[PATCH 13/23] rust: synchronize dependencies between subprojects and Cargo.lock

Paolo Bonzini posted 23 patches 4 weeks, 1 day ago
[PATCH 13/23] rust: synchronize dependencies between subprojects and Cargo.lock
Posted by Paolo Bonzini 4 weeks, 1 day ago
The next commit will introduce a new build.rs dependency for rust/qemu-api,
version_check.  Before adding it, ensure that all dependencies are
synchronized between the Meson- and cargo-based build systems.

Note that it's not clear whether in the long term we'll use Cargo for
anything; it seems that the three main uses (clippy, rustfmt, rustdoc)
can all be invoked manually---either via glue code in QEMU, or by
extending Meson to gain the relevant functionality.  However, for
the time being we're stuck with Cargo so it should at least look at
the same code as the rest of the build system.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 rust/hw/char/pl011/Cargo.lock   |  3 +++
 rust/qemu-api-macros/Cargo.lock |  9 ++++---
 rust/qemu-api/Cargo.lock        | 47 +++++++++++++++++++++++++++++++++
 rust/qemu-api/Cargo.toml        |  1 +
 4 files changed, 56 insertions(+), 4 deletions(-)

diff --git a/rust/hw/char/pl011/Cargo.lock b/rust/hw/char/pl011/Cargo.lock
index b58cebb186e..9f43b33e8b8 100644
--- a/rust/hw/char/pl011/Cargo.lock
+++ b/rust/hw/char/pl011/Cargo.lock
@@ -91,6 +91,9 @@ dependencies = [
 [[package]]
 name = "qemu_api"
 version = "0.1.0"
+dependencies = [
+ "qemu_api_macros",
+]
 
 [[package]]
 name = "qemu_api_macros"
diff --git a/rust/qemu-api-macros/Cargo.lock b/rust/qemu-api-macros/Cargo.lock
index fdc0fce116c..f989e25829f 100644
--- a/rust/qemu-api-macros/Cargo.lock
+++ b/rust/qemu-api-macros/Cargo.lock
@@ -4,9 +4,9 @@ version = 3
 
 [[package]]
 name = "proc-macro2"
-version = "1.0.86"
+version = "1.0.84"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77"
+checksum = "ec96c6a92621310b51366f1e28d05ef11489516e93be030060e5fc12024a49d6"
 dependencies = [
  "unicode-ident",
 ]
@@ -18,6 +18,7 @@ dependencies = [
  "proc-macro2",
  "quote",
  "syn",
+ "unicode-ident",
 ]
 
 [[package]]
@@ -31,9 +32,9 @@ dependencies = [
 
 [[package]]
 name = "syn"
-version = "2.0.72"
+version = "2.0.66"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dc4b9b9bf2add8093d3f2c0204471e951b2285580335de42f9d2534f3ae7a8af"
+checksum = "c42f3f41a2de00b01c0aaad383c5a45241efc8b2d1eda5661812fda5f3cdcff5"
 dependencies = [
  "proc-macro2",
  "quote",
diff --git a/rust/qemu-api/Cargo.lock b/rust/qemu-api/Cargo.lock
index e9c51a243a8..e407911cdd1 100644
--- a/rust/qemu-api/Cargo.lock
+++ b/rust/qemu-api/Cargo.lock
@@ -2,6 +2,53 @@
 # It is not intended for manual editing.
 version = 3
 
+[[package]]
+name = "proc-macro2"
+version = "1.0.84"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ec96c6a92621310b51366f1e28d05ef11489516e93be030060e5fc12024a49d6"
+dependencies = [
+ "unicode-ident",
+]
+
 [[package]]
 name = "qemu_api"
 version = "0.1.0"
+dependencies = [
+ "qemu_api_macros",
+]
+
+[[package]]
+name = "qemu_api_macros"
+version = "0.1.0"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "quote"
+version = "1.0.36"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0fa76aaf39101c457836aec0ce2316dbdc3ab723cdda1c6bd4e6ad4208acaca7"
+dependencies = [
+ "proc-macro2",
+]
+
+[[package]]
+name = "syn"
+version = "2.0.66"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c42f3f41a2de00b01c0aaad383c5a45241efc8b2d1eda5661812fda5f3cdcff5"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
+[[package]]
+name = "unicode-ident"
+version = "1.0.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b"
diff --git a/rust/qemu-api/Cargo.toml b/rust/qemu-api/Cargo.toml
index 3677def3fe2..db594c64083 100644
--- a/rust/qemu-api/Cargo.toml
+++ b/rust/qemu-api/Cargo.toml
@@ -14,6 +14,7 @@ keywords = []
 categories = []
 
 [dependencies]
+qemu_api_macros = { path = "../qemu-api-macros" }
 
 [features]
 default = []
-- 
2.47.0
Re: [PATCH 13/23] rust: synchronize dependencies between subprojects and Cargo.lock
Posted by Junjie Mao 3 weeks, 1 day ago
Paolo Bonzini <pbonzini@redhat.com> writes:

> The next commit will introduce a new build.rs dependency for rust/qemu-api,
> version_check.  Before adding it, ensure that all dependencies are
> synchronized between the Meson- and cargo-based build systems.
>
> Note that it's not clear whether in the long term we'll use Cargo for
> anything; it seems that the three main uses (clippy, rustfmt, rustdoc)
> can all be invoked manually---either via glue code in QEMU, or by
> extending Meson to gain the relevant functionality.  However, for
> the time being we're stuck with Cargo so it should at least look at
> the same code as the rest of the build system.
>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  rust/hw/char/pl011/Cargo.lock   |  3 +++
>  rust/qemu-api-macros/Cargo.lock |  9 ++++---
>  rust/qemu-api/Cargo.lock        | 47 +++++++++++++++++++++++++++++++++
>  rust/qemu-api/Cargo.toml        |  1 +
>  4 files changed, 56 insertions(+), 4 deletions(-)
>
> diff --git a/rust/hw/char/pl011/Cargo.lock b/rust/hw/char/pl011/Cargo.lock
> index b58cebb186e..9f43b33e8b8 100644
> --- a/rust/hw/char/pl011/Cargo.lock
> +++ b/rust/hw/char/pl011/Cargo.lock
> @@ -91,6 +91,9 @@ dependencies = [
>  [[package]]
>  name = "qemu_api"
>  version = "0.1.0"
> +dependencies = [
> + "qemu_api_macros",
> +]
>
>  [[package]]
>  name = "qemu_api_macros"
> diff --git a/rust/qemu-api-macros/Cargo.lock b/rust/qemu-api-macros/Cargo.lock
> index fdc0fce116c..f989e25829f 100644
> --- a/rust/qemu-api-macros/Cargo.lock
> +++ b/rust/qemu-api-macros/Cargo.lock
> @@ -4,9 +4,9 @@ version = 3
>
>  [[package]]
>  name = "proc-macro2"
> -version = "1.0.86"
> +version = "1.0.84"

How about specifying also the exact version in Cargo.toml, e.g.:

--- a/rust/qemu-api-macros/Cargo.toml
+++ b/rust/qemu-api-macros/Cargo.toml
@@ -17,9 +17,9 @@ categories = []
 proc-macro = true

 [dependencies]
-proc-macro2 = "1"
-quote = "1"
-syn = { version = "2", features = ["extra-traits"] }
+proc-macro2 = "=1.0.84"
+quote = "=1.0.36"
+syn = { version = "=2.0.66", features = ["extra-traits"] }

 [lints]
 workspace = true

With that the versions of direct dependencies will be unchanged even
after a cargo generate-lockfile.

Unfortunately, versions of nested dependencies, such as either and
unicode-ident, may still have newer patch versions after a lockfile
regeneration. That can be worked around by turning nested dependencies
to direct ones with fixed version constraints, but looks quite ugly.

--
Best Regards
Junjie Mao
Re: [PATCH 13/23] rust: synchronize dependencies between subprojects and Cargo.lock
Posted by Paolo Bonzini 3 weeks, 1 day ago
Il ven 1 nov 2024, 11:21 Junjie Mao <junjie.mao@hotmail.com> ha scritto:

> How about specifying also the exact version in Cargo.toml, e.g.:
>
>  [dependencies]
> -proc-macro2 = "1"
> -quote = "1"
> -syn = { version = "2", features = ["extra-traits"] }
> +proc-macro2 = "=1.0.84"
> +quote = "=1.0.36"
> +syn = { version = "=2.0.66", features = ["extra-traits"] }
>
>
Unfortunately, versions of nested dependencies, such as either and
> unicode-ident, may still have newer patch versions after a lockfile
> regeneration. That can be worked around by turning nested dependencies
> to direct ones with fixed version constraints, but looks quite ugly.
>

Yeah, that's the reason why I didn't do it... Since we don't have any
security-sensitive dependencies, changes to the lock files are going to be
rare and it's easier to just look at them more closely.

Paolo

--
> Best Regards
> Junjie Mao
>
>
Re: [PATCH 13/23] rust: synchronize dependencies between subprojects and Cargo.lock
Posted by Junjie Mao 3 weeks ago
Paolo Bonzini <pbonzini@redhat.com> writes:

> Il ven 1 nov 2024, 11:21 Junjie Mao <junjie.mao@hotmail.com> ha scritto:
>
>  How about specifying also the exact version in Cargo.toml, e.g.:
>
>   [dependencies]
>  -proc-macro2 = "1"
>  -quote = "1"
>  -syn = { version = "2", features = ["extra-traits"] }
>  +proc-macro2 = "=1.0.84"
>  +quote = "=1.0.36"
>  +syn = { version = "=2.0.66", features = ["extra-traits"] }
>
>  Unfortunately, versions of nested dependencies, such as either and
>  unicode-ident, may still have newer patch versions after a lockfile
>  regeneration. That can be worked around by turning nested dependencies
>  to direct ones with fixed version constraints, but looks quite ugly.
>
> Yeah, that's the reason why I didn't do it... Since we don't have any security-sensitive dependencies, changes to the lock files are going to be rare and it's easier to just look at them more closely.

Got your point. Thanks for the clarification!

Reviewed-by: Junjie Mao <junjie.mao@hotmail.com>

--
Best Regards
Junjie Mao
Re: [PATCH 13/23] rust: synchronize dependencies between subprojects and Cargo.lock
Posted by Zhao Liu 3 weeks, 2 days ago
On Fri, Oct 25, 2024 at 06:01:58PM +0200, Paolo Bonzini wrote:
> Date: Fri, 25 Oct 2024 18:01:58 +0200
> From: Paolo Bonzini <pbonzini@redhat.com>
> Subject: [PATCH 13/23] rust: synchronize dependencies between subprojects
>  and Cargo.lock
> X-Mailer: git-send-email 2.47.0
> 
> The next commit will introduce a new build.rs dependency for rust/qemu-api,
> version_check.  Before adding it, ensure that all dependencies are
> synchronized between the Meson- and cargo-based build systems.
> 
> Note that it's not clear whether in the long term we'll use Cargo for
> anything; it seems that the three main uses (clippy, rustfmt, rustdoc)

not sure whether cargo update could help to know if the dependenies can
be updated or not...

> can all be invoked manually---either via glue code in QEMU, or by
> extending Meson to gain the relevant functionality.  However, for
> the time being we're stuck with Cargo so it should at least look at
> the same code as the rest of the build system.
> 
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  rust/hw/char/pl011/Cargo.lock   |  3 +++
>  rust/qemu-api-macros/Cargo.lock |  9 ++++---
>  rust/qemu-api/Cargo.lock        | 47 +++++++++++++++++++++++++++++++++
>  rust/qemu-api/Cargo.toml        |  1 +
>  4 files changed, 56 insertions(+), 4 deletions(-)
> 
> diff --git a/rust/hw/char/pl011/Cargo.lock b/rust/hw/char/pl011/Cargo.lock
> index b58cebb186e..9f43b33e8b8 100644
> --- a/rust/hw/char/pl011/Cargo.lock
> +++ b/rust/hw/char/pl011/Cargo.lock
> @@ -91,6 +91,9 @@ dependencies = [
>  [[package]]
>  name = "qemu_api"
>  version = "0.1.0"
> +dependencies = [
> + "qemu_api_macros",
> +]
>  
>  [[package]]
>  name = "qemu_api_macros"
> diff --git a/rust/qemu-api-macros/Cargo.lock b/rust/qemu-api-macros/Cargo.lock
> index fdc0fce116c..f989e25829f 100644
> --- a/rust/qemu-api-macros/Cargo.lock
> +++ b/rust/qemu-api-macros/Cargo.lock
> @@ -4,9 +4,9 @@ version = 3
>  
>  [[package]]
>  name = "proc-macro2"
> -version = "1.0.86"
> +version = "1.0.84"
>  source = "registry+https://github.com/rust-lang/crates.io-index"
> -checksum = "5e719e8df665df0d1c8fbfd238015744736151d4445ec0836b8e628aae103b77"
> +checksum = "ec96c6a92621310b51366f1e28d05ef11489516e93be030060e5fc12024a49d6"
>  dependencies = [
>   "unicode-ident",
>  ]
> @@ -18,6 +18,7 @@ dependencies = [
>   "proc-macro2",
>   "quote",
>   "syn",
> + "unicode-ident",
>  ]

With cargo build, it seems this dependency doesn't need to be added here.

I compared the versions and checksums of the wrap files, and I also
built it using cargo build based on this commit. The only change by
Cargo is the one mentioned above; everything else looks good.

With the nit fixed or otherwise,

Reviewed-by: Zhao Liu <zhao1.liu@intel.com>