zksync-era icon indicating copy to clipboard operation
zksync-era copied to clipboard

Published 20 hours ago verified publisher icon matter-labs

Unable to vendor crates

Open haraldh opened this issue 1 year ago • 10 comments

Using current commit 6d540100aeb3fa237cb23b2f1168d82f9d8e1930:

❯ cargo vendor
error: failed to sync

Caused by:
  found duplicate version of package `bellman_ce v0.3.2` vendored from two sources:

  	source 1: https://github.com/matter-labs/bellman?branch=dev#5520aa22
  	source 2: https://github.com/matter-labs/bellman?branch=snark-wrapper#e01e5fa0

Also cargo tree -d finds a lot of duplicate dependencies.

haraldh avatar Feb 15 '24 13:02 haraldh

describe your problem in more detail

dzhamilrustamov avatar Feb 15 '24 14:02 dzhamilrustamov

The whole dependency chain is a mess... packages are referred to with the same version and name but with a different git branch. Ideally you could cargo vendor the repo to get a reproducible set of dependencies for a reproducible build.

haraldh avatar Feb 15 '24 14:02 haraldh

Recommendation: change the package name to ${orig}-${branchname} in the repos in question, or change the version.

source = "git+https://github.com/matter-labs/franklin-crypto?branch=dev#5695d07c7bc604c2c39a27712ffac171d39ee1ed"
source = "git+https://github.com/matter-labs/franklin-crypto?branch=snark_wrapper#2546c63b91b59bdb0ad342d26f03fb57477550b2"

source = "git+https://github.com/matter-labs/bellman?branch=dev#5520aa2274afe73d281373c92b007a2ecdebfbea"
source = "git+https://github.com/matter-labs/bellman?branch=snark-wrapper#e01e5fa08a97a113e76ec8a69d06fe6cc2c82d17"

I'll file a bug against these repos.

haraldh avatar Feb 15 '24 14:02 haraldh

Found a PR, which enables cargo vendor --no-merge-sources , which solves the problem... https://github.com/rust-lang/cargo/pull/13271

haraldh avatar Feb 16 '24 13:02 haraldh

Hello! We are planning to get rid of git dependencies and publish everything on crates.io. With that, the problem should be resolved.

popzxc avatar Feb 22 '24 08:02 popzxc

Hello! We are planning to get rid of git dependencies and publish everything on crates.io. With that, the problem should be resolved.

That would be the best solution ever :partying_face:

haraldh avatar Feb 22 '24 08:02 haraldh

The background here is that when the crypto team uses 1.4.1, that means protocol version 1.4.1. So pretty much as far from semver as you can be. The crates.io will at least force publishing different versions but we might consider enforcing semver.

joonazan avatar Feb 22 '24 11:02 joonazan

We will use a separate, semver-compliant versioning scheme for crates (e.g. let's say that 1.4.1 represents a "protocol" version, but all the crates will live in 0.x.y domain).

popzxc avatar Feb 22 '24 12:02 popzxc

Folks, should we close this issue, given there's a plan or we find value keeping it around?

EmilLuta avatar Mar 18 '24 18:03 EmilLuta

Up to @haraldh

popzxc avatar Mar 19 '24 06:03 popzxc