Re: [PATCH 13/23] rust: synchronize dependencies between subprojects and Cargo.lock

Fri, 01 Nov 2024 03:27:43 -0700 


Paolo Bonzini <pbonz...@redhat.com> writes:

> The next commit will introduce a new build.rs dependency for rust/qemu-api,
> version_check.  Before adding it, ensure that all dependencies are
> synchronized between the Meson- and cargo-based build systems.
>
> Note that it's not clear whether in the long term we'll use Cargo for
> anything; it seems that the three main uses (clippy, rustfmt, rustdoc)
> can all be invoked manually---either via glue code in QEMU, or by
> extending Meson to gain the relevant functionality.  However, for
> the time being we're stuck with Cargo so it should at least look at
> the same code as the rest of the build system.
>
> Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
> ---
>  rust/hw/char/pl011/Cargo.lock   |  3 +++
>  rust/qemu-api-macros/Cargo.lock |  9 ++++---
>  rust/qemu-api/Cargo.lock        | 47 +++++++++++++++++++++++++++++++++
>  rust/qemu-api/Cargo.toml        |  1 +
>  4 files changed, 56 insertions(+), 4 deletions(-)
>
> diff --git a/rust/hw/char/pl011/Cargo.lock b/rust/hw/char/pl011/Cargo.lock
> index b58cebb186e..9f43b33e8b8 100644
> --- a/rust/hw/char/pl011/Cargo.lock
> +++ b/rust/hw/char/pl011/Cargo.lock
> @@ -91,6 +91,9 @@ dependencies = [
>  [[package]]
>  name = "qemu_api"
>  version = "0.1.0"
> +dependencies = [
> + "qemu_api_macros",
> +]
>
>  [[package]]
>  name = "qemu_api_macros"
> diff --git a/rust/qemu-api-macros/Cargo.lock b/rust/qemu-api-macros/Cargo.lock
> index fdc0fce116c..f989e25829f 100644
> --- a/rust/qemu-api-macros/Cargo.lock
> +++ b/rust/qemu-api-macros/Cargo.lock
> @@ -4,9 +4,9 @@ version = 3
>
>  [[package]]
>  name = "proc-macro2"
> -version = "1.0.86"
> +version = "1.0.84"

How about specifying also the exact version in Cargo.toml, e.g.:

--- a/rust/qemu-api-macros/Cargo.toml
+++ b/rust/qemu-api-macros/Cargo.toml
@@ -17,9 +17,9 @@ categories = []
 proc-macro = true

 [dependencies]
-proc-macro2 = "1"
-quote = "1"
-syn = { version = "2", features = ["extra-traits"] }
+proc-macro2 = "=1.0.84"
+quote = "=1.0.36"
+syn = { version = "=2.0.66", features = ["extra-traits"] }

 [lints]
 workspace = true

With that the versions of direct dependencies will be unchanged even
after a cargo generate-lockfile.

Unfortunately, versions of nested dependencies, such as either and
unicode-ident, may still have newer patch versions after a lockfile
regeneration. That can be worked around by turning nested dependencies
to direct ones with fixed version constraints, but looks quite ugly.

--
Best Regards
Junjie Mao

Reply via email to