-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathCargo.toml
119 lines (112 loc) · 4.17 KB
/
Cargo.toml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
[package]
name = "validator-lab"
version = "0.0.1"
authors = ["Solana Labs Maintainers <[email protected]>"]
repository = "https://https://github.com/anza-xyz/validator-lab"
homepage = "https://anza.xyz/"
license = "Apache-2.0"
edition = "2021"
[dependencies]
bzip2 = "0.4.4"
clap = { version = "3.2.22", features = ["cargo"] }
console = "0.15.8"
git2 = "0.18.3"
indicatif = "0.17.8"
k8s-openapi ={ version = "0.20.0", features = ["v1_28"] }
kube = "0.87.2"
log = "0.4.21"
openssl = "0.10.66"
rand = "0.8.5"
reqwest = { version = "0.11.23", features = ["blocking", "brotli", "deflate", "gzip", "rustls-tls", "json"] }
rustls = { version = "0.21.11", default-features = false, features = ["quic"] }
solana-accounts-db = "1.18.20"
solana-clap-v3-utils = "1.18.20"
solana-core = "1.18.20"
solana-ledger = "1.18.20"
solana-logger = "1.18.20"
solana-sdk = "1.18.20"
strum = "0.26.2"
strum_macros = "0.26.2"
subtle = "2.4.1"
tar = "0.4.40"
tokio = { version = "1.29.1", features = ["full"] }
url = "2.5.0"
# See "zeroize versioning issues" below if you are updating this version.
zeroize = { version = "1.3", default-features = false }
[build-dependencies]
rustc_version = "0.4"
[[bin]]
name = "cluster"
path = "src/main.rs"
[package.metadata.docs.rs]
targets = ["x86_64-unknown-linux-gnu"]
#
# === zeroize versioning issues ===
#
# A number of packages used explicit upper bound on the `zeroize` package, such
# as `>=1, <1.4`. The problem is that cargo still does not duplicate `zeroize`
# if a newer version is available and requested by another package and just
# fails the whole dependency resolution process.
#
# This is described in
#
# https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html#multiple-requirements
#
# So we have to patch `zeroize` dependency specifications in the projects that
# introduce these constraints. They have already removed these constraints in
# newer versions, but we have not updated yet. As we update, we need to remove
# these patch requests.
#
# When our dependencies are upgraded, we can remove these patches. Before that
# we might need to maintain these patches in sync with our full dependency tree.
# Our dependency tree has `aes-gcm-siv` v0.10.3 and the `zeroize` restriction
# was removed in the next commit just after the release. So it seems safe to
# patch to this commit.
#
# `aes-gcm-siv` v0.10.3 release:
#
# https://github.com/RustCrypto/AEADs/releases/tag/aes-gcm-siv-v0.10.3
#
# Corresponds to commit
#
# https://github.com/RustCrypto/AEADs/commit/6f16f4577a1fc839a2346cf8c5531c85a44bf5c0
#
# Comparison with `6105d7a5591aefa646a95d12b5e8d3f55a9214ef` pinned here:
#
# https://github.com/RustCrypto/AEADs/compare/aes-gcm-siv-v0.10.3..6105d7a5591aefa646a95d12b5e8d3f55a9214ef
#
[patch.crates-io.aes-gcm-siv]
git = "https://github.com/RustCrypto/AEADs"
rev = "6105d7a5591aefa646a95d12b5e8d3f55a9214ef"
# Our dependency tree has `curve25519-dalek` v3.2.1. They have removed the
# constraint in the next major release. The commit that removes the `zeroize`
# constraint was added to multiple release branches, but not to the 3.2 branch.
#
# `curve25519-dalek` maintainers are saying they do not want to invest any more
# time in the 3.2 release:
#
# https://github.com/dalek-cryptography/curve25519-dalek/issues/452#issuecomment-1749809428
#
# So we have to fork and create our own release, based on v3.2.1, with the
# commit that removed `zeroize` constraint on the `main` branch cherry-picked on
# top.
#
# `curve25519-dalek` v3.2.1 release:
#
# https://github.com/dalek-cryptography/curve25519-dalek/releases/tag/3.2.1
#
# Corresponds to commit
#
# https://github.com/dalek-cryptography/curve25519-dalek/commit/29e5c29b0e5c6821e4586af58b0d0891dd2ec639
#
# Comparison with `b500cdc2a920cd5bff9e2dd974d7b97349d61464`:
#
# https://github.com/dalek-cryptography/curve25519-dalek/compare/3.2.1...solana-labs:curve25519-dalek:b500cdc2a920cd5bff9e2dd974d7b97349d61464
#
# Or, using the branch name instead of the hash:
#
# https://github.com/dalek-cryptography/curve25519-dalek/compare/3.2.1...solana-labs:curve25519-dalek:3.2.1-unpin-zeroize
#
[patch.crates-io.curve25519-dalek]
git = "https://github.com/solana-labs/curve25519-dalek.git"
rev = "b500cdc2a920cd5bff9e2dd974d7b97349d61464"