Bump zcash_proofs to 0.8.0

[upbqdn]

Version 0.8.0 of zcash_proofs contains a fix to #5091, so we should start using that version before the next release.

This should also fix:

• Remove duplicated zcash_proofs #3831
• part of Restore Rust stable and beta in CI #5091

[teor2345]

I added #3831 to this ticket.

[mpguerra]

Hey team! Please add your planning poker estimate with Zenhub @arya2 @conradoplg @dconnolly @oxarbitrage @teor2345 @upbqdn

[upbqdn]

When I set the version of zcash_proofs to 0.8.0 in zebra/zebra-consensus/Cargo.toml, I get this error output:

error: failed to select a version for `zeroize`.
    ... required by package `chacha20poly1305 v0.10.0`
    ... which satisfies dependency `chacha20poly1305 = "^0.10"` of package `zcash_primitives v0.8.1`
    ... which satisfies dependency `zcash_primitives = "^0.8"` of package `zcash_proofs v0.8.0`
    ... which satisfies dependency `zcash_proofs = "^0.8.0"` of package `zebra-consensus v1.0.0-beta.16 (/home/m/zcash/zebra/zebra-consensus)`
    ... which satisfies path dependency `zebra-consensus` (locked to 1.0.0-beta.16) of package `tower-batch v0.2.31 (/home/m/zcash/zebra/tower-batch)`
versions that meet the requirements `^1.5` are: 1.5.7, 1.5.6, 1.5.5, 1.5.4, 1.5.3

all possible versions conflict with previously selected packages.

  previously selected package `zeroize v1.3.0`
    ... which satisfies dependency `zeroize = "=1.3"` of package `x25519-dalek v1.2.0`
    ... which satisfies dependency `x25519-dalek = "^1.2.0"` of package `tor-llcrypto v0.0.2`
    ... which satisfies dependency `tor-llcrypto = "^0.0.2"` of package `tor-bytes v0.0.2`
    ... which satisfies dependency `tor-bytes = "^0.0.2"` of package `tor-cell v0.0.2`
    ... which satisfies dependency `tor-cell = "^0.0.2"` of package `tor-proto v0.0.2`
    ... which satisfies dependency `tor-proto = "^0.0.2"` of package `arti-client v0.0.2`
    ... which satisfies dependency `arti-client = "^0.0.2"` of package `zebra-network v1.0.0-beta.16 (/home/m/zcash/zebra/zebra-network)`
    ... which satisfies path dependency `zebra-network` (locked to 1.0.0-beta.16) of package `zebra-rpc v1.0.0-beta.16 (/home/m/zcash/zebra/zebra-rpc)`
    ... which satisfies path dependency `zebra-rpc` (locked to 1.0.0-beta.16) of package `zebrad v1.0.0-rc.0 (/home/m/zcash/zebra/zebrad)`

failed to select a version for `zeroize` which could resolve this conflict

I haven't found a workaround yet.

[conradoplg]

I was confused by this since Rust allows linking to multiple versions of the same library, but...

Cargo allows multiple major versions of a crate, but all selected versions of a crate must be semver-incompatible (e.g. can't have 1.3.0 and 1.4.0 as they're semver compatible).

So on a first look I think the only option is either forking x25519-dalek to update the dependency, or submitting a PR for it and waiting for a new release 😬

[teor2345]

So on a first look I think the only option is either forking x25519-dalek to update the dependency, or submitting a PR for it and waiting for a new release 😬

Can we fork x25519-dalek to ZcashFoundation, upgrade zeroize, then patch the dependency to our fork?
(That way, the x25519-dalek PR and x25519-dalek release won't block our release.)

This is happening in the tor code, so another alternative is to disable that code using #[cfg(tor)] (instead of #[cfg(feature = tor)]), so it isn't activated when we use --all-features.