feat: Added a command to check the contract for compliance with the code from which it was derived #480
Conversation
|
Imo it should also download sources and point user to them, if the verification was a MATCH. As in not just saying but as in It's the same function as nearblocks, which provides verification status AND the sources in case of a match, without the sources there's no useful info. But this time it's nearblocks in CLI. |
Cargo.toml
Outdated
| near-workspaces = "0.19.0" | ||
| near-verify-rs = "0.3.0" | ||
| camino = "1.1.1" | ||
| git2 = "0.19" | ||
| tempfile = "3.10.1" |
There was a problem hiding this comment.
all of the new deps have to be feature-gated with e.g. verify_contract feature, so that cargo-near can pull in near-cli as a dependency without this new feature, in order to not have e.g. potentially 2 versions of near-verify-rs in its dependency tree.
strictly speaking, cargo-near depends only on deploy_contract + create_dev_account feature of near-cli (doesn't exist), but that's definetely not a top priority to try to structure dependencies so, that only things needed for deploy_contract & create_dev_account are imported by cargo-near
src/commands/contract/verify/mod.rs
Outdated
| let target_dir = camino::Utf8PathBuf::from_path_buf(target_dir) | ||
| .map_err(|err| color_eyre::eyre::eyre!("convert path buf {:?}", err))?; | ||
|
|
||
| contract_source_metadata.validate(None)?; |
There was a problem hiding this comment.
This has to use trusted images whitelist. See examples in near_verify_rs repo (at least sourcescan/cargo-near). This is also important in context of server-side verification, where arbitrary images cannot be trusted by default.
There was a problem hiding this comment.
Empty whitelist can be under a #[interactive_clap(long, skip_interactive_input)] no_image_whitelist: bool flag (imo)
there is such an option: |
|
@FroVolod Thank you for your contribution! Your pull request is now a part of the Race of Sloths! Current status: executed
Your contribution is much appreciated with a final score of 8! @frol received 25 Sloth Points for reviewing and scoring this pull request. Congratulations @FroVolod! Your PR was highly scored and you completed another monthly streak! To keep your monthly streak make another pull request next month and get 8+ score for it What is the Race of SlothsRace of Sloths is a friendly competition where you can participate in challenges and compete with other open-source contributors within your normal workflow For contributors:
For maintainers:
Feel free to check our website for additional details! Bot commands
|
## 🤖 New release
* `near-cli-rs`: 0.20.0 -> 0.21.0 (⚠ API breaking changes)
### ⚠ `near-cli-rs` breaking changes
```text
--- failure enum_no_repr_variant_discriminant_changed: enum variant had its discriminant change value ---
Description:
The enum's variant had its discriminant value change. This breaks downstream code that used its value via a numeric cast like `as isize`.
ref: https://doc.rust-lang.org/reference/items/enumerations.html#assigning-discriminant-values
impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.41.0/src/lints/enum_no_repr_variant_discriminant_changed.ron
Failed in:
variant ContractActionsDiscriminants::DownloadAbi 4 -> 5 in /tmp/.tmpHq8aq0/near-cli-rs/src/commands/contract/mod.rs:61
variant ContractActionsDiscriminants::DownloadWasm 5 -> 6 in /tmp/.tmpHq8aq0/near-cli-rs/src/commands/contract/mod.rs:64
variant ContractActionsDiscriminants::ViewStorage 6 -> 7 in /tmp/.tmpHq8aq0/near-cli-rs/src/commands/contract/mod.rs:67
variant ContractActionsDiscriminants::DownloadAbi 4 -> 5 in /tmp/.tmpHq8aq0/near-cli-rs/src/commands/contract/mod.rs:61
variant ContractActionsDiscriminants::DownloadWasm 5 -> 6 in /tmp/.tmpHq8aq0/near-cli-rs/src/commands/contract/mod.rs:64
variant ContractActionsDiscriminants::ViewStorage 6 -> 7 in /tmp/.tmpHq8aq0/near-cli-rs/src/commands/contract/mod.rs:67
--- failure enum_variant_added: enum variant added on exhaustive enum ---
Description:
A publicly-visible enum without #[non_exhaustive] has a new variant.
ref: https://doc.rust-lang.org/cargo/reference/semver.html#enum-variant-new
impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.41.0/src/lints/enum_variant_added.ron
Failed in:
variant SignWithDiscriminants:SubmitAsDaoProposal in /tmp/.tmpHq8aq0/near-cli-rs/src/transaction_signature_options/mod.rs:64
variant SignWithDiscriminants:SubmitAsDaoProposal in /tmp/.tmpHq8aq0/near-cli-rs/src/transaction_signature_options/mod.rs:64
variant CliContractActions:Verify in /tmp/.tmpHq8aq0/near-cli-rs/src/commands/contract/mod.rs:26
variant CliSignWith:SubmitAsDaoProposal in /tmp/.tmpHq8aq0/near-cli-rs/src/transaction_signature_options/mod.rs:19
variant SignWith:SubmitAsDaoProposal in /tmp/.tmpHq8aq0/near-cli-rs/src/transaction_signature_options/mod.rs:64
variant ContractActionsDiscriminants:Verify in /tmp/.tmpHq8aq0/near-cli-rs/src/commands/contract/mod.rs:58
variant ContractActionsDiscriminants:Verify in /tmp/.tmpHq8aq0/near-cli-rs/src/commands/contract/mod.rs:58
--- failure trait_newly_sealed: pub trait became sealed ---
Description:
A publicly-visible trait became sealed, so downstream crates are no longer able to implement it
ref: https://rust-lang.github.io/api-guidelines/future-proofing.html#sealed-traits-protect-against-downstream-implementations-c-sealed
impl: https://github.com/obi1kenobi/cargo-semver-checks/tree/v0.41.0/src/lints/trait_newly_sealed.ron
Failed in:
trait near_cli_rs::common::JsonRpcClientExt in file /tmp/.tmpHq8aq0/near-cli-rs/src/common.rs:2342
```
<details><summary><i><b>Changelog</b></i></summary><p>
<blockquote>
##
[0.21.0](v0.20.0...v0.21.0)
- 2025-07-08
### Added
- Improved support for importing implicit accounts
([#498](#498))
- Added a command to confirm locally that the deployed contract matches
the source code it was built from
([#480](#480))
- Add support for submitting general DAO proposals
([#492](#492))
### Fixed
- Fixed typos in the default CLI config
([#501](#501))
- Fixed error RpcError: [missing field disable_9393_fix]
([#502](#502))
- use re-rexported version of `indicatif` module, needed for
`tracing-indicatif`
([#503](#503))
- `clippy::result_large_err` warning
([#488](#488))
### Other
- Added `verify_contract`/`inspect_contract` feauture gates
([#504](#504))
- Pinned binary releases to use ubuntu-22.04
([#506](#506))
- Fixed linting errors - non-inlined formatting syntax
([#499](#499))
- fix some typos ([#494](#494))
- simplified action struct
([#493](#493))
- added more RPCs (FAST NEAR and Lava) to the default config generation
([#491](#491))
- introduced `BoxedJsonRpcResult` type
([#490](#490))
- fixed shell configuration for command history
([#487](#487))
</blockquote>
</p></details>
---
This PR was generated with
[release-plz](https://github.com/release-plz/release-plz/).
deployed-vs-docker.mov
wasm-vs-docker.mov