Resolve orchard via valar-orchard on crates.io (rebased onto PR #40)

[p0mvn]

Remake of #39 rebased onto the head of #40 (roman/shielded-vote-for-zodl-3.4.0-rebased).

Same single commit, same logical change — swap the workspace-level orchard dep from the crates.io orchard package (patched to zcash/orchard git rev b0bf2670e2…, which is #40's current patch) to the valar-orchard package on crates.io, aliased locally to orchard via cargo's package = rename trick. Every member keeps orchard.workspace = true and every .rs file keeps use orchard::… — no source changes.

Why rebase it

#40 is already rebased onto upstream zcash/main at 95b000e (pre-orchard 0.13 / sapling-crypto 0.7), which picked up:

• a newer [patch.crates-io] sapling rev (b8a81c22f034… vs the old 4f95c2286d… in Resolve orchard via valar-orchard on crates.io #39)
• a different [patch.crates-io] orchard rev (b0bf2670e2… vs the old 6b12c77… in Resolve orchard via valar-orchard on crates.io #39)
• the upstream core2 → corez migration — so corez 0.1.1 is already in Cargo.lock on the base and is not introduced by this PR (unlike Resolve orchard via valar-orchard on crates.io #39)

Mechanically, the rebase was just a cherry-pick with a single manual resolution in [patch.crates-io]:

• kept Governance wallet support for shielded voting (rebased onto 95b000e, pre-orchard 0.13) #40's newer sapling rev (b8a81c22f034…)
• dropped the orchard patch (this PR's whole point) and replaced it with the same explanatory comment

Cargo.lock was regenerated from scratch via cargo check --workspace against the new Cargo.toml.

Cargo.toml changes

# [workspace.dependencies]
-orchard = { version = "0.12", default-features = false }
+orchard = { version = "0.12.0", package = "valar-orchard", default-features = false }

 [patch.crates-io]
 sapling = { package = "sapling-crypto", git = "…", rev = "b8a81c22f034…" }  # unchanged
-orchard = { package = "orchard", git = "https://github.com/zcash/orchard.git", rev = "b0bf2670e2…" }
+# No orchard patch: the workspace resolves `orchard` via its `package = "valar-orchard"`
+# alias on crates.io, which already carries the post-0.12.0 upstream fixes plus the
+# governance-visibility additions.

Verification

• cargo check --workspace — clean.
• cargo tree --all-features | grep -E 'orchard|corez' now shows only valar-orchard v0.12.0 and corez v0.1.1; no orchard v0.12.x and no git+https://github.com/zcash/orchard.git entry.
• Lockfile diff: orchard 0.12.0@git:b0bf2670e2… is removed, valar-orchard 0.12.0 from crates.io is added, and every consumer (pczt, zcash, zcash_client_backend, zcash_client_memory, zcash_client_sqlite, zcash_keys, zcash_primitives, zcash_proofs) now lists valar-orchard in place of orchard.

Known CI failures on this PR (carried over from #39, addressed separately)

The "Vet Rust dependencies" (cargo vet --locked) and "Readme dependency graph" jobs will fail on this PR for the same reasons they fail on #39 — they need:

1. A [[exemptions.valar-orchard]] version = "0.12.0" criteria = "safe-to-deploy" entry in supply-chain/config.toml (corez is already covered by the upstream core2 → corez migration commit on Governance wallet support for shielded voting (rebased onto 95b000e, pre-orchard 0.13) #40's base).
2. A 4-line remap in .github/helpers/check-dep-graph.py so cargo tree's valar-orchard package name maps back to orchard for the README graph comparison.

Both are trivial and I can layer them on as follow-up commits on this branch if you want one green-CI PR; keeping them out here to mirror #39's scope exactly.

The pre-existing core2 yank failures on the three ci-build jobs (macOS-latest, wasm32-wasip1, thumbv7em-none-eabihf) are not caused by this PR and also affect #40's base.

Related

• Supersedes Resolve orchard via valar-orchard on crates.io #39 on a newer base.
• Unblocks dropping orchard_compat + orchard_upstream in zcash_voting.

Made with Cursor