Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't update lockfiles from previous Cargo versions if --locked is passed #4684

Merged
merged 1 commit into from
Oct 31, 2017

Conversation

matklad
Copy link
Member

@matklad matklad commented Oct 30, 2017

Recently, we've stopped outputting [root] section to Cargo.lock files. The problem with this is that somebody might want to have a Cargo.lock file with a [root] section for compatibility with older Cargos, but at the same time use newer Cargo to build the crate. In this case, newer Cargo would remove [root] from the lockfile. Such updating of the lockfiles to the latest versions is a reasonable behavior, but it might be useful to be able to override it with --locked flag.

Context: #4563 (comment)

r? @alexcrichton

// Old lockfiles have unused `[root]` section,
// just ignore it if we are in the `--frozen` mode.
if !strict && orig.starts_with("[root]") {
orig = orig.replacen("[root]", "[[package]]", 1);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't quite right because IIRC the [root] was the lexicographically last package (if you have a bunch of path dependencies it's the last one alphabetically). Essentially I've seen cargo build on nightly move around this section.

That being said I'm sort of ok just comparing TOML here, I don't think we need to compare literal encodings per se, but rather if Cargo generates one encoding and the encoding on the filesystem is the same, it seems fine to avoid rewriting?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, an excellent catch!

I initially though of comparing TOMLs, but then decided that it might be too slow (because of the hyper-optimized has_crlf). But we certainly can do anything inside this if, as it's a cold path.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rebased!

@@ -97,6 +91,23 @@ pub fn write_pkg_lockfile(ws: &Workspace, resolve: &Resolve) -> CargoResult<()>
})
}

fn are_equal_lockfiles(mut orig: String, current: &str, strict: bool) -> bool {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think strict here has an inverse meaning of its name, if strict is true that means that we can update the lock file, but I'd expect strict: true to mean that updates are disallowed? Perhaps the Config could be passed in here to be inspected locally where necessary?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, naming is confusing indeed, I've flipped between strict and relaxed several times. In itself, I think strict is right though: strict comparison means that we do byte-for-byte comparison, and !strict means that we deem lockfiles equal even if there are minor differences. The tricky bit is that we need to do approximate comparison if lockfile update is not allowed :)

I'll just rename this flag to lock_update_allowed to avoid inventing confusing abstractions :) Re passing config, I doubt we ever need anything except lock_update_allowed boolean, and in theory keeping this flag a simple bool allows us to write unit-tests for this function :)

@alexcrichton
Copy link
Member

Looks great to me, thanks! r=me with one small nit

@Mark-Simulacrum
Copy link
Member

It would be great if we could backport this to beta, and if possible add a general regression testing that Cargo supports lockfiles generated by 1.0 cargo (or some version, anyway) and doesn't attempt modification with --locked or equivalents.

@matklad
Copy link
Member Author

matklad commented Oct 31, 2017

It would be great if we could backport this to beta,

+1. What's the procedure? We wait until this PR is r+'ed and tested, and then I cherry-pick the commit onto 1.21 branch?

add a general regression testing that Cargo supports lockfiles generated by 1.0 cargo

We do have such test!

and doesn't attempt modification with --locked or equivalents.

This test is added in this pull request. It starts with a lockfile post 1.0 though, because we already add [metadata] section to older lockfiles even if --frozen is passed.

@alexcrichton
Copy link
Member

@bors: r+

@matklad I'll write up instructions for a beta backport

@bors
Copy link
Contributor

bors commented Oct 31, 2017

📌 Commit 63d83e8 has been approved by alexcrichton

bors added a commit that referenced this pull request Oct 31, 2017
Don't update lockfiles from previous Cargo versions if `--locked` is passed

Recently, we've stopped outputting `[root]` section to Cargo.lock files. The problem with this is that somebody might want to have a Cargo.lock file with a `[root]` section for compatibility with older Cargos, but at the same time use newer Cargo to build the crate. In this case, newer Cargo would remove `[root]` from the lockfile. Such updating of the lockfiles to the latest versions is a reasonable behavior, but it might be useful to be able to override it with `--locked` flag.

Context: #4563 (comment)

r? @alexcrichton
@bors
Copy link
Contributor

bors commented Oct 31, 2017

⌛ Testing commit 63d83e8 with merge 7c9c153...

@matklad
Copy link
Member Author

matklad commented Oct 31, 2017

@matklad I'll write up instructions for a beta backport

To contributing.md? That would be excellent!

FYI, in intellij-rust we have MAINTAINING.md file which describes this sort of stuff: https://github.com/intellij-rust/intellij-rust/blob/master/MAINTAINING.md.

@alexcrichton
Copy link
Member

@matklad oh I figured I'd put it next to the rust-lang/rust backport instructions -- https://github.com/rust-lang-nursery/rust-forge/blob/master/beta-backporting.md#backporting-in-rust-langcargo

I don't mind it going anywhere though!

@matklad
Copy link
Member Author

matklad commented Oct 31, 2017

Backport PR to cargo: #4687

@bors
Copy link
Contributor

bors commented Oct 31, 2017

☀️ Test successful - status-appveyor, status-travis
Approved by: alexcrichton
Pushing 7c9c153 to master...

@bors bors merged commit 63d83e8 into rust-lang:master Oct 31, 2017
@matklad
Copy link
Member Author

matklad commented Oct 31, 2017

Backport PR to rust: rust-lang/rust#45658

Mark-Simulacrum added a commit to Mark-Simulacrum/cargo that referenced this pull request Nov 12, 2017
A previous patch in rust-lang#4684 attempted to fix this, but didn't work for the
case where the [root] crate wasn't the first crate in the sorted package
array.
Mark-Simulacrum added a commit to Mark-Simulacrum/cargo that referenced this pull request Nov 12, 2017
A previous patch in rust-lang#4684 attempted to fix this, but didn't work for the
case where the [root] crate wasn't the first crate in the sorted package
array.
bors added a commit that referenced this pull request Nov 12, 2017
Do not update semantically equivalent lockfiles with --frozen/--locked.

A previous patch in #4684 attempted to fix this, but didn't work for the
case where the [root] crate wasn't the first crate in the sorted package
array.

cc @matklad -- fixes a problem noted in #4684 (comment) which appears to have gone unfixed

r? @alexcrichton

Beta backport will be posted as soon as this is reviewed. Merges cleanly.
bors added a commit that referenced this pull request Nov 12, 2017
…hton

[beta] Do not update semantically equivalent lockfiles with --frozen/--locked.

A previous patch in #4684 attempted to fix this, but didn't work for the
case where the [root] crate wasn't the first crate in the sorted package
array.

Backport of #4714.
@matklad matklad deleted the lazy-update branch March 17, 2018 08:39
@ehuss ehuss added this to the 1.23.0 milestone Feb 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants