Remove podman usage from Ledger tests, fix comments

Author: OBorce

Cargo.lock

@@ -211,6 +211,7 @@ reedline = "0.38"
 ref-cast = "1.0"
 regex = "1.10"
 replace_with = "0.1"
+reqwest = "0.12"
 rfd = { version = "0.15", default-features = false }
 ripemd = "0.1"
 rlimit = "0.10"
@@ -258,15 +259,13 @@ hickory-client = "0.24"
 hickory-server = "0.24"
 zeroize = "1.5"
 
-reqwest = "0.12"
-
 [workspace.dependencies.ledger-lib]
 git = "https://github.com/ledger-community/rust-ledger.git"
-rev = "4be10b810bb6500b7d8bc0b67e64fef24257e0e8"
+rev = "510bb3ca30639af4bdb12a918b6bbbdb75fa5f52"
 
 [workspace.dependencies.ledger-proto]
 git = "https://github.com/ledger-community/rust-ledger.git"
-rev = "4be10b810bb6500b7d8bc0b67e64fef24257e0e8"
+rev = "510bb3ca30639af4bdb12a918b6bbbdb75fa5f52"
 
 [workspace.dependencies.trezor-client]
 git = "https://github.com/mintlayer/mintlayer-trezor-firmware"
@@ -320,4 +319,5 @@ default = ["trezor", "ledger"]
 # is fontconfig-parser <- fontdb <- cosmic-text <- various "iced" crates.
 # TODO: investigate this further.
 fontconfig-parser = { git = "https://github.com/Riey/fontconfig-parser", rev = "f7d13a779e6ee282ce75acbc00a1270c0350e0c2" }
-ledger-proto = { git = "https://github.com/ledger-community/rust-ledger.git", rev = "4be10b810bb6500b7d8bc0b67e64fef24257e0e8" }
+# The patch is needed because there is now release of the library. We use the same hash for all Ledger libs
+ledger-proto = { git = "https://github.com/ledger-community/rust-ledger.git", rev = "510bb3ca30639af4bdb12a918b6bbbdb75fa5f52" }

Cargo.toml

@@ -13,8 +13,13 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-use std::{collections::BTreeMap, time::Duration};
+use std::{
+    collections::BTreeMap,
+    mem::{size_of, size_of_val},
+    time::Duration,
+};
 
+use crate::signer::{ledger_signer::LedgerError, SignerError, SignerResult};
 use crypto::key::{
     extended::ExtendedPublicKey,
     hdkd::{
@@ -23,11 +28,10 @@ use crypto::key::{
     },
     secp256k1::{extended_keys::Secp256k1ExtendedPublicKey, Secp256k1PublicKey},
 };
-use ledger_lib::Exchange;
 use serialization::{Decode, DecodeAll, Encode};
 use utils::ensure;
 
-use crate::signer::{ledger_signer::LedgerError, SignerError, SignerResult};
+use ledger_lib::Exchange;
 
 const MAX_MSG_SIZE: usize = (u8::MAX - 5) as usize; // 4 bytes for the header + 1 for len
 const TIMEOUT_DUR: Duration = Duration::from_secs(100);
@@ -96,19 +100,20 @@ struct SignatureResult {
 }
 
 /// Check that the response ends with the OK status code and return the rest of the response back
-fn ok_response(resp: Vec<u8>) -> SignerResult<Vec<u8>> {
-    let (resp, status_code) = resp.split_last_chunk().ok_or(LedgerError::InvalidResponse)?;
+fn ok_response(mut resp: Vec<u8>) -> SignerResult<Vec<u8>> {
+    let (_, status_code) = resp.split_last_chunk().ok_or(LedgerError::InvalidResponse)?;
     let response_status = u16::from_be_bytes(*status_code);
 
     ensure!(
         response_status == OK_RESPONSE,
         LedgerError::ErrorResponse(response_status)
     );
 
-    Ok(resp.to_vec())
+    resp.truncate(resp.len() - size_of_val(&response_status));
+    Ok(resp)
 }
 
-/// send a message to the Ledger and check the respons status code is ok
+/// Send a message to the Ledger and check the response status code is ok
 async fn exchange_message<L: Exchange>(
     ledger: &mut L,
     msg_buf: &[u8],
@@ -241,7 +246,9 @@ pub async fn sign_tx<L: Exchange>(
     let mut msg_buf = Vec::with_capacity(15);
 
     msg_buf.extend([CLA, Ins::SIGN_TX, P1::TX_META, P2::MORE]);
-    msg_buf.push(1 + 1 + 4 + 4); // data len coin + version + 2 u32 lens
+    let data_len =
+        (size_of_val(&chain_type) + size_of_val(&TX_VERSION) + size_of::<u32>() * 2) as u8;
+    msg_buf.push(data_len);
     msg_buf.push(chain_type);
     msg_buf.push(TX_VERSION);
     msg_buf.extend((inputs.len() as u32).to_be_bytes());

wallet/src/signer/ledger_signer/ledger_messages.rs

@@ -14,11 +14,21 @@
 // limitations under the License.
 
