Re: Git dependencies in Rust

To: snow flurry <snow%datagirl.xyz@localhost>
Subject: Re: Git dependencies in Rust
From: Thomas Klausner <wiz%gatalith.at@localhost>
Date: Sat, 18 Jan 2025 22:29:24 +0100

Hi!

On Sat, Jan 18, 2025 at 01:21:02PM -0800, snow flurry wrote:
> I'm trying to update security/vaultwarden from 1.32.5 to 1.32.7, which 
> contains a security fix among other changes. Since 1.32.6 though, one of the 
> dependency crates was patched to use a Git commit:
> 
> [patch.crates-io]
> # Patch yubico to remove duplicate crates of older versions
> yubico = { git = "https://github.com/BlackDex/yubico-rs";, rev = 
> "00df14811f58155c0f02e3ab10f1570ed3e115c6" }
> 
> Is there a common path for handling these sorts of dependencies? print-cargo-
> depends in lang/rust/cargo.mk doesn't currently handle this, and the build 
> fails when trying to pull a non-existent file from crates.io.
> 
> The only workaround I can think of is adding the GitHub tarball for this 
> commit as a distfile, and extracting it to ${WRKDIR}/vendor. I haven't tested 
> whether cargo would be okay with this though, and it would at least require 
> manually updating ${WRKDIR}/.cargo/config.toml after cargo-vendor-crates.

There is no particular support for this, but there is a common workaround.
See devel/py-ruff for one example, basically what you described.

I'll extract one example from there:

LSP_TYPES_REV=  3512a9f33eadc5402cfab1b8f7340824c8ca1439
DISTFILES=      ${DEFAULT_DISTFILES}
DISTFILES+=     lsp-types-${LSP_TYPES_REV}.tar.gz
SITES.lsp-types-${LSP_TYPES_REV}.tar.gz+=       -${MASTER_SITE_GITHUB:=astral-sh/}lsp-types/archive/${LSP_TYPES_REV}.tar.gz

and in Cargo.toml patch it like this:

--- Cargo.toml.orig     1970-01-01 00:00:00.000000000 +0000
+++ Cargo.toml
@@ -96,7 +96,7 @@ libc = { version = "0.2.153" }
 libcst = { version = "1.1.0", default-features = false }
 log = { version = "0.4.17" }
 lsp-server = { version = "0.7.6" }
-lsp-types = { git = "https://github.com/astral-sh/lsp-types.git";, rev = "3512a9f", features = [
+lsp-types = { path = "../lsp-types-3512a9f33eadc5402cfab1b8f7340824c8ca1439", features = [
     "proposed",
 ] }
 matchit = { version = "0.8.1" }

to use the local extracted copy.
 Thomas

References:
- Git dependencies in Rust
  - From: snow flurry

Prev by Date: Git dependencies in Rust
Next by Date: Re: Git dependencies in Rust
Previous by Thread: Git dependencies in Rust
Next by Thread: Re: Git dependencies in Rust
Indexes:

Home | Main Index | Thread Index | Old Index