From c7e978b727ec7dbc62951af5e92e6d5413e4c74e Mon Sep 17 00:00:00 2001 From: Michael Sproul Date: Thu, 17 Aug 2023 02:37:32 +0000 Subject: [PATCH] Update blst to 0.3.11 (#4624) ## Proposed Changes This PR updates `blst` to 0.3.11, which gives us _runtime detection of CPU features_ :tada: Although [performance benchmarks](https://gist.github.com/michaelsproul/f759fa28dfa4003962507db34b439d6c) don't show a substantial detriment to running the `portable` build vs `modern`, in order to take things slowly I propose the following roll-out strategy: - Keep both `modern` and `portable` builds for releases/Docker images. - Run the `portable` build on half of SigP's infrastructure to monitor for performance deficits. - Listen out for user issues with the `portable` builds (e.g. SIGILLs from misdetected hardware). - Make the `portable` build the default and remove the `modern` build from our release binaries & Docker images. --- Cargo.lock | 16 ++-------------- Makefile | 2 +- 2 files changed, 3 insertions(+), 15 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 233b3901e..116f8081f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -732,14 +732,13 @@ dependencies = [ [[package]] name = "blst" -version = "0.3.10" +version = "0.3.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a30d0edd9dd1c60ddb42b80341c7852f6f985279a5c1a83659dcb65899dec99" +checksum = "c94087b935a822949d3291a9989ad2b2051ea141eda0fd4e478a75f6aa3e604b" dependencies = [ "cc", "glob", "threadpool", - "which", "zeroize", ] @@ -8981,17 +8980,6 @@ dependencies = [ "rustls-webpki 0.100.1", ] -[[package]] -name = "which" -version = "4.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2441c784c52b289a054b7201fc93253e288f094e2f4be9058343127c4226a269" -dependencies = [ - "either", - "libc", - "once_cell", -] - [[package]] name = "widestring" version = "0.4.3" diff --git a/Makefile b/Makefile index b833686e1..cb447e26a 100644 --- a/Makefile +++ b/Makefile @@ -207,7 +207,7 @@ arbitrary-fuzz: # Runs cargo audit (Audit Cargo.lock files for crates with security vulnerabilities reported to the RustSec Advisory Database) audit: cargo install --force cargo-audit - cargo audit --ignore RUSTSEC-2020-0071 + cargo audit --ignore RUSTSEC-2020-0071 --ignore RUSTSEC-2022-0093 # Runs `cargo vendor` to make sure dependencies can be vendored for packaging, reproducibility and archival purpose. vendor: