Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency Resolution Hooks #7193

Open
mitsuhiko opened this issue Jul 31, 2019 · 1 comment
Open

Dependency Resolution Hooks #7193

mitsuhiko opened this issue Jul 31, 2019 · 1 comment
Labels
A-dependency-resolution Area: dependency resolution and the resolver C-feature-request Category: proposal for a feature. Before PR, ping rust-lang/cargo if this is not `Feature accepted` S-needs-rfc Status: Needs an RFC to make progress.

Comments

@mitsuhiko
Copy link
Contributor

mitsuhiko commented Jul 31, 2019
edited
Loading

I am interested in adding a hook point into cargo that would permit me to customize the process by which cargo picks packages from a registry. A simple way could be to just register an executable that uses some stdin/stdout based RPC mechanism. In the ideal world one could register hooks to be used via the global cargo config and require some hooks to be enabled in the Cargo.toml. Some usecases are blacklisting licenses, only use audited versions of packages, backlisting versions of packages that show up in rustsec's advisory db etc.

I'm not entirely sure yet where the best hook point would be but in the ideal situation such a hook would be invoked with the parsed package spec as well as the resolved packages, and can return a new list of packages either filtered down by removing them or by still retaining the package but leaving a marker that marks it as ineligible with a note as of why:

{"name": "libc", "version": "0.2", "matches": [...]}
[{
    "name": "libc",
    "version": "0.2.0",
    "id": "libc 0.2.0",
    "status": {
        "can_use": false,
        "icon": "X",
        "note": "This package has not been audited"
    }
}]

(No thought went into the above JSON payload, so let's not think too much about this yet)

I was looking at hacking something together but I could not find a good way to hook into the current resolution algorithm yet which is why I'm effectively asking for guidance from experienced cargo developers to figure out where such a system would go if it were to be added.

The motivation for adding this has been my blog post about scaling dependencies: http://lucumr.pocoo.org/2019/7/29/dependency-scaling/
@mitsuhiko mitsuhiko added the C-feature-request Category: proposal for a feature. Before PR, ping rust-lang/cargo if this is not `Feature accepted` label Jul 31, 2019
@est31
Copy link
Member

est31 commented Aug 16, 2019

@mitsuhiko I think the easiest place to add this would be this iterator chain. That's also the place where yanked crates are being ignored. A while ago I wrote a prototype patch to add an --ignore-yanked flag as well as a (even prototype-ier) patch to respect the MSRV of crates.

Hooks would be extremely useful, even if they were only available for library users of cargo.

@repi repi mentioned this issue Aug 22, 2019
Closed
@ehuss ehuss added the A-dependency-resolution Area: dependency resolution and the resolver label Sep 21, 2019
@epage epage added the S-needs-rfc Status: Needs an RFC to make progress. label Nov 1, 2023
@Eh2406 Eh2406 mentioned this issue Nov 2, 2023
Open
@epage epage mentioned this issue Feb 7, 2024
Open
@demurgos demurgos mentioned this issue May 3, 2024
Open
@epage epage mentioned this issue Aug 16, 2024
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-dependency-resolution Area: dependency resolution and the resolver C-feature-request Category: proposal for a feature. Before PR, ping rust-lang/cargo if this is not `Feature accepted` S-needs-rfc Status: Needs an RFC to make progress.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mitsuhiko @ehuss @epage @est31