soroban-cli
soroban-cli copied to clipboard
stellar
cargo-binstall release install broken
There are two issues:
- Install doesn't use binaries
- When building from source, --locked doesn't get used
> [13/14] RUN cargo binstall -y stellar-cli:
3.488 INFO resolve: Resolving package: 'stellar-cli'
13.85 ERROR resolve: When resolving stellar-cli bin soroban is not found. This binary is not optional so it must be included in the archive, please contact with upstream to fix this issue.
13.85 WARN resolve: Error while downloading and extracting from fetcher github.com: failed to find or install binaries: bin file /home/gitpod/.cargo/bin/cargo-binstallCksUwY/bin-stellar-cli-x86_64-unknown-linux-gnu-GhCrateMeta/soroban not found
14.49 WARN The package stellar-cli v21.5.3 will be installed from source (with cargo)
16.37 Updating crates.io index
16.73 Downloading crates ...
17.23 Downloaded stellar-cli v21.5.3
19.62 Installing stellar-cli v21.5.3
21.03 Updating crates.io index
26.04 error: failed to compile `stellar-cli v21.5.3`, intermediate artifacts can be found at `/tmp/cargo-installpsW1p2`.
26.04 To reuse those artifacts with a future compilation, set the environment variable `CARGO_TARGET_DIR` to that path.
26.04
26.04 Caused by:
26.05 failed to select a version for `syn`.
26.05 ... required by package `futures-macro v0.3.31`
26.05 ... which satisfies dependency `futures-macro = "=0.3.31"` of package `futures-util v0.3.31`
26.05 ... which satisfies dependency `futures-util = "^0.3.30"` of package `soroban-cli v21.5.3`
26.05 ... which satisfies dependency `soroban-cli = "=21.5.3"` of package `stellar-cli v21.5.3`
26.05 versions that meet the requirements `^2.0.52` are: 2.0.79, 2.0.78, 2.0.77, 2.0.76, 2.0.75, 2.0.74, 2.0.73, 2.0.72, 2.0.71, 2.0.70, 2.0.69, 2.0.68, 2.0.67, 2.0.66, 2.0.65, 2.0.64, 2.0.63, 2.0.62, 2.0.61, 2.0.60, 2.0.59, 2.0.58, 2.0.57, 2.0.56, 2.0.55, 2.0.54, 2.0.53, 2.0.52
26.05
26.05 all possible versions conflict with previously selected packages.
26.05
26.05 previously selected package `syn v2.0.39`
26.05 ... which satisfies dependency `syn = "=2.0.39"` of package `soroban-builtin-sdk-macros v21.2.0`
26.05 ... which satisfies dependency `soroban-builtin-sdk-macros = "=21.2.0"` of package `soroban-env-host v21.2.0`
26.05 ... which satisfies dependency `soroban-env-host = "=21.2.0"` of package `soroban-cli v21.5.3`
26.05 ... which satisfies dependency `soroban-cli = "=21.5.3"` of package `stellar-cli v21.5.3`
26.05
26.05 failed to select a version for `syn` which could resolve this conflict
26.18 ERROR Cargo errored! ExitStatus(unix_wait_status(25856))
26.32 ERROR Fatal error:
26.32 × For crate stellar-cli: subprocess /home/gitpod/.rustup/toolchains/1.81-
26.32 │ x86_64-unknown-linux-gnu/bin/cargo install stellar-cli --version 21.5.3
26.32 │ errored with exit status: 101
Note that related to this, I'm suggesting we remove installing with cargo-binstall from the docs, but I still think we should support it and fix this issue, the change to the docs is just because I don't think we should be pushing it as a preferred way to install ahead of other things like homebrew which has more attention to supply chain security.
- https://github.com/stellar/stellar-docs/pull/1045
@leighmcculloch Is this issue open for contribution? I am ready to work on it.
Don't use signed attestation for binary from github
@janewang Could you elaborate?
I don't think attestation or binary signing is the reason the bininstall command is broken.
@leighmcculloch Nando said it was your suggestion that we no longer support binstall as we are shipping binaries.
If we are no longer supporting binstall, then the work here is to remove the install method in the docs and everywhere it's mentioned.
Willem also mentioned that binstall is not using GitHub attestations.
Docs and install instructions were updated to not mention cargo-bininstall since it's not the primary way we are encouraging folks to install the cli:
- https://github.com/stellar/stellar-docs/pull/1045
- #1679
The intent of the issue is to fix cargo-bininstall install method of the cli so it still works when used by others, after all it's still a tool folks are using in the Rust ecosystem to install packages.
This issue is stale because it has been assigned for 30 days with no activity. It will be closed in 30 days unless the stale label is removed, and the assignee is removed or updated.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Unassigned because this is a low priority, and I assume from lack of activity no one is probably working on it. Obviously reassign if this is a mistake on my part.
Imo this is worth supporting for folks who use bininstall. Even if its not a install method that we promote in the docs as a primary way to install. In theory we have all the components to make it happen and its failing because of a bug in our setup.
We could reopen this when there's demand, but we have not prioritized fixing the install. I have not heard any feedback on this from the community so far and am comfortable with deprioritize this until there is demand.
I had a quick look and I think the fix is small and related to us publishing two binaries, and we don't need to publish two binaries anymore, so I opened a fix here:
- https://github.com/stellar/stellar-cli/pull/2024