From 872fe67b6309010d7ad3b69a7ae087a282fa9dd5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9gory=20Demay?= Date: Fri, 8 May 2026 16:12:46 +0000 Subject: [PATCH 01/15] build(bazel): add optional hidden_endpoints kwarg to canister rules Extends rust_canister and finalize_wasm in bazel/canisters.bzl with an optional hidden_endpoints kwarg pointing at a hidden_endpoints.conf file. When provided, ic-wasm check-endpoints --hidden runs between the metadata-stamping and gzip steps of the existing finalize_wasm cmd_bash chain, failing the build if the wasm exports a method that is neither in the candid service nor allowlisted in the conf. The kwarg defaults to None, so existing canisters that don't opt in see no behavior change. The rust_ledger_canister wrapper in rs/ledger_suite/icp/ledger/ledger_canisters.bzl threads the kwarg through to rust_canister. Mirrors the pattern already shipped in dfinity/bitcoin-canister and dfinity/dogecoin-canister, where hidden_endpoints.conf lists legitimate non-candid exports (lifecycle hooks, http_request, canister_global_timer, ic_cdk_timers' timer_executor, vendored FFI symbols, and Rust's main). Per-canister opt-in lands in subsequent commits (DEFI-2501, 2502, 2503, 2504, 2511). --- bazel/canisters.bzl | 41 +++++++++++++++---- .../icp/ledger/ledger_canisters.bzl | 3 +- 2 files changed, 34 insertions(+), 10 deletions(-) diff --git a/bazel/canisters.bzl b/bazel/canisters.bzl index 8482f469a802..b7941112def5 100644 --- a/bazel/canisters.bzl +++ b/bazel/canisters.bzl @@ -87,6 +87,9 @@ def rust_canister(name, service_file, visibility = ["//visibility:public"], test # The option to keep the name section is only required for wasm finalization. keep_name_section = kwargs.pop("keep_name_section", False) + # Optional path to a hidden_endpoints.conf for `ic-wasm check-endpoints`. + hidden_endpoints = kwargs.pop("hidden_endpoints", None) + # Sanity checking (no '.' in name) if name.count(".") > 0: fail("name '{}' should not include dots".format(name)) @@ -126,6 +129,7 @@ def rust_canister(name, service_file, visibility = ["//visibility:public"], test visibility = visibility, testonly = testonly, keep_name_section = keep_name_section, + hidden_endpoints = hidden_endpoints, ) native.alias( @@ -181,27 +185,46 @@ def motoko_canister(name, entry, deps, **kwargs): actual = final_name, ) -def finalize_wasm(*, name, src_wasm, service_file = None, version_file, testonly, visibility = ["//visibility:public"], keep_name_section = False): +def finalize_wasm(*, name, src_wasm, service_file = None, version_file, testonly, visibility = ["//visibility:public"], keep_name_section = False, hidden_endpoints = None): """Generates an output file name `name + '.wasm.gz'`. The input file is shrunk, annotated with metadata, and gzipped. The canister metadata consists of: 'icp:public git_commit_id': version used in the build 'icp:public candid:service': the canister's candid service description + + When `hidden_endpoints` is provided (a label pointing at a `hidden_endpoints.conf` + file), `ic-wasm check-endpoints --hidden ` is also run on the finalized + wasm before gzip, failing the build if the wasm exports a method that is + neither in the candid `service` nor allowlisted in the conf. """ + + steps = [ + "{ic_wasm} {input_wasm} -o $@.shrunk shrink {keep_name_section}", + "{ic_wasm} $@.shrunk -o $@.meta metadata candid:service {keep_name_section} --visibility public --file " + "$(location {})".format(service_file) if not (service_file == None) else "cp $@.shrunk $@.meta", # if service_file is None, don't include a service file + "{ic_wasm} $@.meta -o $@.ver metadata git_commit_id {keep_name_section} --visibility public --file {version_file}", + ] + if hidden_endpoints != None: + steps.append("{ic_wasm} $@.ver check-endpoints --hidden $(location {hidden_endpoints})") + steps.append("{pigz} --processes 16 --no-name $@.ver --stdout > $@") + native.genrule( name = "_" + name + "_finalize", - srcs = [src_wasm, version_file] + ([service_file] if not (service_file == None) else []), + srcs = [src_wasm, version_file] + + ([service_file] if not (service_file == None) else []) + + ([hidden_endpoints] if hidden_endpoints != None else []), outs = [name], visibility = visibility, testonly = testonly, message = "Finalizing canister " + name, tools = ["@crate_index//:ic-wasm__ic-wasm", "@pigz"], - cmd_bash = " && ".join([ - "{ic_wasm} {input_wasm} -o $@.shrunk shrink {keep_name_section}", - "{ic_wasm} $@.shrunk -o $@.meta metadata candid:service {keep_name_section} --visibility public --file " + "$(location {})".format(service_file) if not (service_file == None) else "cp $@.shrunk $@.meta", # if service_file is None, don't include a service file - "{ic_wasm} $@.meta -o $@.ver metadata git_commit_id {keep_name_section} --visibility public --file {version_file}", - "{pigz} --processes 16 --no-name $@.ver --stdout > $@", - ]) - .format(input_wasm = "$(location {})".format(src_wasm), ic_wasm = "$(location @crate_index//:ic-wasm__ic-wasm)", version_file = "$(location {})".format(version_file), pigz = "$(location @pigz)", keep_name_section = "--keep-name-section" if keep_name_section else ""), + cmd_bash = " && ".join(steps) + .format( + input_wasm = "$(location {})".format(src_wasm), + ic_wasm = "$(location @crate_index//:ic-wasm__ic-wasm)", + version_file = "$(location {})".format(version_file), + pigz = "$(location @pigz)", + keep_name_section = "--keep-name-section" if keep_name_section else "", + hidden_endpoints = hidden_endpoints if hidden_endpoints != None else "", + ), ) diff --git a/rs/ledger_suite/icp/ledger/ledger_canisters.bzl b/rs/ledger_suite/icp/ledger/ledger_canisters.bzl index d44b2888dc5c..e89e7e7687dd 100644 --- a/rs/ledger_suite/icp/ledger/ledger_canisters.bzl +++ b/rs/ledger_suite/icp/ledger/ledger_canisters.bzl @@ -45,7 +45,7 @@ LEDGER_CANISTER_DEPS = [ "@crate_index//:serde_bytes", ] -def rust_ledger_canister(name, extra_deps = [":ledger"], crate_features = None): +def rust_ledger_canister(name, extra_deps = [":ledger"], crate_features = None, hidden_endpoints = None): rust_canister( name = name, srcs = ["src/main.rs"], @@ -55,6 +55,7 @@ def rust_ledger_canister(name, extra_deps = [":ledger"], crate_features = None): service_file = "//rs/ledger_suite/icp:ledger.did", deps = LEDGER_CANISTER_DEPS + extra_deps, crate_features = crate_features if crate_features else [], + hidden_endpoints = hidden_endpoints, proc_macro_deps = [ # Keep sorted. ], From 649d2c8e96cb7bb90e1b01159ac947f56b0a079b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9gory=20Demay?= Date: Fri, 8 May 2026 16:21:28 +0000 Subject: [PATCH 02/15] build(bazel): bump ic-wasm 0.8.4 -> 0.9.10 + enable check-endpoints feature MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ic-wasm 0.9.x introduces a `check-endpoints` subcommand that fails the canister build if the wasm exports a method that is neither in the candid `service` nor allowlisted in a `hidden_endpoints.conf` file. The IC repo previously pinned ^0.8.4 (predates the subcommand) with `default_features = False` and only the `exe` feature enabled — `check-endpoints` lives behind its own cargo feature, so opting in requires both bumping the version and adding the feature flag. Verified the existing `shrink` and `metadata` invocations in `bazel/canisters.bzl`'s `finalize_wasm` rule still work unchanged (the BTC checker rebuild succeeds end-to-end on 0.9.11 with the existing pipeline). Subsequent commits opt individual canisters into the new check (DEFI-2501, 2502, 2503, 2504, 2511). --- Cargo.Bazel.toml.lock | 205 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 199 insertions(+), 6 deletions(-) diff --git a/Cargo.Bazel.toml.lock b/Cargo.Bazel.toml.lock index 5f180a381589..c7346e44408e 100644 --- a/Cargo.Bazel.toml.lock +++ b/Cargo.Bazel.toml.lock @@ -2060,6 +2060,28 @@ dependencies = [ "thiserror 1.0.68", ] +[[package]] +name = "candid_parser" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75daa0ef508c92f38dd0eaaaae7d13f317b68ab73c875068257348574a6bcce2" +dependencies = [ + "anyhow", + "candid", + "codespan-reporting", + "convert_case 0.6.0", + "handlebars 6.4.0", + "hex", + "lalrpop 0.20.0", + "lalrpop-util 0.20.0", + "logos 0.14.4", + "num-bigint 0.4.6", + "pretty 0.12.1", + "serde", + "thiserror 1.0.68", + "toml 0.8.19", +] + [[package]] name = "canlog" version = "0.2.0" @@ -3486,6 +3508,37 @@ dependencies = [ "syn 2.0.110", ] +[[package]] +name = "derive_builder" +version = "0.20.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "507dfb09ea8b7fa618fcf76e953f4f5e192547945816d5358edffe39f6f94947" +dependencies = [ + "derive_builder_macro", +] + +[[package]] +name = "derive_builder_core" +version = "0.20.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2d5bcf7b024d6835cfb3d473887cd966994907effbe9227e8c8219824d06c4e8" +dependencies = [ + "darling 0.20.11", + "proc-macro2", + "quote", + "syn 2.0.110", +] + +[[package]] +name = "derive_builder_macro" +version = "0.20.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ab63b0e2bf4d5928aff72e83a7dace85d7bba5fe12dcc3c5a572d78caffd3f3c" +dependencies = [ + "derive_builder_core", + "syn 2.0.110", +] + [[package]] name = "derive_more" version = "0.99.17" @@ -3545,7 +3598,7 @@ dependencies = [ "directories-next", "dunce", "flate2", - "handlebars", + "handlebars 4.5.0", "hex", "humantime-serde", "ic-agent", @@ -3665,7 +3718,7 @@ dependencies = [ "canbench", "canbench-rs", "candid", - "candid_parser", + "candid_parser 0.1.4", "cargo_metadata", "cc", "cddl", @@ -3960,7 +4013,7 @@ dependencies = [ "tokio-test", "tokio-tungstenite 0.26.2", "tokio-util", - "toml", + "toml 0.5.11", "tonic 0.12.3", "tonic-build", "tower 0.5.2", @@ -5363,6 +5416,22 @@ dependencies = [ "thiserror 1.0.68", ] +[[package]] +name = "handlebars" +version = "6.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b3f9296c208515b87bd915a2f5d1163d4b3f863ba83337d7713cf478055948e" +dependencies = [ + "derive_builder", + "log", + "num-order", + "pest", + "pest_derive", + "serde", + "serde_json", + "thiserror 2.0.18", +] + [[package]] name = "hardware-address" version = "0.2.0" @@ -6756,8 +6825,10 @@ checksum = "04a4c6c1f1f7a2126be36fe51cdbc1c8991214f231811dca7ec1971d15cb6f91" dependencies = [ "anyhow", "candid", + "candid_parser 0.2.4", "clap 4.5.53", "libflate", + "parse-display", "rustc-demangle", "serde", "thiserror 1.0.68", @@ -8076,6 +8147,15 @@ dependencies = [ "logos-derive 0.13.0", ] +[[package]] +name = "logos" +version = "0.14.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7251356ef8cb7aec833ddf598c6cb24d17b689d20b993f9d11a3d764e34e6458" +dependencies = [ + "logos-derive 0.14.4", +] + [[package]] name = "logos-codegen" version = "0.13.0" @@ -8090,6 +8170,21 @@ dependencies = [ "syn 2.0.110", ] +[[package]] +name = "logos-codegen" +version = "0.14.