Skip to content

Drop Python 3.9, use 3.10 for dist, bump Ledger#819

Open
Sjors wants to merge 15 commits into
bitcoin-core:masterfrom
Sjors:2026/01/python-bump
Open

Drop Python 3.9, use 3.10 for dist, bump Ledger#819
Sjors wants to merge 15 commits into
bitcoin-core:masterfrom
Sjors:2026/01/python-bump

Conversation

@Sjors

@Sjors Sjors commented Jan 21, 2026

Copy link
Copy Markdown
Member

This PR first switches the deterministic builds to Python 3.10. It then drops the end-of-life 3.9.

Then it bumps Speculos and Ledger and enables the tests that were previously disabled.

There's also a few minor cleanup commits, plus changes to make the Docker containers Podman friendly so I can easily run them locally.

@Sjors Sjors force-pushed the 2026/01/python-bump branch 2 times, most recently from 8489c74 to 57f6690 Compare January 23, 2026 09:21
@Sjors Sjors force-pushed the 2026/01/python-bump branch from 57f6690 to a608ea3 Compare January 30, 2026 10:00
@Sjors Sjors marked this pull request as ready for review January 30, 2026 10:01
@Sjors

Sjors commented Jan 30, 2026

Copy link
Copy Markdown
Member Author

Rebased after #818 landed, ready for review.

I lightly tested the dist builds on Ubuntu (x86_64, including qt) and macOS (only command line).

I ran the GUI in Wine, but that doesn't have USB access so not very informative. I also ran it on a native Windows machine. Windows Defender wasn't happy about it, but I didn't do any code signing. There it detected a connected device, so that's good.

I wonder if it makes sense for the deterministic binary releases to jump straight ahead to a more modern Python?

Also, would it make sense to do one final HWI release with Python 3.9 before merging this?

@Sjors

Sjors commented Jan 30, 2026

Copy link
Copy Markdown
Member Author

Added commit to re-enable the Ledger tests.

@Sjors Sjors force-pushed the 2026/01/python-bump branch from a4e3a84 to ae9e49d Compare January 31, 2026 09:04
@Sjors

Sjors commented Jan 31, 2026

Copy link
Copy Markdown
Member Author

Rebased just in case after recent merges.

@achow101

achow101 commented Feb 3, 2026

Copy link
Copy Markdown
Member

Does the dist build work on in an arm docker container, as described in the release process?

@Sjors Sjors force-pushed the 2026/01/python-bump branch from ae9e49d to f473a2e Compare February 3, 2026 11:20
@Sjors

Sjors commented Feb 3, 2026

Copy link
Copy Markdown
Member Author

Does the dist build work on in an arm docker container

I built inside an arm64 docker container on the x86 linux machine. I also made it do an hwi --help.

Rebased again, this time using generate_setup.py in the relevant commits, so e.g. the description field is updated when I touch the README.

The first time I ran that command, it moved hwilib.ui from packages to ui/* in package_data, see 35aa66a. No idea if that's correct.

I also built and tested the x86 macOS build on a native machine. I was able to run the QT application and it connected to a test deviced and fetch the descriptors.

Checksums:

