fix parsing checksums from v1 manifests with latest cargo #381
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Crate2nix identifies packages using package ID strings reported by the `cargo metadata` subcommand. Cargo describes these strings as internal identifiers subject to change. And in fact the string format did change sometime between cargo 1.76 and cargo 1.78. In cargo 1.76 package ID strings look like this: ``` aho-corasick 1.1.3 (registry+https://github.com/rust-lang/crates.io-index) ``` In later cargo versions the format changed to look like this: ``` registry+https://github.com/rust-lang/crates.io-index#[email protected] ``` The change is fine as long as package IDs are used as opaque identifiers in memory. Unfortunately one use of package IDs is to look up checksums in the legacy v1 `Cargo.lock` manifest format. That format stores checksums in a map at the end of the file that looks like this: ```toml [metadata] "checksum ansi_term 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ee49baf6cb617b853aa8d93bf420db2383fab46d314482ca2803b40d5fde979b" "checksum atty 0.2.13 (registry+https://github.com/rust-lang/crates.io-index)" = "1803c647a3ec87095e7ae7acfca019e98de5ec9a7d01343f611cf3152ed71a90" "checksum autocfg 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)" = "1d49d90015b3c36167a20fe2810c5cd875ad504b39cff3d4eae7977e6b7c1cb2" ``` Being a legacy format the keys in these checksum maps will always use the old package ID format. The problem becomes quickly apparent because nix-test-runner - which is used in the crate2nix test suite - happens to use a v1 manifest. That leads to tests and the devShell breaking when attempting to update crate2nix flake inputs. Currently crate2nix assumes that package IDs read from `cargo metadata` output can be used as lookup keys in the v1 checksum map. But when a recent version of cargo is installed that assumption is broken. This PR fixes the problem by constructing checksum lookup keys explicitly. This should make checksum lookups work regardless of which cargo version is installed.
|
Tests are not currently passing for this PR. I have put test fixes in #380 - I didn't want to duplicate those changes here. |
|
To produce this fix I referenced the corresponding implementation from rustsec/cargo-lock: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Crate2nix identifies packages using package ID strings reported by the
cargo metadatasubcommand. Cargo describes these strings as internal identifiers subject to change. And in fact the string format did change sometime between cargo 1.76 and cargo 1.78.In cargo 1.76 package ID strings look like this:
In later cargo versions the format changed to look like this:
The change is fine as long as package IDs are used as opaque identifiers in memory. Unfortunately one use of package IDs is to look up checksums in the legacy v1
Cargo.lockmanifest format. That format stores checksums in a map at the end of the file that looks like this:Being a legacy format the keys in these checksum maps will always use the old package ID format. The problem becomes quickly apparent because nix-test-runner - which is used in the crate2nix test suite - happens to use a v1 manifest. That leads to tests and the devShell breaking when attempting to update crate2nix flake inputs.
Currently crate2nix assumes that package IDs read from
cargo metadataoutput can be used as lookup keys in the v1 checksum map. But when a recent version of cargo is installed that assumption is broken.This PR fixes the problem by constructing checksum lookup keys explicitly. This should make checksum lookups work regardless of which cargo version is installed.