crate.from_spec module extension is not reproducible #3072
Comments
|
While it would be nice to make the extension reproducible, I think the most pragmatic change is for protobuf to not force these deps on all users. I don't see how anyone should need to depend on rust googletest to use protos (much less in other languages). See also protocolbuffers/protobuf#18825 (comment) and the rest of that PR's discussion |
This should already be the case if the module extension declares itself as os/arch dependent. Does Generally speaking, I fully agree with @dzbarsky here. |
|
Ah, thank you for the link to that protobuf PR---I didn't realize that the I do agree that a very widely used library like protobuf should strive to have few and easy-to-manage dependencies, which I'll leave the issue open because ultimately making |
Following up on that specifically: I upgraded the protobuf version I depend on, and then ran |
|
The patches require a corp sign-in. Have you followed https://bazel.build/external/lockfile#automatic-resolution? Merging changes of the form ABC -> ABDC and ABC -> ABEC with regular merge logic isn't possible since it's not clear how D and E should be sorted relative to each other. The merge driver knows that sorting lexicographically is fine. |
|
Ah, sorry about the patch links, fixed! I didn't know about the merge driver. I'll give it a try. It's too bad it requires all developers to install an external dependency by hand. |
|
We could potentially make the format more mergeable by always including (empty) sections for all supported OS/arch combinations as this should solve the ordering problem. Could you try that out on your two patches? |
Protobuf uses the
crate.from_specmodule extension. Unfortunately, this extension is not reproducible. What this means in practice is that any project that uses protobuf via bzlmod and wishes to check in its lockfile must regenerate that lockfile on all OS/arch combinations it supports.This is very painful, especially because there is only one
MODULE.bazel.lockfile (rather than one per OS/arch combination, like Python requirements files), so I believe I can't simply run lockfile-updating CI jobs in parallel and then apply the git patches they generate. (I expect the patches will conflict!) Instead, I'll need to run them one at a time, and apply patches in between.I see a few possible solutions here:
crate.from_specextension.crate.from_specby specifying-minimal-version, as suggested in the comment @dzbarsky left in Mark the bzlmod extension reproducible as appropriate #2575.MODULE.bazel.lockfile updates from different OS/arch combinations can always be patched in any order (thus ensuring the patches can be generated in parallel by CI). This would be a FR for bzlmod.I'm not sure how options 1 and 2 compare in terms of difficulty, or how feasible option 3 is. Are there any better ways out of this situation?
@fmeum @Wyverald
Originally ran into this here: https://pwbug.dev/354274498#comment41
The text was updated successfully, but these errors were encountered: