Conversation
| if ! slither --version > /dev/null 2>&1 | ||
| then | ||
| echo "slither is not available, installing it now.." | ||
| pip3 install slither-analyzer --user |
There was a problem hiding this comment.
It would be cool to have slither updated if it's out of date. PATH may also need to be adjusted to account for slither installed with --user.
Maybe we should use a (fresh?) venv instead and just link slither{,-*} and crytic-compile to the directory we then add to the PATH for echidna?
install.sh
Outdated
| BIN_PATH="$ECHIDNA_BIN_DIR/echidna" | ||
|
|
||
| if [[ "$(uname)" == "Darwin" ]] | ||
| then arch="MacOS" |
There was a problem hiding this comment.
we should differentiate ARM vs x86 builds, maybe by inspecting uname -m. Otherwise M1 users will get slow fuzzing performance.
There was a problem hiding this comment.
Is there a separate release for ARM vs x86 macs? Under release assets I only see MacOS vs Ubuntu vs Windows
There was a problem hiding this comment.
@bohendo yeah, there's MacOS-aarch64 files, with a different structure inside the tarball, e.g see https://github.com/crytic/echidna/releases/tag/v2.1.0
These are manually built (with the nix bundle target in the readme), compressed and uploaded; it seems the latest release is missing them. We used to have a more comprehensive build process that generated a ready to upload archive and fixed TERMINFO on the resulting binaries (the current process has this bug again), maybe we can bring that back to aid releases going forward?
install.sh
Outdated
| fi | ||
|
|
||
| TARBALL_URL="https://github.com/crytic/echidna/releases/download/v$version/echidna-$version-$arch.tar.gz" | ||
| DIGEST_URL="https://github.com/crytic/echidna/releases/download/v$version/echidna-$version-$arch.tar.gz.sha256" |
There was a problem hiding this comment.
Our digests are not signed, so someone tampering with the releases may also modify the digest. Is this meant only as an integrity check? Otherwise hardcoding the hashes next to the version in the script may provide a bit more of certainty (unless someone tampers with the script as well)
There was a problem hiding this comment.
Just integrity, hardcoding the hashes seems like a better path forward 👍
|
I think we should address @elopez concerns and then merge. |
| set -e | ||
|
|
||
| version="2.2.0" | ||
| slither_version="0.9.3" |
There was a problem hiding this comment.
| slither_version="0.9.3" | |
| slither_version="0.9.6" |
|
bohendo seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
5 participants
resolves #811
This script will:
$HOME/.echidna/bin/echidnaThis has been tested manually on MacOS.
TODO:
$HOME/.echidnais well suited to supporting this feature)