Skip to content

Instantly share code, notes, and snippets.

@KubqoA

KubqoA/.envrc

Last active September 27, 2021 02:09
Show Gist options
  • Save KubqoA/27a46d8bafc40ee6b00353eea8b827d4 to your computer and use it in GitHub Desktop.
Save KubqoA/27a46d8bafc40ee6b00353eea8b827d4 to your computer and use it in GitHub Desktop.
Download ZIP
Development environment for Ledger
Raw
.envrc
use flake
Raw
README.md

Requirements

Optional:

Setup

Copy flake.nix and flake.lock to the root folder of your Ledger projects.

Only using nix

  • Run nix develop

With direnv

  • Also copy .envrc and run direnv allow
Raw
flake.lock
{
"nodes": {
"nanos-secure-sdk": {
"flake": false,
"locked": {
"narHash": "sha256-Qi7NFTgrXAXU+wwblN1VUJtZczhI8h5eslwlowsaivo=",
"type": "tarball",
"url": "https://github.com/LedgerHQ/nanos-secure-sdk/archive/refs/tags/2.0.0-1.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/LedgerHQ/nanos-secure-sdk/archive/refs/tags/2.0.0-1.tar.gz"
}
},
"nanox-secure-sdk": {
"flake": false,
"locked": {
"narHash": "sha256-/vmM7DFdG2a7+lACMPM3yya+5WkRtbangcJQOa9d0uE=",
"type": "tarball",
"url": "https://github.com/LedgerHQ/nanox-secure-sdk/archive/refs/tags/1.3.0.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/LedgerHQ/nanox-secure-sdk/archive/refs/tags/1.3.0.tar.gz"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1624172050,
"narHash": "sha256-sLQEhZ6Ffjx0J1AJxHQDY4y7XWKxI/Zgm/hQJjkjZ6M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6613a30c5e3ee59753181512b4bedd4121569925",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-21.05",
"type": "indirect"
}
},
"root": {
"inputs": {
"nanos-secure-sdk": "nanos-secure-sdk",
"nanox-secure-sdk": "nanox-secure-sdk",
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}
Raw
flake.nix
{
description = "Ledger development environment";
inputs = {
nixpkgs.url = "nixpkgs/nixos-21.05";
# https://ledger.readthedocs.io/en/latest/userspace/setup.html#setting-up-the-sdk
nanos-secure-sdk.url = "https://github.com/LedgerHQ/nanos-secure-sdk/archive/refs/tags/2.0.0-1.tar.gz";
nanos-secure-sdk.flake = false;
nanox-secure-sdk.url = "https://github.com/LedgerHQ/nanox-secure-sdk/archive/refs/tags/1.3.0.tar.gz";
nanox-secure-sdk.flake = false;
};
outputs = { self, nixpkgs, nanos-secure-sdk, nanox-secure-sdk }:
let
inherit (builtins) pathExists readFile;
inherit (pkgs) fetchurl lib mkShell stdenv runCommand runCommandCC;
system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
# exposes packages from ‹outputs.packages› as ‹pkgs.custom›
overlays = [ self.overlay ];
};
# File containing the private key to custom developer certificate
# https://ledger.readthedocs.io/en/latest/userspace/debugging.html#pin-bypass
privateKeyPath = ./.private.key;
# The currently used ‹BOLOS_SDK›
bolos-sdk = nanos-secure-sdk;
# We need a ‹clang› with ROPI support
clangTar = fetchurl {
url = https://github.com/llvm/llvm-project/releases/download/llvmorg-10.0.0/clang+llvm-10.0.0-x86_64-linux-gnu-ubuntu-18.04.tar.xz;
sha256 = "0hrqwsdiv8258zgx9splh7v1hx68dp56inxpwc1nys001hm5jpxj";
};
in {
packages."${system}" = {
clang = runCommandCC "bolos-env-clang-10" {
buildInputs = with pkgs; [
autoPatchelfHook
# using ncurses5 throws "warning", but meh:
# > libtinfo.so.5: no version information available
ncurses5
gcc.cc.lib
python
zlib
libxml2
libedit
];
} ''
mkdir -p "$out" tmp
tar xavf '${clangTar}' --strip-components=1 -C "$out"
rm -f $out/bin/clang-query
ln -s ${pkgs.libedit}/lib/libedit.so tmp/libedit.so.2
addAutoPatchelfSearchPath $out/lib
addAutoPatchelfSearchPath tmp
autoPatchelf $out
'';
gcc = pkgs.gcc-arm-embedded;
bolos-env = runCommand "bolos-env" {} ''
mkdir -p "$out"
ln -s '${pkgs.custom.clang}' "$out/clang-arm-fropi"
ln -s '${pkgs.custom.gcc}' "$out/gcc-arm-none-eabi-5_3-2016q1"
'' // {
inherit (pkgs.custom) clang gcc;
};
nodejs = stdenv.mkDerivation rec {
pname = "nodejs";
version = "12.16.2";
name = "${pname}-${version}";
system = "x86_64-linux";
src = fetchurl {
url = "https://nodejs.org/download/release/v${version}/node-v${version}-linux-x64.tar.gz";
sha256 = "1hclxcqc80576kqddpab0fqgfjp77f5fg4scfcm0m8akky6jpjgz";
};
# Required for compilation
nativeBuildInputs = with pkgs; [
autoPatchelfHook
stdenv.cc.cc.lib
];
installPhase = ''
mkdir -p "$out"
cp -av bin include lib share "$out"
'';
};
};
overlay = final: prev: { custom = self.packages."${system}"; };
devShell."${system}" = mkShell {
nativeBuildInputs = with pkgs; [
pkg-config
custom.clang
custom.gcc
custom.bolos-env
astyle # for ‹make format›
bear # for generating ‹compile_commands.json›
libusb-compat-0_1 # for compiling the ‹usbtool›
# https://ledger.readthedocs.io/en/latest/userspace/setup.html#python-loader
(pkgs.python39.withPackages (ps: with ps; [
ledgerblue virtualenv hidapi pkgs.hidapi
]))
# for js parts
custom.nodejs
(yarn.override {
nodejs = custom.nodejs;
})
];
LD_LIBRARY_PATH="${pkgs.stdenv.cc.cc.lib}/lib64:$LD_LIBRARY_PATH";
shellHook = let
bolosDevCertificatePrivateKey = if pathExists privateKeyPath then readFile privateKeyPath else "";
in ''
export BOLOS_SDK="${bolos-sdk}"
export BOLOS_ENV="${pkgs.custom.bolos-env}"
export SCP_PRIVKEY="${bolosDevCertificatePrivateKey}"
if [ -z "$SCP_PRIVKEY" ]; then
cat <<EOF
You don't have a private key for developer certificate set in
"${toString privateKeyPath}".
It is suggested to create a developer certificate to bypass PIN entry when
loading a new app version to Ledger. See the documentation for more info:
https://ledger.readthedocs.io/en/latest/userspace/debugging.html#pin-bypass
EOF
fi
'';
};
};
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment