diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml index 43b276eb..6add8a15 100644 --- a/.github/workflows/audit.yml +++ b/.github/workflows/audit.yml @@ -11,7 +11,7 @@ on: - cron: '0 2 * * *' # run at 2 AM UTC env: - RUST_VERSION: 1.70 + RUST_VERSION: 1.65 jobs: security-audit: diff --git a/.github/workflows/cargo-vet.yml b/.github/workflows/cargo-vet.yml deleted file mode 100644 index 9414914b..00000000 --- a/.github/workflows/cargo-vet.yml +++ /dev/null @@ -1,22 +0,0 @@ -name: Perform Cargo Vet Audit -on: [push, pull_request] -jobs: - cargo-vet: - name: Vet Dependencies - runs-on: ubuntu-latest - env: - CARGO_VET_VERSION: 0.7.0 - steps: - - uses: actions/checkout@master - - name: Install Rust - run: rustup update stable && rustup default stable - - uses: actions/cache@v3 - with: - path: ${{ runner.tool_cache }}/cargo-vet - key: cargo-vet-bin-${{ env.CARGO_VET_VERSION }} - - name: Add the tool cache directory to the search path - run: echo "${{ runner.tool_cache }}/cargo-vet/bin" >> $GITHUB_PATH - - name: Ensure that the tool cache is populated with the cargo-vet binary - run: cargo install --root ${{ runner.tool_cache }}/cargo-vet --version ${{ env.CARGO_VET_VERSION }} cargo-vet - - name: Invoke cargo-vet - run: cargo vet --locked diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5709b128..21219c26 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,8 +14,8 @@ on: - main env: - RUST_VERSION: "1.70" - NIGHTLY_VERSION: nightly-2023-05-31 + RUST_VERSION: "1.65" + NIGHTLY_VERSION: nightly-2022-11-04 CARGO_TERM_COLOR: always # Skip incremental build and debug info generation in CI CARGO_INCREMENTAL: 0 @@ -189,7 +189,7 @@ jobs: name: Vet Dependencies runs-on: ubuntu-latest env: - CARGO_VET_VERSION: 0.7.0 + CARGO_VET_VERSION: 0.6.1 steps: - uses: actions/checkout@master - name: Install Rust diff --git a/Cargo.lock b/Cargo.lock index 3e6afb55..4cbe734e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1509,16 +1509,6 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7" -[[package]] -name = "combine" -version = "4.6.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35ed6e9d84f0b51a7f52daf1c7d71dd136fd7a3f41a8462b8cdb8c78d920fad4" -dependencies = [ - "bytes", - "memchr", -] - [[package]] name = "console" version = "0.14.1" @@ -2240,18 +2230,6 @@ dependencies = [ "cfg-if", ] -[[package]] -name = "enum-as-inner" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c9720bba047d567ffc8a3cba48bf19126600e249ab7f128e9233e6376976a116" -dependencies = [ - "heck 0.4.0", - "proc-macro2", - "quote", - "syn 1.0.107", -] - [[package]] name = "enum-iterator" version = "0.7.0" @@ -3705,15 +3683,6 @@ dependencies = [ "libc", ] -[[package]] -name = "mach2" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6d0d1830bcd151a6fc4aea1369af235b36c1528fe976b8ff678683c9995eade8" -dependencies = [ - "libc", -] - [[package]] name = "maplit" version = "1.0.2" @@ -3828,23 +3797,6 @@ dependencies = [ "windows-sys 0.42.0", ] -[[package]] -name = "mmap-rs" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0e6ae912d061146fa8d2b8bf15f66710c8641ac5d1e6478fb6d56839fd958a04" -dependencies = [ - "bitflags", - "combine", - "libc", - "mach2", - "nix", - "sysctl", - "thiserror", - "widestring", - "windows", -] - [[package]] name = "more-asserts" version = "0.2.2" @@ -3875,20 +3827,6 @@ version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e4a24736216ec316047a1fc4252e27dabb04218aa4a3f37c6e7ddbf1f9782b54" -[[package]] -name = "nix" -version = "0.26.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfdda3d196821d6af13126e40375cdf7da646a96114af134d5f417a9a1dc8e1a" -dependencies = [ - "bitflags", - "cfg-if", - "libc", - "memoffset 0.7.1", - "pin-utils", - "static_assertions", -] - [[package]] name = "nom" version = "7.1.1" @@ -5406,7 +5344,7 @@ dependencies = [ [[package]] name = "semaphore" version = "0.1.0" -source = "git+https://github.com/worldcoin/semaphore-rs?branch=main#a45738039e0b0a8adbac5ee193958f1e238d7de4" +source = "git+https://github.com/worldcoin/semaphore-rs?branch=main#1fa1471a13539af2f859478a0c9108adfe7535ca" dependencies = [ "ark-bn254", "ark-circom", @@ -5415,13 +5353,11 @@ dependencies = [ "ark-groth16", "ark-relations", "ark-std", - "bincode", "color-eyre 0.6.2", "enumset", "ethers-core 2.0.3", "hex", "hex-literal 0.3.4", - "mmap-rs", "num-bigint", "once_cell", "rand", @@ -5435,18 +5371,17 @@ dependencies = [ "thiserror", "tiny-keccak", "wasmer", - "zeroize", ] [[package]] name = "semaphore-depth-config" version = "0.1.0" -source = "git+https://github.com/worldcoin/semaphore-rs?branch=main#a45738039e0b0a8adbac5ee193958f1e238d7de4" +source = "git+https://github.com/worldcoin/semaphore-rs?branch=main#1fa1471a13539af2f859478a0c9108adfe7535ca" [[package]] name = "semaphore-depth-macros" version = "0.1.0" -source = "git+https://github.com/worldcoin/semaphore-rs?branch=main#a45738039e0b0a8adbac5ee193958f1e238d7de4" +source = "git+https://github.com/worldcoin/semaphore-rs?branch=main#1fa1471a13539af2f859478a0c9108adfe7535ca" dependencies = [ "itertools", "proc-macro2", @@ -5720,7 +5655,7 @@ dependencies = [ "futures", "futures-util", "hex", - "hex-literal 0.4.1", + "hex-literal 0.3.4", "hyper", "maplit", "once_cell", @@ -5746,7 +5681,6 @@ dependencies = [ "tracing-subscriber 0.3.17", "tracing-test", "url", - "zeroize", ] [[package]] @@ -6092,20 +6026,6 @@ dependencies = [ "unicode-xid", ] -[[package]] -name = "sysctl" -version = "0.5.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed66d6a2ccbd656659289bc90767895b7abbdec897a0fc6031aca3ed1cb51d3e" -dependencies = [ - "bitflags", - "byteorder", - "enum-as-inner", - "libc", - "thiserror", - "walkdir", -] - [[package]] name = "take_mut" version = "0.2.2" @@ -7335,12 +7255,6 @@ dependencies = [ "web-sys", ] -[[package]] -name = "widestring" -version = "1.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "653f141f39ec16bba3c5abe400a0c60da7468261cc2cbf36805022876bc721a8" - [[package]] name = "winapi" version = "0.3.9" @@ -7372,15 +7286,6 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" -[[package]] -name = "windows" -version = "0.44.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e745dab35a0c4c77aa3ce42d595e13d2003d6902d6b08c9ef5fc326d08da12b" -dependencies = [ - "windows-targets 0.42.2", -] - [[package]] name = "windows-sys" version = "0.33.0" @@ -7664,9 +7569,9 @@ checksum = "09041cd90cf85f7f8b2df60c646f853b7f535ce68f85244eb6731cf89fa498ec" [[package]] name = "zeroize" -version = "1.6.0" +version = "1.