-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support cargo vendor
#23
Comments
Firefox is running into this for tsan CI I've currently hacked up a script that can weave in the std tomls to a project's vendor, but yeah it'd be nice if this was handled automatically: https://gist.github.com/Gankra/6a025b5cce9d9b047e46a5caeded3050 |
One thing to consider for this is that vendoring the standard library's dependencies effectively locks you to a compiler version since the dependencies are likely to drift over time. This may or may not be something that Cargo wants to provide a first-class warning/error about rather than a bland "couldn't find crate version in registry" error. In theory this integration wouldn't be too too hard though, mostly just loading up the |
Copying my comment from Zulip: We have recently discussed adding all the dependencies to the I'm uncertain how we can wire that in to the resolver, though. It may be tricky to use source replacement or |
Oh actually I think that's a great idea to inclue the dependencies in |
This isn't an issue for firefox's usecase in particular. We only need these vendors for our tsan CI, and that uses pinned versions of all the toolchains. Although it is a problem if we want these vendoring checked in and we want people to be able to bump non-std dependencies without having the nightly we use for CI. So it's possible we want to vendor live in CI as part of the build. Or we need to carefully identify deps which are only used by std so we can preserve them across non-std-vendors. Certainly if the dependencies were just part of rust-src and automagically weaved into the build, that would solve the issue. No need to worry about weaving together different "kinds" of vendor or anything else. |
Yeah pinning versions is too wonky and restrictive, so I think including the dependencies in rust-src is a great solution. |
Anything I can do to help the plan along? |
I think the first step is getting the dependencies included in the
None of these options seem easy. |
I believe the approach I'm using to test out tsan builds right now would work for building "subset vendors": https://gist.github.com/Gankra/6a025b5cce9d9b047e46a5caeded3050 Essentially just temporarily copying the root lockfile to each individual library and then This would be a fairly maintainable hack as you would only need to directly What do you think of shipping that? |
I think that's probably bordering on the 4th bullet of @ehuss's comment above, but I think something along those lines may be workable. As we do for build-std in general we're just trying to load one "root" package and vendor that, so the filtering in |
Would |
We would need to update Cargo's implementation of |
Ok I'll be working on this for the next week or two, hopefully won't be too messy. |
This is the Rust side of rust-lang/wg-cargo-std-aware#23
…lacrum Vendor libtest's dependencies in the rust-src component This is the Rust side of rust-lang/wg-cargo-std-aware#23 Note that this won't produce a useful result for `cargo -Zbuild-std` if there are multiple versions of a crate vendored, but will otherwise produce a valid vendor dir. See rust-lang/cargo#8834 for the other half of this change.
…lacrum Vendor libtest's dependencies in the rust-src component This is the Rust side of rust-lang/wg-cargo-std-aware#23 Note that this won't produce a useful result for `cargo -Zbuild-std` if there are multiple versions of a crate vendored, but will otherwise produce a valid vendor dir. See rust-lang/cargo#8834 for the other half of this change.
This is the Rust side of rust-lang/wg-cargo-std-aware#23
By "subset" it is saying that you don't have to mirror all of crates.io locally. It doesn't mean that it will allow something to be missing from the subset. Source replacement works as a "full replacement", not as an overlay. Also, a local-registry is not what we are talking about here. The vendoring mechanism we are talking about is a directory-source (ala |
@ehuss OK thanks for the clarifications. Two more questions:
My previous comments frankly forgot about the original issue --- |
The original changes made Cargo treat the standard library dependencies as always vendored (with There were multiple regressions as detailed in #23 (comment). These happened with all |
Hmm ok so that was all a bunch of confusion and didn't actually help us figure out the "right" solution, eh? @ehuss this stuff is really out of my league -- have you had a chance to mull over the possible solutions? As far as the partial vendoring thing goes, I'm starting to lean towards just giving up on partial vendoring and just grabbing the whole rustc graph. AIUI that should be fairly unproblematic and also not need to pull in the really heavy stuff like llvm? Making patching in the vendor totally seamless is the nasty bit I really can't wrap my head around. Is it potentially as simple as combining the WIP patches you and Alex posted? If we don't have any clear solutions, firefox does have the nuclear option of maintaining patches for cargo for our builds, since my solution did work fine for us. But obviously that's a gross mess we'd rather not maintain. |
There's still some heavy stuff in there -- you can see that in the full rustc-1.50.0-src.tar.xz in
|
This is clearly hard to fix - and after my error report in #65 I discovered how hard. @ehuss is completely right about the collision of dependencies in a workspace when vendored - my workspace was using hashbrown 0.9.1, yet the std dependencies needed 0.9.0 and bang! conflict. Which surprised me, until I recalled the point of a workspace is to provide consistent versions. That means in practice, either I have to track the exact same matching package versions as std (not a particularly easy thing to simply know without a bit of digging) or give up building std. Or provide a sensible mechanism for 'overriding' package version choices in std. Also not nice. Or providing the ideal of cascading workspaces, which works, but is complex. Since std does not expose its private dependencies (eg hashbrown), this is viable and defensible - but tough. Along with several common packages not playing nicely with cross compilation (libc and cc, I'm looking at you) without wrapper scripts setting up env vars et al, this is just a bit too hard. Giving up for now, personally. All I wanted to do was find a better way to build linux x86_64 musl targets with a few more target features (eg avx512 stuff)... |
Yes, haha. But, still believe #64 is a solution here
Heh, well !64 would at least make us have to face down this problem regardless of vendoring. Without knowing all the details, this seems wrong. Per https://github.com/rust-lang/rfcs/blob/master/text/1977-public-private-dependencies.md |
Vendoring dependencies is causing a lot of problems in #2761 and other PRs, because `cargo vendor` currently has a bug and cannot vendor standard dependencies (deps of alloc and std, see rust-lang/wg-cargo-std-aware#23). For a long time I thought vendoring is a necessity and tried to work around this issue by vendoring dependencies manually, or using https://github.com/nix-community/naersk. However, it turns out vendoring is not necessary, and we can download dependencies in build step just fine. I also don't see any advantages of vendoring the dependencies. So in this PR we remove vendoring. Unblocks #2761.
For nix users where cargo-vendor is the only option available, I found a "workaround" in downloading rust's compiler dependencies manually and merging them. |
This PR bumps rustc version and removes xargo. std dependencies are now built with cargo's new `-Zbuild-std` parameter. To work around rust-lang/wg-cargo-std-aware#23, we implement a tool "vendor-rust-std-deps" that reads `Cargo.lock` of a Rust toolchain std and manually vendors all the dependencies. These dependencies are then merged with the Rust RTS dependencies before the building the RTS in nix. RTS README updated with instructions to bump rustc. New rustc will enable more const functions, new API functions, stabilizations, and features for other RTS PRs.
The easiest workaround is probably something like this:
|
@kgrech sorry if this is a dumb question, but how would I make cargo use the vendored stdlib when building? cargo vendor says
but obviously it's not from crates.io and I don't know the registry to tell it to replace |
@Dev380 as far as I remember, the std library sources need to be installed using rustup. I think they never fetched from crates.io. it is only for dependencies of std lib, but not stdlib itself. Not sure I fully understand you question, but you just put what cargo vendor prints to your configuration. |
This has been done via PR rust-lang/rust#128534 (nightly-2024-08-05). |
I think it would make sense to provide pre-vendored versions of all standard library dependencies in the rust-src component and have |
Haven't followed the entire thread, but I think we may want vendoring as an opt-in feature. Tarball size may not matter (285M vs 297M gz tarball size). However, people may want to patch dependencies when building std. We should at this ensure that case to work. |
I'm running into this now and it's quite a knot to try to work around. |
The
cargo vendor
command currently does not know about std dependencies. Will need to figure out how to handle the root dependencies, since they are special.Source replacement may also be broken, I haven't tried it.
The text was updated successfully, but these errors were encountered: