Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: clarify --locked ensures Cargo uses dependency versions in lockfile #13665

Merged
merged 2 commits into from
Mar 28, 2024
Merged

docs: clarify --locked ensures Cargo uses dependency versions in lockfile #13665

merged 2 commits into from
Mar 28, 2024

Conversation

weihanglo
Copy link
Member

@weihanglo weihanglo commented Mar 28, 2024
edited
Loading

What does this PR try to resolve?

Fixes #11143

This is an attempt to remove the up-to-date mentioned in --locked.
Up-to-date is quite confusing, especially when MSRV resolution is out,
dependency version may lag behind more often.

--frozen is now documented as an equivalent of --locked + --offline.

How should we test and review this PR?

cargo run -- help build 
# and read the man page

cargo build --help
# and check the help text

Additional information

@rustbot
Copy link
Collaborator

rustbot commented Mar 28, 2024

r? @epage

rustbot has assigned @epage.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

@rustbot rustbot added A-cli Area: Command-line interface, option parsing, etc. A-cli-help Area: built-in command-line help A-documenting-cargo-itself Area: Cargo's documentation S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Mar 28, 2024
weihanglo
weihanglo commented Mar 28, 2024
View reviewed changes
src/doc/man/generated_txt/cargo-add.txt Outdated
from attempting to access the network to determine if it is
out-of-date.
--locked
Ensures that Cargo uses the exact version of every dependency
Copy link
Member Author

@weihanglo weihanglo Mar 28, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still not too happy with "Cargo uses the exact version of every dependency", which optional dependencies are not always used. Suggestions?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not too mature in my thinking, as I understand the function of this option is to lock the exact version of a dependency at build or others. So, would it be possible to describe it as: Locking the exact version of every dependency.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure but "locking" sounds like Cargo will lock something but this is Cargo being locked to Cargo.lock

@weihanglo weihanglo changed the title docs: clarify --locked is for ensuring Cargo uses dependency versions in lockfile docs: clarify --locked ensures Cargo uses dependency versions in lockfile Mar 28, 2024
@weihanglo
Copy link
Member Author 

---- ssh::bundled_github_works stdout ----
running `/Users/runner/work/cargo/cargo/target/debug/cargo fetch`
thread 'ssh::bundled_github_works' panicked at tests/testsuite/ssh.rs:522:10:

test failed running `/Users/runner/work/cargo/cargo/target/debug/cargo fetch`
error: stderr did not match:
1   1         Updating git repository `ssh://[email protected]/rust-lang/bitflags.git`
    2    +warning: spurious network error (3 tries remaining): failed to connect to github.com: Operation timed out; class=Os (2)
    3    +warning: spurious network error (2 tries remaining): failed to connect to github.com: Operation timed out; class=Os (2)
2   4     error: failed to get `bitflags` as a dependency of package `foo v0.1.0 (/Users/runner/work/cargo/cargo/target/tmp/cit/t2886/foo)`
3   5     
4   6     Caused by:
5   7       failed to load source for dependency `bitflags`
6   8     
7   9     Caused by:
8   10      Unable to update ssh://[email protected]/rust-lang/bitflags.git?tag=1.3.2
9   11    
10  12    Caused by:
11  13      failed to clone into: /Users/runner/work/cargo/cargo/target/tmp/cit/t2886/home/.cargo/git/db/bitflags-[..]
12  14    
13  15    Caused by:
14  16      failed to authenticate when downloading repository
15  17    
16  18      * attempted ssh-agent authentication, but no usernames succeeded: `git`
17  19    
18  20      if the git CLI succeeds then `net.git-fetch-with-cli` may help here
19  21      https://doc.rust-lang.org/cargo/reference/config.html#netgit-fetch-with-cli
20  22    
21  23    Caused by:
22  24      no authentication methods succeeded

This seems to be a spurious network error.

@bors try

bors added a commit that referenced this pull request Mar 28, 2024
@bors
Auto merge of #13665 - weihanglo:locked-frozen, r=<try>
9d3403a 
docs: clarify `--locked` ensures Cargo uses dependency versions in lockfile
@bors
Copy link
Contributor

bors commented Mar 28, 2024

⌛ Trying commit 0233632 with merge 9d3403a...

@bors
Copy link
Contributor

bors commented Mar 28, 2024

☀️ Try build successful - checks-actions
Build commit: 9d3403a (9d3403ad857fd9060d9b08ea0b48bb88b37adddd)

epage
epage reviewed Mar 28, 2024
View reviewed changes
src/bin/cargo/cli.rs Outdated Show resolved Hide resolved
@epage
Copy link
Contributor

epage commented Mar 28, 2024

This seems to be a spurious network error.

Had a similar spurious error yesterday.

btw in the github actions view, you can tell it to re-run failed jobs.

weihanglo
weihanglo commented Mar 28, 2024
View reviewed changes
src/doc/man/generated_txt/cargo-add.txt
from attempting to access the network to determine if it is
out-of-date.
--locked
Asserts that the exact same dependencies and versions are used as
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shamelessly copied from

cargo/src/doc/src/faq.md

Lines 114 to 115 in 07253b7

by ensuring that the exact same dependencies and versions are used as when the
`Cargo.lock` file was originally generated.

@epage
Copy link
Contributor

epage commented Mar 28, 2024

@bors r+

@bors
Copy link
Contributor

bors commented Mar 28, 2024

📌 Commit 26b2e74 has been approved by epage

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Mar 28, 2024
@bors
Copy link
Contributor

bors commented Mar 28, 2024

⌛ Testing commit 26b2e74 with merge 3d9dea6...

@bors
Copy link
Contributor

bors commented Mar 28, 2024

☀️ Test successful - checks-actions
Approved by: epage
Pushing 3d9dea6 to master...

@bors bors merged commit 3d9dea6 into rust-lang:master Mar 28, 2024
21 checks passed
@weihanglo weihanglo deleted the locked-frozen branch March 28, 2024 18:13
@weihanglo weihanglo mentioned this pull request Mar 29, 2024
Merged
bors added a commit to rust-lang-ci/rust that referenced this pull request Mar 29, 2024
@bors
Auto merge of rust-lang#123208 - weihanglo:update-cargo, r=weihanglo
a3cfa03 
Update cargo

8 commits in 499a61ce7a0fc6a72040084862a68b2603e770e8..a59aba136aab5510c16b0750a36cbd9916f91796
2024-03-26 04:17:04 +0000 to 2024-03-28 21:21:41 +0000
- refactor(package): Simplify getting of published Manifest (rust-lang/cargo#13666)
- fix(toml): Warn on unused workspace.dependencies keys on virtual workspaces (rust-lang/cargo#13664)
- docs: clarify `--locked` ensures Cargo uses dependency versions in lockfile (rust-lang/cargo#13665)
- RUSTC_WORKSPACE_WRAPPER: clarify docs (rust-lang/cargo#13648)
- fix(add): Preserve comments when updating simple deps (rust-lang/cargo#13655)
- fix(generate-lockfile): hold lock before querying index (rust-lang/cargo#13657)
- test: Add asserts to catch BorrowMutError's (rust-lang/cargo#13651)
- Publish test crates (rust-lang/cargo#13418)

r? ghost
@rustbot rustbot added this to the 1.79.0 milestone Mar 30, 2024
github-actions bot pushed a commit to rust-lang/miri that referenced this pull request Mar 30, 2024
@bors
Auto merge of #123208 - weihanglo:update-cargo, r=weihanglo
a168bd1 
Update cargo

8 commits in 499a61ce7a0fc6a72040084862a68b2603e770e8..a59aba136aab5510c16b0750a36cbd9916f91796
2024-03-26 04:17:04 +0000 to 2024-03-28 21:21:41 +0000
- refactor(package): Simplify getting of published Manifest (rust-lang/cargo#13666)
- fix(toml): Warn on unused workspace.dependencies keys on virtual workspaces (rust-lang/cargo#13664)
- docs: clarify `--locked` ensures Cargo uses dependency versions in lockfile (rust-lang/cargo#13665)
- RUSTC_WORKSPACE_WRAPPER: clarify docs (rust-lang/cargo#13648)
- fix(add): Preserve comments when updating simple deps (rust-lang/cargo#13655)
- fix(generate-lockfile): hold lock before querying index (rust-lang/cargo#13657)
- test: Add asserts to catch BorrowMutError's (rust-lang/cargo#13651)
- Publish test crates (rust-lang/cargo#13418)

r? ghost
sveitser added a commit to EspressoSystems/espresso-sequencer that referenced this pull request Apr 10, 2024
@sveitser
Run cargo audit on committed Cargo.lock
9586527 
The current audit action regenerates the lock file which may hide
vulnerabilities in our binaries.

Ensure binaries are built with committed lock file by adding the
`--locked` flag. Note the `--locked` flag is currently documented in a
confusing way in `cargo --help`.

A fix for that has been merged into cargo recently:

rust-lang/cargo#13665
@sveitser sveitser mentioned this pull request Apr 10, 2024
Merged
sveitser added a commit to EspressoSystems/espresso-sequencer that referenced this pull request Apr 18, 2024
@sveitser
Run cargo audit on committed Cargo.lock (#1315)
752608b 
* Run cargo audit on committed Cargo.lock

The current audit action regenerates the lock file which may hide
vulnerabilities in our binaries.

Ensure binaries are built with committed lock file by adding the
`--locked` flag. Note the `--locked` flag is currently documented in a
confusing way in `cargo --help`.

A fix for that has been merged into cargo recently:

rust-lang/cargo#13665

* Add --locked to cargo test invocations
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@heisen-li heisen-li heisen-li left review comments

@epage epage epage left review comments

Assignees

@epage epage

Labels
A-cli Area: Command-line interface, option parsing, etc. A-cli-help Area: built-in command-line help A-documenting-cargo-itself Area: Cargo's documentation S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion.
Projects
None yet
Milestone
1.79.0
Development

Successfully merging this pull request may close these issues.

cargo build --locked description is confusing
5 participants
@weihanglo @rustbot @bors @epage @heisen-li