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a0956f1ba7c7909bfb66c2e9e4124ab6f6482560f6628b5aaeba39207c9aad9" +checksum = "c394b5bd0c6f669e7275d9c20aa90ae064cb22e75a1cad54e1b34088034b149f" dependencies = [ "zeroize_derive", ] diff --git a/Cargo.toml b/Cargo.toml index e3c3e1b7..8421fc5d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -3,8 +3,7 @@ name = "signup-sequencer" version = "0.1.0" authors = [ "Remco Bloemen ", - "Lucas Ege ", -] + "Lucas Ege "] edition = "2021" build = "build.rs" homepage = "https://github.com/worldcoin/signup-sequencer" @@ -33,17 +32,9 @@ axum-server = "0.4.4" bytes = "1.4.0" chrono = { version = "0.4.19", features = ["serde"] } clap = { version = "4.0", features = ["derive"] } -cli-batteries = { git = "https://github.com/recmo/cli-batteries", rev = "b8f350d9022edce2c9f7a080c6899eafda3ac9ea", features = [ - "signals", - "prometheus", - "metered-allocator", - "otlp", - "datadog", -] } +cli-batteries = { git = "https://github.com/recmo/cli-batteries", rev = "b8f350d9022edce2c9f7a080c6899eafda3ac9ea", features = ["signals", "prometheus", "metered-allocator", "otlp", "datadog"] } cognitoauth = { git = "https://github.com/lucdew/cognito-srp-auth.git" } -criterion = { version = "0.4", optional = true, features = [ - "async_tokio", -] } # For `bench` +criterion = { version = "0.4", optional = true, features = ["async_tokio"] } # For `bench` ethers = { version = "1.0.0", features = ["ws", "ipc", "openssl", "abigen"] } eyre = "0.6" futures = "0.3" @@ -56,51 +47,30 @@ prometheus = "0.13.3" # We need upstream PR#465 to fix #272. proptest = { version = "1.0", optional = true } # For `bench` reqwest = { version = "0.11.14", features = ["json"] } ruint = { version = "1.3", features = ["primitive-types", "sqlx"] } -semaphore = { git = "https://github.com/worldcoin/semaphore-rs", branch = "main", features = [ - "depth_30", -] } +semaphore = { git = "https://github.com/worldcoin/semaphore-rs", branch = "main", features = ["depth_30"] } serde = { version = "1.0", features = ["derive"] } serde_json = "1.0" -sqlx = { version = "0.6", features = [ - "runtime-tokio-native-tls", - "any", - "postgres", - "chrono", -] } +sqlx = { version = "0.6", features = ["runtime-tokio-native-tls", "any", "postgres", "chrono"] } take_mut = "0.2.2" -tempfile = "3.5.0" +tempfile = "3.3.0" thiserror = "1.0" -tokio = { version = "1.17", features = [ - "signal", - "macros", - "rt", - "sync", - "time", - "rt-multi-thread", - "tracing", - "test-util", -] } +tokio = { version = "1.17", features = ["signal", "macros", "rt", "sync", "time", "rt-multi-thread", "tracing", "test-util"] } tracing = "0.1" tracing-futures = "0.2" url = { version = "2.2", features = ["serde"] } -zeroize = "1.6.0" # `ethers-rs` requires an older version of primitive-types. # But `ruint` supports the latest version. So we need to override it. # `cargo update --package primitive-types@0.12.1 --precise 0.11.1` [dev-dependencies] -cli-batteries = { git = "https://github.com/recmo/cli-batteries", rev = "b8f350d9022edce2c9f7a080c6899eafda3ac9ea", features = [ - "mock-shutdown", -] } +cli-batteries = { git = "https://github.com/recmo/cli-batteries", rev = "b8f350d9022edce2c9f7a080c6899eafda3ac9ea", features = ["mock-shutdown"] } hex = "0.4.3" -hex-literal = "0.4.1" +hex-literal = "0.3" maplit = "1.0.2" postgres-docker-utils = { path = "crates/postgres-docker-utils" } proptest = { version = "1.0" } regex = { version = "1.7.1", features = ["std"] } -semaphore = { git = "https://github.com/worldcoin/semaphore-rs", branch = "main", features = [ - "depth_20", -] } +semaphore = { git = "https://github.com/worldcoin/semaphore-rs", branch = "main", features = ["depth_20"] } serial_test = { version = "1.0.0" } test-case = "3.0" tracing-subscriber = "0.3.11" diff --git a/Dockerfile b/Dockerfile index f6bbe021..84227adb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM rust:1.70 as build-env +FROM rust:1.67 as build-env WORKDIR /src RUN apt-get update &&\ diff --git a/src/app.rs b/src/app.rs index 3b31c672..155eb1d1 100644 --- a/src/app.rs +++ b/src/app.rs @@ -15,7 +15,7 @@ use crate::database::prover::{ProverConfiguration as DbProverConf, Provers}; use crate::database::{self, Database}; use crate::ethereum::{self, Ethereum}; use crate::identity_tree::{ - CanonicalTreeBuilder, Hash, InclusionProof, RootItem, Status, TreeState, TreeUpdate, + CanonicalTreeBuilder, Hash, InclusionProof, RootItem, Status, TreeState, }; use crate::prover::batch_insertion::ProverConfiguration; use crate::prover::map::make_insertion_map; @@ -101,10 +101,6 @@ pub struct Options { #[clap(long, env, default_value = "20")] pub dense_tree_prefix_depth: usize, - /// Path and file name to use for mmap file when building dense tree. - #[clap(long, env, default_value = "./dense_tree_mmap")] - pub dense_tree_mmap_file: String, - /// The number of updates to trigger garbage collection. #[clap(long, env, default_value = "10000")] pub tree_gc_threshold: usize, @@ -162,14 +158,13 @@ impl App { } let timer = Instant::now(); - let tree_state = Self::restore_or_initialize_tree( + let tree_state = Self::initialize_tree( &database, // Poseidon tree depth is one more than the contract's tree depth identity_manager.tree_depth(), options.dense_tree_prefix_depth, options.tree_gc_threshold, identity_manager.initial_leaf_value(), - options.dense_tree_mmap_file, ) .await?; info!("Tree state initialization took: {:?}", timer.elapsed()); @@ -204,139 +199,20 @@ impl App { Ok(app) } - #[instrument(skip_all, level = "debug")] - async fn restore_or_initialize_tree( + async fn initialize_tree( database: &Database, tree_depth: usize, dense_prefix_depth: usize, gc_threshold: usize, initial_leaf_value: Hash, - mmap_file_path: String, ) -> AnyhowResult { let mut mined_items = database.get_commitments_by_status(Status::Mined).await?; - mined_items.sort_by_key(|item| item.leaf_index); - - if let Some(tree_state) = Self::get_cached_tree_state( - database, - tree_depth, - dense_prefix_depth, - gc_threshold, - &initial_leaf_value, - &mined_items, - &mmap_file_path, - ) - .await? - { - info!("tree restored from cache"); - return Ok(tree_state); - } - let tree_state = Self::initialize_tree( - database, - tree_depth, - dense_prefix_depth, - gc_threshold, - initial_leaf_value, - mined_items, - mmap_file_path, - ) - .await?; - info!("tree initialization successful"); - Ok(tree_state) - } - - pub fn get_leftover_leaves_and_update_index( - index: &mut usize, - dense_prefix_depth: usize, - mined_items: &Vec, - ) -> Vec> { - let leftover_items = if mined_items.is_empty() { - vec![] - } else { - let max_leaf = mined_items.last().map(|item| item.leaf_index).unwrap(); - // if the last index is greater then dense_prefix_depth, 1 << dense_prefix_depth - // should be the last index in restored tree - *index = std::cmp::min(max_leaf, (1 << dense_prefix_depth) - 1); - - if max_leaf - *index == 0 { - return vec![]; - } - - let mut leaves = Vec::with_capacity(max_leaf - *index); - - let leftover = &mined_items[(*index + 1)..]; - - for item in leftover { - leaves.push(item.element); - } - - leaves - }; - - leftover_items - } - - #[instrument(skip_all, level = "debug")] - async fn get_cached_tree_state( - database: &Database, - tree_depth: usize, - dense_prefix_depth: usize, - gc_threshold: usize, - initial_leaf_value: &Hash, - mined_items: &Vec, - mmap_file_path: &str, - ) -> anyhow::Result> { - let mut last_mined_index_in_dense: usize = 0; - let leftover_items = Self::get_leftover_leaves_and_update_index( - &mut last_mined_index_in_dense, - dense_prefix_depth, - mined_items, - ); - - let Some(mined_builder) = CanonicalTreeBuilder::restore( - tree_depth, - dense_prefix_depth, - initial_leaf_value, - last_mined_index_in_dense, - &leftover_items, - gc_threshold, - mmap_file_path, - ) else { return Ok(None) }; - - let (mined, mut processed_builder) = mined_builder.seal(); - - let mut processed_items = database - .get_commitments_by_status(Status::Processed) - .await?; - processed_items.sort_by_key(|item| item.leaf_index); - - for processed_item in processed_items { - processed_builder.update(&processed_item); - } - - let (processed, batching_builder) = processed_builder.seal_and_continue(); - let (batching, mut latest_builder) = batching_builder.seal_and_continue(); - let pending_items = database.get_commitments_by_status(Status::Pending).await?; - for update in pending_items { - latest_builder.update(&update); - } - let latest = latest_builder.seal(); - Ok(Some(TreeState::new(mined, processed, batching, latest))) - } - - #[instrument(skip_all, level = "debug")] - async fn initialize_tree( - database: &Database, - tree_depth: usize, - dense_prefix_depth: usize, - gc_threshold: usize, - initial_leaf_value: Hash, - mined_items: Vec, - mmap_file_path: String, - ) -> AnyhowResult { let initial_leaves = if mined_items.is_empty() { vec![] } else { + mined_items.sort_by_key(|item| item.leaf_index); + let max_leaf = mined_items.last().map(|item| item.leaf_index).unwrap(); let mut leaves = vec![initial_leaf_value; max_leaf + 1]; @@ -353,7 +229,6 @@ impl App { gc_threshold, initial_leaf_value, &initial_leaves, - &mmap_file_path, ); let (mined, mut processed_builder) = mined_builder.seal(); @@ -567,80 +442,3 @@ impl App { self.identity_committer.shutdown().await } } - -#[cfg(test)] -mod test { - use ethers::prelude::rand; - use ethers::types::U256; - use ruint::Uint; - - use super::App; - use crate::identity_tree::TreeUpdate; - - pub fn generate_test_identities_with_index(identity_count: usize) -> Vec { - let mut identities = vec![]; - - for i in 1..=identity_count { - let bytes: [u8; 32] = U256::from(rand::random::()).into(); - let identity = Uint::<256, 4>::from_le_bytes(bytes); - - identities.push(TreeUpdate { - leaf_index: i, - element: identity, - }); - } - - identities - } - - #[tokio::test] - async fn test_index_logic_for_cached_tree() -> anyhow::Result<()> { - // supports 8 identities (2^3) - let dense_prefix_depth: usize = 3; - - let less_identities_count = 2usize.pow(dense_prefix_depth.try_into().unwrap()) - 2; - let more_identities_count = 2usize.pow(dense_prefix_depth.try_into().unwrap()) + 2; - - // first test with less then dense prefix - let identities = generate_test_identities_with_index(less_identities_count); - - let mut last_mined_index_in_dense: usize = 0; - - let leaves = App::get_leftover_leaves_and_update_index( - &mut last_mined_index_in_dense, - dense_prefix_depth, - &identities, - ); - - // check if the index is correct - assert_eq!(last_mined_index_in_dense, identities.len()); - - // since there are less identities then dense prefix, the leavs should be empty - // vector - assert!(leaves.is_empty()); - - // lets try now with more identities then dense prefix supports - - // this should generate 2^dense_prefix + 2 - let identities = generate_test_identities_with_index(more_identities_count); - - last_mined_index_in_dense = 0; - let leaves = App::get_leftover_leaves_and_update_index( - &mut last_mined_index_in_dense, - dense_prefix_depth, - &identities, - ); - - // check if the index is correct - assert_eq!(last_mined_index_in_dense, (1 << dense_prefix_depth) - 1); - - // since there are more identities then dense prefix, the leavs should be 2 - assert_eq!(leaves.len(), 2); - - // additional check for correctness - assert_eq!(leaves[0], identities[8].element); - assert_eq!(leaves[1], identities[9].element); - - Ok(()) - } -} diff --git a/src/identity_tree.rs b/src/identity_tree.rs index ed915de8..d1b35fdb 100644 --- a/src/identity_tree.rs +++ b/src/identity_tree.rs @@ -553,21 +553,18 @@ impl CanonicalTreeBuilder { flattening_threshold: usize, initial_leaf: Field, initial_leaves: &[Field], - mmap_file_path: &str, ) -> Self { let initial_leaves_in_dense_count = min(initial_leaves.len(), 1 << dense_prefix_depth); let (initial_leaves_in_dense, leftover_initial_leaves) = initial_leaves.split_at(initial_leaves_in_dense_count); let tree = - PoseidonTree::::new_mmapped_with_dense_prefix_with_init_values( + PoseidonTree::::new_with_dense_prefix_with_initial_values( tree_depth, dense_prefix_depth, &initial_leaf, initial_leaves_in_dense, - mmap_file_path - ).unwrap(); - + ); let metadata = CanonicalTreeMetadata { flatten_threshold: flattening_threshold, count_since_last_flatten: 0, @@ -587,50 +584,6 @@ impl CanonicalTreeBuilder { builder } - pub fn restore( - tree_depth: usize, - dense_prefix_depth: usize, - initial_leaf: &Field, - last_index: usize, - leftover_items: &[ruint::Uint<256, 4>], - flattening_threshold: usize, - mmap_file_path: &str, - ) -> Option { - let tree: LazyMerkleTree = - match PoseidonTree::::attempt_dense_mmap_restore( - tree_depth, - dense_prefix_depth, - initial_leaf, - mmap_file_path, - ) { - Ok(tree) => tree, - Err(error) => { - warn!("Tree wasn't restored. Reason: {}", error.to_string()); - return None; - } - }; - - let metadata = CanonicalTreeMetadata { - flatten_threshold: flattening_threshold, - count_since_last_flatten: 0, - }; - let mut builder = Self(TreeVersionData { - tree, - next_leaf: last_index + 1, - metadata, - next: None, - }); - - for (index, leaf) in leftover_items.iter().enumerate() { - builder.update(&TreeUpdate { - leaf_index: index + last_index + 1, - element: *leaf, - }); - } - - Some(builder) - } - /// Updates a leaf in the resulting tree. pub fn update(&mut self, update: &TreeUpdate) { self.0.update(update.leaf_index, update.element); diff --git a/src/lib.rs b/src/lib.rs index f5f9b963..ed1d9811 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -1,10 +1,6 @@ #![doc = include_str!("../Readme.md")] #![warn(clippy::all, clippy::pedantic, clippy::cargo)] -#![allow( - clippy::module_name_repetitions, - clippy::wildcard_imports, - clippy::missing_panics_doc -)] +#![allow(clippy::module_name_repetitions, clippy::wildcard_imports)] pub mod app; mod contracts; diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml index 18715dfc..2772ccb2 100644 --- a/supply-chain/audits.toml +++ b/supply-chain/audits.toml @@ -2,21 +2,3 @@ # cargo-vet audits file [audits] - -[[trusted.windows-targets]] -criteria = "safe-to-deploy" -user-id = 64539 # Kenny Kerr (kennykerr) -start = "2022-09-09" -end = "2024-06-22" - -[[trusted.windows_aarch64_gnullvm]] -criteria = "safe-to-deploy" -user-id = 64539 # Kenny Kerr (kennykerr) -start = "2022-09-01" -end = "2024-06-22" - -[[trusted.windows_x86_64_gnullvm]] -criteria = "safe-to-deploy" -user-id = 64539 # Kenny Kerr (kennykerr) -start = "2022-09-01" -end = "2024-06-22" diff --git a/supply-chain/config.toml b/supply-chain/config.toml index dfa515cf..cd2ee12b 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -2,7 +2,7 @@ # cargo-vet config file [cargo-vet] -version = "0.7" +version = "0.6" [imports.bytecodealliance] url = "https://raw.githubusercontent.com/bytecodealliance/wasmtime/main/supply-chain/audits.toml" @@ -33,9 +33,6 @@ audit-as-crates-io = true [policy.semaphore] audit-as-crates-io = false -[policy."tracing-opentelemetry:0.19.0@git:76b0a0fe45fd53c352e8bfdcdfad775aed727e4c"] -audit-as-crates-io = true - [[exemptions.Inflector]] version = "0.11.4" criteria = "safe-to-deploy" @@ -452,8 +449,8 @@ criteria = "safe-to-deploy" version = "0.2.0" criteria = "safe-to-deploy" -[[exemptions.combine]] -version = "4.6.6" +[[exemptions.colorchoice]] +version = "1.0.0" criteria = "safe-to-deploy" [[exemptions.console]] @@ -484,6 +481,30 @@ criteria = "safe-to-deploy" version = "0.2.5" criteria = "safe-to-deploy" +[[exemptions.cranelift-bforest]] +version = "0.82.3" +criteria = "safe-to-deploy" + +[[exemptions.cranelift-codegen]] +version = "0.82.3" +criteria = "safe-to-deploy" + +[[exemptions.cranelift-codegen-meta]] +version = "0.82.3" +criteria = "safe-to-deploy" + +[[exemptions.cranelift-codegen-shared]] +version = "0.82.3" +criteria = "safe-to-deploy" + +[[exemptions.cranelift-entity]] +version = "0.82.3" +criteria = "safe-to-deploy" + +[[exemptions.cranelift-frontend]] +version = "0.82.3" +criteria = "safe-to-deploy" + [[exemptions.crc]] version = "3.0.0" criteria = "safe-to-deploy" @@ -592,6 +613,10 @@ criteria = "safe-to-deploy" version = "2.2.0" criteria = "safe-to-deploy" +[[exemptions.derive_more]] +version = "0.99.17" +criteria = "safe-to-deploy" + [[exemptions.dialoguer]] version = "0.8.0" criteria = "safe-to-deploy" @@ -656,10 +681,6 @@ criteria = "safe-to-deploy" version = "0.3.6" criteria = "safe-to-deploy" -[[exemptions.enum-as-inner]] -version = "0.5.1" -criteria = "safe-to-deploy" - [[exemptions.enum-iterator]] version = "0.7.0" criteria = "safe-to-deploy" @@ -684,6 +705,10 @@ criteria = "safe-to-deploy" version = "0.2.8" criteria = "safe-to-deploy" +[[exemptions.errno-dragonfly]] +version = "0.1.2" +criteria = "safe-to-deploy" + [[exemptions.eth-keystore]] version = "0.5.0" criteria = "safe-to-deploy" @@ -840,6 +865,10 @@ criteria = "safe-to-deploy" version = "0.26.2" criteria = "safe-to-deploy" +[[exemptions.glob]] +version = "0.3.0" +criteria = "safe-to-deploy" + [[exemptions.group]] version = "0.12.1" criteria = "safe-to-deploy" @@ -1084,6 +1113,10 @@ criteria = "safe-to-run" version = "0.7.0" criteria = "safe-to-deploy" +[[exemptions.md-5]] +version = "0.10.5" +criteria = "safe-to-deploy" + [[exemptions.memchr]] version = "2.5.0" criteria = "safe-to-deploy" @@ -1120,18 +1153,10 @@ criteria = "safe-to-deploy" version = "0.8.5" criteria = "safe-to-deploy" -[[exemptions.mmap-rs]] -version = "0.5.0" -criteria = "safe-to-deploy" - [[exemptions.more-asserts]] version = "0.2.2" criteria = "safe-to-deploy" -[[exemptions.nix]] -version = "0.26.2" -criteria = "safe-to-deploy" - [[exemptions.nom]] version = "7.1.1" criteria = "safe-to-deploy" @@ -1144,6 +1169,14 @@ criteria = "safe-to-deploy" version = "1.14.0" criteria = "safe-to-deploy" +[[exemptions.num_enum]] +version = "0.6.1" +criteria = "safe-to-deploy" + +[[exemptions.num_enum_derive]] +version = "0.6.1" +criteria = "safe-to-deploy" + [[exemptions.number_prefix]] version = "0.4.0" criteria = "safe-to-deploy" @@ -1672,6 +1705,10 @@ criteria = "safe-to-run" version = "0.10.0" criteria = "safe-to-deploy" +[[exemptions.sha1]] +version = "0.10.5" +criteria = "safe-to-deploy" + [[exemptions.sha2]] version = "0.8.2" criteria = "safe-to-deploy" @@ -1756,6 +1793,10 @@ criteria = "safe-to-deploy" version = "0.8.4" criteria = "safe-to-deploy" +[[exemptions.stringprep]] +version = "0.1.2" +criteria = "safe-to-deploy" + [[exemptions.strsim]] version = "0.8.0" criteria = "safe-to-deploy" @@ -1772,6 +1813,10 @@ criteria = "safe-to-deploy" version = "0.4.18" criteria = "safe-to-deploy" +[[exemptions.strum_macros]] +version = "0.24.3" +criteria = "safe-to-deploy" + [[exemptions.subtle]] version = "2.4.1" criteria = "safe-to-deploy" @@ -1792,10 +1837,6 @@ criteria = "safe-to-deploy" version = "0.1.1" criteria = "safe-to-deploy" -[[exemptions.sysctl]] -version = "0.5.4" -criteria = "safe-to-deploy" - [[exemptions.take_mut]] version = "0.2.2" criteria = "safe-to-deploy" @@ -1964,10 +2005,6 @@ criteria = "safe-to-deploy" version = "0.1.3" criteria = "safe-to-deploy" -[[exemptions.tracing-opentelemetry]] -version = "0.19.0@git:76b0a0fe45fd53c352e8bfdcdfad775aed727e4c" -criteria = "safe-to-deploy" - [[exemptions.tracing-serde]] version = "0.1.3" criteria = "safe-to-deploy" @@ -2028,10 +2065,22 @@ criteria = "safe-to-deploy" version = "0.7.6" criteria = "safe-to-deploy" +[[exemptions.utf8parse]] +version = "0.2.1" +criteria = "safe-to-deploy" + [[exemptions.uuid]] version = "0.8.2" criteria = "safe-to-deploy" +[[exemptions.valuable]] +version = "0.1.0" +criteria = "safe-to-deploy" + +[[exemptions.vec_map]] +version = "0.8.2" +criteria = "safe-to-deploy" + [[exemptions.wait-timeout]] version = "0.2.0" criteria = "safe-to-deploy" @@ -2148,10 +2197,6 @@ criteria = "safe-to-deploy" version = "1.2.3" criteria = "safe-to-deploy" -[[exemptions.widestring]] -version = "1.0.2" -criteria = "safe-to-deploy" - [[exemptions.winapi]] version = "0.3.9" criteria = "safe-to-deploy" @@ -2168,10 +2213,6 @@ criteria = "safe-to-deploy" version = "0.4.0" criteria = "safe-to-deploy" -[[exemptions.windows]] -version = "0.44.0" -criteria = "safe-to-deploy" - [[exemptions.windows-sys]] version = "0.33.0" criteria = "safe-to-deploy" @@ -2180,16 +2221,12 @@ criteria = "safe-to-deploy" version = "0.36.1" criteria = "safe-to-deploy" -[[exemptions.windows-sys]] -version = "0.42.0" -criteria = "safe-to-deploy" - -[[exemptions.windows-sys]] -version = "0.45.0" +[[exemptions.windows-targets]] +version = "0.42.2" criteria = "safe-to-deploy" -[[exemptions.windows-sys]] -version = "0.48.0" +[[exemptions.windows_aarch64_gnullvm]] +version = "0.42.2" criteria = "safe-to-deploy" [[exemptions.windows_aarch64_msvc]] @@ -2204,10 +2241,6 @@ criteria = "safe-to-deploy" version = "0.42.2" criteria = "safe-to-deploy" -[[exemptions.windows_aarch64_msvc]] -version = "0.48.0" -criteria = "safe-to-deploy" - [[exemptions.windows_i686_gnu]] version = "0.33.0" criteria = "safe-to-deploy" @@ -2220,10 +2253,6 @@ criteria = "safe-to-deploy" version = "0.42.2" criteria = "safe-to-deploy" -[[exemptions.windows_i686_gnu]] -version = "0.48.0" -criteria = "safe-to-deploy" - [[exemptions.windows_i686_msvc]] version = "0.33.0" criteria = "safe-to-deploy" @@ -2236,10 +2265,6 @@ criteria = "safe-to-deploy" version = "0.42.2" criteria = "safe-to-deploy" -[[exemptions.windows_i686_msvc]] -version = "0.48.0" -criteria = "safe-to-deploy" - [[exemptions.windows_x86_64_gnu]] version = "0.33.0" criteria = "safe-to-deploy" @@ -2252,8 +2277,8 @@ criteria = "safe-to-deploy" version = "0.42.2" criteria = "safe-to-deploy" -[[exemptions.windows_x86_64_gnu]] -version = "0.48.0" +[[exemptions.windows_x86_64_gnullvm]] +version = "0.42.2" criteria = "safe-to-deploy" [[exemptions.windows_x86_64_msvc]] @@ -2268,10 +2293,6 @@ criteria = "safe-to-deploy" version = "0.42.2" criteria = "safe-to-deploy" -[[exemptions.windows_x86_64_msvc]] -version = "0.48.0" -criteria = "safe-to-deploy" - [[exemptions.winreg]] version = "0.10.1" criteria = "safe-to-deploy" @@ -2293,7 +2314,7 @@ version = "0.5.1" criteria = "safe-to-deploy" [[exemptions.zeroize]] -version = "1.6.0" +version = "1.5.7" criteria = "safe-to-deploy" [[exemptions.zeroize_derive]] diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index b08ddad6..8bb1fc3d 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -15,42 +15,6 @@ user-id = 2396 user-login = "jdm" user-name = "Josh Matthews" -[[publisher.cranelift-bforest]] -version = "0.82.3" -when = "2022-04-11" -user-id = 73222 -user-login = "wasmtime-publish" - -[[publisher.cranelift-codegen]] -version = "0.82.3" -when = "2022-04-11" -user-id = 73222 -user-login = "wasmtime-publish" - -[[publisher.cranelift-codegen-meta]] -version = "0.82.3" -when = "2022-04-11" -user-id = 73222 -user-login = "wasmtime-publish" - -[[publisher.cranelift-codegen-shared]] -version = "0.82.3" -when = "2022-04-11" -user-id = 73222 -user-login = "wasmtime-publish" - -[[publisher.cranelift-entity]] -version = "0.82.3" -when = "2022-04-11" -user-id = 73222 -user-login = "wasmtime-publish" - -[[publisher.cranelift-frontend]] -version = "0.82.3" -when = "2022-04-11" -user-id = 73222 -user-login = "wasmtime-publish" - [[publisher.unicode-normalization]] version = "0.1.22" when = "2022-09-16" @@ -79,96 +43,6 @@ user-id = 1139 user-login = "Manishearth" user-name = "Manish Goregaokar" -[[publisher.windows-targets]] -version = "0.42.2" -when = "2023-03-13" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows-targets]] -version = "0.48.0" -when = "2023-03-31" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows_aarch64_gnullvm]] -version = "0.42.2" -when = "2023-03-13" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows_aarch64_gnullvm]] -version = "0.48.0" -when = "2023-03-31" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows_x86_64_gnullvm]] -version = "0.42.2" -when = "2023-03-13" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[publisher.windows_x86_64_gnullvm]] -version = "0.48.0" -when = "2023-03-31" -user-id = 64539 -user-login = "kennykerr" -user-name = "Kenny Kerr" - -[[audits.bytecodealliance.wildcard-audits.cranelift-bforest]] -who = "Bobby Holley " -criteria = "safe-to-deploy" -user-id = 73222 # wasmtime-publish -start = "2021-10-29" -end = "2024-06-26" -notes = "The Bytecode Alliance is the author of this crate." - -[[audits.bytecodealliance.wildcard-audits.cranelift-codegen]] -who = "Bobby Holley " -criteria = "safe-to-deploy" -user-id = 73222 # wasmtime-publish -start = "2021-10-29" -end = "2024-06-26" -notes = "The Bytecode Alliance is the author of this crate." - -[[audits.bytecodealliance.wildcard-audits.cranelift-codegen-meta]] -who = "Bobby Holley " -criteria = "safe-to-deploy" -user-id = 73222 # wasmtime-publish -start = "2021-10-29" -end = "2024-06-26" -notes = "The Bytecode Alliance is the author of this crate." - -[[audits.bytecodealliance.wildcard-audits.cranelift-codegen-shared]] -who = "Bobby Holley " -criteria = "safe-to-deploy" -user-id = 73222 # wasmtime-publish -start = "2021-10-29" -end = "2024-06-26" -notes = "The Bytecode Alliance is the author of this crate." - -[[audits.bytecodealliance.wildcard-audits.cranelift-entity]] -who = "Bobby Holley " -criteria = "safe-to-deploy" -user-id = 73222 # wasmtime-publish -start = "2021-10-29" -end = "2024-06-26" -notes = "The Bytecode Alliance is the author of this crate." - -[[audits.bytecodealliance.wildcard-audits.cranelift-frontend]] -who = "Bobby Holley " -criteria = "safe-to-deploy" -user-id = 73222 # wasmtime-publish -start = "2021-10-29" -end = "2024-06-26" -notes = "The Bytecode Alliance is the author of this crate." - [[audits.bytecodealliance.audits.anes]] who = "Pat Hickey " criteria = "safe-to-deploy" @@ -287,12 +161,6 @@ criteria = "safe-to-deploy" delta = "0.3.0 -> 0.3.1" notes = "Just a dependency version bump and a bug fix for redox" -[[audits.bytecodealliance.audits.errno-dragonfly]] -who = "Jamey Sharp " -criteria = "safe-to-deploy" -version = "0.1.2" -notes = "This should be portable to any POSIX system and seems like it should be part of the libc crate, but at any rate it's safe as is." - [[audits.bytecodealliance.audits.foreign-types]] who = "Pat Hickey " criteria = "safe-to-deploy" @@ -342,11 +210,6 @@ who = "Pat Hickey " criteria = "safe-to-deploy" version = "0.3.27" -[[audits.bytecodealliance.audits.glob]] -who = "Jamey Sharp " -criteria = "safe-to-deploy" -delta = "0.3.1 -> 0.3.0" - [[audits.bytecodealliance.audits.heck]] who = "Alex Crichton " criteria = "safe-to-deploy" @@ -538,119 +401,113 @@ criteria = "safe-to-deploy" version = "1.0.52" notes = "The Bytecode Alliance is the author of this crate." -[[audits.embark.audits.anyhow]] -who = "Johan Andersson " +[[audits.bytecodealliance.audits.windows-sys]] +who = "Dan Gohman " criteria = "safe-to-deploy" -version = "1.0.58" +version = "0.42.0" +notes = "This is a Windows API bindings library maintained by Microsoft themselves." -[[audits.embark.audits.colorchoice]] -who = "Johan Andersson " +[[audits.bytecodealliance.audits.windows-sys]] +who = "Dan Gohman " criteria = "safe-to-deploy" -version = "1.0.0" -notes = "No unsafe usage or ambient capabilities" +version = "0.48.0" +notes = "This is a Windows API bindings library maintained by Microsoft themselves." -[[audits.embark.audits.convert_case]] -who = "Johan Andersson " +[[audits.bytecodealliance.audits.windows-sys]] +who = "Pat Hickey " criteria = "safe-to-deploy" -version = "0.4.0" -notes = "No unsafe usage or ambient capabilities" +delta = "0.42.0 -> 0.45.0" +notes = "This is a Windows API bindings library maintained by Microsoft themselves." -[[audits.embark.audits.derive_more]] -who = "Johan Andersson " +[[audits.bytecodealliance.audits.windows-targets]] +who = "Dan Gohman " criteria = "safe-to-deploy" -version = "0.99.17" -notes = "No unsafe usage or ambient capabilities" +version = "0.48.0" +notes = "This is a Windows API bindings library maintained by Microsoft themselves. It just provides the import libs needed by windows-sys." -[[audits.embark.audits.epaint]] -who = "Johan Andersson " +[[audits.bytecodealliance.audits.windows_aarch64_gnullvm]] +who = "Dan Gohman " criteria = "safe-to-deploy" -violation = "<0.20.0" -notes = "Specified crate license does not include licenses of embedded fonts if using default features or the `default_fonts` feature. Tracked in: https://github.com/emilk/egui/issues/2321" +version = "0.48.0" +notes = "This is a Windows API bindings library maintained by Microsoft themselves." -[[audits.embark.audits.headers]] -who = "Johan Andersson " +[[audits.bytecodealliance.audits.windows_aarch64_msvc]] +who = "Dan Gohman " criteria = "safe-to-deploy" -version = "0.3.8" -notes = "HTTP type definitions. Single sound unsafe usage, no ambient capabilities used" +version = "0.48.0" +notes = "This is a Windows API bindings library maintained by Microsoft themselves." -[[audits.embark.audits.ident_case]] -who = "Johan Andersson " +[[audits.bytecodealliance.audits.windows_i686_gnu]] +who = "Dan Gohman " criteria = "safe-to-deploy" -version = "1.0.1" -notes = "No unsafe usage or ambient capabilities" +version = "0.48.0" +notes = "This is a Windows API bindings library maintained by Microsoft themselves." -[[audits.embark.audits.num_enum]] -who = "Johan Andersson " +[[audits.bytecodealliance.audits.windows_i686_msvc]] +who = "Dan Gohman " criteria = "safe-to-deploy" -version = "0.5.11" -notes = "No unsafe usage or ambient capabilities" +version = "0.48.0" +notes = "This is a Windows API bindings library maintained by Microsoft themselves." -[[audits.embark.audits.num_enum]] -who = "Johan Andersson " +[[audits.bytecodealliance.audits.windows_x86_64_gnu]] +who = "Dan Gohman " criteria = "safe-to-deploy" -delta = "0.5.11 -> 0.6.1" -notes = "Minor changes" +version = "0.48.0" +notes = "This is a Windows API bindings library maintained by Microsoft themselves." -[[audits.embark.audits.num_enum_derive]] -who = "Johan Andersson " +[[audits.bytecodealliance.audits.windows_x86_64_gnullvm]] +who = "Dan Gohman " criteria = "safe-to-deploy" -version = "0.5.11" -notes = "Proc macro that generates some unsafe code for conversion but looks sound, no ambient capabilities" +version = "0.48.0" +notes = "This is a Windows API bindings library maintained by Microsoft themselves." -[[audits.embark.audits.num_enum_derive]] -who = "Johan Andersson " +[[audits.bytecodealliance.audits.windows_x86_64_msvc]] +who = "Dan Gohman " criteria = "safe-to-deploy" -delta = "0.5.11 -> 0.6.1" -notes = "Minor changes" +version = "0.48.0" +notes = "This is a Windows API bindings library maintained by Microsoft themselves." -[[audits.embark.audits.stringprep]] +[[audits.embark.audits.anyhow]] who = "Johan Andersson " criteria = "safe-to-deploy" -version = "0.1.2" -notes = "No unsafe usage or ambient capabilities. Old crate from released and unchanged from 2017" +version = "1.0.58" -[[audits.embark.audits.strum]] +[[audits.embark.audits.convert_case]] who = "Johan Andersson " criteria = "safe-to-deploy" -version = "0.24.1" -notes = "Tiny layer on top of the proc macro crate, found no unsafe or system usage" +version = "0.4.0" +notes = "No unsafe usage or ambient capabilities" -[[audits.embark.audits.strum_macros]] +[[audits.embark.audits.epaint]] who = "Johan Andersson " criteria = "safe-to-deploy" -version = "0.24.3" -notes = "Proc macro. No unsafe or added ambient capabilities" +violation = "<0.20.0" +notes = "Specified crate license does not include licenses of embedded fonts if using default features or the `default_fonts` feature. Tracked in: https://github.com/emilk/egui/issues/2321" -[[audits.embark.audits.tap]] +[[audits.embark.audits.headers]] who = "Johan Andersson " criteria = "safe-to-deploy" -version = "1.0.1" -notes = "No unsafe usage or ambient capabilities" +version = "0.3.8" +notes = "HTTP type definitions. Single sound unsafe usage, no ambient capabilities used" -[[audits.embark.audits.utf8parse]] +[[audits.embark.audits.ident_case]] who = "Johan Andersson " criteria = "safe-to-deploy" -version = "0.2.1" -notes = "Single unsafe usage that looks sound, no ambient capabilities" +version = "1.0.1" +notes = "No unsafe usage or ambient capabilities" -[[audits.embark.audits.valuable]] +[[audits.embark.audits.strum]] who = "Johan Andersson " criteria = "safe-to-deploy" -version = "0.1.0" -notes = "No unsafe usage or ambient capabilities, sane build script" +version = "0.24.1" +notes = "Tiny layer on top of the proc macro crate, found no unsafe or system usage" -[[audits.embark.audits.vec_map]] +[[audits.embark.audits.tap]] who = "Johan Andersson " criteria = "safe-to-deploy" -version = "0.8.2" +version = "1.0.1" notes = "No unsafe usage or ambient capabilities" -[[audits.google.audits.glob]] -who = "George Burgess IV " -criteria = "safe-to-deploy" -version = "0.3.1" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - [[audits.google.audits.proc-macro-error-attr]] who = "George Burgess IV " criteria = "safe-to-deploy" @@ -718,27 +575,25 @@ version = "0.2.83" [[audits.mozilla.wildcard-audits.core-foundation]] who = "Bobby Holley " criteria = "safe-to-deploy" -user-id = 5946 # Jeff Muizelaar (jrmuizel) +user-id = 5946 start = "2019-03-29" end = "2023-05-04" -renew = false notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.wildcard-audits.core-foundation-sys]] who = "Bobby Holley " criteria = "safe-to-deploy" -user-id = 2396 # Josh Matthews (jdm) +user-id = 2396 start = "2019-11-12" end = "2023-05-04" -renew = false notes = "I've reviewed every source contribution that was neither authored nor reviewed by Mozilla." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.wildcard-audits.unicode-normalization]] who = "Manish Goregaokar " criteria = "safe-to-deploy" -user-id = 1139 # Manish Goregaokar (Manishearth) +user-id = 1139 start = "2019-11-06" end = "2024-05-03" notes = "All code written or reviewed by Manish" @@ -747,7 +602,7 @@ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-ch [[audits.mozilla.wildcard-audits.unicode-segmentation]] who = "Manish Goregaokar " criteria = "safe-to-deploy" -user-id = 1139 # Manish Goregaokar (Manishearth) +user-id = 1139 start = "2019-05-15" end = "2024-05-03" notes = "All code written or reviewed by Manish" @@ -756,7 +611,7 @@ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-ch [[audits.mozilla.wildcard-audits.unicode-width]] who = "Manish Goregaokar " criteria = "safe-to-deploy" -user-id = 1139 # Manish Goregaokar (Manishearth) +user-id = 1139 start = "2019-12-05" end = "2024-05-03" notes = "All code written or reviewed by Manish" @@ -765,7 +620,7 @@ aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-ch [[audits.mozilla.wildcard-audits.unicode-xid]] who = "Manish Goregaokar " criteria = "safe-to-deploy" -user-id = 1139 # Manish Goregaokar (Manishearth) +user-id = 1139 start = "2019-07-25" end = "2024-05-03" notes = "All code written or reviewed by Manish" @@ -1016,18 +871,6 @@ criteria = "safe-to-deploy" version = "0.4.17" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.mach2]] -who = "Gabriele Svelto " -criteria = "safe-to-deploy" -version = "0.4.