mundane icon indicating copy to clipboard operation
mundane copied to clipboard

Published 20 hours ago verified publisher icon google

Outdated dependency for cmake

Open martin-lueker opened this issue 4 years ago • 3 comments

Hello, I recently had the pleasure of building your crate when I noticed that the dependencies may be out of date. It would appear that mundane currently requires cmake 3.3 or higher:

(Paths redacted below)

Compiling mundane v0.4.4
error: failed to run custom build command for `mundane v0.4.4`

Caused by:
  process didn't exit successfully: `....release/build/mundane-dd369fe2607dde56/build-script-main` (exit code: 101)
  --- stdout
  cargo:rerun-if-env-changed=....github.com-1ecc6299db9ec823/mundane-0.4.4
  cargo:rerun-if-env-changed=..../release/build/mundane-453aa1aaa20c68ee/out
  cargo:rerun-if-env-changed=0
  cargo:rerun-if-env-changed=4
  cargo:rerun-if-env-changed=4
  -- Configuring incomplete, errors occurred!

  --- stderr
  CMake Error at CMakeLists.txt:1 (cmake_minimum_required):
    CMake 3.3 or higher is required.  You are running version 2.8.12.2


  thread 'main' panicked at 'cmake failed with status exit code: 1', .../cargo/registry/src/github.com-1ecc6299db9ec823/mundane-0.4.4/build/main.rs:219:9
  note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

martin-lueker avatar May 18 '21 13:05 martin-lueker

FYI: @alphan

martin-lueker avatar May 18 '21 13:05 martin-lueker

@alphan and I noticed that this repo (apparently a mirror of https://fuchsia.googlesource.com/mundane?), only goes up to version 0.4.3. I can't speak to the dependencies of that version, though 0.4.4 is telling us that it needs a more recent cmake version.

martin-lueker avatar May 18 '21 15:05 martin-lueker

While we're at it, the dependency for go is also documented wrong.

The build complains about Missing build dependency Go (1.11 or higher)..

imphil avatar May 18 '21 18:05 imphil

We've decided to deprecate Mundane, so I'm closing this.

joshlf avatar Sep 18 '22 18:09 joshlf

@joshlf can you say what you're deprecating it in favor of? Mundane had a lot promise IMO

alex avatar Sep 18 '22 18:09 alex

At least on Fuchsia, we're migrating everything to RustCrypto. It's far better staffed, and even if it weren't, we don't have the cycles to maintain Mundane.

If someone wants to fork and maintain it, I'd be more than happy to add them as an owner on crates.io so that they can publish new versions. Heads up that the code in this repository is stale - the source of truth is fuchsia.googlesource.com/mundane, and the infrastructure that syncs changes from that repository to this one has been broken for some time.

joshlf avatar Sep 18 '22 20:09 joshlf

This is maybe a better question for another place, does that mean you have solid confidence in RustCrypto (to the same degree as BoringSSL) on perf/correctness/security?

Does Fuschia have no compliance requirements (ugh, FIPS) or do you have plans there?

alex avatar Sep 18 '22 20:09 alex

I'm not actually the one who made the decision to use RustCrypto (not to say that I'm opposed to it or anything), so I'll have to get back to you on both of those questions. I should be able to get you an answer in the next few days.

joshlf avatar Sep 18 '22 20:09 joshlf

Thanks. (If email is easier than a random jithub issue: [email protected]).

FWIW my interest is that, in addition to doing a bunch of rust stuff, I'm one of the maintainers of pyca/cryptography, which currently relies on OpenSSL (or Boring or Libre) and we're very interested in the future answer to the question "What is the right crypto library"

alex avatar Sep 18 '22 21:09 alex

Asked about this internally, and got this response:

We have confidence in RustCrypto's maintainers, their testing discipline, and the resulting code quality.

joshlf avatar Sep 21 '22 21:09 joshlf