Feature #17461: Update python3-trezor to latest stable

Feature #17461

Update python3-trezor to latest stable

Added by stick 2020-02-04 22:41:03 . Updated 2020-05-08 22:41:04 .

Status:

Confirmed

Priority:

Normal

Assignee:

stick

Category:

Target version:

Start date:

Due date:

% Done:

Feature Branch:

Type of work:

Debian

Blueprint:

Starter:

Affected tool:

Electrum

Deliverable for:

Description

python3-trezor was just updated to 0.11.6 (latest stable) in Debian unstable

This release brings several improvements for the users but mainly compatibility with new Trezor Model T

Can we pull in this package from unstable, or do we need to get it from Debian unstable to Debian testing first?

Subtasks

History

#1 Updated by stick 2020-02-04 23:06:06

Also, please let’s add the `trezor` package which adds `trezorctl` command line tool to manage your device.

#2 Updated by intrigeri 2020-02-05 09:13:10

> Can we pull in this package from unstable, or do we need to get it from Debian unstable to Debian testing first?

In general, we try hard to stick to packages from Debian stable, so we don’t have to pay the maintenance cost of dealing with churn. Furthermore, even if this package is currently installable from sid on Buster (is it?), this could change at any time, and then we’re stuck in a bad place, having to choose between downgrading back to the Buster version, and maintaining a backport. So as you can see, it’s not a mere “let’s just pull the package from sid” decision: the long-term potential impact is much bigger.

In this case, I personally don’t think the benefits brought by the upgrade outweigh the cost, unless someone commits to maintaining this package in the official buster-backports. This would first require the package to migrate back to testing: it was removed from there 1.5 months ago, which is not exactly confidence-inspiring.

> Also, please let’s add the `trezor` package which adds `trezorctl` command line tool to manage your device.

To me, this looks like an ideal candidate for the Additional Software feature, rather than for being part of every default Tails installation:

The vast majority of Tails users would get no benefit from it, and actually be slightly negatively impacted (larger download for initial installation and upgrades).
It’s a command-line tool whose target audience is rather technical users, who should have no trouble installing an extra package.
It is mostly useful when persistence is enabled (to store Electrum config & data).

#3 Updated by stick 2020-02-05 10:36:16

intrigeri wrote:
> In general, we try hard to stick to packages from Debian stable, so we don’t have to pay the maintenance cost of dealing with churn.

Got it. We’ll try to get this package to Buster backports.

> > Also, please let’s add the `trezor` package which adds `trezorctl` command line tool to manage your device.
>
> To me, this looks like an ideal candidate for the Additional Software feature, rather than for being part of every default Tails installation:

This package is 27 KB of installed size. It is just a CLI tool that uses a library, which is already in the default installation. I think it’s worth it having it in the default install. (Previously this was a part of python3-trezor package, but was recently split into a separate package for no good reason imho).

> * The vast majority of Tails users would get no benefit from it, and actually be slightly negatively impacted (larger download for initial installation and upgrades).

See point above.

> * It’s a command-line tool whose target audience is rather technical users, who should have no trouble installing an extra package.

Some features are not available from Electrum, but I agree this might be seen as a feature for a more technical audience.

> * It is mostly useful when persistence is enabled (to store Electrum config & data).

I respectfully disagree. The great advantage of using Trezor with Electrum on Tails is that you don’t need persistence, because the state is remembered in the device. That’s how I was using Electrum on Tails and it works just perfectly.

#4 Updated by intrigeri 2020-02-05 21:20:07

stick wrote:
> intrigeri wrote:
>> In general, we try hard to stick to packages from Debian stable, so we don’t have to pay the maintenance cost of dealing with churn.
>
> Got it. We’ll try to get this package to Buster backports.

Awesome! I appreciate your understanding of Tails’ maintainability concerns.

>> > Also, please let’s add the `trezor` package which adds `trezorctl` command line tool to manage your device.
>>
>> To me, this looks like an ideal candidate for the Additional Software feature, rather than for being part of every default Tails installation:
>
> This package is 27 KB of installed size.

>> * It is mostly useful when persistence is enabled (to store Electrum config & data).
>
> I respectfully disagree. The great advantage of using Trezor with Electrum on Tails is that you don’t need persistence, because the state is remembered in the device. That’s how I was using Electrum on Tails and it works just perfectly.

OK, thank you for the additional info. Then I’ll let pragmatic-intrigeri override principled-intrigeri (they often disagree): I agree it’s fine to ship the trezor package, to make our TREZOR support more complete and consistent. This seems mostly orthogonal to what this ticket is about, so could you please file a dedicated ticket about this?

Then, if you’d like to prepare a branch to implement this, relevant starting points:

#5 Updated by stick 2020-02-06 12:29:20

Added new issue for adding trezor package: https://redmine.tails.boum.org/code/issues/17463

#6 Updated by intrigeri 2020-02-07 08:53:19

Status changed from New to Confirmed
Assignee set to stick
Affected tool set to Electrum

Thank you. So next step here is Debian work that you (as part of some “we”) have committed to do ⇒ adjusting metadata accordingly :)

#7 Updated by tails_dmser 2020-05-07 20:48:40

Note that the current version of Electrum (3.3.8) requires trezor 0.10 as a minimum to work with Trezor. The current version of trezor packages can communicate with a trezor using trezorctl, but Electrum cannot. This creates confusion: Tails’ release notes mention “trezor is installed” but the main use-case of a trezor, as a wallet with electrum, is non-functional.

#8 Updated by tails_dmser 2020-05-07 22:23:51

after testing I can confirm a trezor one will work with electrum if the python3-trezor v 0.11.6 from debian unstable is installed.

#9 Updated by intrigeri 2020-05-08 06:24:00

Hi,

> Note that the current version of Electrum (3.3.8) requires trezor 0.10 as a minimum to work with Trezor. The current version of trezor packages can communicate with a trezor using trezorctl, but Electrum cannot. This creates confusion: Tails’ release notes mention “trezor is installed” but the main use-case of a trezor, as a wallet with electrum, is non-functional.

> after testing I can confirm a trezor one will work with electrum if the python3-trezor v 0.11.6 from debian unstable is installed.

Thank you for reporting back and testing!

Next step is still what was outlined earlier in the discussion here, i.e. get trezor into buster-backports.

My understanding is that this needs to happen on the Debian side:

Fix https://bugs.debian.org/944020
This should allow python-libusb1 to migrate to testing
Which in turn should allow python-trezor to migrate to testing
Finally, upload python-trezor to buster-backports

@stick, is that still on your radar?

#10 Updated by stick 2020-05-08 09:30:57

On 08/05/2020 08:24, redmine@redmine.tails.boum.org wrote:
> @stick, is that still on your radar?

No, it’s not. The whole packaging/backporting process in Debian is
unfriendly. It’s hard to figure out whom to contact, what to do. I have
given up.

#11 Updated by tails_dmser 2020-05-08 22:41:04

I talked with Arnaud Fontaine the package maintainer for python-libusb1. He has a fix in the works, will likely have a solution uploaded by the middle of next week.