[Feature Request] Remove patch for Merlin (Patched Merlin dependency needed for Rust SDK users)

[gregnazario]

🚀 Feature Request

Push upstream patch for Merlin, so users of the Rust SDK don't have to patch it locally.

DO NOT CLOSE

Details

Anyone who has this error, will need to apply the patches for Merlin:

error[E0597]: `dst` does not live long enough
   --> /aptos/aptos-core/aptos-move/framework/src/natives/cryptography/bulletproofs.rs:195:41
    |
174 |     dst: Vec<u8>,
    |     --- binding `dst` declared here
...
195 |     let mut ver_trans = Transcript::new(dst.as_slice());
    |                         ----------------^^^^-
    |                         |               |
    |                         |               borrowed value does not live long enough
    |                         argument requires that `dst` is borrowed for `'static`
...
208 | }
    | - `dst` dropped here while still borrowed

They can add the patch for the aptos-sdk by adding to their Cargo.toml, which removes the error:

[patch.crates-io]
merlin = { git = "https://github.com/aptos-labs/merlin" }

Rust doesn't let you apply a patch globally, so every user has to apply the patch. The maintainers of Merlin have been unresponsive on Github, Twitter. The patch is already ready here: zkcrypto/merlin#6, but we have to maintain our own patch. @alinush had a previous conversation about it, and we should be able to get it in, but we're blocked on that.

Documentation added here: #9324

Blocked on: zkcrypto/merlin#6

Additional user details here: #9377

[gregnazario]

Fix is here, but author is unresponsive zkcrypto/merlin#6

[gregnazario]

I've got access to Bluesky now, which both contributors to the Merlin repository seem to use. So, I'm reaching out to them again about it.

[gregnazario]

Pinged both contributors on Bluesky again. Waiting on a response still.

[Tranduy1dol]

can anyone write a more detail to fix this, i applied [patch.crates-io] merlin = { git = "https://github.com/aptos-labs/merlin" } but it still error.