 mod ledger_messages;
-use std::{borrow::Cow, collections::BTreeMap, sync::Arc};
 
-use async_trait::async_trait;
-use itertools::{izip, Itertools};
+use std::{borrow::Cow, collections::BTreeMap, sync::Arc};
 
+use crate::{
+    key_chain::{make_account_path, AccountKeyChains, FoundPubKey},
+    signer::{
+        ledger_signer::ledger_messages::{
+            check_current_app, get_app_name, get_extended_public_key, sign_challenge, sign_tx,
+            LedgerBip32Path, LedgerInputAddressPath, LedgerSignature, LedgerTxInput,
+            LedgerTxInputCommitment, LedgerTxOutput,
+        },
+        signer_utils::{is_htlc_utxo, sign_input_with_standalone_key},
+        Signer, SignerError, SignerResult,
+    },
+};
 use common::{
     chain::{
         config::ChainType,
@@ -54,36 +64,26 @@ use crypto::key::{
     signature::SignatureKind,
     PrivateKey, SigAuxDataProvider, Signature, SignatureError,
 };
-use ledger_lib::{Exchange, Filters, LedgerHandle, LedgerProvider, Transport};
-use randomness::make_true_rng;
 use serialization::Encode;
-use tokio::sync::Mutex;
 use utils::ensure;
 use wallet_storage::{WalletStorageReadLocked, WalletStorageReadUnlocked};
 use wallet_types::{
     hw_data::LedgerData, partially_signed_transaction::PartiallySignedTransaction,
     signature_status::SignatureStatus,
 };
 
-use crate::{
-    key_chain::{make_account_path, AccountKeyChains, FoundPubKey},
-    signer::{
-        ledger_signer::ledger_messages::{
-            check_current_app, get_app_name, get_extended_public_key, sign_challenge, sign_tx,
-            LedgerBip32Path, LedgerInputAddressPath, LedgerSignature, LedgerTxInput,
-            LedgerTxInputCommitment, LedgerTxOutput,
-        },
-        signer_utils::{is_htlc_utxo, sign_input_with_standalone_key},
-        Signer, SignerError, SignerResult,
-    },
-};
+use async_trait::async_trait;
+use itertools::{izip, Itertools};
+use ledger_lib::{Exchange, Filters, LedgerHandle, LedgerProvider, Transport};
+use randomness::make_true_rng;
+use tokio::sync::Mutex;
 
 /// Signer errors
 #[derive(thiserror::Error, Debug, Eq, PartialEq)]
 pub enum LedgerError {
     #[error("No connected Ledger device found")]
     NoDeviceFound,
-    #[error("Different active app: \"{0}\", opened on the Ledger. Please open the Mintlayer app.")]
+    #[error("A different app is currently open on your Ledger device: \"{0}\". Please close it and open the Mintlayer app instead.")]
     DifferentActiveApp(String),
     #[error("Received an invalid response from the Ledger device")]
     InvalidResponse,
@@ -93,7 +93,7 @@ pub enum LedgerError {
     DeviceError(String),
     #[error("Missing hardware wallet data in database")]
     MissingHardwareWalletData,
-    #[error("Derivation path is to long to send to Ledger")]
+    #[error("Derivation path is too long to send to Ledger")]
     PathToLong,
     #[error("Invalid public key returned from Ledger")]
     InvalidKey,
@@ -105,7 +105,7 @@ pub enum LedgerError {
     MultipleSignaturesReturned,
     #[error("Missing multisig index for signature returned from Device")]
     MissingMultisigIndexForSignature,
-    #[error("Invalid Signature error: {0}")]
+    #[error("Signature error: {0}")]
     SignatureError(#[from] SignatureError),
 }
 
@@ -117,13 +117,13 @@ struct StandaloneInput {
 type StandaloneInputs = BTreeMap</*input index*/ u32, Vec<StandaloneInput>>;
 
 #[async_trait]
-pub trait LProvider {
-    type L;
+pub trait LedgerFinder {
+    type Ledger;
 
     async fn find_ledger_device_from_db<T: WalletStorageReadLocked + Send>(
         &self,
         db_tx: T,
-    ) -> (T, SignerResult<(Self::L, LedgerData)>);
+    ) -> (T, SignerResult<(Self::Ledger, LedgerData)>);
 }
 
 pub struct LedgerSigner<L, P> {
@@ -136,7 +136,7 @@ pub struct LedgerSigner<L, P> {
 impl<L, P> LedgerSigner<L, P>
 where
     L: Exchange + Send,
-    P: LProvider<L = L>,
+    P: LedgerFinder<Ledger = L>,
 {
     pub fn new(chain_config: Arc<ChainConfig>, client: Arc<Mutex<L>>, provider: P) -> Self {
         Self::new_with_sig_aux_data_provider(
@@ -245,20 +245,20 @@ where
     }
 
