[Pkg-rust-maintainers] Rust for Linux and host-only libraries

Sat Apr 20 11:19:17 BST 2024

On Fri, Apr 19, 2024 at 10:34 PM Fabian Grünbichler
<debian at fabian.gruenbichler.email> wrote:
>
> No, the patches are already applied in the source files shipped by librust-xxx-dev, if there are any. The cargo wrapper takes care of other things, like instructing cargo to use the packaged sources and setting rustflags and similar options. You should be able to use the same sources with manual rustc invocations without cargo or our wrapper just fine :)

Great, that should make it straightforward then :)

> There's a bit of peculiarity around the versioning - the librust-.. packages provide all the semver prefixes of their version as well, so you can express "I want crate X in a semver compatible version of at least 2.3" via a versioned dependency (by depending on librust-x-2-dev with a version of at least 2.3), but also the more restricted variants (e.g., X in some 2.3.n version, or a specific 2.3.4 version, by depending on librust-2.3-dev resp. librust-2.3.4-dev). Normally, the actual package providing all of those is librust-X-dev, except when we need to package more than one version of X, then there might be a librust-X-dev in version A (providing all the semver prefixes of A), and another package librust-X-B-dev, where B is the shortest semver-breaking prefix of a semver incompatible version older than A (providing all semver prefixes of that version). A might be 2.3.4 and B 1 (with B's full version being 1.2.0, for example). Most of that won't be relevant for you - except that you want to depend on e.g. librust-syn-1-dev if you want syn 1.x, even if the actual "real" package is called librust-syn-dev, as the latter might also contain syn 0.x or 2.x in other distros/releases. Hope this was not too confusing ;)

That is good to know, thanks! So, ideally, we would avoid handling
versioning/packaging as much as possible, i.e. making it as
independent of distributions and so on as possible, and letting the
user install the packages themselves. It should be possible to just
pass a path to a random folder with the library, if needed.

So ideally we would suggest in the instructions what packages to
install (for major distributions), and try to be agnostic otherwise in
the actual build system. That implies that the question is trying to
automate, if possible, finding the sources, without hardcoding too
much information.

For instance, one naive way would be just testing whether any
`/usr/share/cargo/registry/{library}-{major}*` folder exists and use
the highest one if so. If people only have a single version installed
(per major) or if the dependencies' constraints are relaxed/compatible
enough, that could "just work".

Is that way too naive? Because even if it is naive, but works for most
kernel developers out there, that may be good enough. And if it fails,
one can always customize the paths as needed.

The problem, of course, is cases where silent miscompilations could
occur. For instance, Debian or another distribution could provide two
minors (of the same major version) of library A there, and then
library B depends on the lower of the two (for some reason, including
possibly a patch you may apply). And it turns out that if one picks
the highest A, things actually compile fine, but may behave badly in
some cases. Thus we could get, silently, a bad build.

I mean, such a sequence of events may be unlikely to happen in
practice, especially given the kind of library we are considering
using (so far). But still, probably we should just get the paths for
the dependencies somehow (e.g. querying Cargo, to avoid parsing
`Cargo.toml` ourselves, especially the version constraints; or perhaps
there is a better way you can think of) if we want to use the
libraries available at `/usr/share/cargo/registry/`. I checked the
Debian package, and there were two promising `.cargo-*.json` files,
but they do not give information about paths.

What do you think? Is there a proper/better/simpler way, for
distributions that use `/usr/share/cargo/registry`, to get the paths
of a library and its dependencies of a given library?

Thanks!

Cheers,
Miguel