[zapps-wg] Trusted Rust build process is ready for evaluation
Sean Bowe
sean at z.cash
Tue Dec 5 19:44:13 EST 2017
That would be nice!
What other obstacles are there for fully deterministic builds? It
seems like it would be a good idea to toss a few features in (like
that one) and make some kind of "release" binaries for people to use
which have been scrutinized and built in this reproducible way.
I hopefully will run into some time soon where I can audit the changes
you made to the code and dependencies, play with the build, do
comparisons and so forth. This is exciting!
Sean
On Tue, Dec 5, 2017 at 5:20 PM, Devrandom <c1.devrandom at niftybox.net> wrote:
> Verification passed (in fact, new_challenge was identical).
>
> BTW, would be nice if `compute` had a flag to only take entropy from STDIN,
> so that we can check for any differences in the response.
>
> On Tue, Dec 5, 2017 at 12:48 PM Devrandom <c1.devrandom at niftybox.net> wrote:
>>
>> Thank you. Will do the verification shortly.
>>
>> Also, I've updated the instructions in
>> https://github.com/devrandom/powersoftau/wiki/Trusted-build-instructions-via-mrustc
>> to use the cargo built by mrustc. This required vendoring of the
>> dependencies.
>>
>>
>> On Tue, Dec 5, 2017 at 11:24 AM Sean Bowe <sean at z.cash> wrote:
>>>
>>> Excellent work! :)
>>>
>>> new, compute, verify_transform is a good demonstration. I would
>>> verify_transform with a binary compiled with the normal Rust compiler
>>> to double-check.
>>>
>>> Sean
>>>
>>> On Tue, Dec 5, 2017 at 11:59 AM, Devrandom <c1.devrandom at niftybox.net>
>>> wrote:
>>> > Hi all,
>>> >
>>> > I was able to build rustc completely from sources. This means no
>>> > network
>>> > access during the build and without any Rust distributed binaries.
>>> >
>>> > The steps are here:
>>> >
>>> >
>>> > https://github.com/devrandom/powersoftau/wiki/Trusted-build-instructions-via-mrustc
>>> >
>>> > I'm still looking into building a cargo binary that supports TLS, to
>>> > eliminate the need to download it for building powersoftau itself.
>>> > Worst
>>> > case we can use a shell script.
>>> >
>>> > Would like to merge https://github.com/ebfull/pairing/pull/72 so that
>>> > we
>>> > don't have to maintain a separate patch for Rust 1.19 compatibility.
>>> >
>>> > Sean, what is the best method of validating that the generated binary
>>> > works
>>> > correctly? Just use "new", then "compute" and then "verify_transform"?
>>> >
>>> > Also, I found that the generated binary is *very* different from the
>>> > one
>>> > generated by the downloadable Rust compiler. This is somewhat
>>> > worrisome,
>>> > although it doesn't affect us if we use the mrustc path. Will spend a
>>> > bit
>>> > more time to get to the bottom of it.
>>> >
More information about the zapps-wg
mailing list