dockworker icon indicating copy to clipboard operation
dockworker copied to clipboard
verified publisher icon Idein

Updading dependency stack.

Open plugwash opened this issue 6 months ago • 1 comments

Hi,

I'm one of the guys who maintains rust packages in Debian, while we do have a mechanism for packaging multiple versions of a crate it's something we try to avoid where possible.

In trixie (the next release) we are going to end up shipping both the http 0.2/rustls 0.21/hyper 0.14 stack and the http 1/rustls 0.23/hyper 1 stack but in forky (the release after next) we hope to get rid of the http 0.2/rustls 0.21/hyper 0.14 stack.

Is there any chance of an update to use the current version of this stack?

plugwash avatar Jun 26 '25 16:06 plugwash

We have a series of patches currently in Debian updating dependencies (We also have some other patches that are not appropriate for upstreaming)

https://salsa.debian.org/rust-team/debcargo-conf/-/blob/master/src/dockworker/debian/patches/relax-deps.diff - updates base64 from 0.21 to 0.22 (no code changes)

https://salsa.debian.org/rust-team/debcargo-conf/-/blob/master/src/dockworker/debian/patches/upgrade-nix.patch - relaxes nix dependency and adds a feature requirement, you probablly don't want to take this one as-is because crates.io needs more conservative dependencies than Debian does. No code changes.

https://salsa.debian.org/rust-team/debcargo-conf/-/blob/master/src/dockworker/debian/patches/rustls-pemfile-2.patch - updates rustls-pemfile from 1 to 2 minor code changes.

I have just prepared (with Fabian Grünbichler's help) another patch, which I hope to upload to Debian sid after the trixie release.

https://salsa.debian.org/rust-team/debcargo-conf/-/blob/master/src/dockworker/debian/patches/rustls-pemfile-2.patch

This patch is a bit of a monster, the http stack is sufficiently intertwined that it's nor really practical to tackle the update one crate at a time. It updates

  • http from version 0.2 to 1
  • hyper from version 0.14 to 1
  • hyper-rustls from version 0.24 to 0.27
  • hyper-tls from version 0.5 to 0.6
  • rustls from 0.21 to 0.23
  • hyperlocal from 0.8 to 0.9 *reqwest (dev-dependency) from 0.11 to 0.12

It also adds http-body, http-body-util and hyper-util to the dependency list which seem to be the new homes of some of the functionality that used to be in hyper.

Code changes where made to accomodate the following API changes.

  • as mentioned above a bunch of functionality was moved out of main http and hyper crates into utility crates http-body, http-body-util and hyper-util.
  • Body is now a trait rather than a concrete type. The patch replaces it with a mixture of Full<Bytes>, Incoming and generics. I also added an associated type to the HttpClient trait to define the type of the incoming body and reduce the traits coupling to hyper.
  • The old Body type implemented Stream`` directly, the new Bodytrait requires a call tointo_data_streamin theBodyExtextension trait to get aStream``` implementation.
  • hyper-util introduces it's own error type which needs to be handled.
  • Client now has an extra generic parameter to specify the outgoing body type.
  • types used to replacement certificates in rustls have changed.
  • rustls::ClientConfig::builder usage has changed, it no longer requites the user to explicitly specify different types of "safe defaults" and now expects the user to use with_client_auth_cert instead of with_single_cert to specify the client certificate.
  • Client now requires the user to specify an executor.

If there is interest I can put together a pull request based on these patches.

plugwash avatar Jul 16 '25 02:07 plugwash