Upgrade trezorlib to 0.20

contrib/build-linux/appimage/make_appimage.sh

@@ -151,6 +151,9 @@ info "installing electrum and its dependencies."
 "$python" -m pip install --no-build-isolation --no-dependencies --no-binary :all: --no-warn-script-location \
     --cache-dir "$PIP_CACHE_DIR" -r "$CONTRIB/deterministic-build/requirements-hw.txt"
 
+"$python" -m pip install --no-build-isolation --no-dependencies --no-binary :all: --no-warn-script-location \
+    --cache-dir "$PIP_CACHE_DIR" "git+https://github.com/trezor/trezor-firmware@ceed0cf0db9fa1b14ebe56a18e04f67a134943aa#egg=trezor&subdirectory=python"
+
 "$python" -m pip install --no-build-isolation --no-dependencies --no-warn-script-location \
     --cache-dir "$PIP_CACHE_DIR" "$PROJECT_ROOT"
 
@@ -245,10 +248,10 @@ rm -rf "$PYDIR"/site-packages/PyQt6/Qt.so
 find "$APPDIR" -path '*/__pycache__*' -delete
 # although note that *.dist-info might be needed by certain packages...
 # e.g. slip10 uses importlib that needs it
-for f in "$PYDIR"/site-packages/slip10-*.dist-info; do mv "$f" "$(echo "$f" | sed s/\.dist-info/\.dist-info2/)"; done
+for f in "$PYDIR"/site-packages/{slip10,trezor}-*.dist-info; do mv "$f" "$(echo "$f" | sed s/\.dist-info/\.dist-info2/)"; done
 rm -rf "$PYDIR"/site-packages/*.dist-info/
 rm -rf "$PYDIR"/site-packages/*.egg-info/
-for f in "$PYDIR"/site-packages/slip10-*.dist-info2; do mv "$f" "$(echo "$f" | sed s/\.dist-info2/\.dist-info/)"; done
+for f in "$PYDIR"/site-packages/{slip10,trezor}-*.dist-info2; do mv "$f" "$(echo "$f" | sed s/\.dist-info2/\.dist-info/)"; done
 
 
 find -exec touch -h -d '2000-11-11T11:11:11+00:00' {} +

contrib/build-wine/pyinstaller.spec

@@ -51,6 +51,7 @@ datas += collect_data_files('bitbox02')
 
 # some deps rely on importlib metadata
 datas += copy_metadata('slip10')  # from trezor->slip10
+datas += copy_metadata('trezor')
 
 # Exclude parts of Qt that we never use. Reduces binary size by tens of MBs. see #4815
 excludes = [

contrib/deterministic-build/find_restricted_dependencies.py

@@ -1,10 +1,6 @@
 #!/usr/bin/env python3
 import sys
-
-try:
-    import requests
-except ImportError as e:
-    sys.exit(f"Error: {str(e)}. Try 'python3 -m pip install <module-name>'")
+from importlib.metadata import requires, PackageNotFoundError
 
 def is_dependency_edge_blacklisted(*, parent_pkg: str, dep: str) -> bool:
     """Sometimes a package declares a hard dependency
@@ -38,26 +34,24 @@ def main():
         if not p:
             continue
         assert "==" in p, "This script expects a list of packages with pinned version, e.g. package==1.2.3, not {}".format(p)
-        p, v = p.rsplit("==", 1)
-        try:
-            data = requests.get("https://pypi.org/pypi/{}/{}/json".format(p, v)).json()["info"]
-        except ValueError:
-            raise Exception("Package could not be found: {}=={}".format(p, v))
+        pkg_name, _ = p.rsplit("==", 1)
         try:
-            for r in data["requires_dist"]:  # type: str
-                if ";" not in r:
-                    continue
-                # example value for "r" at this point: "pefile (>=2017.8.1) ; sys_platform == \"win32\""
-                dep, restricted = r.split(";", 1)
-                dep = dep.strip()
-                restricted = restricted.strip()
-                dep_basename = dep.split(" ")[0]
-                if check_restriction(dep=dep, restricted=restricted, parent_pkg=p):
-                    print(dep_basename, sep=" ")
-                    print("Installing {} from {} although it is only needed for {}".format(dep, p, restricted), file=sys.stderr)
-        except TypeError:
-            # Has no dependencies at all
+            reqs = requires(pkg_name)
+        except PackageNotFoundError:
+            raise Exception("Package not found in this environment: {}. Install it first.".format(p))
+        if reqs is None:
             continue
+        for r in reqs:
+            if ";" not in r:
+                continue
+            # example value for "r": "pefile (>=2017.8.1) ; sys_platform == \"win32\""
+            dep, restricted = r.split(";", 1)
+            dep = dep.strip()
+            restricted = restricted.strip()
+            dep_basename = dep.split(" ")[0]
+            if check_restriction(dep=dep, restricted=restricted, parent_pkg=pkg_name):
+                print(dep_basename, sep=" ")
+                print("Installing {} from {} although it is only needed for {}".format(dep, pkg_name, restricted), file=sys.stderr)
 
 if __name__ == "__main__":
     main()

contrib/deterministic-build/requirements-hw.txt

@@ -216,15 +216,6 @@ charset-normalizer==3.4.2 \
 ckcc-protocol==1.4.0 \
     --hash=sha256:c5fcc4705b4b78ec515b39549642570a660142407fa684c278cb0aea8122defa \
     --hash=sha256:cd93d4d3e3308ea4580aa6be5b4613a8266fd96b0cc1af51e7168def27bbece5
-click==8.1.8 \
-    --hash=sha256:63c132bbbed01578a06712a2d1f497bb62d9c1c0d329b7903a866228027263b2 \
-    --hash=sha256:ed53c9d8990d83c2a27deae68e4ee337473f6330c040a31d4225c9574d16096a
-construct==2.10.70 \
-    --hash=sha256:4d2472f9684731e58cc9c56c463be63baa1447d674e0d66aeb5627b22f512c29 \
-    --hash=sha256:c80be81ef595a1a821ec69dc16099550ed22197615f4320b57cc9ce2a672cb30
-construct-classes==0.1.2 \
-    --hash=sha256:72ac1abbae5bddb4918688713f991f5a7fb6c9b593646a82f4bf3ac53de7eeb5 \
-    --hash=sha256:e82437261790758bda41e45fb3d5622b54cfbf044ceb14774af68346faf5e08e
 cryptography==45.0.3 \
     --hash=sha256:00094838ecc7c6594171e8c8a9166124c1197b074cfca23645cee573910d76bc \
     --hash=sha256:050ce5209d5072472971e6efbfc8ec5a8f9a841de5a4db0ebd9c2e392cb81972 \
@@ -424,9 +415,6 @@ six==1.17.0 \
 slip10==1.0.1 \
     --hash=sha256:02b350ae557b591791428b17551f95d7ac57e9211f37debdc814c90b4a123a54 \
     --hash=sha256:4aa764369db0a261e468160ec1afeeb2b22d26392dd118c49b9daa91f642947b
-trezor==0.13.10 \
-    --hash=sha256:7a0b6ae4628dd0c31a5ceb51258918d9bbdd3ad851388837225826b228ee504f \
-    --hash=sha256:7c85dc2c47998765c84d309fc753d2b116c943d447289157895488899c95706d
 typing-extensions==4.13.2 \
     --hash=sha256:a439e7c04b49fec3e5d3e2beaa21755cadbbdc391694e28ccdd36ca4a1408f8c \
     --hash=sha256:e6c81219bd689f51865d9e372991c540bda33a0379d5573cddb9a3a23f7caaef

contrib/freeze_packages.sh

@@ -34,16 +34,20 @@ for suffix in '' '-hw' '-binaries' '-binaries-mac' '-build-wine' '-build-mac' '-
     # that we should explicitly install them now, so that we pin latest versions if possible.
     python -m pip install --upgrade pip setuptools wheel
 
+    # install ghost packages to satisfy dependency resolvers
+    for package in $(cat "$contrib/requirements/ghost.txt"); do
+        python "$contrib/install_ghost.py" "$package"
+    done
+
     python -m pip install -r "$contrib/requirements/${reqfile}" --upgrade
 
     echo "OK."
 
     requirements=$(pip freeze --all)
 
-    restricted=$(echo $requirements | ${SYSTEM_PYTHON} "$contrib/deterministic-build/find_restricted_dependencies.py")
+    restricted=$(echo $requirements | python "$contrib/deterministic-build/find_restricted_dependencies.py")
     if [ ! -z "$restricted" ]; then
         python -m pip install $restricted
-        requirements=$(pip freeze --all)
     fi
 
     echo "Generating package hashes... (${reqfile})"
@@ -65,6 +69,12 @@ for suffix in '' '-hw' '-binaries' '-binaries-mac' '-build-wine' '-build-mac' '-
         HASHIN_FLAGS="--python-version source"
     fi
 
+    # remove ghost packages before hashin step, so that they aren't hashed
+    for package in $(cat "$contrib/requirements/ghost.txt"); do
+        python -m pip uninstall -y $package
+    done
+    requirements=$(pip freeze --all)
+
     echo -e "\r  Hashing requirements for $reqfile..."
     ${SYSTEM_PYTHON} -m hashin $HASHIN_FLAGS -r "$contrib/deterministic-build/${reqfile}" $requirements
 

contrib/install_ghost.py

@@ -0,0 +1,32 @@
+import sys, tempfile, subprocess
+from pathlib import Path
+from importlib.metadata import distribution
+
+
+PYPROJECT_TOML = """
+[project]
+name = "{name}"
+version = "{version}"
+description = "Ghost package to satisfy dependencies"
+"""
+
+
+def install_ghost(name: str, version: str) -> None:
+    with tempfile.TemporaryDirectory() as tmpdir:
+        pyproject_toml = PYPROJECT_TOML.format(name=name, version=version)
+        (Path(tmpdir) / "pyproject.toml").write_text(pyproject_toml)
+        subprocess.check_call([sys.executable, "-m", "pip", "install", tmpdir])
+
+        dist = distribution(name)
+        for file in dist.files:
+            path = file.locate()
+            if path.name == "direct_url.json":
+                path.unlink()
+
+
+if __name__ == "__main__":
+    if len(sys.argv) != 2:
+        print("Usage: python install_ghost.py <package name>==<package version>")
+        sys.exit(1)
+    name, version = sys.argv[1].split("==")
+    install_ghost(name, version)

contrib/osx/pyinstaller.spec

@@ -54,6 +54,7 @@ datas += collect_data_files('bitbox02')
 
 # some deps rely on importlib metadata
 datas += copy_metadata('slip10')  # from trezor->slip10
+datas += copy_metadata('trezor')
 
 # Exclude parts of Qt that we never use. Reduces binary size by tens of MBs. see #4815
 excludes = [

contrib/requirements/ghost.txt

@@ -0,0 +1,5 @@
+click==8.3.1
+construct==2.10.70
+construct-classes==0.2.2
+platformdirs==4.9.4
+keyring==25.7.0

contrib/requirements/requirements-hw.txt

@@ -1,7 +1,7 @@
 hidapi
 
 # device plugin: trezor
-trezor[hidapi]>=0.13.0,<0.14
+trezor[hidapi]>=0.20.0,<0.21
 
 # device plugin: safe_t
 safet>=0.1.5