.1 \ --hash=sha256:51a51ea9e1ae6bd5ffa7ec45eba7579624bf4f2472ff56dba0edc186f6ed46a6 pywin32-ctypes==0.2.2 \ --hash=sha256:3426e063bdd5fd4df74a14fa3cf80a0b42845a87e1d1e81f6549f9daec593a60 -setuptools==65.5.1 \ - --hash=sha256:e197a19aa8ec9722928f2206f8de752def0e4c9fc6953527360d1c36d94ddb2f wheel==0.38.4 \ --hash=sha256:965f5259b566725405b05e7cf774052044b1ed30119b5d586b2703aafe8719ac -zipp==3.17.0 \ - --hash=sha256:84e64a1c28cf7e91ed2078bb8cc8c259cb19b76942096c8d7b84947690cabaf0 \ No newline at end of file +zipp==3.20.2 \ + --hash=sha256:bc9eb26f4506fda01b81bcde0ca78103b6e62f991b381fec825435c836edbc29 \ No newline at end of file