[tor-bugs] #22905 [Core Tor/Tor]: Cargo.lock and Cargo.toml specify incompatible dependencies for libc
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Jul 12 23:19:18 UTC 2017
#22905: Cargo.lock and Cargo.toml specify incompatible dependencies for libc
------------------------------+-----------------------------
Reporter: isis | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords: rust, tor-build
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: SponsorZ |
------------------------------+-----------------------------
We committed `src/rust/Cargo.lock` which is a bit strange since it's
normally not recommended, and especially not for library crates like ours.
In our current `Cargo.lock`, we have:
{{{
[root]
name = "tor_util"
version = "0.0.1"
dependencies = [
"libc 0.2.22 (registry+https://github.com/rust-lang/crates.io-index)",
]
[[package]]
name = "libc"
version = "0.2.22"fixes
source = "registry+https://github.com/rust-lang/crates.io-index"
[metadata]
"checksum libc 0.2.22 (registry+https://github.com/rust-lang/crates.io-
index)" =
"babb8281da88cba992fa1f4ddec7d63ed96280a1a53ec9b919fd37b53d71e502"
}}}
This is possibly a good idea, because we're specifying the hash we expect.
It might be a bad idea, because it specifies the registry for packages,
which I'm pretty sure will mean "offline" builds would never work. In
addition, it also conflicts with the dependency specification in
`src/rust/tor_util/Cargo.toml`:
{{{
[package]
authors = ["The Tor Project"]
name = "tor_util"
version = "0.0.1"
[lib]
name = "tor_util"
path = "lib.rs"
crate_type = ["rlib", "staticlib"]
[dependencies]
libc = "*"
}}}
In #22830, if we do `cargo update` to get the dependencies, this currently
looks at the `Cargo.toml` and gives us `libc = "0.2.24"` which is correct
and is what we asked for with `libc = "*"`. However, this does not satisfy
the constraints in the lockfile.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22905>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list