boringtun: Crate no longer compiles
First off, I am no expert in Rust, so I may make some mistakes in this report.
We’re building BoringTun in a container and recently it has failed to compile with errors like the following:
#12 154.5 Compiling boringtun v0.5.2
#12 154.5 error[E0433]: failed to resolve: could not find `StaticSecret` in `x25519_dalek` #12 154.5 --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/boringtun-0.5.2/src/device/api.rs:226:62
#12 154.5 |
#12 154.5 226 | ... device.set_key(x25519_dalek::StaticSecret::from(key_bytes.0))
#12 154.5 | ^^^^^^^^^^^^
#12 154.5 | |
#12 154.5 | could not find `StaticSecret` in `x25519_dalek`
#12 154.5 | help: a struct with a similar name exists: `SharedSecret`
#12 154.5
#12 154.6 error[E0412]: cannot find type `StaticSecret` in crate `x25519_dalek`
#12 154.6 --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/boringtun-0.5.2/src/device/mod.rs:118:37
#12 154.6 |
#12 154.6 118 | key_pair: Option<(x25519_dalek::StaticSecret, x25519_dalek::PublicKey)>,
#12 154.6 | ^^^^^^^^^^^^ help: a struct with a similar name exists: `SharedSecret`
#12 154.6 |
#12 154.6 ::: /root/.cargo/registry/src/github.com-1ecc6299db9ec823/x25519-dalek-2.0.0-rc.2/src/x25519.rs:282:1
#12 154.6 |
I believe this is the dependency that is causing the problem:
#12 151.4 Compiling x25519-dalek v2.0.0-rc.2
The version listed above was released on April 1, which correlates with our failure to build the container:
https://crates.io/crates/x25519-dalek/2.0.0-rc.2
This PR on that project makes the static secrets an optional setting, so presumably BoringTun needs to opt in to this new setting:
https://github.com/dalek-cryptography/x25519-dalek/pull/122
I suspect the new setting needs to be added here. Not knowing much about Rust/Cargo, it would appear to my untrained eye that the version is pinned to 2.0.0-pre.1, so I’m not sure why 2.0.0-rc.2 is being used, but I’m sure that will make sense to you.
Here is the relevant snippet from our Dockerfile that should help you reproduce the build failure:
FROM debian:latest AS builder
RUN apt-get update && \
apt-get -y install ca-certificates curl build-essential && \
curl https://sh.rustup.rs -sSf | sh -s -- -y && \
~/.cargo/bin/cargo install boringtun-cli
I do note that the setting was introduced since using these types can be harmful, but I assume you’re using them in the correct manner.
About this issue
- Original URL
- State: closed
- Created a year ago
- Comments: 15 (1 by maintainers)
Commits related to this issue
- chore: prepare 0.6.0 and bump dalek (#351) Bump dalek to a non-yanked version and prepare a new release. Due to other changes, this will be a new breaking version. Closes #340. — committed to cloudflare/boringtun by Noah-Kennedy a year ago
- chore: backport fix for #340 and release v0.5.3 — committed to cloudflare/boringtun by deleted user a year ago
@Noah-Kennedy would it be possible to get the patch release out, since it’s been two weeks?
We can put out a new patch release over the next few days.
Published!
For anyone using boringtun as a dependency, I’ve been able to forcibly use the fixed revision using the following in
Cargo.toml:This should fix compiles, but git dependencies are not allowed when publishing to crates.io.
I’ve published a patch release for v0.5 as well, v0.5.3, and yanked the other 0.5.x versions
It builds! Thanks 👍
Sorry folks, prepping a release now: https://github.com/cloudflare/boringtun/pull/351
I ran into this problem today, it’s still not fixed on crates.io. I need the library, i’d rather not do tricks with the cli or specify a git rev in my cargo.toml if i can help it.
Another option is to
git clonethe repo, then rungit revert 878385f171d60effac4ad1a9d4dee41e777528b8, then docargo build --bin boringtun-cliShould be solved in upstream. Please reopen if you’re still seeing issues. Thanks for the pinpoint assessment, it really helped the fix!
cc @jeff-hiner
Hello, this works:
I’m not an expert in Rust too, so I’m not sure this is the best solution. I just found it in AUR.