[tor-bugs] #22905 [Core Tor/Tor]: Cargo.lock and Cargo.toml specify incompatible dependencies for libc

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jul 13 18:45:29 UTC 2017


#22905: Cargo.lock and Cargo.toml specify incompatible dependencies for libc
-----------------------------+----------------------------------
 Reporter:  isis             |          Owner:
     Type:  defect           |         Status:  merge_ready
 Priority:  Medium           |      Milestone:  Tor: unspecified
Component:  Core Tor/Tor     |        Version:
 Severity:  Normal           |     Resolution:
 Keywords:  rust, tor-build  |  Actual Points:
Parent ID:                   |         Points:
 Reviewer:  isis             |        Sponsor:  SponsorZ
-----------------------------+----------------------------------

Comment (by isis):

 Replying to [comment:3 Sebastian]:
 > The Cargo.lock file is committed on purpose, because we want
 reproducible builds eventually and builds using exact versions now. In our
 setup we're building an "internal" library, not something other people
 would pull in from crates.io.
 >
 > The reason we're using "*" is that dependency updates are manual always
 (they include vendoring a new thing) so accidental updates should be
 impossible, unless I'm missing something here.

 If I understood correctly, which I might be wrong or still confused, but I
 think what was happening is that `cargo fetch` isn't actually looking at
 the `Cargo.lock` file when it does the dependency resolution, so it sees
 the `libc = "*"` in `src/rust/tor_util/Cargo.toml`, and it's like "great!
 0.2.26 is the latest, I'll grab that" and then later when the build
 scripts do `cargo build --release --quiet --frozen`, because we're using
 `--frozen` it finally does look at the `Cargo.lock` file and it gets upset
 that we don't have precisely version 0.2.22.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22905#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list