Add a with-crypto cabal flag to build Plinth/Plutus scripts without system crypto C libraries#7827
Add a with-crypto cabal flag to build Plinth/Plutus scripts without system crypto C libraries#7827zeme-wana wants to merge 4 commits into
with-crypto cabal flag to build Plinth/Plutus scripts without system crypto C libraries#7827Conversation
|
I assume the main goal we want to achieve is being able to compile Doing it that way would allow us to achieve same thing without requiring cabal flags which I'd prefer. Update: |
| subgroup (that needs blst), so it is weaker than the real `blsUncompress`; but it | ||
| rejects the malformed inputs the real decoder rejects on structure alone, rather | ||
| than accepting anything. -} | ||
| checkCompressed :: Int -> BS.ByteString -> Either BLS12_381_Error BS.ByteString |
There was a problem hiding this comment.
I'd rather not have this duplicate validation logic that's originally in the blst c library. \_ _ -> Left (CryptoDisabled :: BLS12_381_Error) would be sufficient
Problem
Compiling a Plinth script transitively pulls
cardano-crypto-class, which forces the system C librarieslibsodium/libblst/libsecp256k1at cabal-solve time (cabal#4087).Script authors must install these even though compiling a script never runs any crypto.
Change
New
with-cryptoflag onplutus-core(default on, mirrored onplutus-metatheory).The 6
PlutusCore.Crypto.*modules are now CPP-gated:Tests
New
crypto-hash-parity-test: 114 goldens (6 hashes × 19 inputs, incl. block/padding edge cases) generated by the+with-cryptobuild (cardano-crypto-class) and reproduced byte-for-byte by the-with-cryptobuild (crypton), this ensures hash parity in CI.Net effect
Default builds are unchanged; script authors can opt into a C-library-free toolchain with flags:
-with-crypto.