Unable to build due to dependency on yanked crypto-mac version

Question

Unable to build due to dependency on yanked crypto-mac version

bholzman opened this issue 3 years ago · 7 comments

(venv) MacBook-Pro:threshold-signatures bholzman$ cargo build
Updating crates.io index
Updating git repository https://github.com/RustMania/rust-paillier
Updating git repository https://github.com/vnermolaev/trace.git
error: failed to select a version for the requirement crypto-mac = "^0.7"
candidate versions found which didn't match: 0.11.1, 0.11.0, 0.10.1, ...
location searched: crates.io index
required by package hmac v0.7.1
... which is depended on by curv-kzen v0.2.8
... which is depended on by ecdsa-mpc v0.3.0 (/Users/bholzman/dev/threshold-signatures)

I tried upgrading the curv-kzen version, but in the next higher version (0.6.1) there's no support for either the ec_secp256k1 or ecc feature as specified in the Cargo.toml.

Any ideas?

Answer 1 · 2021-08-26T05:34:53.000Z

Hi @bholzman, curv v0.6.1 supports secp256k1, you don't need to specify feature for that. Upgrading to v0.6 should be pretty simple, you need to replace all imports use curv::{GE, FE} with use curv::elliptic::curves::secp256k1::{GE, FE}.

However, updating to v0.6 won't resolve the issue — it still depends on hmac v0.7.1 that depends on yanked version of crypto-mac. We're going to bump dependency in the latest version of curv — ZenGo-X/curv#132

Answer 2 · 2021-08-26T08:30:58.000Z

Thanks, Denis! Could you mention, please, whether I need to bump/port to curv 0.6 or higher?

Answer 3 · 2021-08-26T09:16:36.000Z

@RustMania I've fixed hmac issue only for the latest version of curv v0.8.0-rc3 (just published it). It would be perfect if you updated to the latest version of curv. Crates get yanked pretty often, it's not easy to backport fixes to the older versions. If you'll have any issues with upgrading, feel free to reach me with any questions!

Answer 4 · 2021-08-26T13:38:48.000Z

Thanks, Denis. Updating to curv 0.8.0-rc3 gets me a little further, but now `cargo build` fails thusly: (venv) MacBook-Pro:threshold-signatures bholzman$ cargo build Updating crates.io index Updating git repository `https://github.com/RustMania/rust-paillier` Updating git repository `https://github.com/vnermolaev/trace.git` error: failed to select a version for the requirement `zeroize = "^0.10"` candidate versions found which didn't match: 1.4.1, 1.4.0, 1.3.0, ... location searched: crates.io index required by package `curv-kzen v0.2.7` ... which is depended on by `paillier v0.3.6 ( https://github.com/RustMania/rust-paillier#1e65d6d3)` ... which is depended on by `ecdsa-mpc v0.3.0 (/Users/bholzman/dev/threshold-signatures)` @RustMania I guess this will be fixed once you update rust-paillier?

…

On Thu, Aug 26, 2021 at 5:16 AM Denis Varlakov ***@***.***> wrote: @RustMania <https://github.com/RustMania> I've fixed hmac issue only for the latest version of curv v0.8.0-rc3 (just published it). It would be perfect if you updated to the latest version of curv. Crates get yanked pretty often, it's not easy to backport fixes to the older versions. If you'll have any issues with upgrading, feel free to reach me with any questions! — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#30 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AATJ4GTRUWQ4R5TD57GXW23T6YA77ANCNFSM5C2AOG4Q> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email> .

Answer 5 · 2021-08-27T20:01:56.000Z

FYI, I tried building master on ubuntu 20.04, and got the same error:

parallels@parallels-Parallels-Virtual-Platform:~/threshold-signatures$ cargo build
    Updating crates.io index
    Updating git repository `https://github.com/RustMania/rust-paillier`
    Updating git repository `https://github.com/vnermolaev/trace.git`
error: failed to select a version for the requirement `crypto-mac = "^0.7"`
candidate versions found which didn't match: 0.11.1, 0.11.0, 0.10.1, ...
location searched: crates.io index
required by package `hmac v0.7.1`
    ... which is depended on by `curv-kzen v0.2.8`
    ... which is depended on by `ecdsa-mpc v0.3.0 (/home/parallels/threshold-signatures)`

Answer 6 · 2021-09-09T16:04:00.000Z

Hi, any update on this issue?

Answer 7 · 2021-09-09T19:46:26.000Z

Hmm, actually this problem seems to have been fixed somewhere else, as I can now build just fine. Closing this ticket.