deps: bump hwi 2.4.0 -> 3.1.0 (drops Python 3.7/3.8)#2616
Open
k9ert wants to merge 4 commits into
Open
Conversation
Brings: Trezor Safe 5 support, Ledger Nano model IDs, tr() single-leaf
descriptor parsing fix, Debian Buster Linux build compat.
requires-python lifted from >=3.7,<4.0 to >=3.9,<3.13 — HWI 3.x drops
3.7/3.8 (and caps at <3.13). Drops support for those Python versions.
API impact on Specter (verified): all hwilib symbols Specter imports
(hwwclient, errors, key, psbt, _script, descriptor, common,
bitbox02_lib.util, trezorlib.{transport,messages,protobuf}) are
unchanged 2.4 -> 3.1. enumerate() gained allow_emulators=False kwarg
(default ignores emulators). Specter's own simulator paths in vendored
jade/keepkey/specter_diy clients are unaffected; the only behavioral
change is Trezor emulator no longer auto-discovered through Specter
(no callers observed in tests/).
cbor2 stays at 5.9.0 — HWI 3.1's cap is <6.0.0, no conflict. (HWI 3.2
introduces a <5.8 cap that conflicts with the GHSA-3c37-wwvx-h642 fix
floor; relax PR filed upstream as bitcoin-core/HWI#832, prerequisite
for a later 3.2/3.3 bump.)
Note: only mechanical add'n to requirements.txt is the new pip-tools 7
boilerplate text; cbor2 and all other transitive deps unchanged.
Refs:
- cryptoadvance#2597 (BitBox02
Nova; deferred to 3.2/3.3 bump after upstream cap relax merges)
- bitcoin-core/HWI#832
Adds tests/test_jade_hardware.py with three tests exercising
HWIBridge against a real Blockstream Jade:
- enumerate (fingerprint + path)
- extract_xpub at m/84h/0h/0h
- sign_tx with canned PSBT (skipped without fixture)
Gated by --run-jade-hardware flag in tests/conftest.py via the
jade_hardware marker (registered in pyproject.toml). Default
behaviour is skip-and-pass so GitHub Actions remain green
without any workflow change. Run locally with:
pytest --run-jade-hardware tests/test_jade_hardware.py -s
Verified: 3 skipped without flag; 3 collected with flag;
unrelated tests untouched by the modifyitems hook.
- Pass explicit chain= to enumerate / extract_xpub / sign_tx;
HWIBridge default chain="" makes Jade's _network() raise
BadArgumentError before extract_xpub's post-init override fires.
(Pre-existing Specter bug, separate issue.)
- Sign test exercises end-to-end PSBT signing via Jade in
Temporary Signer mode loaded from a SeedQR of the public BIP-39
abandon vector (xfp 73c5da0a). Pre-checks the connected
fingerprint and fails fast with a clear hint if the wrong seed
is loaded.
- Fixtures (committed):
tests/fixtures/jade_hardware.psbt — testnet PSBT spending
m/84'/1'/0'/0/0; carries both witness_utxo AND
non_witness_utxo so Jade firmware can verify the input
amount per the SegWit fee-spoof mitigation. Built with
embit; psbt_faker can't emit non_witness_utxo.
tests/fixtures/jade_seedqr_abandon.png — Standard SeedQR
(48-digit BIP-39 indices) for scanning into Jade's Temp
Signer. ASCII variant in jade_seedqr_abandon.txt.
- docs/development.md gains a "Hardware-attended Jade tests"
subsection covering the operator setup procedure, expected
fingerprint, network choice, and what the device prompts for.
Verified end-to-end against HWI 3.1.0 + cbor2 5.9.0 + a real Jade.
✅ Deploy Preview for specter-desktop-docs canceled.
|
Contributor
There was a problem hiding this comment.
Pull request overview
Bumps the hwi dependency to 3.1.0 (aligning Specter with newer hardware support) while updating Specter’s supported Python range and adding an opt-in, operator-attended Blockstream Jade hardware test suite.
Changes:
- Update
hwifrom 2.4.0 → 3.1.0 (and regenerate the locked/hashes requirements file). - Raise
requires-pythonto>=3.9,<3.13and register a newjade_hardwarepytest marker. - Add opt-in Jade hardware integration tests + fixtures, and document how to run them.