19ee9fa6181421de1d6b404145438a1d00c61b3f0e55cc19a344f54fb5e76289  hwi-3.2.0-rc.1-linux-aarch64.tar.gz
3987142f1a441f893c28372b7ccd6a143b06c324cc9ee50f86b9cdb4d21f3204  hwi-3.2.0-rc.1-linux-aarch64.tar.gz/hwi
9909786e92a9cf0079d4aba986a6f8b856abba49c52a6df9e57dcae4c2e3c3a7  hwi-3.2.0-rc.1-linux-x86_64.tar.gz
64b5568167acd0d619f34c1739c430491b214bbf326bd8a4a2e0528c6b58d040  hwi-3.2.0-rc.1-linux-x86_64.tar.gz/hwi
97554105f474ba60b46d3b26534d254318114c05f5193c53e79bdf7167836239  hwi-3.2.0-rc.1-linux-x86_64.tar.gz/hwi-qt
83ac0f79ec5d9ecfb6aca98d325aaf05e47b3ba31b5c1e4fa69a2bfb088719d4  hwi-3.2.0-rc.1-mac-arm64.tar.gz
f9e884b02c2cd37e43f0668d32afef43cda649262d8ec891302a6d63f95026ed  hwi-3.2.0-rc.1-mac-arm64.tar.gz/hwi
6c070537a9f547c5b1e63a0c6d42aff9658a4e9305fa501c9e4ee752b04cdf3f  hwi-3.2.0-rc.1-mac-x86_64.tar.gz
241dea62a11ae2e18a547d8dd496e30cff7e005256ef460b6fde77aa303c6f40  hwi-3.2.0-rc.1-mac-x86_64.tar.gz/hwi
eea44149abb0a800c18f3895ea7b4f92937d01378bbfaa68ae74f89b4ef37aa3  hwi-3.2.0-rc.1-mac-x86_64.tar.gz/hwi-qt
be2d6ddb0fc18be6d9525c5004bc899e487e20ca51bd20aaa3e8e3ff43b28d0a  hwi-3.2.0-rc.1-windows-x86_64.zip
bf9e8a41e84537e1e3fa2310e8453a13cce50ee5befd8d6767e546bc29c17e2b  hwi-3.2.0-rc.1-windows-x86_64.zip/hwi-qt.exe
04b63d2a0b1e73253fe167aa7d9fe10e4da05f6c416319846b927deb00b000b1  hwi-3.2.0-rc.1-windows-x86_64.zip/hwi.exe
902438e1e1e988ab99099895f515ef701fc813fa42ad1620a733a6745f25933c  hwi-3.2.0rc1-py3-none-any.whl
f01ac678aa1c4da6e84eb83d42044a559acd0177313dd77b49a9494f9db9b7d6  hwi-3.2.0rc1.tar.gz

@Sjors

Sjors commented Feb 3, 2026

Copy link
Copy Markdown
Member Author

The spurious Ledger failure appears to be the result of the test suite occasionally hitting the Cancel / Reject button.

2026-02-03T12:43:44.9074661Z seproxyhal: received (tag: 0x60, size: 0x02): b'\x00\x00'
2026-02-03T12:43:44.9074759Z automation: getting actions for "" (0, 0)
2026-02-03T12:43:44.9074882Z automation: getting actions for "Reject" (46, 36)
2026-02-03T12:43:44.9075003Z seproxyhal: applying automation ['button', 1, True]
2026-02-03T12:43:44.9075128Z seproxyhal: applying automation ['button', 1, False]
2026-02-03T12:43:44.9075220Z seproxyhal.packet: send 05000100
...
2026-02-03T12:43:44.9077945Z apdu: < 6985

Where 0x6985: DenyError according to device_exception.py

Added a commit to drop that rule, since it's unused anyway.

@Sjors

Sjors commented Jul 3, 2026

Copy link
Copy Markdown
Member Author

Rebased just in case.

  • bumped the Python patch version to 3.10.20.
  • bumped Speculos to v0.26.9
  • bumped ledger-app-builder to 5.3.2
  • bumped Ledger app to 2.4.6
    • plus two fixes from the develop branch
    • some test automation changes
    • the new version restricts xpub derivations, which test: make device signing cases more granular compensates for. This only impacts getkeypool.

I briefly tested the x86 linux gui.

@Sjors

Sjors commented Jul 3, 2026

Copy link
Copy Markdown
Member Author

Added a commit here to fix Trezor CI. Unrelated so can be its own PR if it works.

@Sjors Sjors force-pushed the 2026/01/python-bump branch from c85d39c to a8bd342 Compare July 3, 2026 15:57
@Sjors

Sjors commented Jul 3, 2026

Copy link
Copy Markdown
Member Author

The one bitbox01 and one ledger failures seem spurious. But the jade test failures were real, so I'm pushing a new fix shortly (basically #832).

@Sjors Sjors force-pushed the 2026/01/python-bump branch from d2093d9 to d21b545 Compare July 3, 2026 17:03
The rolling nightly toolchain has drifted past what trezor-firmware
core/v2.9.6 supports: recent nightlies reject its
reexport_test_harness_main attribute with error E0658. Pin the nightly
to 2025-04-15, matching the firmware's own shell.nix.

Co-authored-by: Claude (Fable 5) <noreply@anthropic.com>
@Sjors Sjors mentioned this pull request Jul 3, 2026
Sjors and others added 3 commits July 3, 2026 21:37
cache_unsigned_tx_pieces() decided whether to call setup_from_tx()
by checking if self.tx is None. But it never is: __init__ sets it to
an empty CTransaction. So for PSBTv2, which has no global transaction,
setup_from_tx() replaced the deserialized tx version and fallback
locktime with the empty transaction's defaults (version 1, locktime 0).

