update to spec 6000000 and add support for stax

.github/workflows/check_version.yml

@@ -20,25 +20,16 @@ jobs:
     needs: configure
     runs-on: ubuntu-latest
     container:
-      image: zondax/builder-bolos:latest
+      image: zondax/ledger-app-builder:latest
       options: --user ${{ needs.configure.outputs.uid_gid }}
-    env:
-      BOLOS_ENV: /opt/bolos
-      HOME: /home/zondax_circle
     outputs:
       version: ${{ steps.store-version.outputs.version }}
     steps:
       - name: Checkout
         uses: actions/checkout@v3
         with:
           submodules: true
-
-      - name: Invoke `version`
-        shell: bash -l {0}
-        env:
-          BOLOS_SDK: ${{ github.workspace }}/deps/nanos-secure-sdk
-        run: make version
-
+      - run: make version
       - id: store-version
         run: echo "version=$(cat ./app/app.version)" >> $GITHUB_OUTPUT
 

.github/workflows/codeql.yml

@@ -0,0 +1,37 @@
+name: "CodeQL"
+
+on:
+  workflow_dispatch:
+  push:
+  pull_request:
+    branches:
+      - main
+      - develop
+
+jobs:
+  analyse:
+    name: Analyse
+    strategy:
+      matrix:
+        sdk: ["$NANOS_SDK", "$NANOX_SDK", "$NANOSP_SDK", "$STAX_SDK"]
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest
+
+    steps:
+      - name: Clone
+        uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: cpp
+          queries: security-and-quality
+
+      - name: Build
+        run: |
+          make -j BOLOS_SDK=${{ matrix.sdk }}
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2

.github/workflows/guidelines_enforcer.yml

@@ -0,0 +1,25 @@
+name: Ensure compliance with Ledger guidelines
+
+# This workflow is mandatory in all applications
+# It calls a reusable workflow guidelines_enforcer developed by Ledger's internal developer team.
+# The successful completion of the reusable workflow is a mandatory step for an app to be available on the Ledger
+# application store.
+#
+# More information on the guidelines can be found in the repository:
+# LedgerHQ/ledger-app-workflows/
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - main
+      - develop
+  pull_request:
+
+jobs:
+  guidelines_enforcer:
+    name: Call Ledger guidelines_enforcer
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_guidelines_enforcer.yml@v1
+    with:
+      relative_app_directory: app

.github/workflows/main.yml

@@ -27,8 +27,7 @@ jobs:
         run: |
           sudo update-alternatives --install /usr/bin/python python /usr/bin/python3 10
           make deps
-      - run: cmake -DCMAKE_BUILD_TYPE=Debug . && make
-      - run: GTEST_COLOR=1 ASAN_OPTIONS=detect_leaks=0 ctest -VV
+      - run: make cpp_test
 
   build_only_rust:
     runs-on: ubuntu-latest
@@ -37,9 +36,10 @@ jobs:
         uses: actions/checkout@v3
         with:
           submodules: true
-      - name: Install deps
-        run: |
-          curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+      - name: Install rust
+        uses: actions-rs/toolchain@v1
+        with:
+          toolchain: stable
       - name: rustfmt
         run: |
           cd ./app/rust
@@ -59,12 +59,10 @@ jobs:
     needs: configure
     runs-on: ubuntu-latest
     container:
-      image: zondax/builder-bolos:latest
+      image: zondax/ledger-app-builder:latest
       options: --user ${{ needs.configure.outputs.uid_gid }}
-    env:
-      BOLOS_SDK: ${{ github.workspace }}/deps/nanos-secure-sdk
-      BOLOS_ENV: /opt/bolos
-      HOME: /home/zondax_circle
+      env:
+        BOLOS_SDK: /opt/nanos-secure-sdk
     outputs:
       size: ${{steps.build.outputs.size}}
     steps:
@@ -76,14 +74,12 @@ jobs:
         id: build
         shell: bash -l {0}
         run: |
-          source $HOME/.cargo/env
           SUBSTRATE_PARSER_FULL=1 make
           echo "size=$(python3 deps/ledger-zxlib/scripts/getSize.py s)" >> $GITHUB_OUTPUT
       - name: Build SR25519 app
         shell: bash -l {0}
         run: |
-          source $HOME/.cargo/env
-          SUPPORT_SR25519=1 make
+          SUBSTRATE_PARSER_FULL=1 SUPPORT_SR25519=1 make
 
   size_nano_s:
     needs: build_ledger
@@ -109,68 +105,27 @@ jobs:
           submodules: true
       - run: sudo apt-get update -y && sudo apt-get install -y libusb-1.0.0 libudev-dev
       - name: Install rust
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y cmake binutils-dev libcurl4-openssl-dev libiberty-dev libelf-dev libdw-dev
-          curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- --no-modify-path --default-toolchain none -y;
-      - name: Install node
-        uses: actions/setup-node@v3
-      - name: Install yarn
-        run: |
-          npm install -g yarn
-      - name: Build Ledger app
-        run: |
-          make SUBSTRATE_PARSER_FULL=1
-      - name: Build/Install build js deps
-        run: |
-          export PATH=~/.cargo/bin:$PATH
-          make zemu_install
-      - name: Run zemu tests
-        run: |
-          export PATH=~/.cargo/bin:$PATH
-          make zemu_test
-
-  test_zemu_sr25519:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions-rs/toolchain@v1
         with:
-          submodules: true
-      - run: sudo apt-get update -y && sudo apt-get install -y libusb-1.0.0 libudev-dev
-      - name: Install rust
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y cmake binutils-dev libcurl4-openssl-dev libiberty-dev libelf-dev libdw-dev
-          curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- --no-modify-path --default-toolchain none -y;
+          toolchain: stable
       - name: Install node
         uses: actions/setup-node@v3
       - name: Install yarn
         run: |
           npm install -g yarn
-      - name: Build Ledger app
+      - name: Build and run zemu tests
         run: |
-          make clean_build && SUBSTRATE_PARSER_FULL=1 SUPPORT_SR25519=1 make buildS
-      - name: Build/Install build js deps
-        run: |
-          export PATH=~/.cargo/bin:$PATH
-          make zemu_install
-      - name: Run zemu tests for sr25519
-        run: |
-          export PATH=~/.cargo/bin:$PATH
-          cd tests_zemu && yarn testSR25519
+          make test_all
 
-  build_package_0:
-    needs: [configure, build, build_ledger, test_zemu, test_zemu_sr25519]
+  build_package_nanos:
+    needs: [configure, build, build_ledger, test_zemu]
     if: ${{ github.ref == 'refs/heads/main' }}
     runs-on: ubuntu-latest
     container:
-      image: zondax/builder-bolos:latest
+      image: zondax/ledger-app-builder:latest
       options: --user ${{ needs.configure.outputs.uid_gid }}
-    env:
-      BOLOS_SDK: ${{ github.workspace }}/deps/nanos-secure-sdk
-      BOLOS_ENV: /opt/bolos
-      HOME: /home/zondax_circle
+      env:
+        BOLOS_SDK: /opt/nanos-secure-sdk
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -182,7 +137,6 @@ jobs:
       - name: Build NanoS
         shell: bash -l {0}
         run: |
-          source $HOME/.cargo/env
           make SUBSTRATE_PARSER_FULL=0
           mv ./app/pkg/installer_s.sh ./app/pkg/installer_nanos.sh
       - name: Set tag
@@ -199,17 +153,15 @@ jobs:
           draft: false
           prerelease: false
 
-  build_package_1:
-    needs: [configure, build, build_ledger, test_zemu, test_zemu_sr25519]
+  build_package_nanos_xl:
+    needs: [configure, build, build_ledger, test_zemu]
     if: ${{ github.ref == 'refs/heads/main' }}
     runs-on: ubuntu-latest
     container:
-      image: zondax/builder-bolos:latest
+      image: zondax/ledger-app-builder:latest
       options: --user ${{ needs.configure.outputs.uid_gid }}
-    env:
-      BOLOS_SDK: ${{ github.workspace }}/deps/nanos-secure-sdk
-      BOLOS_ENV: /opt/bolos
-      HOME: /home/zondax_circle
+      env:
+        BOLOS_SDK: /opt/nanos-secure-sdk
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -221,8 +173,7 @@ jobs:
       - name: Build NanoS XL
         shell: bash -l {0}
         run: |
-          source $HOME/.cargo/env
-          make SUBSTRATE_PARSER_FULL=1 DISABLE_PREVIOUS=1
+          make SUBSTRATE_PARSER_FULL=1
           mv ./app/pkg/installer_s.sh ./app/pkg/installer_nanos_xl.sh
       - name: Set tag
         id: nanos_xl
@@ -238,17 +189,15 @@ jobs:
           draft: false
           prerelease: false
 
