apollo_infra_utils,apollo_compile_to_native: add compiler version text files

[avi-starkware]

Create plain text files containing compiler binary versions as the single
source of truth. Rust constants now use include_str!().trim_ascii_end()
to read from these files. Shell scripts and Dockerfiles will read them
with cat in a follow-up.

Co-Authored-By: Claude Opus 4.6 (1M context) noreply@anthropic.com

---

Note

Low Risk
Low risk: only changes how version constants are sourced (from embedded text files) without altering compiler selection logic or runtime behavior beyond build-time string loading.

Overview
Centralizes Cairo compiler version pins by moving the hardcoded Rust string constants into plain .txt files and embedding them via include_str!(...).trim_ascii_end().

This makes REQUIRED_CAIRO_NATIVE_VERSION and CAIRO1_COMPILER_VERSION derive from file contents, enabling other tooling (e.g., scripts/Dockerfiles) to reuse the same version source going forward.

^{Reviewed by Cursor Bugbot for commit 6562e53. Bugbot is set up for automated code reviews on this repo. Configure here.}

[reviewable-StarkWare]

This change is 

[avi-starkware]

• apollo_compilation_utils: remove dead install_compiler_binary and legacy paths #13676
• apollo_compile_to_casm,apollo_compile_to_native: switch to script-based compiler installation #13675
• ci,scripts: install LLVM before cargo tools #13674
• apollo_compilation_utils: add verify_compiler_binary #13673
• scripts: add install_compiler_binaries.sh #13672
• apollo_infra_utils,apollo_compile_to_native: add compiler version text files #13671 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[dorimedini-starkware]

@dorimedini-starkware reviewed 4 files and all commit messages, and made 1 comment.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on avi-starkware).

---

crates/apollo_compile_to_native/src/constants.rs line 7 at r1 (raw file):

pub(crate) const CAIRO_NATIVE_BINARY_NAME: &str = "starknet-native-compile";

pub const REQUIRED_CAIRO_NATIVE_VERSION: &str =

this (and the other constant) are already verified to match the respective crate version in our root Cargo.toml, right?

Code quote:

pub const REQUIRED_CAIRO_NATIVE_VERSION: &str =

[avi-starkware]

crates/apollo_compile_to_native/src/constants.rs line 7 at r1 (raw file):

Previously, dorimedini-starkware wrote…

this (and the other constant) are already verified to match the respective crate version in our root Cargo.toml, right?

Yes. The version was just moved to a txt file instead of the const.

Additionally, the version test would have failed if the version was not consistent with the Cargo.toml

[dorimedini-starkware]

@dorimedini-starkware made 1 comment and resolved 1 discussion.
Reviewable status: complete! all files reviewed, all discussions resolved (waiting on avi-starkware).

[github-actions]

There hasn't been any activity on this pull request recently, and in order to prioritize active work, it has been marked as stale.
This PR will be closed and locked in 7 days if no further activity occurs.
Thank you for your contributions!

[cursor]

PR Summary

Low Risk
Low risk: replaces hardcoded version string constants with include_str! reads and adds corresponding .txt files, with no behavioral change beyond where the version strings are sourced.

Overview
Moves the Cairo compiler/native binary version strings into new plain-text files (cairo_compiler_version.txt, native_compiler_version.txt) and updates the Rust version constants to read them via include_str!(...).trim_ascii_end().

Updates test documentation to clarify that the pinned Cargo dependency version and the externally-installed compiler binary version are managed independently and must remain in sync.

^{Reviewed by Cursor Bugbot for commit e2d42bf. Bugbot is set up for automated code reviews on this repo. Configure here.}

[dorimedini-starkware]

@dorimedini-starkware reviewed 3 files and all commit messages, and made 1 comment.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on avi-starkware).

---

a discussion (no related file):
please rebase over main

[semgrep-code-starkware-libs]

Semgrep found 1 ssc-73ef45d7-66ee-475f-9f1a-44f25dbe7e6c finding:

• scripts/requirements.txt
  • L17 - Triage

Risk: Affected versions of ecdsa are vulnerable to Minerva timing attack (side-channel) when using the NIST P-256 curve. Using the ecdsa.SigningKey.sign_digest() function and timing signatures an attacker can leak the internal nonce which may allow for private key discovery. The library considers side-channel attacks out of scope and there will be no fix.

Manual Review Advice: A vulnerability from this advisory is reachable if you expose the library in a way that allows an attacker to measure how long it takes to generate a key pair or sign a message through a side-channel. Examples include but are not limited to an attacker being able to run code on the same physical machine in which key pair generation or signing is taking place (this includes virtual machines), an attacker being able to measure how much power your computer uses during key pair generation or signing, and an attacker being able to measure RF interference coming from your computer during key pair generation or signing.

Fix: There are no safe versions of this library available for upgrade. Library included at sequencer/scripts/requirements.txt:17.

Reference(s): GHSA-wj6h-64fc-37mp, CVE-2024-23342

[dorimedini-starkware]

@dorimedini-starkware resolved 1 discussion.
Reviewable status: complete! all files reviewed, all discussions resolved (waiting on avi-starkware).

[avi-starkware]

Triaged: pre-existing transitive dep (via eth-account, not introduced by this stack); not directly imported anywhere in the repo; attack requires side-channel measurements not available in our CI/build contexts; no upstream fix available. Marking as accepted risk.

[dorimedini-starkware]

Reviewable status: complete! all files reviewed, all discussions resolved (waiting on avi-starkware).

[avi-starkware]

@avi-starkware made 1 comment.
Reviewable status: complete! all files reviewed, all discussions resolved (waiting on avi-starkware).

---

a discussion (no related file):

Previously, dorimedini-starkware wrote…

please rebase over main

Done.

[dorimedini-starkware]

Reviewable status: complete! all files reviewed, all discussions resolved (waiting on avi-starkware).