New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tracking issue for RFC 1977: public & private dependencies #44663

Open
withoutboats opened this Issue Sep 17, 2017 · 13 comments

Comments

Projects
None yet
7 participants
@withoutboats
Copy link
Contributor

withoutboats commented Sep 17, 2017

This is the tracking issue for rust-lang/rfcs#1977 - public and private dependencies in cargo.

Blocking stabilization:

@Boscop

This comment has been minimized.

Copy link

Boscop commented Oct 27, 2017

Maybe it's useful to look at how this problem is approached in Haskell.
Here are some relevant slides: https://wiki.haskell.org/wikiupload/b/b4/HIW2011-Talk-Loeh.pdf

Here is an example of a subtle issue that occurs with private dependencies:

Btw, I found it through this post: http://harry.garrood.me/blog/purescript-why-bower/

@Eh2406

This comment has been minimized.

Copy link
Contributor

Eh2406 commented Mar 24, 2018

Would Rust2018 be a good opportunity to make the braking changes to Cargo.toml?

@SimonSapin

This comment has been minimized.

Copy link
Contributor

SimonSapin commented Mar 25, 2018

Maybe. Though such changes should be designed and proposed soon, have an easy migration path, and preferably only affect a minority of existing crates.

@Nemo157

This comment has been minimized.

Copy link
Contributor

Nemo157 commented Nov 29, 2018

Thought I just had related to ecosystems like futures that provide a "core" stable crate along with less stable utilities re-exported from a "facade": items from a public dependency re-exported through a private dependency should be treated as public. (This is likely how the implementation would behave anyway, but having a testcase for this would be nice). Basically how I see using a tightly coupled ecosystem like that work is that you would declare both the "facade" crate and "core" crate as dependencies, but only the "core" crate as public:

[dependencies]
futures = { version = "10.17", public = false }
futures-core = { version = "1.2", public = true }

But then, in code you would never import items from the "core" crate, instead you would simply have public APIs that return types which have been re-exported through the "facade" from the "core" crate and rely on the compiler to warn you if you accidentally use something that didn't originate in the "core" crate.

@Eh2406

This comment has been minimized.

Copy link
Contributor

Eh2406 commented Nov 29, 2018

I don't quite understand something about your example. Can you elaborate on what the Toml and the code in the futures crate look like?

@Nemo157

This comment has been minimized.

Copy link
Contributor

Nemo157 commented Nov 30, 2018

@Eh2406 the setup's a little annoying to just explain, so here's a full compiling set of example crates: https://github.com/Nemo157/rust-44663-facade-example

In this example futures-core exports a single trait Future, futures re-exports this trait from futures-core along with a "utility" Foo.

Now mylib wants to use futures, including returning some Futures from its public API. But futures itself intends to have breaking changes to update utilities, users that care about interoperability should only use types from futures-core in their public APIs. Even as new major versions of futures are released they will all link against the same version of futures-core so the underlying traits will be interoperable.

So, to have the compiler enforce this restriction the developers of mylib want to use the public/private dependencies feature, they have both futures and futures-core as dependency but only futures-core marked as public. But for ergonomics it's nicer to just use the re-exports directly from futures, instead of having to remember which parts of the API need to be imported from futures and which from futures-core.

@Aaron1011

This comment has been minimized.

Copy link
Contributor

Aaron1011 commented Dec 15, 2018

I'd like to work on this.

@Eh2406

This comment has been minimized.

Copy link
Contributor

Eh2406 commented Dec 16, 2018

Thanks for offering to work on this! @alexcrichton, do you have any mentoring advice?

I can at any time get a branch ready for the resolver part of cargo, it will be good enough to start experimentation, although not good enough to be ready to stabilize.

@alexcrichton

This comment has been minimized.

Copy link
Member

alexcrichton commented Dec 17, 2018

Sure! @Aaron1011 so this is split roughly into two features, one being rustc knowing what crates are in the "public interface" and a second being the support in Cargo's resolver to make various decisions differently. Are you interested in one of those in particular?

@Aaron1011

This comment has been minimized.

Copy link
Contributor

Aaron1011 commented Dec 17, 2018

@alexcrichton: I've started working on the rustc part in a branch: https://github.com/Aaron1011/rust/commits/feature/pub-priv-dep, and I plan to submit a (WIP) PR soon. I might also be interested in working on the cargo part as well.

@Eh2406

This comment has been minimized.

Copy link
Contributor

Eh2406 commented Dec 17, 2018

@Aaron1011 please cc me when you make that PR. I know nothing about the internals of Rust, so will be of no help, but I do want to follow the discussion.

I will redouble my efforts to get the Cargo's resolver part mergeable. I have been enjoying ( and hating ) it because it is the hardest algorithmic problem I have ever worked on. I would be happy for some help, perhaps a new perspective will get me un-stuck.

@alexcrichton

This comment has been minimized.

Copy link
Member

alexcrichton commented Dec 18, 2018

@Aaron1011 ok and it seems like you're off to a great start! I'd be up for reviewing that PR, and if you've got any questions along the way just let me know

@Aaron1011 Aaron1011 referenced this issue Jan 14, 2019

Merged

Implement public/private dependency feature #57586

4 of 4 tasks complete
@Nemo157

This comment has been minimized.

Copy link
Contributor

Nemo157 commented Jan 25, 2019

There was another usecase for this mentioned on i.rl.o, if cargo doc had a form of "local development" mode to build the documentation you care about when working on a crate, this would allow that mode to know exactly which dependencies it needs to produce the documentation for (all direct dependencies + their public dependencies).

Similarly, if you're self-hosting documentation for a crate somewhere you may want to be able to generate a documentation bundle including the crate and all its public dependencies so that it is fully self-contained.

bors added a commit that referenced this issue Feb 1, 2019

Auto merge of #57586 - Aaron1011:feature/pub-priv-dep, r=petrochenkov
Implement public/private dependency feature

Implements #44663

The core implementation is done - however, there are a few issues that still need to be resolved:

- [x] The `EXTERNAL_PRIVATE_DEPENDENCY` lint currently does notthing when the `public_private_dependencies` is not enabled. Should mentioning the lint (in an `allow` or `deny` attribute) be an error if the feature is not enabled? (Resolved- the feature was removed)
- [x] Crates with the name `core` and `std` are always marked public, without the need to explcitily specify them on the command line. Is this what we want to do? Do we want to allow`no_std`/`no_core` crates to explicitly control this in some way? (Resolved - private crates are now explicitly specified)
- [x] Should I add additional UI tests? (Resolved - added more tests)
- [x] Does it make sense to be able to allow/deny the `EXTERNAL_PRIVATE_DEPENDENCY` on an individual item? (Resolved - this is implemented)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment