Open nagisa opened 4 months ago
runtime/near-wallet-contract/res/*.wasm
In theory these can be removed because it should be possible to have every developer build them locally via the build script logic. Currently this requires docker, which I am not sure if it is considered a necessary part of developing for Near today. I am also not sure how that would interact with the current CI.
The reason I used Docker is because this is the recommended way of doing reproducible builds with near-sdk. If a fully reproducible build can be achieved with cargo along then that could simplify the build.
The reason I used Docker is because this is the recommended way of doing reproducible builds with near-sdk. If a fully reproducible build can be achieved with cargo along then that could simplify the build.
Well, it definitely is an easy to understand (and difficult to get wrong) way of constructing an environment for reproducible builds, but it is indeed very possible to have reproducible Rust builds without containerization as evidenced by the likes of Debian very successfully doing so for large number of much larger rust projects.
Here's a relevant RFC that ought to make it a single cargo toggle away, but all the prerequisite functionality is already made available by the Rust compiler.
The recent incident in the xz/lzma world came from the malicious code hidden away in a binary test artifact.
We also have some binary artifacts in our repository:
*.wasm
containing various test artifactsruntime/near-wallet-contract/res/*.wasm
containing a wallet contract that's pre-deployed to certain accountsruntime/runtime-params-estimator/emu-cost/counter_plugin/qemu-x86_64
andlibcounter.so
runtime/runtime-params-estimator/estimator-warehouse/data_dump_*.bin
runtime/runtime-params-estimator/res/*.wasm
pytest/tests/loadtest/locust/res/*.wasm
cc @Ekleog