-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Checksum failing when using semver build meta-data #6504
Comments
Thanks for the report! I've tracked this down to the fact that I think that according to the semver spec @steveklabnik just wanted to double check with you, but does that sound right on the semver side of things? |
Rejecting on publish seems to be the inclination in rust-lang/crates.io#1059. Also, maybe Cargo should warn if you have metadata in a versionreq. For example, |
Ah right yes, forgot about that! And yeah I think it's probably worthwhile for Cargo to warn and/or reject build metadata on version requirements |
Yes, Semver completely ignores build metadata for purposes of comparison. (Both the spec and the library)
… On Jan 3, 2019, at 2:40 PM, Alex Crichton ***@***.***> wrote:
Ah right yes, forgot about that! And yeah I think it's probably worthwhile for Cargo to warn and/or reject build metadata on version requirements
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
Ok! Let's close this in favor of rust-lang/crates.io#1059 then |
Warn on version req with metadata. Metadata in a version requirement (such as `1.0.0+1234`) is ignored. This adds a warning that it will be ignored. On crates.io I found about 5 crates, plus a few dozen google-* crates (presumably all created by the same person) which have dependencies of this form. See discussion at #6504 (comment). cc rust-lang/crates.io#1059 for ongoing discussion about what to do about publishing such versions.
Maybe not a bug.
Problem
Crates with semver build metadata (e.g.
1.1.1+2
) seem to have issues with:Or:
Details:
1.1.1
)1.1.1+2
)runng-sys = "1.1.1"
fails witherror: checksum for XYZ changed between lock files
runng-sys = "1.1.1"
fails witherror: failed to verify the checksum
runng-sys = { path = XYZ }
I've flailed around with this enough that I'm not entirely sure what the problem is. Rather than publishing more packages and digging myself a deeper hole, thought I should stop and ask.
Also see:
Steps
Made a dummy package cargo_issue_6504 to verify it has nothing to do with my stuff.
Both 1.1.1 and 1.1.1+1 are not yanked:
cargo new test2
cargo_issue_6504 = "1.1.1"
cargo build
fails withfailed to verify the checksum
2.2.2 is yanked, 2.2.2+1 is not:
cargo new test2
cargo_issue_6504 = "2.2.2"
cargo build
succeedscargo build
fails withchecksum for XXX changed between lock files
Possible Solution(s)
+
metadata (1, 2, several others)Notes
Output of
cargo version
:The text was updated successfully, but these errors were encountered: