Crate no longer compiles

[nzbart]

First off, I am no expert in Rust, so I may make some mistakes in this report.

We're building BoringTun in a container and recently it has failed to compile with errors like the following:

#12 154.5    Compiling boringtun v0.5.2
#12 154.5 error[E0433]: failed to resolve: could not find `StaticSecret` in `x25519_dalek`                                                                                                                                                                                                                                                                                                                                              #12 154.5    --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/boringtun-0.5.2/src/device/api.rs:226:62
#12 154.5     |
#12 154.5 226 | ...                   device.set_key(x25519_dalek::StaticSecret::from(key_bytes.0))
#12 154.5     |                                                    ^^^^^^^^^^^^
#12 154.5     |                                                    |
#12 154.5     |                                                    could not find `StaticSecret` in `x25519_dalek`
#12 154.5     |                                                    help: a struct with a similar name exists: `SharedSecret`
#12 154.5
#12 154.6 error[E0412]: cannot find type `StaticSecret` in crate `x25519_dalek`
#12 154.6    --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/boringtun-0.5.2/src/device/mod.rs:118:37
#12 154.6     |
#12 154.6 118 |     key_pair: Option<(x25519_dalek::StaticSecret, x25519_dalek::PublicKey)>,
#12 154.6     |                                     ^^^^^^^^^^^^ help: a struct with a similar name exists: `SharedSecret`
#12 154.6     |
#12 154.6    ::: /root/.cargo/registry/src/github.com-1ecc6299db9ec823/x25519-dalek-2.0.0-rc.2/src/x25519.rs:282:1
#12 154.6     |

I believe this is the dependency that is causing the problem:

#12 151.4    Compiling x25519-dalek v2.0.0-rc.2

The version listed above was released on April 1, which correlates with our failure to build the container:

https://crates.io/crates/x25519-dalek/2.0.0-rc.2

This PR on that project makes the static secrets an optional setting, so presumably BoringTun needs to opt in to this new setting:

dalek-cryptography/x25519-dalek#122

I suspect the new setting needs to be added here. Not knowing much about Rust/Cargo, it would appear to my untrained eye that the version is pinned to 2.0.0-pre.1, so I'm not sure why 2.0.0-rc.2 is being used, but I'm sure that will make sense to you.

boringtun/boringtun/Cargo.toml

Line 30 in be08af9

x25519-dalek = { version = "2.0.0-pre.1", features = ["reusable_secrets"] }

Here is the relevant snippet from our Dockerfile that should help you reproduce the build failure:

FROM debian:latest AS builder

RUN apt-get update && \
    apt-get -y install ca-certificates curl build-essential && \
    curl https://sh.rustup.rs -sSf | sh -s -- -y && \
    ~/.cargo/bin/cargo install boringtun-cli

I do note that the setting was introduced since using these types can be harmful, but I assume you're using them in the correct manner.

[echoes341]

Hello, this works:

cargo install --locked boringtun-cli

I'm not an expert in Rust too, so I'm not sure this is the best solution. I just found it in AUR.

[mhils]

This is breaking downstream projects where passing --locked isn't straightforward, e.g. mitmproxy/mitmproxy#6045. It would be super nice to get a patch release for this. A very quick way would be to simplify specify the dependency with version = "=2.0.0-pre.1".

[Noah-Kennedy]

cc @jeff-hiner

[jeff-hiner]

Should be solved in upstream. Please reopen if you're still seeing issues. Thanks for the pinpoint assessment, it really helped the fix!

[donovan-ecargo]

Any chance you could give an idea on when it might reach crates.io?

[Noah-Kennedy]

We can put out a new patch release over the next few days.

[bartecargo]

@Noah-Kennedy would it be possible to get the patch release out, since it's been two weeks?

[predators46]

@Noah-Kennedy

can you make releases using the name v0.5.x without adding the name boringtun. I have this problem in version v0.5.2 I'm using openwrt

[nickbp]

For anyone using boringtun as a dependency, I've been able to forcibly use the fixed revision using the following in Cargo.toml:

boringtun = { git = "https://github.com/cloudflare/boringtun.git", rev = "878385f1" }

This should fix compiles, but git dependencies are not allowed when publishing to crates.io.

[vmatt]

Another option is to git clone the repo,
then run git revert 878385f171d60effac4ad1a9d4dee41e777528b8,
then do cargo build --bin boringtun-cli

[ExperimentalCyborg]

I ran into this problem today, it's still not fixed on crates.io. I need the library, i'd rather not do tricks with the cli or specify a git rev in my cargo.toml if i can help it.

[Noah-Kennedy]

Sorry folks, prepping a release now: #351

[Noah-Kennedy]

Published!

[ExperimentalCyborg]

It builds! Thanks 👍

[Noah-Kennedy]

I've published a patch release for v0.5 as well, v0.5.3, and yanked the other 0.5.x versions