Reviewed changes
Copilot reviewed 7 out of 9 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
requirements.in |
Bumps hwi pin to 3.1.0. |
requirements.txt |
Updates locked hwi version/hashes (and pip-tools boilerplate text). |
pyproject.toml |
Raises supported Python range and registers the jade_hardware marker. |
tests/conftest.py |
Adds --run-jade-hardware flag and default-skip behavior for jade_hardware tests. |
tests/test_jade_hardware.py |
New opt-in, operator-attended end-to-end Jade tests (enumerate/xpub/sign). |
tests/fixtures/jade_seedqr_abandon.txt |
Adds ASCII SeedQR fixture for the public abandon vector. |
tests/fixtures/jade_seedqr_abandon.png |
Adds PNG SeedQR fixture for the public abandon vector. |
tests/fixtures/jade_hardware.psbt |
Adds canned PSBT fixture used by the signing hardware test. |
docs/development.md |
Documents how to run the Jade hardware-attended tests. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Address Copilot review on cryptoadvance#2616: - conftest: use item.get_closest_marker("jade_hardware") instead of string-match against item.keywords. keywords includes fixture names and sub-keywords, so the substring match could in principle skip an unrelated test that happened to use a "jade_hardware"-named fixture. - tests: pass skip_hwi_initialisation=True to HWIBridge(). The default ctor calls self.enumerate() with chain="" which is the very pre- existing bug the tests are working around (cryptoadvance#2615). Skipping the implicit init avoids triggering it three times per session and is also faster.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Bump HWI from 2.4.0 to 3.1.0. Lifts `requires-python` from `>=3.7,<4.0` to `>=3.9,<3.13` (HWI 3.x dropped 3.7/3.8 and caps at 3.13).
What 3.1.0 brings
Why 3.1.0 and not 3.2/3.3
HWI 3.2.0 added a `cbor2 = ">=5.4.6,<5.8"` dependency cap (in commit `38fae57`, fixing a Jade-related CI flake). That cap collides with Specter's `cbor2==5.9.0` pin, which is itself required to fix GHSA-3c37-wwvx-h642 (high-severity DoS in `cbor2.loads`, first patched in 5.9.0).
The 3.x cap is empirically over-conservative — stock HWI 3.2 + cbor2 5.9 signs cleanly on real Jade (test matrix). I've opened bitcoin-core/HWI#832 to relax it. Once that merges in 3.3, a follow-up bump unblocks BitBox02 Nova support (#2597).
API impact on Specter
Verified: every `hwilib.*` symbol Specter imports is byte-identical between 2.4.0 and 3.1.0 — `hwwclient`, `errors`, `key`, `psbt`, `_script`, `common`, `descriptor`, `bitbox02_lib.util`, `trezorlib.{transport,messages,protobuf}`. The only signature change is `enumerate()` gaining `allow_emulators=False` (default ignores), which is backwards-compatible. Specter's vendored Jade/Keepkey/SpecterDIY clients are unaffected.
The Trezor emulator no longer auto-shows up via Specter on 3.x defaults. Not visible in any test path.
cbor2 stays at 5.9.0 — HWI 3.1's cap is `<6.0.0`, no conflict.
Changes
New: opt-in Jade hardware test suite
`tests/test_jade_hardware.py` exercises the bumped HWI integration end-to-end against a physical Blockstream Jade. Three tests, increasing operator effort: enumerate -> extract_xpub -> sign a canned testnet PSBT.
Gated by the `--run-jade-hardware` CLI flag. GitHub Actions skip these by default without any workflow change. Operator-attended runs only.
The signing test bootstraps Jade in Temporary Signer mode via a checked-in SeedQR for the public BIP-39 abandon vector — so anyone with a Jade can run the test, no shared seed needed. Setup procedure documented in `docs/development.md`. Verified end-to-end on a real Jade as part of preparing this PR.
BREAKING
Known follow-up
#2615 — `HWIBridge` defaults `chain=""` which crashes Jade's `_network()` before `extract_xpub`/`sign_tx` can apply their post-init chain override. Pre-existing bug, surfaced by the new hardware tests; worked around there with explicit `chain="main"`/`chain="test"`. Separate PR.
Test plan
Refs