Comments (7)
Fixed in #132
https://circleci.com/gh/tendermint/kms/362
from crates.
Grabbed this from the CircleCI container:
[developer@340a0b0b642b project]$ /usr/bin/ldd --version
ldd (GNU libc) 2.17
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.
[developer@340a0b0b642b project]$ echo $?
0
from crates.
Looks like the problem is the string glibc
does not appear anywhere in the output:
https://github.com/iqlusioninc/crates/blob/master/zeroize/build.rs#L89
from crates.
I just saw #134. I think a better way for library detection is needed, depending on the output of --version to determine library type is ought to be problematic. Though unlikely for some time in the future, maybe if this becomes an issue again we can try to do something proper there.
from crates.
Offhand I'm not sure of a better way. I guess we can see if other edge cases come up.
Hopefully eventually either support for older versions of glibc/musl can be dropped, or Rust will stabilize the LLVM intrinsics needed to securely zero memory so this crate doesn't even need to exist.
from crates.
Well, one thing did just come to mind... information about the libc a crate is being linked against is available at compile time via the target_env
attribute, which on Linux is either gnu
(for glibc) or musl
, so that could at least eliminate build.rs
guesswork there.
You're right ldd
is still a bad way of detecting the version as it will probably break cross-compilation which, as it were, is the way I was hoping to produce static musl builds.
from crates.
I was thinking something that could extract version information at compile time, something similar to M4 scripts testing version requirements of libraries. If target_env
has it, then that's work already done for us.
from crates.
Related Issues (20)
- RUSTSEC-2020-0071: Potential segfault in the time crate
- Implement `Zeroize` for `NonZeroX` HOT 1
- zeroize: implement `Zeroize` for `PhantomData` HOT 3
- MSRV in bip32 README is incorrect HOT 1
- secrecy: Zeroize an serde_json::Value HOT 1
- bip32: why can't private ExtendedKey instances convert to `ExtendedPublicKeys` with `TryFrom`? HOT 2
- secrecy: how should one use `SecretBytesMut`? HOT 2
- Is it possible to get derived address from a private key generated by bip32 crate?
- Cannot clone a `SecretVec<u8>` as `u8` is not `CloneableSecret` HOT 1
- secrecy: Using the serde feature in a no-std environment
- secrecy: Add an example to deserialize a SecretString
- Impl `exposure_count` for `ExposeSecret` trait?
- canonical-path: Repository link is 404
- RUSTSEC-2023-0052: webpki: CPU denial of service in certificate path building
- Support 12 word BIP39 entropy HOT 1
- implemente HasLen trait
- RUSTSEC-2024-0336: `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input
- secrecy: support `ZeroizeOnDrop` HOT 3
- Into version for SecretString expose_secret
- secrecy: Secret.as_ref() ?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from crates.