     #[allow(clippy::too_many_arguments)]
-    fn make_signature<'a, 'b, F, F2>(
+    fn make_signature<'a, 'b, MakeWitnessFn, StandaloneSignerFn>(
         &self,
         signatures: &[LedgerSignature],
         standalone_inputs: &'a [StandaloneInput],
         destination: &'b Destination,
         sighash_type: SigHashType,
         sighash: H256,
         key_chain: &impl AccountKeyChains,
-        make_witness: F,
-        sign_with_standalone_private_key: F2,
+        make_witness: MakeWitnessFn,
+        sign_with_standalone_private_key: StandaloneSignerFn,
     ) -> SignerResult<(Option<InputWitness>, SignatureStatus)>
     where
-        F: Fn(StandardInputSignature) -> InputWitness,
-        F2: Fn(&'a StandaloneInput, &'b Destination) -> SignerResult<InputWitness>,
+        MakeWitnessFn: Fn(StandardInputSignature) -> InputWitness,
+        StandaloneSignerFn: Fn(&'a StandaloneInput, &'b Destination) -> SignerResult<InputWitness>,
     {
         match destination {
             Destination::AnyoneCanSpend => Ok((
@@ -359,7 +359,7 @@ where
             .collect()
     }
 
-    fn check_signature_status(
+    fn check_multisig_signature_status(
         &self,
         sighash: H256,
         current_signatures: &AuthorizedClassicalMultisigSpend,
@@ -401,7 +401,7 @@ where
             current_signatures.add_signature(idx as u8, sig);
         }
 
-        let status = self.check_signature_status(sighash, &current_signatures)?;
+        let status = self.check_multisig_signature_status(sighash, &current_signatures)?;
 
         Ok((current_signatures, status))
     }
@@ -459,7 +459,7 @@ where
 impl<L, P> Signer for LedgerSigner<L, P>
 where
     L: Exchange + Send,
-    P: Send + Sync + LProvider<L = L>,
+    P: Send + Sync + LedgerFinder<Ledger = L>,
 {
     async fn sign_tx<T: WalletStorageReadUnlocked + Send>(
         &mut self,
@@ -1162,4 +1162,4 @@ mod tests;
 
 #[cfg(feature = "enable-ledger-device-tests")]
 #[cfg(test)]
-mod speculus;
+mod speculos;

wallet/src/signer/ledger_signer/mod.rs

@@ -0,0 +1,43 @@
+// Copyright (c) 2025 RBB S.r.l
+// [email protected]
+// SPDX-License-Identifier: MIT
+// Licensed under the MIT License;
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://github.com/mintlayer/mintlayer-core/blob/master/LICENSE
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Podman driver for speculos execution, runs a speculos instance within
+//! a Podman container.
+
+use core::fmt::Debug;
+use std::net::SocketAddr;
+
+use crate::signer::ledger_signer::speculos::Handle;
+
+use async_trait::async_trait;
+
+/// Handle to a Speculos instance running under Podman
+#[derive(Debug)]
+pub struct PodmanHandle {
+    addr: SocketAddr,
+}
+
+impl PodmanHandle {
+    pub fn new(addr: SocketAddr) -> Self {
+        Self { addr }
+    }
+}
+
+#[async_trait]
+impl Handle for PodmanHandle {
+    fn addr(&self) -> SocketAddr {
+        self.addr
+    }
+}

wallet/src/signer/ledger_signer/speculos/drivers/.mod.rs.swp

@@ -21,7 +21,6 @@
 use std::net::SocketAddr;
 
 use async_trait::async_trait;
-// use image::{io::Reader as ImageReader, DynamicImage};
 use reqwest::Client;
 use serde::{Deserialize, Serialize};
 use strum::Display;
@@ -72,20 +71,6 @@ pub trait Handle {
 
         Ok(())
     }
-
-    // /// Fetch a screenshot from the simulator
-    // async fn screenshot(&self) -> anyhow::Result<DynamicImage> {
-    //     // Fetch screenshot from HTTP API
-    //     let r = reqwest::get(format!("http://{}/screenshot", self.addr())).await?;
-    //
-    //     // Read image bytes
-    //     let b = r.bytes().await?;
-    //
-    //     // Parse image object
-    //     let i = ImageReader::new(Cursor::new(b)).with_guessed_format()?.decode()?;
-    //
-    //     Ok(i)
-    // }
 }
 
 #[cfg(test)]

wallet/src/signer/ledger_signer/speculos/drivers/mod.rs

@@ -0,0 +1,23 @@
+// Copyright (c) 2025 RBB S.r.l
+// [email protected]
+// SPDX-License-Identifier: MIT
+// Licensed under the MIT License;
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://github.com/mintlayer/mintlayer-core/blob/master/LICENSE
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Rust wrapper for executing Speculos via podman,
+//! provided to simplify CI/CD with ledger applications.
+
+mod drivers;
+pub use drivers::*;
+
+mod handle;
+pub use handle::*;