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "59f80069600c0d66734f5ff52cc42f2dabd6b29d205f333d61fd7832e9e9963f" +dependencies = [ + "beef", + "fnv", + "lazy_static", + "proc-macro2", + "quote", + "regex-syntax 0.8.5", + "syn 2.0.110", +] + [[package]] name = "logos-derive" version = "0.12.1" @@ -8110,7 +8205,16 @@ version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dbfc0d229f1f42d790440136d941afd806bc9e949e2bcb8faa813b0f00d1267e" dependencies = [ - "logos-codegen", + "logos-codegen 0.13.0", +] + +[[package]] +name = "logos-derive" +version = "0.14.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "24fb722b06a9dc12adb0963ed585f19fc61dc5413e6a9be9422ef92c091e731d" +dependencies = [ + "logos-codegen 0.14.4", ] [[package]] @@ -8886,6 +8990,21 @@ dependencies = [ "num-traits", ] +[[package]] +name = "num-modular" +version = "0.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "17bb261bf36fa7d83f4c294f834e91256769097b3cb505d44831e0a179ac647f" + +[[package]] +name = "num-order" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "537b596b97c40fcf8056d153049eb22f481c17ebce72a513ec9286e4986d1bb6" +dependencies = [ + "num-modular", +] + [[package]] name = "num-rational" version = "0.4.2" @@ -9466,6 +9585,31 @@ dependencies = [ "windows-link 0.2.1", ] +[[package]] +name = "parse-display" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "287d8d3ebdce117b8539f59411e4ed9ec226e0a4153c7f55495c6070d68e6f72" +dependencies = [ + "parse-display-derive", + "regex", + "regex-syntax 0.8.5", +] + +[[package]] +name = "parse-display-derive" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7fc048687be30d79502dea2f623d052f3a074012c6eac41726b7ab17213616b1" +dependencies = [ + "proc-macro2", + "quote", + "regex", + "regex-syntax 0.8.5", + "structmeta 0.3.0", + "syn 2.0.110", +] + [[package]] name = "parse-size" version = "1.1.0" @@ -12332,6 +12476,15 @@ dependencies = [ "syn 2.0.110", ] +[[package]] +name = "serde_spanned" +version = "0.6.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf41e0cfaf7226dca15e8197172c295a782857fcb97fad1808a166870dee75a3" +dependencies = [ + "serde", +] + [[package]] name = "serde_urlencoded" version = "0.7.1" @@ -13078,7 +13231,19 @@ checksum = "78ad9e09554f0456d67a69c1584c9798ba733a5b50349a6c0d0948710523922d" dependencies = [ "proc-macro2", "quote", - "structmeta-derive", + "structmeta-derive 0.2.0", + "syn 2.0.110", +] + +[[package]] +name = "structmeta" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2e1575d8d40908d70f6fd05537266b90ae71b15dbbe7a8b7dffa2b759306d329" +dependencies = [ + "proc-macro2", + "quote", + "structmeta-derive 0.3.0", "syn 2.0.110", ] @@ -13093,6 +13258,17 @@ dependencies = [ "syn 2.0.110", ] +[[package]] +name = "structmeta-derive" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "152a0b65a590ff6c3da95cabe2353ee04e6167c896b28e3b14478c2636c922fc" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.110", +] + [[package]] name = "strum" version = "0.25.0" @@ -13531,7 +13707,7 @@ checksum = "b8361c808554228ad09bfed70f5c823caf8a3450b6881cc3a38eb57e8c08c1d9" dependencies = [ "proc-macro2", "quote", - "structmeta", + "structmeta 0.2.0", "syn 2.0.110", ] @@ -13980,11 +14156,26 @@ dependencies = [ "serde", ] +[[package]] +name = "toml" +version = "0.8.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a1ed1f98e3fdc28d6d910e6737ae6ab1a93bf1985935a1193e68f93eeb68d24e" +dependencies = [ + "serde", + "serde_spanned", + "toml_datetime", + "toml_edit 0.22.20", +] + [[package]] name = "toml_datetime" version = "0.6.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0dd7358ecb8fc2f8d014bf86f6f638ce72ba252a2c3a2572f2a795f1d23efb41" +dependencies = [ + "serde", +] [[package]] name = "toml_edit" @@ -14004,6 +14195,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "583c44c02ad26b0c3f3066fe629275e50627026c51ac2e595cca4c230ce1ce1d" dependencies = [ "indexmap 2.14.0", + "serde", + "serde_spanned", "toml_datetime", "winnow 0.6.20", ] From cca5494ed5be7b8e1e44f51a33b6a20d05b04f97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9gory=20Demay?= Date: Fri, 8 May 2026 16:21:37 +0000 Subject: [PATCH 03/15] ci(DEFI-2511): add ic-wasm check-endpoints to BTC checker Adds rs/bitcoin/checker/hidden_endpoints.conf and threads it into the rust_canister rule via the new optional `hidden_endpoints` kwarg. The conf lists the legitimate non-candid exports of the BTC checker: the metrics http_request, the HTTP-outcall transform query, the two lifecycle hooks, and Rust's `main` symbol. `bazel build //rs/bitcoin/checker:btc_checker_canister.wasm.gz` now reports `Canister WASM and Candid interface match!` as part of finalization and fails the build if a future change exports an unlisted method. --- rs/bitcoin/checker/BUILD.bazel | 1 + rs/bitcoin/checker/hidden_endpoints.conf | 9 +++++++++ 2 files changed, 10 insertions(+) create mode 100644 rs/bitcoin/checker/hidden_endpoints.conf diff --git a/rs/bitcoin/checker/BUILD.bazel b/rs/bitcoin/checker/BUILD.bazel index 76034cb36a75..32a3412e9de6 100644 --- a/rs/bitcoin/checker/BUILD.bazel +++ b/rs/bitcoin/checker/BUILD.bazel @@ -45,6 +45,7 @@ rust_canister( compile_data = [ "templates/dashboard.html", ], + hidden_endpoints = "hidden_endpoints.conf", service_file = "btc_checker_canister.did", deps = [ # Keep sorted. diff --git a/rs/bitcoin/checker/hidden_endpoints.conf b/rs/bitcoin/checker/hidden_endpoints.conf new file mode 100644 index 000000000000..663ba4f629fa --- /dev/null +++ b/rs/bitcoin/checker/hidden_endpoints.conf @@ -0,0 +1,9 @@ +# HTTP endpoint for fetching metrics +canister_query:http_request +# Transform function for HTTP outcalls +canister_query:transform +# Canister lifecycle +canister_init +canister_post_upgrade +# Exported by the `main()` function in `main.rs`; cannot be called +main From bb27f6e44291ccf711655f80af7af4b7674b2830 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9gory=20Demay?= Date: Fri, 8 May 2026 16:23:29 +0000 Subject: [PATCH 04/15] ci(DEFI-2504): add ic-wasm check-endpoints to ledger suite orchestrator Both variants (`ledger_suite_orchestrator_canister` and `..._getblocksdisabled`) now go through `ic-wasm check-endpoints` during finalization. The shared hidden_endpoints.conf lists canister_global_timer, the metrics http_request, lifecycle hooks, and Rust's main symbol. --- rs/ethereum/ledger-suite-orchestrator/BUILD.bazel | 1 + .../ledger-suite-orchestrator/hidden_endpoints.conf | 9 +++++++++ 2 files changed, 10 insertions(+) create mode 100644 rs/ethereum/ledger-suite-orchestrator/hidden_endpoints.conf diff --git a/rs/ethereum/ledger-suite-orchestrator/BUILD.bazel b/rs/ethereum/ledger-suite-orchestrator/BUILD.bazel index 9e9d7237f63f..f82b998a858f 100644 --- a/rs/ethereum/ledger-suite-orchestrator/BUILD.bazel +++ b/rs/ethereum/ledger-suite-orchestrator/BUILD.bazel @@ -113,6 +113,7 @@ rust_test( "templates/dashboard.html", ], crate_name = "ic_ledger_suite_orchestrator_canister" + name_suffix, + hidden_endpoints = "hidden_endpoints.conf", opt = "z", proc_macro_deps = [ # Keep sorted. diff --git a/rs/ethereum/ledger-suite-orchestrator/hidden_endpoints.conf b/rs/ethereum/ledger-suite-orchestrator/hidden_endpoints.conf new file mode 100644 index 000000000000..ce9e9d69ffa5 --- /dev/null +++ b/rs/ethereum/ledger-suite-orchestrator/hidden_endpoints.conf @@ -0,0 +1,9 @@ +# IC system-level timer (wired via #[unsafe(export_name = "canister_global_timer")]) +canister_global_timer +# HTTP endpoint for fetching metrics +canister_query:http_request +# Canister lifecycle +canister_init +canister_post_upgrade +# Exported by the `main()` function in `main.rs`; cannot be called +main From f45a0fbd9708da1dfd00f49e254cb8f43bf675b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9gory=20Demay?= Date: Fri, 8 May 2026 16:28:22 +0000 Subject: [PATCH 05/15] ci(DEFI-2502): add ic-wasm check-endpoints to ckBTC minter Two confs because the ckbtc_minter_debug variant compiles in three extra endpoints behind the `self_check` cargo feature (canister_query:self_check, canister_update:refresh_fee_percentiles, canister_update:upload_events) that are not present in the production ckbtc_minter wasm. ic-wasm check-endpoints is strict in both directions (extra entries in --hidden are also flagged), so a single permissive conf can't satisfy both variants. Both confs share the timer, http_request metrics endpoint, the __get_candid_interface_tmp_hack candid-extraction helper (declared #[query(hidden = true)] in main.rs), the lifecycle hooks, and the Rust main symbol. --- rs/bitcoin/ckbtc/minter/BUILD.bazel | 5 ++++- rs/bitcoin/ckbtc/minter/hidden_endpoints.conf | 11 +++++++++++ .../ckbtc/minter/hidden_endpoints_debug.conf | 15 +++++++++++++++ 3 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 rs/bitcoin/ckbtc/minter/hidden_endpoints.conf create mode 100644 rs/bitcoin/ckbtc/minter/hidden_endpoints_debug.conf diff --git a/rs/bitcoin/ckbtc/minter/BUILD.bazel b/rs/bitcoin/ckbtc/minter/BUILD.bazel index 3789641a8c40..1f9fdbff95d4 100644 --- a/rs/bitcoin/ckbtc/minter/BUILD.bazel +++ b/rs/bitcoin/ckbtc/minter/BUILD.bazel @@ -92,6 +92,7 @@ rust_doc_test( compile_data = [":ckbtc_minter.did"], crate_features = features, crate_name = "ic_ckbtc_minter_canister", + hidden_endpoints = hidden_endpoints, proc_macro_deps = [ # Keep sorted. ], @@ -112,16 +113,18 @@ rust_doc_test( "@crate_index//:serde_json", ], ) - for (name, features) in [ + for (name, features, hidden_endpoints) in [ # Production version without debug assertions. ( "ckbtc_minter", [], + "hidden_endpoints.conf", ), # Test version with internal consistency checks. ( "ckbtc_minter_debug", ["self_check"], + "hidden_endpoints_debug.conf", ), ] ] diff --git a/rs/bitcoin/ckbtc/minter/hidden_endpoints.conf b/rs/bitcoin/ckbtc/minter/hidden_endpoints.conf new file mode 100644 index 000000000000..fcb0cd45d468 --- /dev/null +++ b/rs/bitcoin/ckbtc/minter/hidden_endpoints.conf @@ -0,0 +1,11 @@ +# IC system-level timer (wired via #[unsafe(export_name = "canister_global_timer")]) +canister_global_timer +# HTTP endpoint for fetching metrics +canister_query:http_request +# Candid extraction tmp-hack endpoint (#[query(hidden = true)] in main.rs) +canister_query:__get_candid_interface_tmp_hack +# Canister lifecycle +canister_init +canister_post_upgrade +# Exported by the `main()` function in `main.rs`; cannot be called +main diff --git a/rs/bitcoin/ckbtc/minter/hidden_endpoints_debug.conf b/rs/bitcoin/ckbtc/minter/hidden_endpoints_debug.conf new file mode 100644 index 000000000000..edaba517f32c --- /dev/null +++ b/rs/bitcoin/ckbtc/minter/hidden_endpoints_debug.conf @@ -0,0 +1,15 @@ +# Same as hidden_endpoints.conf plus the `self_check` query, which is +# only compiled in when the `self_check` cargo feature is enabled (the +# `ckbtc_minter_debug` variant). It is declared `#[query]` (i.e. not +# hidden) but absent from the canonical `ckbtc_minter.did`, so it must +# be allowlisted here. +canister_global_timer +canister_query:http_request +canister_query:__get_candid_interface_tmp_hack +canister_query:self_check +# self_check-only update endpoints, also gated on the cargo feature +canister_update:refresh_fee_percentiles +canister_update:upload_events +canister_init +canister_post_upgrade +main From 256f9a5bb838f4391421c43c1b174501290531ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9gory=20Demay?= Date: Fri, 8 May 2026 16:30:50 +0000 Subject: [PATCH 06/15] ci(DEFI-2503): add ic-wasm check-endpoints to ckETH minter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Two confs because the cketh_minter_debug variant exports an extra `check_audit_log` query gated behind the `debug_checks` cargo feature, which is absent from cketh_minter.did. Both confs share the IC system-level `canister_global_timer` plus the ic-cdk-timers dispatcher ` timer_executor`, the metrics http_request, the lifecycle hooks (init, pre_upgrade, post_upgrade), and the Rust main symbol. No FFI symbols from ic_secp256k1 / ic_sha3 leaked into the WASM exports — the IC's ic_secp256k1 wrapper appears to keep them internal. --- rs/ethereum/cketh/minter/BUILD.bazel | 6 ++++-- rs/ethereum/cketh/minter/hidden_endpoints.conf | 13 +++++++++++++ .../cketh/minter/hidden_endpoints_debug.conf | 13 +++++++++++++ 3 files changed, 30 insertions(+), 2 deletions(-) create mode 100644 rs/ethereum/cketh/minter/hidden_endpoints.conf create mode 100644 rs/ethereum/cketh/minter/hidden_endpoints_debug.conf diff --git a/rs/ethereum/cketh/minter/BUILD.bazel b/rs/ethereum/cketh/minter/BUILD.bazel index ca1c34e00158..b79281ae0581 100644 --- a/rs/ethereum/cketh/minter/BUILD.bazel +++ b/rs/ethereum/cketh/minter/BUILD.bazel @@ -150,6 +150,7 @@ rust_test( ], crate_features = features, crate_name = "ic_cketh_minter_canister", + hidden_endpoints = hidden_endpoints, proc_macro_deps = [ # Keep sorted. ], @@ -175,11 +176,12 @@ rust_test( "@crate_index//:serde_bytes", "@crate_index//:time", ], -) for (target_suffix, features) in [ - ("", []), +) for (target_suffix, features, hidden_endpoints) in [ + ("", [], "hidden_endpoints.conf"), ( "_debug", ["debug_checks"], + "hidden_endpoints_debug.conf", ), ]] diff --git a/rs/ethereum/cketh/minter/hidden_endpoints.conf b/rs/ethereum/cketh/minter/hidden_endpoints.conf new file mode 100644 index 000000000000..211a67c9257d --- /dev/null +++ b/rs/ethereum/cketh/minter/hidden_endpoints.conf @@ -0,0 +1,13 @@ +# Timer endpoints exported by ic-cdk-timers (the dispatcher +# ` timer_executor` plus the IC system-level +# `canister_global_timer` it registers itself against) +canister_global_timer +canister_update: timer_executor +# HTTP endpoint for fetching metrics +canister_query:http_request +# Canister lifecycle +canister_init +canister_pre_upgrade +canister_post_upgrade +# Exported by the `main()` function in `main.rs`; cannot be called +main diff --git a/rs/ethereum/cketh/minter/hidden_endpoints_debug.conf b/rs/ethereum/cketh/minter/hidden_endpoints_debug.conf new file mode 100644 index 000000000000..2138ba3ec6ab --- /dev/null +++ b/rs/ethereum/cketh/minter/hidden_endpoints_debug.conf @@ -0,0 +1,13 @@ +# Same as hidden_endpoints.conf plus the `check_audit_log` query, which +# is only compiled in when the `debug_checks` cargo feature is enabled +# (the `cketh_minter_debug` variant). It is declared `#[query]` (not +# hidden) but absent from cketh_minter.did, so it must be allowlisted +# here. +canister_global_timer +canister_update: timer_executor +canister_query:http_request +canister_query:check_audit_log +canister_init +canister_pre_upgrade +canister_post_upgrade +main From 195a501b67f1ea4e87429c604a33154e484323d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9gory=20Demay?= Date: Fri, 8 May 2026 16:33:53 +0000 Subject: [PATCH 07/15] ci(DEFI-2501): add ic-wasm check-endpoints to ICRC1 ledger Wires the production-shape variants (`ledger_canister`, `_u256`, `_nextledgerversion`, `_u256_nextledgerversion`) of the ICRC1 ledger through ic-wasm check-endpoints, against a single hidden_endpoints.conf listing the lifecycle hooks, the #[query(hidden = true)] http_request metrics endpoint, the __get_candid_interface_tmp_hack helper (declared #[query] but absent from ledger.did), and Rust's main symbol. The `_getblocksdisabled` and `_canbench` variants are deliberately opted out of the check (hidden_endpoints = None) because they ship with a wasm shape that diverges from `ledger.did`: the former disables `get_blocks` in code while the .did still declares it, and the latter compiles in canbench-rs's `__canbench__*` / `__tracing__*` benchmark exports and replaces `canister_init` with the canbench harness's own. Both are test-only variants; gating them on check-endpoints would either require a separate .did or upstream changes to canbench-rs / the get-blocks-disabled feature itself. --- rs/ledger_suite/icrc1/ledger/BUILD.bazel | 8 ++++++++ rs/ledger_suite/icrc1/ledger/hidden_endpoints.conf | 10 ++++++++++ 2 files changed, 18 insertions(+) create mode 100644 rs/ledger_suite/icrc1/ledger/hidden_endpoints.conf diff --git a/rs/ledger_suite/icrc1/ledger/BUILD.bazel b/rs/ledger_suite/icrc1/ledger/BUILD.bazel index 3a642695d173..be9d52b92278 100644 --- a/rs/ledger_suite/icrc1/ledger/BUILD.bazel +++ b/rs/ledger_suite/icrc1/ledger/BUILD.bazel @@ -111,6 +111,14 @@ package(default_visibility = ["//visibility:public"]) srcs = ["src/main.rs"] + glob(["src/benches/**/*.rs"]), crate_features = features, crate_name = "ic_icrc1_ledger_canister" + name_suffix, + # The `_getblocksdisabled` variants compile without `get_blocks` + # but share the same `ledger.did` (which still declares it). The + # `_canbench` variants compile in benchmark-only `__canbench__*` + # and `__tracing__*` query endpoints from canbench-rs that aren't + # in `ledger.did` either, and replace `canister_init` with the + # canbench harness's own. Opt both kinds of variants out of + # check-endpoints — they're test-only and not production canisters. + hidden_endpoints = None if ("get-blocks-disabled" in features or "canbench-rs" in features) else "hidden_endpoints.conf", opt = "z", proc_macro_deps = [ # Keep sorted. diff --git a/rs/ledger_suite/icrc1/ledger/hidden_endpoints.conf b/rs/ledger_suite/icrc1/ledger/hidden_endpoints.conf new file mode 100644 index 000000000000..3fd49e613812 --- /dev/null +++ b/rs/ledger_suite/icrc1/ledger/hidden_endpoints.conf @@ -0,0 +1,10 @@ +# Canister lifecycle +canister_init +canister_pre_upgrade +canister_post_upgrade +# HTTP endpoint for fetching metrics (#[query(hidden = true)]) +canister_query:http_request +# Candid extraction tmp-hack endpoint (#[query] but absent from ledger.did) +canister_query:__get_candid_interface_tmp_hack +# Exported by the `main()` function in `main.rs`; cannot be called +main From 6d7df1ab901e51c3a51f92f76866cfdbc8976e13 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9gory=20Demay?= Date: Fri, 8 May 2026 16:36:37 +0000 Subject: [PATCH 08/15] ci(DEFI-2501): add ic-wasm check-endpoints to ICP ledger All 4 variants of the ICP ledger now go through ic-wasm check-endpoints during finalization. The base hidden_endpoints.conf covers the 12 legacy `_pb` protobuf endpoints (declared via #[unsafe(export_name = "canister_query ")] / #[unsafe(export_name = "canister_update ")]), the metrics http_request, the candid-extraction __get_candid_interface_tmp_hack helper (declared #[query] but absent from ledger.did), the lifecycle hooks, and Rust's main symbol. The `_allowance-getter` variant gets a separate hidden_endpoints_allowance_getter.conf because the `icp-allowance-getter` cargo feature compiles in an extra `canister_query:allowance` endpoint not present in ledger.did. --- rs/ledger_suite/icp/ledger/BUILD.bazel | 8 ++++++- .../icp/ledger/hidden_endpoints.conf | 24 +++++++++++++++++++ .../hidden_endpoints_allowance_getter.conf | 24 +++++++++++++++++++ 3 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 rs/ledger_suite/icp/ledger/hidden_endpoints.conf create mode 100644 rs/ledger_suite/icp/ledger/hidden_endpoints_allowance_getter.conf diff --git a/rs/ledger_suite/icp/ledger/BUILD.bazel b/rs/ledger_suite/icp/ledger/BUILD.bazel index 66b92c0417b6..e9e1cd42195c 100644 --- a/rs/ledger_suite/icp/ledger/BUILD.bazel +++ b/rs/ledger_suite/icp/ledger/BUILD.bazel @@ -77,21 +77,27 @@ rust_test( deps = ["@crate_index//:proptest"], ) -rust_ledger_canister(name = "ledger-canister-wasm") +rust_ledger_canister( + name = "ledger-canister-wasm", + hidden_endpoints = "hidden_endpoints.conf", +) rust_ledger_canister( name = "ledger-canister-wasm-allowance-getter", crate_features = ["icp-allowance-getter"], + hidden_endpoints = "hidden_endpoints_allowance_getter.conf", ) rust_ledger_canister( name = "ledger-canister-wasm-next-version", extra_deps = [":ledger_next_version"], + hidden_endpoints = "hidden_endpoints.conf", ) rust_ledger_canister( name = "ledger-canister-wasm-prev-version", extra_deps = [":ledger_prev_version"], + hidden_endpoints = "hidden_endpoints.conf", ) rust_test( diff --git a/rs/ledger_suite/icp/ledger/hidden_endpoints.conf b/rs/ledger_suite/icp/ledger/hidden_endpoints.conf new file mode 100644 index 000000000000..9fb25d13b551 --- /dev/null +++ b/rs/ledger_suite/icp/ledger/hidden_endpoints.conf @@ -0,0 +1,24 @@ +# Canister lifecycle (canister_init declared via #[unsafe(export_name = ...)]) +canister_init +canister_pre_upgrade +canister_post_upgrade +# HTTP endpoint for fetching metrics (#[query(hidden = true)]) +canister_query:http_request +# Candid extraction tmp-hack endpoint (#[query] but absent from ledger.did) +canister_query:__get_candid_interface_tmp_hack +# Legacy protobuf query endpoints (#[unsafe(export_name = "canister_query ")]) +canister_query:account_balance_pb +canister_query:block_pb +canister_query:get_archive_index_pb +canister_query:get_blocks_pb +canister_query:get_nodes +canister_query:iter_blocks_pb +canister_query:tip_of_chain_pb +canister_query:total_supply_pb +canister_query:transfer_fee_pb +# Legacy protobuf update endpoints +canister_update:notify_dfx +canister_update:notify_pb +canister_update:send_pb +# Exported by the `main()` function in `main.rs`; cannot be called +main diff --git a/rs/ledger_suite/icp/ledger/hidden_endpoints_allowance_getter.conf b/rs/ledger_suite/icp/ledger/hidden_endpoints_allowance_getter.conf new file mode 100644 index 000000000000..f8cc7ee2e308 --- /dev/null +++ b/rs/ledger_suite/icp/ledger/hidden_endpoints_allowance_getter.conf @@ -0,0 +1,24 @@ +# Same as hidden_endpoints.conf plus the `allowance` query, which is +# only compiled in when the `icp-allowance-getter` cargo feature is +# enabled (the `ledger-canister-wasm-allowance-getter` variant). It is +# declared `#[query(name = "allowance")]` (not hidden) but absent from +# ledger.did, so it must be allowlisted here. +canister_init +canister_pre_upgrade +canister_post_upgrade +canister_query:http_request +canister_query:__get_candid_interface_tmp_hack +canister_query:allowance +canister_query:account_balance_pb +canister_query:block_pb +canister_query:get_archive_index_pb +canister_query:get_blocks_pb +canister_query:get_nodes +canister_query:iter_blocks_pb +canister_query:tip_of_chain_pb +canister_query:total_supply_pb +canister_query:transfer_fee_pb +canister_update:notify_dfx +canister_update:notify_pb +canister_update:send_pb +main From c4725c65d3ab2e1d1da6c32644019ed542331f93 Mon Sep 17 00:00:00 2001 From: IDX GitHub Automation Date: Fri, 8 May 2026 16:42:26 +0000 Subject: [PATCH 09/15] Automatically fixing code for linting and formatting issues --- bazel/canisters.bzl | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/bazel/canisters.bzl b/bazel/canisters.bzl index b7941112def5..282b5fc4744b 100644 --- a/bazel/canisters.bzl +++ b/bazel/canisters.bzl @@ -220,11 +220,11 @@ def finalize_wasm(*, name, src_wasm, service_file = None, version_file, testonly tools = ["@crate_index//:ic-wasm__ic-wasm", "@pigz"], cmd_bash = " && ".join(steps) .format( - input_wasm = "$(location {})".format(src_wasm), - ic_wasm = "$(location @crate_index//:ic-wasm__ic-wasm)", - version_file = "$(location {})".format(version_file), - pigz = "$(location @pigz)", - keep_name_section = "--keep-name-section" if keep_name_section else "", - hidden_endpoints = hidden_endpoints if hidden_endpoints != None else "", - ), + input_wasm = "$(location {})".format(src_wasm), + ic_wasm = "$(location @crate_index//:ic-wasm__ic-wasm)", + version_file = "$(location {})".format(version_file), + pigz = "$(location @pigz)", + keep_name_section = "--keep-name-section" if keep_name_section else "", + hidden_endpoints = hidden_endpoints if hidden_endpoints != None else "", + ), ) From f48baff01504d51a90420d1470d276e41e7a9217 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9gory=20Demay?= Date: Mon, 11 May 2026 05:33:26 +0000 Subject: [PATCH 10/15] build(bazel): buildifier fixups (indentation + Args docstring) Run `bazel run //pre-commit:buildifier-fix` and add the missing `Args:` docstring section to `finalize_wasm` so that `//pre-commit:buildifier-check` passes again on the autofix CI gate. No behavior change. --- bazel/canisters.bzl | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/bazel/canisters.bzl b/bazel/canisters.bzl index 282b5fc4744b..3d34403d7440 100644 --- a/bazel/canisters.bzl +++ b/bazel/canisters.bzl @@ -197,6 +197,16 @@ def finalize_wasm(*, name, src_wasm, service_file = None, version_file, testonly file), `ic-wasm check-endpoints --hidden ` is also run on the finalized wasm before gzip, failing the build if the wasm exports a method that is neither in the candid `service` nor allowlisted in the conf. + + Args: + name: target name; the rule outputs a file `name`. + src_wasm: the input wasm label. + service_file: optional candid `.did` file to embed as `candid:service` metadata. + version_file: text file whose contents become the `git_commit_id` metadata. + testonly: testonly attribute on the generated genrule. + visibility: visibility of the output target. + keep_name_section: pass `--keep-name-section` to every `ic-wasm` invocation. + hidden_endpoints: optional `hidden_endpoints.conf` label; enables `ic-wasm check-endpoints --hidden `. """ steps = [ From 38ea29eaf014a21db5c0b50257be9ed066fcb1af Mon Sep 17 00:00:00 2001 From: gregorydemay Date: Mon, 11 May 2026 14:38:26 +0200 Subject: [PATCH 11/15] build(bazel): enable check-endpoints feature for ic-wasm The feature flag was lost during a merge conflict resolution on top of master after ic-wasm was bumped to 0.9.11 there. Without it the ic-wasm binary does not expose the `check-endpoints` subcommand and canister finalize steps fail with "unexpected argument 'check-endpoints' found". Co-Authored-By: Claude Opus 4.7 (1M context) --- bazel/rust.MODULE.bazel | 1 + 1 file changed, 1 insertion(+) diff --git a/bazel/rust.MODULE.bazel b/bazel/rust.MODULE.bazel index f1903790e87f..665bf5e2c4df 100644 --- a/bazel/rust.MODULE.bazel +++ b/bazel/rust.MODULE.bazel @@ -771,6 +771,7 @@ crate.spec( crate.spec( default_features = False, features = [ + "check-endpoints", "exe", ], package = "ic-wasm", From 12ec84f668c23157edbe1005a738817caa2aa0df Mon Sep 17 00:00:00 2001 From: IDX GitHub Automation Date: Mon, 11 May 2026 12:40:53 +0000 Subject: [PATCH 12/15] Automatically updated Cargo*.lock --- Cargo.Bazel.json.lock | 1105 ++++++++++++++++++++++++++++++++++++++++- Cargo.Bazel.toml.lock | 1 + 2 files changed, 1101 insertions(+), 5 deletions(-) diff --git a/Cargo.Bazel.json.lock b/Cargo.Bazel.json.lock index cf37aeb0082b..f27d942a171d 100644 --- a/Cargo.Bazel.json.lock +++ b/Cargo.Bazel.json.lock @@ -1,5 +1,5 @@ { - "checksum": "98ff24335f62026e229bd43ce5376724c0a48089b1d0a82efb242abd57d619af", + "checksum": "6217b9fe1e8c68cbac6e61b1468b2c1fd2e307904508367bd608bc321fd96b01", "crates": { "abnf 0.12.0": { "name": "abnf", @@ -12064,6 +12064,137 @@ ], "license_file": "LICENSE" }, + "candid_parser 0.2.4": { + "name": "candid_parser", + "version": "0.2.4", + "package_url": "https://github.com/dfinity/candid", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/candid_parser/0.2.4/download", + "sha256": "75daa0ef508c92f38dd0eaaaae7d13f317b68ab73c875068257348574a6bcce2" + } + }, + "targets": [ + { + "Library": { + "crate_name": "candid_parser", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + }, + { + "BuildScript": { + "crate_name": "build_script_build", + "crate_root": "build.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "candid_parser", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "deps": { + "common": [ + { + "id": "anyhow 1.0.100", + "target": "anyhow" + }, + { + "id": "candid 0.10.22", + "target": "candid" + }, + { + "id": "candid_parser 0.2.4", + "target": "build_script_build" + }, + { + "id": "codespan-reporting 0.11.1", + "target": "codespan_reporting" + }, + { + "id": "convert_case 0.6.0", + "target": "convert_case" + }, + { + "id": "handlebars 6.4.0", + "target": "handlebars" + }, + { + "id": "hex 0.4.3", + "target": "hex" + }, + { + "id": "lalrpop-util 0.20.0", + "target": "lalrpop_util" + }, + { + "id": "logos 0.14.4", + "target": "logos" + }, + { + "id": "num-bigint 0.4.6", + "target": "num_bigint" + }, + { + "id": "pretty 0.12.1", + "target": "pretty" + }, + { + "id": "serde 1.0.228", + "target": "serde" + }, + { + "id": "thiserror 1.0.68", + "target": "thiserror" + }, + { + "id": "toml 0.8.19", + "target": "toml" + } + ], + "selects": {} + }, + "edition": "2021", + "version": "0.2.4" + }, + "build_script_attrs": { + "compile_data_glob": [ + "**" + ], + "compile_data_glob_excludes": [ + "**/*.rs" + ], + "data_glob": [ + "**" + ], + "deps": { + "common": [ + { + "id": "lalrpop 0.20.0", + "target": "lalrpop" + } + ], + "selects": {} + } + }, + "license": "Apache-2.0", + "license_ids": [ + "Apache-2.0" + ], + "license_file": "LICENSE" + }, "canlog 0.2.0": { "name": "canlog", "version": "0.2.0", @@ -20584,6 +20715,185 @@ ], "license_file": "LICENSE-APACHE" }, + "derive_builder 0.20.2": { + "name": "derive_builder", + "version": "0.20.2", + "package_url": "https://github.com/colin-kiegel/rust-derive-builder", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/derive_builder/0.20.2/download", + "sha256": "507dfb09ea8b7fa618fcf76e953f4f5e192547945816d5358edffe39f6f94947" + } + }, + "targets": [ + { + "Library": { + "crate_name": "derive_builder", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "derive_builder", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "crate_features": { + "common": [ + "default", + "std" + ], + "selects": {} + }, + "edition": "2018", + "proc_macro_deps": { + "common": [ + { + "id": "derive_builder_macro 0.20.2", + "target": "derive_builder_macro" + } + ], + "selects": {} + }, + "version": "0.20.2" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": "LICENSE-APACHE" + }, + "derive_builder_core 0.20.2": { + "name": "derive_builder_core", + "version": "0.20.2", + "package_url": "https://github.com/colin-kiegel/rust-derive-builder", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/derive_builder_core/0.20.2/download", + "sha256": "2d5bcf7b024d6835cfb3d473887cd966994907effbe9227e8c8219824d06c4e8" + } + }, + "targets": [ + { + "Library": { + "crate_name": "derive_builder_core", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "derive_builder_core", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "crate_features": { + "common": [ + "lib_has_std" + ], + "selects": {} + }, + "deps": { + "common": [ + { + "id": "darling 0.20.11", + "target": "darling" + }, + { + "id": "proc-macro2 1.0.103", + "target": "proc_macro2" + }, + { + "id": "quote 1.0.42", + "target": "quote" + }, + { + "id": "syn 2.0.110", + "target": "syn" + } + ], + "selects": {} + }, + "edition": "2018", + "version": "0.20.2" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": "LICENSE-APACHE" + }, + "derive_builder_macro 0.20.2": { + "name": "derive_builder_macro", + "version": "0.20.2", + "package_url": "https://github.com/colin-kiegel/rust-derive-builder", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/derive_builder_macro/0.20.2/download", + "sha256": "ab63b0e2bf4d5928aff72e83a7dace85d7bba5fe12dcc3c5a572d78caffd3f3c" + } + }, + "targets": [ + { + "ProcMacro": { + "crate_name": "derive_builder_macro", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "derive_builder_macro", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "crate_features": { + "common": [ + "lib_has_std" + ], + "selects": {} + }, + "deps": { + "common": [ + { + "id": "derive_builder_core 0.20.2", + "target": "derive_builder_core" + }, + { + "id": "syn 2.0.110", + "target": "syn" + } + ], + "selects": {} + }, + "edition": "2018", + "version": "0.20.2" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": "LICENSE-APACHE" + }, "derive_more 0.99.17": { "name": "derive_more", "version": "0.99.17", @@ -31119,6 +31429,92 @@ ], "license_file": "LICENSE" }, + "handlebars 6.4.0": { + "name": "handlebars", + "version": "6.4.0", + "package_url": "https://github.com/sunng87/handlebars-rust", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/handlebars/6.4.0/download", + "sha256": "9b3f9296c208515b87bd915a2f5d1163d4b3f863ba83337d7713cf478055948e" + } + }, + "targets": [ + { + "Library": { + "crate_name": "handlebars", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "handlebars", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "crate_features": { + "common": [ + "default" + ], + "selects": {} + }, + "deps": { + "common": [ + { + "id": "derive_builder 0.20.2", + "target": "derive_builder" + }, + { + "id": "log 0.4.28", + "target": "log" + }, + { + "id": "num-order 1.2.0", + "target": "num_order" + }, + { + "id": "pest 2.7.1", + "target": "pest" + }, + { + "id": "serde 1.0.228", + "target": "serde" + }, + { + "id": "serde_json 1.0.145", + "target": "serde_json" + }, + { + "id": "thiserror 2.0.18", + "target": "thiserror" + } + ], + "selects": {} + }, + "edition": "2021", + "proc_macro_deps": { + "common": [ + { + "id": "pest_derive 2.7.1", + "target": "pest_derive" + } + ], + "selects": {} + }, + "version": "6.4.0" + }, + "license": "MIT", + "license_ids": [ + "MIT" + ], + "license_file": "LICENSE" + }, "hardware-address 0.2.0": { "name": "hardware-address", "version": "0.2.0", @@ -38504,6 +38900,7 @@ ], "crate_features": { "common": [ + "check-endpoints", "exe" ], "selects": {} @@ -38518,6 +38915,10 @@ "id": "candid 0.10.22", "target": "candid" }, + { + "id": "candid_parser 0.2.4", + "target": "candid_parser" + }, { "id": "clap 4.5.53", "target": "clap" @@ -38526,6 +38927,10 @@ "id": "libflate 2.1.0", "target": "libflate" }, + { + "id": "parse-display 0.10.0", + "target": "parse_display" + }, { "id": "rustc-demangle 0.1.26", "target": "rustc_demangle" @@ -38534,6 +38939,10 @@ "id": "serde 1.0.228", "target": "serde" }, + { + "id": "serde_json 1.0.145", + "target": "serde_json" + }, { "id": "thiserror 1.0.68", "target": "thiserror" @@ -46696,6 +47105,63 @@ ], "license_file": null }, + "logos 0.14.4": { + "name": "logos", + "version": "0.14.4", + "package_url": "https://github.com/maciejhirsz/logos", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/logos/0.14.4/download", + "sha256": "7251356ef8cb7aec833ddf598c6cb24d17b689d20b993f9d11a3d764e34e6458" + } + }, + "targets": [ + { + "Library": { + "crate_name": "logos", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "logos", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "crate_features": { + "common": [ + "default", + "export_derive", + "logos-derive", + "std" + ], + "selects": {} + }, + "edition": "2021", + "proc_macro_deps": { + "common": [ + { + "id": "logos-derive 0.14.4", + "target": "logos_derive" + } + ], + "selects": {} + }, + "version": "0.14.4" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": "LICENSE-APACHE" + }, "logos-codegen 0.13.0": { "name": "logos-codegen", "version": "0.13.0", @@ -46764,6 +47230,78 @@ ], "license_file": null }, + "logos-codegen 0.14.4": { + "name": "logos-codegen", + "version": "0.14.4", + "package_url": "https://github.com/maciejhirsz/logos", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/logos-codegen/0.14.4/download", + "sha256": "59f80069600c0d66734f5ff52cc42f2dabd6b29d205f333d61fd7832e9e9963f" + } + }, + "targets": [ + { + "Library": { + "crate_name": "logos_codegen", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "logos_codegen", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "deps": { + "common": [ + { + "id": "beef 0.5.2", + "target": "beef" + }, + { + "id": "fnv 1.0.7", + "target": "fnv" + }, + { + "id": "lazy_static 1.5.0", + "target": "lazy_static" + }, + { + "id": "proc-macro2 1.0.103", + "target": "proc_macro2" + }, + { + "id": "quote 1.0.42", + "target": "quote" + }, + { + "id": "regex-syntax 0.8.5", + "target": "regex_syntax" + }, + { + "id": "syn 2.0.110", + "target": "syn" + } + ], + "selects": {} + }, + "edition": "2021", + "version": "0.14.4" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": "LICENSE-APACHE" + }, "logos-derive 0.12.1": { "name": "logos-derive", "version": "0.12.1", @@ -46880,6 +47418,54 @@ ], "license_file": null }, + "logos-derive 0.14.4": { + "name": "logos-derive", + "version": "0.14.4", + "package_url": "https://github.com/maciejhirsz/logos", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/logos-derive/0.14.4/download", + "sha256": "24fb722b06a9dc12adb0963ed585f19fc61dc5413e6a9be9422ef92c091e731d" + } + }, + "targets": [ + { + "ProcMacro": { + "crate_name": "logos_derive", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "logos_derive", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "deps": { + "common": [ + { + "id": "logos-codegen 0.14.4", + "target": "logos_codegen" + } + ], + "selects": {} + }, + "edition": "2021", + "version": "0.14.4" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": "LICENSE-APACHE" + }, "loopdev-3 0.5.1": { "name": "loopdev-3", "version": "0.5.1", @@ -51875,6 +52461,97 @@ ], "license_file": "LICENSE-APACHE" }, + "num-modular 0.6.1": { + "name": "num-modular", + "version": "0.6.1", + "package_url": "https://github.com/cmpute/num-modular", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/num-modular/0.6.1/download", + "sha256": "17bb261bf36fa7d83f4c294f834e91256769097b3cb505d44831e0a179ac647f" + } + }, + "targets": [ + { + "Library": { + "crate_name": "num_modular", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "num_modular", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "edition": "2018", + "version": "0.6.1" + }, + "license": "Apache-2.0", + "license_ids": [ + "Apache-2.0" + ], + "license_file": "LICENSE" + }, + "num-order 1.2.0": { + "name": "num-order", + "version": "1.2.0", + "package_url": "https://github.com/cmpute/num-order", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/num-order/1.2.0/download", + "sha256": "537b596b97c40fcf8056d153049eb22f481c17ebce72a513ec9286e4986d1bb6" + } + }, + "targets": [ + { + "Library": { + "crate_name": "num_order", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "num_order", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "crate_features": { + "common": [ + "default" + ], + "selects": {} + }, + "deps": { + "common": [ + { + "id": "num-modular 0.6.1", + "target": "num_modular" + } + ], + "selects": {} + }, + "edition": "2018", + "version": "1.2.0" + }, + "license": "Apache-2.0", + "license_ids": [ + "Apache-2.0" + ], + "license_file": "LICENSE" + }, "num-rational 0.4.2": { "name": "num-rational", "version": "0.4.2", @@ -55535,6 +56212,144 @@ ], "license_file": "LICENSE-APACHE" }, + "parse-display 0.10.0": { + "name": "parse-display", + "version": "0.10.0", + "package_url": "https://github.com/frozenlib/parse-display", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/parse-display/0.10.0/download", + "sha256": "287d8d3ebdce117b8539f59411e4ed9ec226e0a4153c7f55495c6070d68e6f72" + } + }, + "targets": [ + { + "Library": { + "crate_name": "parse_display", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "parse_display", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "crate_features": { + "common": [ + "default", + "regex", + "regex-syntax", + "std" + ], + "selects": {} + }, + "deps": { + "common": [ + { + "id": "regex 1.12.2", + "target": "regex" + }, + { + "id": "regex-syntax 0.8.5", + "target": "regex_syntax" + } + ], + "selects": {} + }, + "edition": "2021", + "proc_macro_deps": { + "common": [ + { + "id": "parse-display-derive 0.10.0", + "target": "parse_display_derive" + } + ], + "selects": {} + }, + "version": "0.10.0" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": null + }, + "parse-display-derive 0.10.0": { + "name": "parse-display-derive", + "version": "0.10.0", + "package_url": "https://github.com/frozenlib/parse-display", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/parse-display-derive/0.10.0/download", + "sha256": "7fc048687be30d79502dea2f623d052f3a074012c6eac41726b7ab17213616b1" + } + }, + "targets": [ + { + "ProcMacro": { + "crate_name": "parse_display_derive", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "parse_display_derive", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "deps": { + "common": [ + { + "id": "proc-macro2 1.0.103", + "target": "proc_macro2" + }, + { + "id": "quote 1.0.42", + "target": "quote" + }, + { + "id": "regex 1.12.2", + "target": "regex" + }, + { + "id": "regex-syntax 0.8.5", + "target": "regex_syntax" + }, + { + "id": "structmeta 0.3.0", + "target": "structmeta" + }, + { + "id": "syn 2.0.110", + "target": "syn" + } + ], + "selects": {} + }, + "edition": "2021", + "version": "0.10.0" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": null + }, "parse-size 1.1.0": { "name": "parse-size", "version": "1.1.0", @@ -73290,6 +74105,60 @@ ], "license_file": "LICENSE-APACHE" }, + "serde_spanned 0.6.9": { + "name": "serde_spanned", + "version": "0.6.9", + "package_url": "https://github.com/toml-rs/toml", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/serde_spanned/0.6.9/download", + "sha256": "bf41e0cfaf7226dca15e8197172c295a782857fcb97fad1808a166870dee75a3" + } + }, + "targets": [ + { + "Library": { + "crate_name": "serde_spanned", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "serde_spanned", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "crate_features": { + "common": [ + "serde" + ], + "selects": {} + }, + "deps": { + "common": [ + { + "id": "serde 1.0.228", + "target": "serde" + } + ], + "selects": {} + }, + "edition": "2021", + "version": "0.6.9" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": "LICENSE-APACHE" + }, "serde_urlencoded 0.7.1": { "name": "serde_urlencoded", "version": "0.7.1", @@ -77724,6 +78593,71 @@ ], "license_file": null }, + "structmeta 0.3.0": { + "name": "structmeta", + "version": "0.3.0", + "package_url": "https://github.com/frozenlib/structmeta", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/structmeta/0.3.0/download", + "sha256": "2e1575d8d40908d70f6fd05537266b90ae71b15dbbe7a8b7dffa2b759306d329" + } + }, + "targets": [ + { + "Library": { + "crate_name": "structmeta", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "structmeta", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "deps": { + "common": [ + { + "id": "proc-macro2 1.0.103", + "target": "proc_macro2" + }, + { + "id": "quote 1.0.42", + "target": "quote" + }, + { + "id": "syn 2.0.110", + "target": "syn" + } + ], + "selects": {} + }, + "edition": "2021", + "proc_macro_deps": { + "common": [ + { + "id": "structmeta-derive 0.3.0", + "target": "structmeta_derive" + } + ], + "selects": {} + }, + "version": "0.3.0" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": null + }, "structmeta-derive 0.2.0": { "name": "structmeta-derive", "version": "0.2.0", @@ -77780,6 +78714,62 @@ ], "license_file": null }, + "structmeta-derive 0.3.0": { + "name": "structmeta-derive", + "version": "0.3.0", + "package_url": "https://github.com/frozenlib/structmeta", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/structmeta-derive/0.3.0/download", + "sha256": "152a0b65a590ff6c3da95cabe2353ee04e6167c896b28e3b14478c2636c922fc" + } + }, + "targets": [ + { + "ProcMacro": { + "crate_name": "structmeta_derive", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "structmeta_derive", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "deps": { + "common": [ + { + "id": "proc-macro2 1.0.103", + "target": "proc_macro2" + }, + { + "id": "quote 1.0.42", + "target": "quote" + }, + { + "id": "syn 2.0.110", + "target": "syn" + } + ], + "selects": {} + }, + "edition": "2021", + "version": "0.3.0" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": null + }, "strum 0.25.0": { "name": "strum", "version": "0.25.0", @@ -83276,6 +84266,72 @@ ], "license_file": "LICENSE-APACHE" }, + "toml 0.8.19": { + "name": "toml", + "version": "0.8.19", + "package_url": "https://github.com/toml-rs/toml", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/toml/0.8.19/download", + "sha256": "a1ed1f98e3fdc28d6d910e6737ae6ab1a93bf1985935a1193e68f93eeb68d24e" + } + }, + "targets": [ + { + "Library": { + "crate_name": "toml", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "toml", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "crate_features": { + "common": [ + "parse" + ], + "selects": {} + }, + "deps": { + "common": [ + { + "id": "serde 1.0.228", + "target": "serde" + }, + { + "id": "serde_spanned 0.6.9", + "target": "serde_spanned" + }, + { + "id": "toml_datetime 0.6.8", + "target": "toml_datetime" + }, + { + "id": "toml_edit 0.22.20", + "target": "toml_edit" + } + ], + "selects": {} + }, + "edition": "2021", + "version": "0.8.19" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": "LICENSE-APACHE" + }, "toml_datetime 0.6.8": { "name": "toml_datetime", "version": "0.6.8", @@ -83305,6 +84361,21 @@ "compile_data_glob": [ "**" ], + "crate_features": { + "common": [ + "serde" + ], + "selects": {} + }, + "deps": { + "common": [ + { + "id": "serde 1.0.228", + "target": "serde" + } + ], + "selects": {} + }, "edition": "2021", "version": "0.6.8" }, @@ -83408,11 +84479,27 @@ ], "crate_features": { "common": [ - "default", - "display", - "parse" + "parse", + "serde" ], - "selects": {} + "selects": { + "aarch64-apple-darwin": [ + "default", + "display" + ], + "aarch64-unknown-linux-gnu": [ + "default", + "display" + ], + "x86_64-apple-darwin": [ + "default", + "display" + ], + "x86_64-unknown-linux-gnu": [ + "default", + "display" + ] + } }, "deps": { "common": [ @@ -83420,6 +84507,14 @@ "id": "indexmap 2.14.0", "target": "indexmap" }, + { + "id": "serde 1.0.228", + "target": "serde" + }, + { + "id": "serde_spanned 0.6.9", + "target": "serde_spanned" + }, { "id": "toml_datetime 0.6.8", "target": "toml_datetime" diff --git a/Cargo.Bazel.toml.lock b/Cargo.Bazel.toml.lock index c7346e44408e..538871e1fb3e 100644 --- a/Cargo.Bazel.toml.lock +++ b/Cargo.Bazel.toml.lock @@ -6831,6 +6831,7 @@ dependencies = [ "parse-display", "rustc-demangle", "serde", + "serde_json", "thiserror 1.0.68", "walrus 0.22.0", "wasmparser 0.223.1", From 4d0ab5ee69c5cfe7480852e4377ba8f1a4de7bf8 Mon Sep 17 00:00:00 2001 From: gregorydemay Date: Tue, 12 May 2026 11:55:36 +0200 Subject: [PATCH 13/15] build(bazel): move check-endpoints from finalize_wasm to sh_test Reviewer feedback (PR #10147): the `check-endpoints` invocation inside the `finalize_wasm` genrule mixed build and verification concerns. Move it to a dedicated `sh_test` (matching the `inspect_stamped_trivial_wasm` pattern in `bazel/inject_version_into_wasm_tests/BUILD.bazel`). `finalize_wasm` is reverted to its master shape. `rust_canister` keeps its `hidden_endpoints` kwarg as the user-facing API and now emits a `_check_endpoints_test` sh_test target instead of extending the build genrule. No canister BUILD.bazel call sites change. Co-Authored-By: Claude Opus 4.7 (1M context) --- bazel/BUILD.bazel | 1 + bazel/canisters.bzl | 76 +++++++++++++++++------------------ bazel/check_endpoints_test.sh | 3 ++ 3 files changed, 41 insertions(+), 39 deletions(-) create mode 100755 bazel/check_endpoints_test.sh diff --git a/bazel/BUILD.bazel b/bazel/BUILD.bazel index c435675aceb8..a1a93a1fe095 100644 --- a/bazel/BUILD.bazel +++ b/bazel/BUILD.bazel @@ -77,6 +77,7 @@ exports_files( "prost_generator.sh", "generic_rust_bench.sh", "canbench.sh", + "check_endpoints_test.sh", "file_size_test.sh", ], visibility = ["//visibility:public"], diff --git a/bazel/canisters.bzl b/bazel/canisters.bzl index 3d34403d7440..6e6234939a18 100644 --- a/bazel/canisters.bzl +++ b/bazel/canisters.bzl @@ -4,6 +4,7 @@ This module defines utilities for building Rust canisters. load("@rules_motoko//motoko:defs.bzl", "motoko_binary") load("@rules_rust//rust:defs.bzl", "rust_binary") +load("@rules_shell//shell:sh_test.bzl", "sh_test") def _wasm_rust_transition_impl(_settings, attr): return { @@ -129,9 +130,17 @@ def rust_canister(name, service_file, visibility = ["//visibility:public"], test visibility = visibility, testonly = testonly, keep_name_section = keep_name_section, - hidden_endpoints = hidden_endpoints, ) + if hidden_endpoints != None: + _check_endpoints_test( + name = name + "_check_endpoints_test", + wasm = ":" + final_name, + hidden_endpoints = hidden_endpoints, + testonly = testonly, + visibility = visibility, + ) + native.alias( name = name, actual = final_name, @@ -185,56 +194,45 @@ def motoko_canister(name, entry, deps, **kwargs): actual = final_name, ) -def finalize_wasm(*, name, src_wasm, service_file = None, version_file, testonly, visibility = ["//visibility:public"], keep_name_section = False, hidden_endpoints = None): +def finalize_wasm(*, name, src_wasm, service_file = None, version_file, testonly, visibility = ["//visibility:public"], keep_name_section = False): """Generates an output file name `name + '.wasm.gz'`. The input file is shrunk, annotated with metadata, and gzipped. The canister metadata consists of: 'icp:public git_commit_id': version used in the build 'icp:public candid:service': the canister's candid service description - - When `hidden_endpoints` is provided (a label pointing at a `hidden_endpoints.conf` - file), `ic-wasm check-endpoints --hidden ` is also run on the finalized - wasm before gzip, failing the build if the wasm exports a method that is - neither in the candid `service` nor allowlisted in the conf. - - Args: - name: target name; the rule outputs a file `name`. - src_wasm: the input wasm label. - service_file: optional candid `.did` file to embed as `candid:service` metadata. - version_file: text file whose contents become the `git_commit_id` metadata. - testonly: testonly attribute on the generated genrule. - visibility: visibility of the output target. - keep_name_section: pass `--keep-name-section` to every `ic-wasm` invocation. - hidden_endpoints: optional `hidden_endpoints.conf` label; enables `ic-wasm check-endpoints --hidden `. """ - - steps = [ - "{ic_wasm} {input_wasm} -o $@.shrunk shrink {keep_name_section}", - "{ic_wasm} $@.shrunk -o $@.meta metadata candid:service {keep_name_section} --visibility public --file " + "$(location {})".format(service_file) if not (service_file == None) else "cp $@.shrunk $@.meta", # if service_file is None, don't include a service file - "{ic_wasm} $@.meta -o $@.ver metadata git_commit_id {keep_name_section} --visibility public --file {version_file}", - ] - if hidden_endpoints != None: - steps.append("{ic_wasm} $@.ver check-endpoints --hidden $(location {hidden_endpoints})") - steps.append("{pigz} --processes 16 --no-name $@.ver --stdout > $@") - native.genrule( name = "_" + name + "_finalize", - srcs = [src_wasm, version_file] + - ([service_file] if not (service_file == None) else []) + - ([hidden_endpoints] if hidden_endpoints != None else []), + srcs = [src_wasm, version_file] + ([service_file] if not (service_file == None) else []), outs = [name], visibility = visibility, testonly = testonly, message = "Finalizing canister " + name, tools = ["@crate_index//:ic-wasm__ic-wasm", "@pigz"], - cmd_bash = " && ".join(steps) - .format( - input_wasm = "$(location {})".format(src_wasm), - ic_wasm = "$(location @crate_index//:ic-wasm__ic-wasm)", - version_file = "$(location {})".format(version_file), - pigz = "$(location @pigz)", - keep_name_section = "--keep-name-section" if keep_name_section else "", - hidden_endpoints = hidden_endpoints if hidden_endpoints != None else "", - ), + cmd_bash = " && ".join([ + "{ic_wasm} {input_wasm} -o $@.shrunk shrink {keep_name_section}", + "{ic_wasm} $@.shrunk -o $@.meta metadata candid:service {keep_name_section} --visibility public --file " + "$(location {})".format(service_file) if not (service_file == None) else "cp $@.shrunk $@.meta", # if service_file is None, don't include a service file + "{ic_wasm} $@.meta -o $@.ver metadata git_commit_id {keep_name_section} --visibility public --file {version_file}", + "{pigz} --processes 16 --no-name $@.ver --stdout > $@", + ]) + .format(input_wasm = "$(location {})".format(src_wasm), ic_wasm = "$(location @crate_index//:ic-wasm__ic-wasm)", version_file = "$(location {})".format(version_file), pigz = "$(location @pigz)", keep_name_section = "--keep-name-section" if keep_name_section else ""), + ) + +def _check_endpoints_test(name, wasm, hidden_endpoints, testonly, visibility): + sh_test( + name = name, + srcs = ["//bazel:check_endpoints_test.sh"], + data = [ + wasm, + hidden_endpoints, + "@crate_index//:ic-wasm__ic-wasm", + ], + env = { + "IC_WASM": "$(location @crate_index//:ic-wasm__ic-wasm)", + "WASM": "$(location {})".format(wasm), + "HIDDEN": "$(location {})".format(hidden_endpoints), + }, + testonly = testonly, + visibility = visibility, ) diff --git a/bazel/check_endpoints_test.sh b/bazel/check_endpoints_test.sh new file mode 100755 index 000000000000..3d6a6f2a0ee6 --- /dev/null +++ b/bazel/check_endpoints_test.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash +set -euo pipefail +exec "$IC_WASM" "$WASM" check-endpoints --hidden "$HIDDEN" From c628bdc6a1bc44d325d8dd29b18f037b91e0bd4f Mon Sep 17 00:00:00 2001 From: IDX GitHub Automation Date: Tue, 12 May 2026 10:02:38 +0000 Subject: [PATCH 14/15] Automatically updated Cargo*.lock --- Cargo.Bazel.json.lock | 1123 ++++++++++++++++++++++++++++++++++++++++- Cargo.Bazel.toml.lock | 2 + 2 files changed, 1119 insertions(+), 6 deletions(-) diff --git a/Cargo.Bazel.json.lock b/Cargo.Bazel.json.lock index b8eebb748826..6bb3d467c495 100644 --- a/Cargo.Bazel.json.lock +++ b/Cargo.Bazel.json.lock @@ -1,5 +1,5 @@ { - "checksum": "2d3dc07f101e9aab9fa001ab446b1b2cb2deb304fc03320dc5c5d7e39bd68b2c", + "checksum": "359e577a8484fa49abe7ba9265d86c694dc344f29a2978135506b1d0d5326218", "crates": { "abnf 0.12.0": { "name": "abnf", @@ -11985,6 +11985,137 @@ ], "license_file": "LICENSE" }, + "candid_parser 0.2.4": { + "name": "candid_parser", + "version": "0.2.4", + "package_url": "https://github.com/dfinity/candid", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/candid_parser/0.2.4/download", + "sha256": "75daa0ef508c92f38dd0eaaaae7d13f317b68ab73c875068257348574a6bcce2" + } + }, + "targets": [ + { + "Library": { + "crate_name": "candid_parser", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + }, + { + "BuildScript": { + "crate_name": "build_script_build", + "crate_root": "build.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "candid_parser", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "deps": { + "common": [ + { + "id": "anyhow 1.0.100", + "target": "anyhow" + }, + { + "id": "candid 0.10.22", + "target": "candid" + }, + { + "id": "candid_parser 0.2.4", + "target": "build_script_build" + }, + { + "id": "codespan-reporting 0.11.1", + "target": "codespan_reporting" + }, + { + "id": "convert_case 0.6.0", + "target": "convert_case" + }, + { + "id": "handlebars 6.4.0", + "target": "handlebars" + }, + { + "id": "hex 0.4.3", + "target": "hex" + }, + { + "id": "lalrpop-util 0.20.0", + "target": "lalrpop_util" + }, + { + "id": "logos 0.14.4", + "target": "logos" + }, + { + "id": "num-bigint 0.4.6", + "target": "num_bigint" + }, + { + "id": "pretty 0.12.1", + "target": "pretty" + }, + { + "id": "serde 1.0.228", + "target": "serde" + }, + { + "id": "thiserror 1.0.68", + "target": "thiserror" + }, + { + "id": "toml 0.8.19", + "target": "toml" + } + ], + "selects": {} + }, + "edition": "2021", + "version": "0.2.4" + }, + "build_script_attrs": { + "compile_data_glob": [ + "**" + ], + "compile_data_glob_excludes": [ + "**/*.rs" + ], + "data_glob": [ + "**" + ], + "deps": { + "common": [ + { + "id": "lalrpop 0.20.0", + "target": "lalrpop" + } + ], + "selects": {} + } + }, + "license": "Apache-2.0", + "license_ids": [ + "Apache-2.0" + ], + "license_file": "LICENSE" + }, "canlog 0.2.0": { "name": "canlog", "version": "0.2.0", @@ -20772,6 +20903,185 @@ ], "license_file": "LICENSE-APACHE" }, + "derive_builder 0.20.2": { + "name": "derive_builder", + "version": "0.20.2", + "package_url": "https://github.com/colin-kiegel/rust-derive-builder", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/derive_builder/0.20.2/download", + "sha256": "507dfb09ea8b7fa618fcf76e953f4f5e192547945816d5358edffe39f6f94947" + } + }, + "targets": [ + { + "Library": { + "crate_name": "derive_builder", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "derive_builder", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "crate_features": { + "common": [ + "default", + "std" + ], + "selects": {} + }, + "edition": "2018", + "proc_macro_deps": { + "common": [ + { + "id": "derive_builder_macro 0.20.2", + "target": "derive_builder_macro" + } + ], + "selects": {} + }, + "version": "0.20.2" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": "LICENSE-APACHE" + }, + "derive_builder_core 0.20.2": { + "name": "derive_builder_core", + "version": "0.20.2", + "package_url": "https://github.com/colin-kiegel/rust-derive-builder", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/derive_builder_core/0.20.2/download", + "sha256": "2d5bcf7b024d6835cfb3d473887cd966994907effbe9227e8c8219824d06c4e8" + } + }, + "targets": [ + { + "Library": { + "crate_name": "derive_builder_core", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "derive_builder_core", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "crate_features": { + "common": [ + "lib_has_std" + ], + "selects": {} + }, + "deps": { + "common": [ + { + "id": "darling 0.20.11", + "target": "darling" + }, + { + "id": "proc-macro2 1.0.103", + "target": "proc_macro2" + }, + { + "id": "quote 1.0.42", + "target": "quote" + }, + { + "id": "syn 2.0.110", + "target": "syn" + } + ], + "selects": {} + }, + "edition": "2018", + "version": "0.20.2" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": "LICENSE-APACHE" + }, + "derive_builder_macro 0.20.2": { + "name": "derive_builder_macro", + "version": "0.20.2", + "package_url": "https://github.com/colin-kiegel/rust-derive-builder", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/derive_builder_macro/0.20.2/download", + "sha256": "ab63b0e2bf4d5928aff72e83a7dace85d7bba5fe12dcc3c5a572d78caffd3f3c" + } + }, + "targets": [ + { + "ProcMacro": { + "crate_name": "derive_builder_macro", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "derive_builder_macro", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "crate_features": { + "common": [ + "lib_has_std" + ], + "selects": {} + }, + "deps": { + "common": [ + { + "id": "derive_builder_core 0.20.2", + "target": "derive_builder_core" + }, + { + "id": "syn 2.0.110", + "target": "syn" + } + ], + "selects": {} + }, + "edition": "2018", + "version": "0.20.2" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": "LICENSE-APACHE" + }, "derive_more 0.99.17": { "name": "derive_more", "version": "0.99.17", @@ -30303,7 +30613,13 @@ "custom", "std" ], - "selects": {} + "selects": { + "wasm32-unknown-unknown": [ + "js", + "js-sys", + "wasm-bindgen" + ] + } }, "deps": { "common": [ @@ -30324,6 +30640,16 @@ "id": "libc 0.2.177", "target": "libc" } + ], + "wasm32-unknown-unknown": [ + { + "id": "js-sys 0.3.77", + "target": "js_sys" + }, + { + "id": "wasm-bindgen 0.2.100", + "target": "wasm_bindgen" + } ] } }, @@ -31672,6 +31998,92 @@ ], "license_file": "LICENSE" }, + "handlebars 6.4.0": { + "name": "handlebars", + "version": "6.4.0", + "package_url": "https://github.com/sunng87/handlebars-rust", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/handlebars/6.4.0/download", + "sha256": "9b3f9296c208515b87bd915a2f5d1163d4b3f863ba83337d7713cf478055948e" + } + }, + "targets": [ + { + "Library": { + "crate_name": "handlebars", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "handlebars", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "crate_features": { + "common": [ + "default" + ], + "selects": {} + }, + "deps": { + "common": [ + { + "id": "derive_builder 0.20.2", + "target": "derive_builder" + }, + { + "id": "log 0.4.28", + "target": "log" + }, + { + "id": "num-order 1.2.0", + "target": "num_order" + }, + { + "id": "pest 2.7.1", + "target": "pest" + }, + { + "id": "serde 1.0.228", + "target": "serde" + }, + { + "id": "serde_json 1.0.145", + "target": "serde_json" + }, + { + "id": "thiserror 2.0.18", + "target": "thiserror" + } + ], + "selects": {} + }, + "edition": "2021", + "proc_macro_deps": { + "common": [ + { + "id": "pest_derive 2.7.1", + "target": "pest_derive" + } + ], + "selects": {} + }, + "version": "6.4.0" + }, + "license": "MIT", + "license_ids": [ + "MIT" + ], + "license_file": "LICENSE" + }, "hardware-address 0.2.0": { "name": "hardware-address", "version": "0.2.0", @@ -39105,6 +39517,7 @@ ], "crate_features": { "common": [ + "check-endpoints", "exe" ], "selects": {} @@ -39119,6 +39532,10 @@ "id": "candid 0.10.22", "target": "candid" }, + { + "id": "candid_parser 0.2.4", + "target": "candid_parser" + }, { "id": "clap 4.5.53", "target": "clap" @@ -39127,6 +39544,10 @@ "id": "libflate 2.1.0", "target": "libflate" }, + { + "id": "parse-display 0.10.0", + "target": "parse_display" + }, { "id": "rustc-demangle 0.1.26", "target": "rustc_demangle" @@ -39135,6 +39556,10 @@ "id": "serde 1.0.228", "target": "serde" }, + { + "id": "serde_json 1.0.145", + "target": "serde_json" + }, { "id": "thiserror 1.0.68", "target": "thiserror" @@ -47297,6 +47722,63 @@ ], "license_file": null }, + "logos 0.14.4": { + "name": "logos", + "version": "0.14.4", + "package_url": "https://github.com/maciejhirsz/logos", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/logos/0.14.4/download", + "sha256": "7251356ef8cb7aec833ddf598c6cb24d17b689d20b993f9d11a3d764e34e6458" + } + }, + "targets": [ + { + "Library": { + "crate_name": "logos", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "logos", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "crate_features": { + "common": [ + "default", + "export_derive", + "logos-derive", + "std" + ], + "selects": {} + }, + "edition": "2021", + "proc_macro_deps": { + "common": [ + { + "id": "logos-derive 0.14.4", + "target": "logos_derive" + } + ], + "selects": {} + }, + "version": "0.14.4" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": "LICENSE-APACHE" + }, "logos-codegen 0.13.0": { "name": "logos-codegen", "version": "0.13.0", @@ -47365,6 +47847,78 @@ ], "license_file": null }, + "logos-codegen 0.14.4": { + "name": "logos-codegen", + "version": "0.14.4", + "package_url": "https://github.com/maciejhirsz/logos", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/logos-codegen/0.14.4/download", + "sha256": "59f80069600c0d66734f5ff52cc42f2dabd6b29d205f333d61fd7832e9e9963f" + } + }, + "targets": [ + { + "Library": { + "crate_name": "logos_codegen", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "logos_codegen", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "deps": { + "common": [ + { + "id": "beef 0.5.2", + "target": "beef" + }, + { + "id": "fnv 1.0.7", + "target": "fnv" + }, + { + "id": "lazy_static 1.5.0", + "target": "lazy_static" + }, + { + "id": "proc-macro2 1.0.103", + "target": "proc_macro2" + }, + { + "id": "quote 1.0.42", + "target": "quote" + }, + { + "id": "regex-syntax 0.8.5", + "target": "regex_syntax" + }, + { + "id": "syn 2.0.110", + "target": "syn" + } + ], + "selects": {} + }, + "edition": "2021", + "version": "0.14.4" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": "LICENSE-APACHE" + }, "logos-derive 0.12.1": { "name": "logos-derive", "version": "0.12.1", @@ -47481,6 +48035,54 @@ ], "license_file": null }, + "logos-derive 0.14.4": { + "name": "logos-derive", + "version": "0.14.4", + "package_url": "https://github.com/maciejhirsz/logos", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/logos-derive/0.14.4/download", + "sha256": "24fb722b06a9dc12adb0963ed585f19fc61dc5413e6a9be9422ef92c091e731d" + } + }, + "targets": [ + { + "ProcMacro": { + "crate_name": "logos_derive", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "logos_derive", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "deps": { + "common": [ + { + "id": "logos-codegen 0.14.4", + "target": "logos_codegen" + } + ], + "selects": {} + }, + "edition": "2021", + "version": "0.14.4" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": "LICENSE-APACHE" + }, "loopdev-3 0.5.1": { "name": "loopdev-3", "version": "0.5.1", @@ -52516,6 +53118,97 @@ ], "license_file": "LICENSE-APACHE" }, + "num-modular 0.6.1": { + "name": "num-modular", + "version": "0.6.1", + "package_url": "https://github.com/cmpute/num-modular", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/num-modular/0.6.1/download", + "sha256": "17bb261bf36fa7d83f4c294f834e91256769097b3cb505d44831e0a179ac647f" + } + }, + "targets": [ + { + "Library": { + "crate_name": "num_modular", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "num_modular", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "edition": "2018", + "version": "0.6.1" + }, + "license": "Apache-2.0", + "license_ids": [ + "Apache-2.0" + ], + "license_file": "LICENSE" + }, + "num-order 1.2.0": { + "name": "num-order", + "version": "1.2.0", + "package_url": "https://github.com/cmpute/num-order", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/num-order/1.2.0/download", + "sha256": "537b596b97c40fcf8056d153049eb22f481c17ebce72a513ec9286e4986d1bb6" + } + }, + "targets": [ + { + "Library": { + "crate_name": "num_order", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "num_order", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "crate_features": { + "common": [ + "default" + ], + "selects": {} + }, + "deps": { + "common": [ + { + "id": "num-modular 0.6.1", + "target": "num_modular" + } + ], + "selects": {} + }, + "edition": "2018", + "version": "1.2.0" + }, + "license": "Apache-2.0", + "license_ids": [ + "Apache-2.0" + ], + "license_file": "LICENSE" + }, "num-rational 0.4.2": { "name": "num-rational", "version": "0.4.2", @@ -56172,6 +56865,144 @@ ], "license_file": "LICENSE-APACHE" }, + "parse-display 0.10.0": { + "name": "parse-display", + "version": "0.10.0", + "package_url": "https://github.com/frozenlib/parse-display", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/parse-display/0.10.0/download", + "sha256": "287d8d3ebdce117b8539f59411e4ed9ec226e0a4153c7f55495c6070d68e6f72" + } + }, + "targets": [ + { + "Library": { + "crate_name": "parse_display", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "parse_display", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "crate_features": { + "common": [ + "default", + "regex", + "regex-syntax", + "std" + ], + "selects": {} + }, + "deps": { + "common": [ + { + "id": "regex 1.12.2", + "target": "regex" + }, + { + "id": "regex-syntax 0.8.5", + "target": "regex_syntax" + } + ], + "selects": {} + }, + "edition": "2021", + "proc_macro_deps": { + "common": [ + { + "id": "parse-display-derive 0.10.0", + "target": "parse_display_derive" + } + ], + "selects": {} + }, + "version": "0.10.0" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": null + }, + "parse-display-derive 0.10.0": { + "name": "parse-display-derive", + "version": "0.10.0", + "package_url": "https://github.com/frozenlib/parse-display", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/parse-display-derive/0.10.0/download", + "sha256": "7fc048687be30d79502dea2f623d052f3a074012c6eac41726b7ab17213616b1" + } + }, + "targets": [ + { + "ProcMacro": { + "crate_name": "parse_display_derive", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "parse_display_derive", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "deps": { + "common": [ + { + "id": "proc-macro2 1.0.103", + "target": "proc_macro2" + }, + { + "id": "quote 1.0.42", + "target": "quote" + }, + { + "id": "regex 1.12.2", + "target": "regex" + }, + { + "id": "regex-syntax 0.8.5", + "target": "regex_syntax" + }, + { + "id": "structmeta 0.3.0", + "target": "structmeta" + }, + { + "id": "syn 2.0.110", + "target": "syn" + } + ], + "selects": {} + }, + "edition": "2021", + "version": "0.10.0" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": null + }, "parse-size 1.1.0": { "name": "parse-size", "version": "1.1.0", @@ -74194,6 +75025,60 @@ ], "license_file": "LICENSE-APACHE" }, + "serde_spanned 0.6.9": { + "name": "serde_spanned", + "version": "0.6.9", + "package_url": "https://github.com/toml-rs/toml", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/serde_spanned/0.6.9/download", + "sha256": "bf41e0cfaf7226dca15e8197172c295a782857fcb97fad1808a166870dee75a3" + } + }, + "targets": [ + { + "Library": { + "crate_name": "serde_spanned", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "serde_spanned", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "crate_features": { + "common": [ + "serde" + ], + "selects": {} + }, + "deps": { + "common": [ + { + "id": "serde 1.0.228", + "target": "serde" + } + ], + "selects": {} + }, + "edition": "2021", + "version": "0.6.9" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": "LICENSE-APACHE" + }, "serde_urlencoded 0.7.1": { "name": "serde_urlencoded", "version": "0.7.1", @@ -78695,6 +79580,71 @@ ], "license_file": null }, + "structmeta 0.3.0": { + "name": "structmeta", + "version": "0.3.0", + "package_url": "https://github.com/frozenlib/structmeta", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/structmeta/0.3.0/download", + "sha256": "2e1575d8d40908d70f6fd05537266b90ae71b15dbbe7a8b7dffa2b759306d329" + } + }, + "targets": [ + { + "Library": { + "crate_name": "structmeta", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "structmeta", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "deps": { + "common": [ + { + "id": "proc-macro2 1.0.103", + "target": "proc_macro2" + }, + { + "id": "quote 1.0.42", + "target": "quote" + }, + { + "id": "syn 2.0.110", + "target": "syn" + } + ], + "selects": {} + }, + "edition": "2021", + "proc_macro_deps": { + "common": [ + { + "id": "structmeta-derive 0.3.0", + "target": "structmeta_derive" + } + ], + "selects": {} + }, + "version": "0.3.0" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": null + }, "structmeta-derive 0.2.0": { "name": "structmeta-derive", "version": "0.2.0", @@ -78751,6 +79701,62 @@ ], "license_file": null }, + "structmeta-derive 0.3.0": { + "name": "structmeta-derive", + "version": "0.3.0", + "package_url": "https://github.com/frozenlib/structmeta", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/structmeta-derive/0.3.0/download", + "sha256": "152a0b65a590ff6c3da95cabe2353ee04e6167c896b28e3b14478c2636c922fc" + } + }, + "targets": [ + { + "ProcMacro": { + "crate_name": "structmeta_derive", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "structmeta_derive", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "deps": { + "common": [ + { + "id": "proc-macro2 1.0.103", + "target": "proc_macro2" + }, + { + "id": "quote 1.0.42", + "target": "quote" + }, + { + "id": "syn 2.0.110", + "target": "syn" + } + ], + "selects": {} + }, + "edition": "2021", + "version": "0.3.0" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": null + }, "strum 0.25.0": { "name": "strum", "version": "0.25.0", @@ -84247,6 +85253,72 @@ ], "license_file": "LICENSE-APACHE" }, + "toml 0.8.19": { + "name": "toml", + "version": "0.8.19", + "package_url": "https://github.com/toml-rs/toml", + "repository": { + "Http": { + "url": "https://static.crates.io/crates/toml/0.8.19/download", + "sha256": "a1ed1f98e3fdc28d6d910e6737ae6ab1a93bf1985935a1193e68f93eeb68d24e" + } + }, + "targets": [ + { + "Library": { + "crate_name": "toml", + "crate_root": "src/lib.rs", + "srcs": { + "allow_empty": true, + "include": [ + "**/*.rs" + ] + } + } + } + ], + "library_target_name": "toml", + "common_attrs": { + "compile_data_glob": [ + "**" + ], + "crate_features": { + "common": [ + "parse" + ], + "selects": {} + }, + "deps": { + "common": [ + { + "id": "serde 1.0.228", + "target": "serde" + }, + { + "id": "serde_spanned 0.6.9", + "target": "serde_spanned" + }, + { + "id": "toml_datetime 0.6.8", + "target": "toml_datetime" + }, + { + "id": "toml_edit 0.22.20", + "target": "toml_edit" + } + ], + "selects": {} + }, + "edition": "2021", + "version": "0.8.19" + }, + "license": "MIT OR Apache-2.0", + "license_ids": [ + "Apache-2.0", + "MIT" + ], + "license_file": "LICENSE-APACHE" + }, "toml_datetime 0.6.8": { "name": "toml_datetime", "version": "0.6.8", @@ -84276,6 +85348,21 @@ "compile_data_glob": [ "**" ], + "crate_features": { + "common": [ + "serde" + ], + "selects": {} + }, + "deps": { + "common": [ + { + "id": "serde 1.0.228", + "target": "serde" + } + ], + "selects": {} + }, "edition": "2021", "version": "0.6.8" }, @@ -84379,11 +85466,27 @@ ], "crate_features": { "common": [ - "default", - "display", - "parse" + "parse", + "serde" ], - "selects": {} + "selects": { + "aarch64-apple-darwin": [ + "default", + "display" + ], + "aarch64-unknown-linux-gnu": [ + "default", + "display" + ], + "x86_64-apple-darwin": [ + "default", + "display" + ], + "x86_64-unknown-linux-gnu": [ + "default", + "display" + ] + } }, "deps": { "common": [ @@ -84391,6 +85494,14 @@ "id": "indexmap 2.14.0", "target": "indexmap" }, + { + "id": "serde 1.0.228", + "target": "serde" + }, + { + "id": "serde_spanned 0.6.9", + "target": "serde_spanned" + }, { "id": "toml_datetime 0.6.8", "target": "toml_datetime" diff --git a/Cargo.Bazel.toml.lock b/Cargo.Bazel.toml.lock index 311b001b9407..6b4a28a94388 100644 --- a/Cargo.Bazel.toml.lock +++ b/Cargo.Bazel.toml.lock @@ -5270,8 +5270,10 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "be4136b2a15dd319360be1c07d9933517ccf0be8f16bf62a3bee4f0d618df427" dependencies = [ "cfg-if 1.0.0", + "js-sys", "libc", "wasi 0.11.0+wasi-snapshot-preview1", + "wasm-bindgen", ] [[package]] From d224f873c85dfb3116d096deb16f6cbe8153d8c6 Mon Sep 17 00:00:00 2001 From: gregorydemay Date: Tue, 12 May 2026 13:18:27 +0200 Subject: [PATCH 15/15] fix(deps): strip wasm-bindgen from getrandom 0.2.10 lock entries After merging master and CI's autofix repinning, getrandom 0.2.10 re-acquired its wasm32-unknown-unknown `js`/`js-sys`/`wasm-bindgen` features and deps. This is the same regression #10174 fixed on master and breaks the universal canister wasm build with `__wbindgen_describe` import errors. Reapply the manual revert on both lock files (the bazel/quinn-proto.patch + crate.annotation do not take effect at repin time, only at build time). Verified locally: `bazel build //rs/universal_canister/impl:universal_canister_serialized_module` succeeds. Co-Authored-By: Claude Opus 4.7 (1M context) --- Cargo.Bazel.json.lock | 20 ++------------------ Cargo.Bazel.toml.lock | 2 -- 2 files changed, 2 insertions(+), 20 deletions(-) diff --git a/Cargo.Bazel.json.lock b/Cargo.Bazel.json.lock index 6bb3d467c495..9d2d97cf7b49 100644 --- a/Cargo.Bazel.json.lock +++ b/Cargo.Bazel.json.lock @@ -1,5 +1,5 @@ { - "checksum": "359e577a8484fa49abe7ba9265d86c694dc344f29a2978135506b1d0d5326218", + "checksum": "4f1cf82ac666a0611364bfaf3791321b4dc45dc198cd0822d093d6e09d5d9895", "crates": { "abnf 0.12.0": { "name": "abnf", @@ -30613,13 +30613,7 @@ "custom", "std" ], - "selects": { - "wasm32-unknown-unknown": [ - "js", - "js-sys", - "wasm-bindgen" - ] - } + "selects": {} }, "deps": { "common": [ @@ -30640,16 +30634,6 @@ "id": "libc 0.2.177", "target": "libc" } - ], - "wasm32-unknown-unknown": [ - { - "id": "js-sys 0.3.77", - "target": "js_sys" - }, - { - "id": "wasm-bindgen 0.2.100", - "target": "wasm_bindgen" - } ] } }, diff --git a/Cargo.Bazel.toml.lock b/Cargo.Bazel.toml.lock index 6b4a28a94388..311b001b9407 100644 --- a/Cargo.Bazel.toml.lock +++ b/Cargo.Bazel.toml.lock @@ -5270,10 +5270,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "be4136b2a15dd319360be1c07d9933517ccf0be8f16bf62a3bee4f0d618df427" dependencies = [ "cfg-if 1.0.0", - "js-sys", "libc", "wasi 0.11.0+wasi-snapshot-preview1", - "wasm-bindgen", ] [[package]]