Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update prost in TiKV projects to 0.9 #10905

Open
8 tasks
sticnarf opened this issue Sep 6, 2021 · 11 comments
Open
8 tasks

Update prost in TiKV projects to 0.9 #10905

sticnarf opened this issue Sep 6, 2021 · 11 comments
Labels
help wanted Help wanted. Contributions are very welcome! type/enhancement Type: Issue - Enhancement

Comments

@sticnarf
Copy link
Contributor

sticnarf commented Sep 6, 2021
edited

Development Task

Prost 0.7 is vulnerable to RUSTSEC-2021-0073. This security issue does not affect TiKV itself. But many TiKV projects are widely used by the community. The users of these projects may hope to get the issue fixed without having multiple prost versions.

Prost 0.7 does not include this patch so it also blocks us from updating to future Rust toolchains.

Projects that use prost
@sticnarf sticnarf added type/enhancement Type: Issue - Enhancement help wanted Help wanted. Contributions are very welcome! labels Sep 6, 2021
@pingyu pingyu mentioned this issue Sep 6, 2021
Merged
@Xuanwo
Copy link
Member

Xuanwo commented Sep 8, 2021

raft-rs looks like don't have direct depends on prost.

@sticnarf
Copy link
Contributor Author

sticnarf commented Sep 8, 2021
edited

raft-rs looks like don't have direct depends on prost.

The proto of raft-rs depends on protobuf-build and prost is one of the options.

https://github.com/tikv/raft-rs/blob/master/proto/Cargo.toml

@Xuanwo
Copy link
Member

Xuanwo commented Sep 8, 2021

The proto of raft-rs depends on protobuf-build and prost is one of the options.

https://github.com/tikv/raft-rs/blob/master/proto/Cargo.toml

OK,I will start a PR tomorrow.

@Xuanwo
Copy link
Member

Xuanwo commented Sep 9, 2021

raft-rs fixed in tikv/raft-rs#456

@pingyu pingyu mentioned this issue Sep 13, 2021
Merged
@sticnarf sticnarf changed the title Update prost in TiKV projects to 0.8 Update prost in TiKV projects to 0.9 Oct 14, 2021
@sticnarf
Copy link
Contributor Author

Prost 0.9 is released, I think the target should be changed to 0.9.
Also cc pprof-rs maintainer @YangKeao and agatedb maintainer @skyzh.

@skyzh
Copy link
Member

skyzh commented Oct 14, 2021
edited

Agree on this. In fact, AgateDB has already upgraded to prost 0.8 on master branch. We will upgrade that to 0.9 soon.

@skyzh skyzh mentioned this issue Oct 14, 2021
Merged
@BusyJay
Copy link
Member

BusyJay commented Oct 15, 2021

Actually, TiKV doesn't use prost in production. And importer is not maintained anymore, /cc @kennytm, maybe we can just drop the support of prost-codec in TiKV, which should simplify a lot of code. Though prost support in libraries is still necessary for community.

@sticnarf
Copy link
Contributor Author

If we want to totally remove prost from TiKV itself, pprof-rs also needs to provide an option to not use prost.

@kennytm
Copy link
Contributor

kennytm commented Oct 15, 2021

+1 leaving a single protobuf codec for 5.2 and above.

@YangKeao
Copy link
Member

If we want to totally remove prost from TiKV itself, pprof-rs also needs to provide an option to not use prost.

There is a PR tikv/pprof-rs#23 several months ago 😢 . I will take a look to this PR again.

BusyJay added a commit to BusyJay/tikv that referenced this issue Oct 19, 2021
@BusyJay
*: remove prost support
d958d7c 
Since it's not used in production, remove it to reduce dependencies and
codes.

To fully remove prost, we still need pprof to support protobuf-codec.

See also tikv#10905.

Signed-off-by: Jay Lee <BusyJayLee@gmail.com>
@BusyJay BusyJay mentioned this issue Oct 19, 2021
Merged
@BusyJay
Copy link
Member

BusyJay commented Oct 21, 2021
edited

I sent #11099, which deleted 1300 lines, most of them were crate configurations.

ti-chi-bot added a commit that referenced this issue Nov 2, 2021
@BusyJay @ti-chi-bot
*: remove prost support (#11099)
8a16a5b 
* *: remove prost support

Since it's not used in production, remove it to reduce dependencies and
codes.

To fully remove prost, we still need pprof to support protobuf-codec.

See also #10905.

Signed-off-by: Jay Lee <BusyJayLee@gmail.com>

* remove unnecessary features

Signed-off-by: Jay Lee <BusyJayLee@gmail.com>

* further cleanup

Signed-off-by: Jay Lee <BusyJayLee@gmail.com>

Co-authored-by: Ti Chi Robot <ti-community-prow-bot@tidb.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Help wanted. Contributions are very welcome! type/enhancement Type: Issue - Enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@kennytm @BusyJay @skyzh @YangKeao @Xuanwo @sticnarf