Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

solidity binaries always redownloaded on nixos #94

Open
d-xo opened this issue Aug 3, 2023 · 4 comments
Open

solidity binaries always redownloaded on nixos #94

d-xo opened this issue Aug 3, 2023 · 4 comments

Comments

@d-xo
Copy link
Contributor

d-xo commented Aug 3, 2023

On nixos solidity binaries are always downloaded on every invocation of a forge command. I'm guessing this is due to some hash check failure as a result of the patching performed since: #48.

I'm wondering what the best way to fix this is?

@mattsse
Copy link
Member

mattsse commented Aug 3, 2023

does this change the binary:

https://github.com/alloy-rs/svm-rs/pull/48/files#diff-b1a35a68f14e696205874893c07fd24fdb88882b47c23cc0e0c80a30c7d53759R82-R84

? if so then this would explain a hash mismatch

@d-xo
Copy link
Contributor Author

d-xo commented Aug 4, 2023

yes that modifies the binary.

We could perhaps precompute the expected hashes on nixos and ship them as part of svm-rs? Or instead of patching the binaries locally, we could detect that we're running on nixos and pull from some trusted nix respository of solc binaries (e.g. https://github.com/dapphub/dapptools/blob/master/nix/solc-versions.nix, or https://github.com/hellwolf/solc.nix), in this case we would skip hash checks in svm and delegate integrity checking and so on to nix.

Happy to make a pr here, but would appreciate some guidance on what your prefered solution is.

@mattsse
Copy link
Member

mattsse commented Aug 4, 2023

I like that.

one concern I have re additional solc bins, is that this makes adding new binaries more complex, but https://github.com/hellwolf/solc.nix looks well maintained and we could just use this for nix, so pulling from https://github.com/hellwolf/solc.nix would be easier to impl and the update overhead is still manageable.

but I'm fine with either solution.

@d-xo
Copy link
Contributor Author

d-xo commented Aug 4, 2023

Using an external nix repo is probably the easiest to implement, but I'm a bit worried about supply chain risk and introducing additional trusted parties between the solidity team and the end user.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants