trezor==0.13.10 pulls in new dep "slip10", which relies on importlib magic
see 19561f0429/slip10/__init__.py (L6)
```
10.13 | E | plugins.trezor.trezor | error importing trezor plugin deps
Traceback (most recent call last):
File "importlib/metadata/__init__.py", line 397, in from_name
StopIteration
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "electrum/plugins/trezor/trezor.py", line 29, in <module>
from .clientbase import TrezorClientBase, RecoveryDeviceInputMethod
File "PyInstaller/loader/pyimod02_importers.py", line 450, in exec_module
File "electrum/plugins/trezor/clientbase.py", line 18, in <module>
import trezorlib.device
File "PyInstaller/loader/pyimod02_importers.py", line 450, in exec_module
File "trezorlib/device.py", line 27, in <module>
File "PyInstaller/loader/pyimod02_importers.py", line 450, in exec_module
File "slip10/__init__.py", line 6, in <module>
File "importlib/metadata/__init__.py", line 889, in version
File "importlib/metadata/__init__.py", line 862, in distribution
File "importlib/metadata/__init__.py", line 399, in from_name
importlib.metadata.PackageNotFoundError: No package metadata was found for slip10
```
note: 3.12 just transitioned to security-only status,
so can't bump win/mac binaries without switching to 3.13
(as we don't compile our own cpython for those)
note: some files have two versions in them, e.g.:
```
assert CffiRecipe._version == "1.15.1"
class CffiRecipePinned(util.InheritedRecipeMixin, CffiRecipe):
version = "1.17.1"
```
The assert is left there as I think it might be useful to get a failure if we rebase p4a
and the upstream recipe version changes. There might be substantial changes in the upstream
recipe that we need to adapt to. In the happy case, if we rebase p4a, we just have to manually
update these asserts to the new versions at that time.
```
9.76 | D | plugins.keepkey.qt.Plugin | error importing keepkeylib
Traceback (most recent call last):
File "electrum/plugins/keepkey/keepkey.py", line 77, in __init__
from . import client
File "PyInstaller/loader/pyimod02_importers.py", line 450, in exec_module
File "electrum/plugins/keepkey/client.py", line 1, in <module>
from .keepkeylib.keepkeylib.client import proto, BaseClient, ProtocolMixin
ModuleNotFoundError: No module named 'electrum.plugins.keepkey.keepkeylib.keepkeylib'
```
follow-up 713a20e309https://github.com/spesmilo/electrum/pull/9833
On Windows, above commit broke dns_hacks.py with dnspython==2.0.0 and 2.1.0.
Newer dnspython works.
Root cause not immediately obvious. Probably not worth debugging, I will just bump the required version instead.
With dnspython==2.0.0, the log gets spammed and dns fails:
```
$ python3 -m pip install --user "dnspython==2.0.0"
10.59 | E | asyncio | Exception in callback _ProactorBasePipeTransport._call_connection_lost(None)
handle: <Handle _ProactorBasePipeTransport._call_connection_lost(None)>
Traceback (most recent call last):
File "...\Python310\lib\asyncio\events.py", line 80, in _run
self._context.run(self._callback, *self._args)
File "...\Python310\lib\asyncio\proactor_events.py", line 158, in _call_connection_lost
self._protocol.connection_lost(exc)
File "...\Python310\site-packages\dns\_asyncio_backend.py", line 38, in connection_lost
self.recvfrom.set_exception(exc)
asyncio.exceptions.InvalidStateError: invalid state
```
With dnspython==2.1.0, no more log spam but all dns resolutions time out:
```
$ python3 -m pip install --user "dnspython==2.1.0"
33.29 | I | dns_hacks | dnspython failed to resolve dns (AAAA) for 'testnet.qtornado.com' with error: Timeout('The DNS operation timed out after 31.591506242752075 seconds')
33.29 | I | dns_hacks | dnspython failed to resolve dns (AAAA) for 'api.coingecko.com' with error: Timeout('The DNS operation timed out after 31.590490579605103 seconds')
33.29 | I | dns_hacks | dnspython failed to resolve dns (A) for 'testnet.qtornado.com' with error: Timeout('The DNS operation timed out after 31.591506242752075 seconds')
33.29 | I | dns_hacks | dnspython failed to resolve dns (A) for 'api.coingecko.com' with error: Timeout('The DNS operation timed out after 31.590490579605103 seconds')
33.35 | I | dns_hacks | dnspython failed to resolve dns (AAAA) for 'blockstream.info' with error: Timeout('The DNS operation timed out after 31.59534502029419 seconds')
33.35 | I | dns_hacks | dnspython failed to resolve dns (A) for 'blockstream.info' with error: Timeout('The DNS operation timed out after 31.594367265701294 seconds')
33.38 | I | dns_hacks | dnspython failed to resolve dns (AAAA) for 'electrum.blockstream.info' with error: Timeout('The DNS operation timed out after 31.602211713790894 seconds')
33.38 | I | dns_hacks | dnspython failed to resolve dns (A) for 'electrum.blockstream.info' with error: Timeout('The DNS operation timed out after 31.60122585296631 seconds')
```
This script scans the whole codebase for unicode characters and
errors if it finds any, unless the character is specifically whitelisted.
The motivation is to protect against homoglyph attacks, invisible unicode characters,
bidirectional and other control characters, and other malicious unicode usage.
Given that we mostly expect to use ASCII characters in the source code,
the most robust and generic fix seems to be to just ban all unicode usage.
see https://trojansource.codes/ :
> Compilers, interpreters, and build pipelines supporting Unicode should throw errors or warnings
> for unterminated bidirectional control characters in comments or string literals,
> and for identifiers with mixed-script confusable characters.
> Language specifications should formally disallow unterminated bidirectional
> control characters in comments and string literals.
> Code editors and repository frontends should make bidirectional control characters
> and mixed-script confusable characters perceptible with visual symbols or warnings.
also https://github.com/maltfield/detect-malicious-unicode
fixes https://github.com/spesmilo/electrum/pull/9726/files#r2057787097 :
> The version of readlink installed on macOS does not support the -e flag:
> ```
> 💬 INFO: preparing electrum-locale.
> readlink: illegal option -- e
> usage: readlink [-fn] [file ...]
> ```
>
> On a mac you can install a version of readlink that argbash expects:
> Using homebrew, `brew install coreutils` will install `greadlink` which supports the `-e` flag.
I don't think we actually need to resolve symlinks here.
There are already some examples of similar usage with realpath vs grealpath. Let's just do that.
The Qt lupdate tool that extracts translatable strings from .qml files
writes paths relative to its output .ts file into the .ts file.
These paths are then retained as-is when converted to .pot format.
The last few commits moved around the working directory of the lupdate tool
(from electrum/locale to electrum/locale/build), which resulted in a change
of all relative paths in the final messages.pot we upload to crowdin.
E.g. from:
```
#: ../gui/qml/components/Addresses.qml:64
```
to:
```
#: ../../gui/qml/components/Addresses.qml:64
```
I think a change like this does not invalidate the translations. Still, it is annoying.
This commit adds an extra processing step to "fix" these strings to:
```
#: electrum/gui/qml/components/Addresses.qml:64
```
- this merges `contrib/deterministic-build/locale` and `electrum/locale`
- it is now once again possible have translations when running from a local git clone
- which was already possible in the past before crowdin removed their unauthenticated APIs
- see https://github.com/spesmilo/electrum/issues/9531
- however, the translations available are the often-old frozen strings from electrum-locale
- while previously one could just download the latest strings from crowdin
