lightningcss icon indicating copy to clipboard operation
lightningcss copied to clipboard
verified publisher icon parcel-bundler

napi: fix build error in cargo-auditable

Open JohnRTitor opened this issue 1 year ago • 8 comments

As reported https://github.com/parcel-bundler/lightningcss/issues/702 when trying to build via cargo auditable build --release --lib --bin=lightningcss --features="cli" build fails with the following error.

   Compiling lightningcss v1.0.0-alpha.55 (/home/masum/Dev-Environment/lightningcss)
    Building [=======================> ] 169/171: lightningcss                            thread 'main' panicked at cargo-auditable/src/collect_audit_data.rs:77:9:
cargo metadata failure: error: Package `lightningcss-napi v0.1.0 (/home/masum/Dev-Environment/lightningcss/napi)` does not have feature `rayon`. It has an optional dependency with that name, but that dependency uses the "dep:" syntax in the features table, so it does not have an implicit feature with that name.

This patch fixes the bug and the build succeeds on cargo auditable.

JohnRTitor avatar Apr 06 '24 20:04 JohnRTitor

Should close https://github.com/parcel-bundler/lightningcss/issues/702

JohnRTitor avatar Apr 06 '24 20:04 JohnRTitor

Why would the dep for crossbeam-channel and rayon be different here? Not sure I understand the issue here.

devongovett avatar May 14 '24 04:05 devongovett

I am guessing cargo auditable does not think of "rayon" as a hard dependency thus producing this error, as you can see in the error message.

This behaviour is not observed in cargo however. We are currently using a patch on Nixpkgs to let it build by removing dep. https://github.com/NixOS/nixpkgs/commit/5af750a43a74327a3f66cc3ff427aa52f6005c32

JohnRTitor avatar May 14 '24 04:05 JohnRTitor

crossbeam-channel is also optional though

devongovett avatar May 14 '24 06:05 devongovett

I am not sure, something must have changed between the bump to 1.24.1 https://github.com/parcel-bundler/lightningcss/compare/v1.24.0...v1.24.1

JohnRTitor avatar May 14 '24 06:05 JohnRTitor

@devongovett is there a reason to hold off this PR, or is it blocked on something?

JohnRTitor avatar May 25 '24 05:05 JohnRTitor

Mainly that I don't understand the problem. AFAICT it is correct: https://doc.rust-lang.org/cargo/reference/features.html#optional-dependencies Why do you think this is wrong? I don't know what cargo-auditable is but perhaps that has a bug?

devongovett avatar May 25 '24 06:05 devongovett

cargo-auditable is a tool to store the exact versions of dependencies in rust binaries and makes it easier/possible to audit the dependency tree of rust binaries.

It is a drop-in replacement of cargo. Mainly this lets easier identification of vulnerabilities (CVEs). Nixpkgs by default uses cargo auditable to build rust binaries.

Stricter checks like these are implemented by cargo-auditable. And hence this PR. cargo auditable is compatible with cargo itself, so this change won't affect builds with cargo.

JohnRTitor avatar May 25 '24 06:05 JohnRTitor