search

axelarnetwork / tofnd

A gRPC server wrapper for the https://github.com/axelarnetwork/tofn library.
Apache License 2.0
25 stars 10 forks source link

rust-gmp dependency build break #20

Closed ggutoski closed 3 years ago

ggutoski commented 3 years ago

The build is currently broken on master: https://github.com/axelarnetwork/tofnd/runs/2196540191

#25 125.5 error[E0463]: can't find crate for `serde_derive`
#25 125.5   --> /usr/local/cargo/git/checkouts/rust-gmp-ec80bc1e51a8ce8f/641a89f/src/lib.rs:13:1
#25 125.5    |
#25 125.5 13 | extern crate serde_derive;
#25 125.5    | ^^^^^^^^^^^^^^^^^^^^^^^^^^ can't find crate
#25 125.5 
#25 125.5 error: aborting due to previous error
ggutoski commented 3 years ago

Notes

curv repo tag v0.2.6 build breaks with the following error:

error[E0463]: can't find crate for `serde_derive`
--> /Users/gus/.cargo/git/checkouts/rust-gmp-ec80bc1e51a8ce8f/641a89f/src/lib.rs:13:1
|
13 | extern crate serde_derive;
| ^^^^^^^^^^^^^^^^^^^^^^^^^^ can't find crate

The problem is that the Cargo.toml for that tag specifies dependency

[dependencies.rust-gmp]
version = "0.5.0"
features = ["serde_support"]
git = "https://github.com/KZen-networks/rust-gmp"
optional = true

Now that rust-gmp has upgraded to 0.5.1 this breaks the build. Need to set version = "=0.5.0".

This commit to rust-gmp repo was pushed only 6 hours ago. Seems like the culprit: Merge pull request #1 from nmahendru/v0.5.1 · ZenGo-X/rust-gmp@641a89f. I left a comment on the guilty github PR.

tofn depends on multi-party-ecdsa tag v0.4.3, which in turn depends on curv tag v0.2.6, which is broken. So I would expect multi-party-ecdsa tag v0.4.3 also to be broken, but it's not.

In multi-party-ecdsa/Cargo.toml at v0.4.3 · ZenGo-X/multi-party-ecdsa I see

[patch.crates-io]
rust-gmp = { version = "0.5.0", features = ["serde_support"], git = "https://github.com/KZen-networks/rust-gmp" }

so this must be what fixes the build. Unfortunately, this doesn't work in tofnd or tofn.

Docs: See The [patch] section in Overriding Dependencies - The Cargo Book

Almost helpful: Patching dependencies does not work if it's for the same location but a different branch · Issue #5478 · rust-lang/cargo

The fix

Add --locked to the cargo install command in the Dockerfile for tofnd. This tells cargo not to ignore the Cargo.lock file. This file points to the right version of rust-gmp and so the project builds.

See SemVer-breaking patch release breaks the build from Dependency Resolution - The Cargo Book

Binary projects can alternatively recommend users to use the --locked flag with cargo install to use the original Cargo.lock that contains the known good version.

Docs for the --locked flag: cargo install - The Cargo Book