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.md-5]] -who = "Dana Keeler " -criteria = "safe-to-deploy" -version = "0.10.5" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.memoffset]] who = "Gabriele Svelto " criteria = "safe-to-deploy" @@ -1147,12 +990,6 @@ criteria = "safe-to-deploy" delta = "0.11.1 -> 0.11.2" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.sha1]] -who = "Dana Keeler " -criteria = "safe-to-deploy" -version = "0.10.5" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.sha2]] who = "Mike Hommey " criteria = "safe-to-deploy" diff --git a/tests/common/mod.rs b/tests/common/mod.rs index 5b7dc74f..9bad00c7 100644 --- a/tests/common/mod.rs +++ b/tests/common/mod.rs @@ -152,6 +152,7 @@ pub async fn test_inclusion_proof( leaf: &Hash, expect_failure: bool, ) { + let mut mined_json = None; for i in 1..21 { let body = construct_inclusion_proof_body(leaf); info!(?uri, "Contacting"); @@ -193,21 +194,15 @@ pub async fn test_inclusion_proof( assert_eq!(response.status(), StatusCode::ACCEPTED); info!("Got pending, waiting 1 second, iteration {}", i); tokio::time::sleep(Duration::from_secs(1)).await; - } - // TODO: Our tests are not checking the processed -> mined flow - // because for that purpose we'd need to setup another chain - // or a different contract for the same chain - // as such both cases with mined or processed can be considered successes - else if status == "mined" { - let proof_json = generate_reference_proof_json(ref_tree, leaf_index, "mined"); - assert_eq!(result_json, proof_json); - return; - } else if status == "processed" { - let proof_json = generate_reference_proof_json(ref_tree, leaf_index, "processed"); - assert_eq!(result_json, proof_json); - return; + } else { + mined_json = Some(result_json); + break; } } + + let result_json = mined_json.expect("Failed to get mined response"); + let proof_json = generate_reference_proof_json(ref_tree, leaf_index, "mined"); + assert_eq!(result_json, proof_json); } #[instrument(skip_all)] diff --git a/tests/dynamic_batch_sizes.rs b/tests/dynamic_batch_sizes.rs index 197c47f3..656724e8 100644 --- a/tests/dynamic_batch_sizes.rs +++ b/tests/dynamic_batch_sizes.rs @@ -11,6 +11,7 @@ const SUPPORTED_DEPTH: usize = 20; const IDLE_TIME: u64 = 7; #[tokio::test] +#[serial_test::serial] async fn dynamic_batch_sizes() -> anyhow::Result<()> { // Initialize logging for the test. init_tracing_subscriber(); @@ -32,12 +33,7 @@ async fn dynamic_batch_sizes() -> anyhow::Result<()> { let port = db_container.port(); let db_url = format!("postgres://postgres:postgres@localhost:{port}/database"); - // temp dir will be deleted on drop call - let temp_dir = tempfile::tempdir()?; - info!( - "temp dir created at: {:?}", - temp_dir.path().join("testfile") - ); + // We initially spawn the service with a single prover for batch size 3. let mut options = Options::try_parse_from([ "signup-sequencer", @@ -57,8 +53,6 @@ async fn dynamic_batch_sizes() -> anyhow::Result<()> { "10", "--tree-gc-threshold", "1", - "--dense-tree-mmap-file", - temp_dir.path().join("testfile").to_str().unwrap(), ]) .context("Failed to create options")?; diff --git a/tests/insert_identity_and_proofs.rs b/tests/insert_identity_and_proofs.rs index 6784d2cd..90eb9643 100644 --- a/tests/insert_identity_and_proofs.rs +++ b/tests/insert_identity_and_proofs.rs @@ -6,6 +6,7 @@ const SUPPORTED_DEPTH: usize = 20; const IDLE_TIME: u64 = 7; #[tokio::test] +#[serial_test::serial] async fn insert_identity_and_proofs() -> anyhow::Result<()> { // Initialize logging for the test. init_tracing_subscriber(); @@ -26,13 +27,6 @@ async fn insert_identity_and_proofs() -> anyhow::Result<()> { let port = db_container.port(); let db_url = format!("postgres://postgres:postgres@localhost:{port}/database"); - // temp dir will be deleted on drop call - let temp_dir = tempfile::tempdir()?; - info!( - "temp dir created at: {:?}", - temp_dir.path().join("testfile") - ); - let mut options = Options::try_parse_from([ "signup-sequencer", "--identity-manager-address", @@ -51,8 +45,6 @@ async fn insert_identity_and_proofs() -> anyhow::Result<()> { "10", "--tree-gc-threshold", "1", - "--dense-tree-mmap-file", - temp_dir.path().join("testfile").to_str().unwrap(), ]) .context("Failed to create options")?; diff --git a/tests/malformed_payload.rs b/tests/malformed_payload.rs index 8b579937..e814cfb9 100644 --- a/tests/malformed_payload.rs +++ b/tests/malformed_payload.rs @@ -24,14 +24,6 @@ async fn malformed_payload() -> anyhow::Result<()> { let port = db_container.port(); let db_url = format!("postgres://postgres:postgres@localhost:{port}/database"); - - // temp dir will be deleted on drop call - let temp_dir = tempfile::tempdir()?; - info!( - "temp dir created at: {:?}", - temp_dir.path().join("testfile") - ); - let mut options = Options::try_parse_from([ "signup-sequencer", "--identity-manager-address", @@ -50,8 +42,6 @@ async fn malformed_payload() -> anyhow::Result<()> { "10", "--tree-gc-threshold", "1", - "--dense-tree-mmap-file", - temp_dir.path().join("testfile").to_str().unwrap(), ]) .context("Failed to create options")?; diff --git a/tests/more_identities_than_dense_prefix.rs b/tests/more_identities_than_dense_prefix.rs deleted file mode 100644 index fd9082a9..00000000 --- a/tests/more_identities_than_dense_prefix.rs +++ /dev/null @@ -1,161 +0,0 @@ -mod common; - -use common::prelude::*; - -const SUPPORTED_DEPTH: usize = 20; -const IDLE_TIME: u64 = 12; - -#[tokio::test] -async fn more_identities_than_dense_prefix() -> anyhow::Result<()> { - // Initialize logging for the test. - init_tracing_subscriber(); - info!("Starting integration test"); - - let batch_size: usize = 4; - let dense_prefix_depth: usize = 3; - - // 2^3 = 8, so 2 batches - let num_identities_in_dense_prefix = 2usize.pow(dense_prefix_depth as u32); - let num_identities_above_dense_prefix = batch_size * 2; - - // A total of 4 batches (4 * 4 = 16 identities) - let num_identities_total = num_identities_in_dense_prefix + num_identities_above_dense_prefix; - - let num_batches_total = num_identities_total / batch_size; - - #[allow(clippy::cast_possible_truncation)] - let tree_depth: u8 = SUPPORTED_DEPTH as u8; - - let mut ref_tree = PoseidonTree::new(SUPPORTED_DEPTH + 1, ruint::Uint::ZERO); - let initial_root: U256 = ref_tree.root().into(); - - let (mock_chain, db_container, prover_map) = - spawn_deps(initial_root, &[batch_size], tree_depth).await?; - - let prover_mock = &prover_map[&batch_size]; - - let port = db_container.port(); - let db_url = format!("postgres://postgres:postgres@localhost:{port}/database"); - - // temp dir will be deleted on drop call - let temp_dir = tempfile::tempdir()?; - info!( - "temp dir created at: {:?}", - temp_dir.path().join("testfile") - ); - - let mut options = Options::try_parse_from([ - "signup-sequencer", - "--identity-manager-address", - "0x0000000000000000000000000000000000000000", // placeholder, updated below - "--database", - &db_url, - "--database-max-connections", - "1", - "--tree-depth", - &format!("{tree_depth}"), - "--prover-urls", - &prover_mock.arg_string(), - "--batch-timeout-seconds", - "10", - "--dense-tree-prefix-depth", - &format!("{dense_prefix_depth}"), - "--tree-gc-threshold", - "1", - "--dense-tree-mmap-file", - temp_dir.path().join("testfile").to_str().unwrap(), - ]) - .context("Failed to create options")?; - - options.server.server = Url::parse("http://127.0.0.1:0/").expect("Failed to parse URL"); - - options.app.contracts.identity_manager_address = mock_chain.identity_manager.address(); - options.app.ethereum.ethereum_provider = - Url::parse(&mock_chain.anvil.endpoint()).expect("Failed to parse Anvil url"); - - options.app.ethereum.write_options.signing_key = mock_chain.private_key; - - let (app, local_addr) = spawn_app(options.clone()) - .await - .expect("Failed to spawn app."); - - let test_identities = generate_test_identities(num_identities_total); - let identities_ref: Vec = test_identities - .iter() - .map(|i| Hash::from_str_radix(i, 16).unwrap()) - .collect(); - - let uri = "http://".to_owned() + &local_addr.to_string(); - let client = Client::new(); - - info!("############# Insert all the identities #############"); - - // Insert identities to fill out the dense prefix - for i in 0..num_identities_total { - test_insert_identity(&uri, &client, &mut ref_tree, &identities_ref, i).await; - } - - // Sleep long enough to process all the batches - tokio::time::sleep(Duration::from_secs(IDLE_TIME * num_batches_total as u64)).await; - - // Check that we can get inclusion proof for the first identity - test_inclusion_proof(&uri, &client, 0, &ref_tree, &identities_ref[0], false).await; - - // Check that we can get inclusion proof for the last identity - test_inclusion_proof( - &uri, - &client, - num_identities_total - 1, - &ref_tree, - &identities_ref[num_identities_total - 1], - false, - ) - .await; - - info!("############# Restart the sequencer - triggers a tree restore #############"); - - // Shutdown the app and reset the mock shutdown, allowing us to test the - // behaviour with saved data. - info!("Stopping the app for testing purposes"); - shutdown(); - app.await.unwrap(); - reset_shutdown(); - - // Test loading the state from a file when the on-chain contract has the state. - let (app, local_addr) = spawn_app(options.clone()) - .await - .expect("Failed to spawn app."); - let uri = "http://".to_owned() + &local_addr.to_string(); - - info!("############# Validate restored tree #############"); - - // After app restart, the tree should have been restored - // and we should still have all the inserted identities - - // Sleep long enough for the app tree to be restored - tokio::time::sleep(Duration::from_secs(IDLE_TIME)).await; - - // Check that we can get inclusion proof for the first identity - test_inclusion_proof(&uri, &client, 0, &ref_tree, &identities_ref[0], false).await; - - // Check that we can get inclusion proof for the last identity - test_inclusion_proof( - &uri, - &client, - num_identities_total - 1, - &ref_tree, - &identities_ref[num_identities_total - 1], - false, - ) - .await; - - // Shutdown the app properly for the final time - shutdown(); - app.await.unwrap(); - for (_, prover) in prover_map.into_iter() { - prover.stop(); - } - reset_shutdown(); - - Ok(()) -} diff --git a/tests/multi_prover.rs b/tests/multi_prover.rs index 5b69b2e9..490a6607 100644 --- a/tests/multi_prover.rs +++ b/tests/multi_prover.rs @@ -33,13 +33,6 @@ async fn multi_prover() -> anyhow::Result<()> { info!("Running with {prover_arg_string}"); - // temp dir will be deleted on drop call - let temp_dir = tempfile::tempdir()?; - info!( - "temp dir created at: {:?}", - temp_dir.path().join("testfile") - ); - let port = db_container.port(); let db_url = format!("postgres://postgres:postgres@localhost:{port}/database"); let mut options = Options::try_parse_from([ @@ -60,8 +53,6 @@ async fn multi_prover() -> anyhow::Result<()> { "10", "--tree-gc-threshold", "1", - "--dense-tree-mmap-file", - temp_dir.path().join("testfile").to_str().unwrap(), ]) .context("Failed to create options")?; diff --git a/tests/unavailable_prover.rs b/tests/unavailable_prover.rs index a851731d..66fc76c2 100644 --- a/tests/unavailable_prover.rs +++ b/tests/unavailable_prover.rs @@ -25,14 +25,6 @@ async fn unavailable_prover() -> anyhow::Result<()> { let port = db_container.port(); let db_url = format!("postgres://postgres:postgres@localhost:{port}/database"); - - // temp dir will be deleted on drop call - let temp_dir = tempfile::tempdir()?; - info!( - "temp dir created at: {:?}", - temp_dir.path().join("testfile") - ); - let mut options = Options::try_parse_from([ "signup-sequencer", "--identity-manager-address", @@ -51,8 +43,6 @@ async fn unavailable_prover() -> anyhow::Result<()> { "10", "--tree-gc-threshold", "1", - "--dense-tree-mmap-file", - temp_dir.path().join("testfile").to_str().unwrap(), ]) .context("Failed to create options")?; diff --git a/tests/validate_proofs.rs b/tests/validate_proofs.rs index 425314af..3952e317 100644 --- a/tests/validate_proofs.rs +++ b/tests/validate_proofs.rs @@ -29,13 +29,6 @@ async fn validate_proofs() -> anyhow::Result<()> { let port = db_container.port(); let db_url = format!("postgres://postgres:postgres@localhost:{port}/database"); - // temp dir will be deleted on drop call - let temp_dir = tempfile::tempdir()?; - info!( - "temp dir created at: {:?}", - temp_dir.path().join("testfile") - ); - let mut options = Options::try_parse_from([ "signup-sequencer", "--identity-manager-address", @@ -54,8 +47,6 @@ async fn validate_proofs() -> anyhow::Result<()> { "10", "--tree-gc-threshold", "1", - "--dense-tree-mmap-file", - temp_dir.path().join("testfile").to_str().unwrap(), ]) .expect("Failed to create options"); options.server.server = Url::parse("http://127.0.0.1:0/").expect("Failed to parse URL"); @@ -73,13 +64,10 @@ async fn validate_proofs() -> anyhow::Result<()> { let client = Client::new(); static IDENTITIES: Lazy> = Lazy::new(|| { - let mut s1 = *b"test_f0f0"; - let mut s2 = *b"test_f1f1"; - let mut s3 = *b"test_f2f2"; vec![ - Identity::from_secret(&mut s1, None), - Identity::from_secret(&mut s2, None), - Identity::from_secret(&mut s3, None), + Identity::from_secret(b"test_f0f0", None), + Identity::from_secret(b"test_f1f1", None), + Identity::from_secret(b"test_f2f2", None), ] });