Skip to content

Ledger Nano S baking-on-test-chain-related updates

Seb Mondet requested to merge obsidian.systems/tezos:sm@ledger-setup-apdu into master

This MR is the tezos-client companion of the new version of Tezos Baking app (major version number will bump to 2) which should be available soon for power-users (but hit “Ledger Live” on the March-crypto-Tuesday).

There are 2 new APDUs related to the distinction between main-chain and test-chain high water marks, and hence transmission of the main chain ID (once the main-chain-id is recorded, any other ID is considered “test”).

We are maintaining backwards compatibility:

  • The 2.0.x Baking app will be able to handle older tezos-clients.
  • The “new” tezos-client can still work with the older 1.x.x Baking app but yells at the user that they should upgrade their Ledger.

See examples below:

With The New Baking App (≥ 2.0.0)

 $ tezos-client setup ledger to bake for ledger_yourstruly \
      --test-hwm 0x1e2e3e4e \
      --main-hwm 508457134 \
      --main-chain-id 0xff2b3b4

Setting up the ledger:
* Main chain ID: NetXKfjhdng9cLQ -> NetXKfjhdng9cLQ
* Main chain High Watermark: 508457134 -> 508457134
* Test chain High Watermark: 506347086 -> 506347086
Authorized baking for address: tz1agVvtocCEwKr1t3tZcWwupWz2YWAQTmfQ
Corresponding full public key: edpkuWqQD7Pi57mFjw8QkMyFDRPXHvj6NM48LhiZR7u9LHdMb1M2V9

without the --main-chain-id, tezos-client asks the node (if the option is provided tezos-client does not need the node at all):

 $ tezos-client setup ledger to bake for ledger_yourstruly
Warning:
  Failed to acquire the protocol version from the node
  Rpc request failed:
     - meth: GET
     - uri: http://localhost:8732/chains/main/blocks/head/metadata
     - error: Unable to connect to the node: "Connection refused"

Error:
  Rpc request failed:
     - meth: GET
     - uri: http://localhost:8732/chains/main/chain_id
     - error: Unable to connect to the node: "Connection refused"

with a node on localhost:15002:

 $ tezos-client -P 15_002 setup ledger to bake for ledger_yourstruly \
        --test-hwm 42 \
        --main-hwm 44
Warning:

   The node you are connecting to claims to be running in a
                    Tezos TEST SANDBOX.
      Do NOT use your fundraiser keys on this network.
  You should not see this message if you are not a developer.

Setting up the ledger:
* Main chain ID: NetXKfjhdng9cLQ -> NetXdQprcVkpaWU
* Main chain High Watermark: 0 -> 44
* Test chain High Watermark: 0 -> 42
Authorized baking for address: tz1agVvtocCEwKr1t3tZcWwupWz2YWAQTmfQ
Corresponding full public key: edpkuWqQD7Pi57mFjw8QkMyFDRPXHvj6NM48LhiZR7u9LHdMb1M2V9

tezos-client authorize ledger artificially fails to force users to use setup:

 $ tezos-client authorize ledger to bake for ledger_yourstruly

Error:
  This command (`authorize ledger ...`) is not compatible with
  this version of the Ledger Baking app (Tezos Baking 2.3.7 >= 2.0.0),
  please use the command `setup ledger to bake for ...`
  from now on.

the get ledger high watermark for uses the new APDU:

 $ tezos-client get ledger high watermark for "ledger://crouching-tiger-hidden-dragon/ed25519/0'/0'"
The high water mark values for crouching-tiger-hidden-dragon/ed25519 are
508457134 for the main-chain (NetXKfjhdng9cLQ) and
506347086 for the test-chain.

With The Older Ledger App (< 2.0.0)

if the Ledger Baking app is not up to date we can still use the older one:

 $ tezos-client get ledger high watermark for \
        "ledger://crouching-tiger-hidden-dragon/P-256/0'/0'" \
The high water mark for crouching-tiger-hidden-dragon/P-256
is 508457134.

for scripts which want to make sure that the ledger is up to date there is “pedantism” option:

 $ tezos-client get ledger high watermark for \
        "ledger://crouching-tiger-hidden-dragon/P-256/0'/0'" \
        --no-legacy-instructions

Error:
  Cannot get the high water mark with
  `--no-legacy-instructions` and version Tezos Baking 1.5.7

we force the error when trying to use setup with an outdated ledger:

 $ tezos-client setup ledger to bake for ledger_yourstruly \
      --test-hwm 0x1e2e3e4e \
      --main-hwm 508457134  \
      --main-chain-id 0xff2b3b4

Error:
  This command (`setup ledger ...`) is not compatible with this version
  of the Ledger Baking app (Tezos Baking 1.5.7 < 2.0.0), please upgrade
  your ledger or use the command
  `authorize ledger to bake for ...`

authorize ... just mentions that the version is outdated:

 $ tezos-client authorize ledger to bake for ledger_yourstruly

This Ledger Baking app is outdated (Tezos Baking 1.5.7) running in backwards
compatibility mode.
Authorized baking for address: tz1agVvtocCEwKr1t3tZcWwupWz2YWAQTmfQ
Corresponding full public key: edpkuWqQD7Pi57mFjw8QkMyFDRPXHvj6NM48LhiZR7u9LHdMb1M2V9

PS: I think it happens in other places too, and it was like this before: the cctxt#message is using "%ld" formats which are for signed-integers, so for a water mark “high enough” (≅ 4000 years with current mainnet parameters ) it is going to start displaying negative numbers.

Merge request reports