-  build_package_2:
-    needs: [configure, build, build_ledger, test_zemu, test_zemu_sr25519]
+  build_package_nanosp:
+    needs: [configure, build, build_ledger, test_zemu]
     if: ${{ github.ref == 'refs/heads/main' }}
     runs-on: ubuntu-latest
     container:
-      image: zondax/builder-bolos:latest
+      image: zondax/ledger-app-builder:latest
       options: --user ${{ needs.configure.outputs.uid_gid }}
-    env:
-      BOLOS_SDK: ${{ github.workspace }}/deps/nanosplus-secure-sdk
-      BOLOS_ENV: /opt/bolos
-      HOME: /home/zondax_circle
+      env:
+        BOLOS_SDK: /opt/nanosplus-secure-sdk
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -260,7 +209,6 @@ jobs:
       - name: Build NanoSP
         shell: bash -l {0}
         run: |
-          source $HOME/.cargo/env
           make SUBSTRATE_PARSER_FULL=1
           mv ./app/pkg/installer_s2.sh ./app/pkg/installer_nanos_plus.sh
       - name: Set tag
@@ -276,3 +224,37 @@ jobs:
           tag_name: ${{ steps.nanosp.outputs.tag_name }}
           draft: false
           prerelease: false
+
+  build_package_stax:
+    needs: [configure, build, build_ledger, test_zemu]
+    if: ${{ github.ref == 'refs/heads/main' }}
+    runs-on: ubuntu-latest
+    container:
+      image: zondax/ledger-app-builder:latest
+      options: --user ${{ needs.configure.outputs.uid_gid }}
+      env:
+        BOLOS_SDK: /opt/stax-secure-sdk
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          submodules: true
+      - name: Install deps
+        run: pip install ledgerblue
+
+      - name: Build Stax
+        shell: bash -l {0}
+        run: make SUBSTRATE_PARSER_FULL=1
+      - name: Set tag
+        id: stax
+        run: echo "tag_name=$(./app/pkg/installer_stax.sh version)" >> $GITHUB_OUTPUT
+      - name: Update Release
+        id: update_release_2
+        uses: softprops/action-gh-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
+        with:
+          files: ./app/pkg/installer_stax.sh
+          tag_name: ${{ steps.stax.outputs.tag_name }}
+          draft: false
+          prerelease: false

.gitignore

@@ -66,6 +66,7 @@ tests_zemu/.pnp.*
 node_modules
 fuzz/corpora
 
+app/build
 !build/.gitkeep
 build/*
 cmake-build-debug

.gitmodules

@@ -9,10 +9,13 @@
 	url = https://github.com/bilke/cmake-modules.git
 [submodule "deps/nanox-secure-sdk"]
 	path = deps/nanox-secure-sdk
-	url = https://github.com/LedgerHQ/nanox-secure-sdk.git
+	url = https://github.com/LedgerHQ/ledger-secure-sdk.git
 [submodule "deps/nanosplus-secure-sdk"]
 	path = deps/nanosplus-secure-sdk
-	url = https://github.com/LedgerHQ/nanosplus-secure-sdk
+	url = https://github.com/LedgerHQ/ledger-secure-sdk.git
 [submodule "deps/ledger-zxlib"]
 	path = deps/ledger-zxlib
 	url = https://github.com/zondax/ledger-zxlib
+[submodule "deps/stax-secure-sdk"]
+	path = deps/stax-secure-sdk
+	url = https://github.com/LedgerHQ/ledger-secure-sdk.git