This silently modified any PSBTv2 transaction with a different version
or locktime, such as those made by Bitcoin Core (version 2 and an
anti-fee-sniping locktime), invalidating signatures created before the
round-trip through HWI.

Check the PSBT version instead, as the docstring already describes.

Co-authored-by: Claude (Fable 5) <noreply@anthropic.com>
Also drops Python 3.6 dataclasses leftover.
@Sjors

Sjors commented Jul 3, 2026

Copy link
Copy Markdown
Member Author

Actually #832 did not do the trick. This time I ran the simulator locally to reproduce the issue. It was the PSBTv2 change on Bitcoin Core's master (again, this change bit me multiple times). I dropped the cbor commits, because they're not needed here, but based on local testing they should not be a problem.

I opened a fresh PR for just the CI fixes: #836

Sjors added 3 commits July 3, 2026 21:46
This reduces churn when running this command again
for the upcoming commits.
Sjors added 4 commits July 3, 2026 21:46
Most device simulators accept arbitrary keypool paths, so keep testing
that behavior by default.

Some devices enforce their own derivation path policies. Let those
emulators opt out of the arbitrary-path portion while still running the
remaining keypool checks.
Also demote discarded-qualifiers warnings in Speculos' bundled deps so -Werror builds keep working with the updated simulator.
@Sjors Sjors force-pushed the 2026/01/python-bump branch from d21b545 to 712823a Compare July 3, 2026 19:48
This was referenced Jul 3, 2026

@andreasgriffin andreasgriffin left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM and I let codex also review with no issues found.

@Sjors

Sjors commented Jul 4, 2026

Copy link
Copy Markdown
Member Author

The one failing ledger just is spurious.

@andreasgriffin much of this was written with the help of Claude and Codex, so I wouldn't expect it to find anything. Unless you give it a more specific prompt based on your own review, of something that might be incorrect.

In general for this Python bump it would be great if someone can test the binaries on every supported platform. I did that before the rebase, so I don't expect anything new to have broken, but still.

Sjors and others added 4 commits July 4, 2026 12:32
The Speculos automation file advances through screens by matching
text fragments. The rule for the "To" screen matched any fragment
starting with "To", including parts of the destination address
shown below that title.

This is what failed in CI run 28680592019 (job 85066632783). The
address mzmauywUy3WF1TX3YxzQMA5PR4zXqJVLTo was split on the device
screen into "mzmauywUy3WF1TX", "3YxzQMA5PR4zXqJVL" and "To". The
latter confused the automation rule for "To", which pressed an
extra right button:

    automation: getting actions for "To" (57, 3)
    automation: getting actions for "mzmauywUy3WF1TX" (9, 19)
    automation: getting actions for "3YxzQMA5PR4zXqJVL" (8, 33)
    automation: getting actions for "To" (57, 47)
    seproxyhal: applying automation ['button', 2, True]
    seproxyhal: applying automation ['button', 2, False]

From there every press landed one screen late; the approval hit
"Reject transaction" and the app returned 0x6985, so signtx
reported a canceled error. "T" and "o" are both valid base58
characters, and bitcoind generates fresh addresses on every run,
which makes this a rare and random failure. Bech32 addresses
cannot trigger it ("o" is not in the bech32 character set).

Limit the "To" rule to the title row (y=3), where address text
never appears. The rule file format does not allow comments, so a
warning about short words in automation rules goes in the README.

Co-authored-by: Claude (Fable 5) <noreply@anthropic.com>
It's unused and occasionally trips up a test.
@Sjors Sjors force-pushed the 2026/01/python-bump branch from 712823a to 887843c Compare July 4, 2026 10:33
@Sjors

Sjors commented Jul 4, 2026

Copy link
Copy Markdown
Member Author

Fable discovered that the one flaky failure here was due to a base58 address ending in To, which ended up at the start of the screen when the address was split. This collides with the automation rule "To".

It's a pre-existing bug, but I kept the fix be87c6e here, because it only impacts tests that were disabled before this PR.

@andreasgriffin

andreasgriffin commented Jul 6, 2026

Copy link
Copy Markdown

In general for this Python bump it would be great if someone can test the binaries on every supported platform. I did that before the rebase, so I don't expect anything new to have broken, but still.

Tested (and they work) https://github.com/bitcoin-core/HWI/actions/runs/28703459171/artifacts/8080924437 (from tests) wheel file on

  • Linux x86_64 Python 3.12.1
  • Mac arm64 Python 3.12.3
  • Win x86_64 Python 3.12.3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants