cargo-contract icon indicating copy to clipboard operation
cargo-contract copied to clipboard
verified publisher icon paritytech

Emit Rust toolchain version in metadata `build_info.rust_toolchain`

Open XY-Wang opened this issue 2 years ago • 1 comments

Hi,

We've recently discovered that using the build_info.rust_toolchain field as it is does not guarantee a deterministic build of the contract during verification. This is because the field only specifies the channel + host e.g. stable-x86_64-unknown-linux-gnu and supplying this to rustup means that the latest version of the channel always gets installed. Obviously this is a problem if a new version of rust is released between building and verifying the contract (the 2023-01-10 release was how we stumbled across this issue).

During our investigation, we also found out that building the contract with stable-x86_64-unknown-linux-gnu, stable-2023-01-10-x86_64-unknown-linux-gnu and 1.66.1-x86_64-unknown-linux-gnu all resulted in different Wasm outputs, even though all three point to the same Rust release version. Actually, even building with stable-x86_64-unknown-linux-gnu or stable-2023-01-10-x86_64-unknown-linux-gnu on different days will generate different wasm outputs; only building with the specific version will guarantee deterministic build. I've attached the logs and outputs (.contract, .wasm and .wat files) of the different builds in wasm-determinism-test.zip if you're interested to take a look. All builds were done using our ink-verifier-image to ensure an identical build environment.

Based on our findings, we have decided to only allow specific stable versions e.g. 1.66.1-x86_64-unknown-linux-gnu to be passed to our image for building a verifiable package. On the verification side, we will make a patch to replace the channel in build_info.rust_toolchain with the rustc version found in the compiler field. In the long term though, it would be great if cargo-contract emits directly the toolchain version. E.g.

{
   "build_mode":"Debug",
   "cargo_contract_version":"2.0.0-beta.2",
   "rust_toolchain":"1.66.1-x86_64-unknown-linux-gnu",
   "wasm_opt_settings":{
      "keep_debug_symbols":false,
      "optimization_passes":"Z"
   }
}

If supporting cargo contract build with nightly is desired, then we would need more toolchain info such as the commit date. E.g.

{
   "build_mode":"Debug",
   "cargo_contract_version":"2.0.0-beta.2",
   "rust_toolchain":{
      "channel":"stable",
      "commit_date":"2023-01-10",
      "host":"x86_64-unknown-linux-gnu",
      "version":"1.66.1"
   },
   "wasm_opt_settings":{
      "keep_debug_symbols":false,
      "optimization_passes":"Z"
   }
}

XY-Wang avatar Jan 16 '23 13:01 XY-Wang

Hey @HCastano , can you share any updates on this? As I describe in the issue mentioned above - not being able to use the nightly rust is a big problem since all(?) contracts that make use of OpenBrush will require it transitively due to the min_specialization feature coming from it.

deuszx avatar May 17 '23 17:05 deuszx