Stabilize Cargo's weak-dep-features and namespaced-features. #3143
Conversation
ehuss
added
the
T-cargo
|
Looks good. What version of cargo/rust onwards would this be stabilized? |
ehuss
force-pushed
the
cargo-weak-namespaced-features
branch
from
45164dd
to
7914438
Compare
|
It depends how long it takes for the RFC to be accepted. The team is on board with moving forward with this, so it just depends on what kind of feedback the RFC generates. EDIT: It also depends on the final implementation side. crates.io will need to be updated, for example. |
|
cc @rust-lang/crates-io, this will require some small changes on the crates.io side (which I'm fine with implementing). |
| This was pursued in [PR #9111](https://github.com/rust-lang/cargo/pull/9111), but it was considered not necessary. | ||
| [crates.io] is the only registry that can support older versions of Cargo. | ||
| Other registries that don't support the new syntax may reject publishing with the new syntax (if they perform validation), or they may accept it (if the don't validate), in which case it should just work. | ||
| The `"v"` field addition is only necessary for Cargo's older than 1.51, and most use cases of other registries are generally expected to have stricter control over which versions of Cargo are in use. |
There was a problem hiding this comment.
As I understand it, this description of the "v" field is backwards. Cargo older than 1.51 will process all index entries, even if that may result in errors or unexpected behavior.
There was a problem hiding this comment.
Indeed, that was backwards. I tried to fix it, though the explanation is still a little awkward.
|
Thanks for the ping @ehuss. The only concern I have is regarding support for older versions of cargo. As I understand it, it seems like this would split the ecosystem into 3 tiers:
For the last 2 bullet points, the reference section does state "older versions will ignore the "features2" field, allowing them to behave correctly assuming there is a To provide some data for versions of cargo currently in the wild, I've gone through the last 48 hours of request logs on crates.io (with the vast majority of requests being to the download endpoint). A few notes about the results:
In the chart below, I've dropped the blank user agents so that the pattern of known cargo versions is more visible:
As I understand it, 1.47 is the minimum supported rustc version for current Firefox stable. I know that Ubuntu has backported this version to LTS distros for this reason. Strangely, while the deb package is versions as Raw data tableResults of searching logs from the last 48 hours for strings of the form
|
|
Thanks for digging in!
They won't work correctly. In order to use a Versions from 1.51 to whenever this is stabilized will still be allowed to run Versions before 1.51 running It is recommended that package authors only start using the new syntax if they are OK with setting their minimum supported version to when this is stabilized. They may also consider only doing that as a semver-major release if they do not want to disrupt users from 1.50 or older. Does that maybe help clarify? It is quite surprising that so many requests are missing a user agent. It might be nice to understand where all that traffic is coming from. I'm not aware of any of the major CI providers stripping headers or proxying the registry. I'm also a bit surprised that 1.54 has so much traffic. I would assume beta traffic is close to zero, and I thought there were significantly fewer nightly users than stable ones. I wonder if that is maybe skewed due to the incremental compilation issue driving people to nightly? The nightly version number should update within a few days. |
|
I must admit I don't like the asymmetry of the weak deps syntax. [features]
std = ["serde?/std"]This might be instead written: [features]
"and(serde, std)" = ["serde/std"]
# or we could do full `cfg(and(feature = "serde", feature = "std"))` like with `[target]`which makes clear its not that "std is the strong one, serde is the weak one" or any silliness like that, but simply that "the combination of these features depends on these additional things", which puts I think my syntax also more expressive. In this example, the downstream crate supports 2 axes of features, whereas the upstream crate only support a single coarser combined feature: [features]
"and(some-dep, alloc, net)" = ["some-dep/bells-and-whistles"]In this example, we simply want an additional (non-optional) dep to support the combination of features: [features]
"and(alloc, net)" = ["dep:extra-thing-we-want"]I don't think these are expressible with today's syntax, even though they are hardly different semantically. If we would need my |
|
@Ericson2314 Thanks for the feedback! Overall I think we would like to avoid getting into a more generalized expression syntax, just to keep it relatively simple and tractable. There will definitely be situations where this RFC won't be able to cover every use case. Do you have some real-world examples that could benefit from having more complex combinations? I'm having a hard time understanding exactly how that would be used. Also, just to set your expectations, I think employing a large scale change in the way these conditional features are expressed is unlikely to make progress here on this RFC. This is intended to be a small-scale, incremental step forward which resolves a particular issue (where |
SQLx and a few other libraries have Cargo features for async runtimes & TLS backends. Ideally there would be separate |
|
I have opened #3146 which also happens to use this I was not aware of @jplatte's example, and was just thinking through the problem in the abstract. What a pleasant surprise!
I don't want to diminish the great work you've done with Cargo, @ehuss, and I appreciate the honesty, but I also think stabilizing a feature because of one person's (volunteer?) bandwidth constraints should raise a very visible red flag to the Rust community at large. Moreover, I think this is emblematic of a longstanding problem where Cargo's design has been under-budgeted. Lacking the capacity to do more, it seems we are often scatching just the most irksome itches, and doing so with solutions that due to those resource constraints can't help but be somewhat incremental and ad-hoc. I'm a firm believe in the Scheme slogan "Programming languages should be designed not by piling feature on top of feature, but by removing the weaknesses and restrictions that make additional features appear necessary". Moreover, I think it's not just a good design principle in the abstract, but an economic one. To wit, if we did the
Of course, there is no real limit for that Scheme principle of up-front design investment and it could be taken to far, but the current gap between the care Rust's potential features receive vs Cargo's indicates to me that merely narrowing the gap will be safe. There is an initial upfront cost in doing extra work like this I fully admit, but if we can muster it I believe it will pay itself off quite quickly. I would love to solve this resourcing problem in a way that doesn't asking more of the existing maintainers! |
I still think we need to stabilize this before discussing the next steps for evolving this. AFAIK quite a few libraries are encountering this issue in particular for a long time. |
|
To be clear, migrating the implementation to my more general construct I'd estimate as, roughly, a good day's work pair programming to get an initial PR. It's not a huge undertaking. Of course, migrating the ecosystem would take longer, but people should not adopt unstable features and then expect them not to change. The weak deps feature is only 8 months old (by it's tracking issue). Of course, the problem is older, and the goal is good, so that will build anticipation. Waiting a little bit longer is annoying, but being extra careful about design is, again, the sort of things that avoids these problems in the first place. |
|
Replying above got me curious. This is the heart of the refactor:
I've there is no turn-key |
|
It is not enough to implement it. It needs to go through the RFC process, thoroughly discussed/vetted, implemented as unstable feature and then stabilized. All of which will take time. |
|
@pksunkara the last one didn't require an RFC to land as an unstable feature. Nevermind this specific case at hand. If alternative designs come up in general that aren't hard to implement, we should be able to "run the experiment" creating the unstable feature and allowing the community to try it out in short order. It wouldn't be hard to then change this RFC while it is still a PR to go with the alterative.
Fundamentally these are important steps and yes we shouldn't cut them short. But in bringing up alternatives I am helping discussed/vetted the original. Saying we should cut back on the discussing/vetting the original because discussing/vetting an alliterative would take too long is just odd. |
|
I am sympathetic to the need for a more expressive way of expressing feature relations (I think I've mentioned Gentoo's So yes, while I somewhat agree that it would be good to have a more powerful system for expressing feature relations, I think @Ericson2314's proposal itself is also too incremental, in the sense that it doesn't work from first principles to come up with a good design, but sort of stuffs one particular feature into the existing design in a way that's a pretty bad fit. If you want to come up with a more flexible, expressive design, I think that would be great, but at this point that should probably start as an internals pre-RFC. While the last feature (or really, combination of features) did not require an RFC (although even at the time I argued for namespaced-features that it might make sense to do an RFC), that is also different because they're incremental feature that fit in well with the current design. If you're proposing to move the feature system into a different direction (which, again, I would be enthousiastic about), I think that deserves more upfront discussion (in part, as a way to unburden the Cargo team). |
|
@djc Is not See also my #3146 I linked which needs the same I do agree that the fact we're stuffing a programming language in TOML has been an syntactic disaster, but trying change course there will unleash the mother of all bikeshedding. I don't personally want to spend time on that. My syntax may be new, but so is the |
|
It's not the The The design of both is conceptually incremental, but to me your proposed syntax is much more alien. |
|
What about [[feature-combinations]]
if_all = [ "feat0", "feat1" ]
then = ... # RHS as before? We loose TOML insuring the keys are unique, but we get a way out of abusing strings in return. I am still wary of what I feel is bike-shedding syntax, but in the hopes that something like this is good enough to get us back to discussing semantics, I'll propose alternatives. |
|
Like your proposal in #3146, that would depend on adding a whole different section to Overall I (again) totally agree the use case is real, but none of the proposals so far seem convincing to me, which makes me all the more convinced we should stabilize weak dependencies now which will at least make this problem that much more tractable across the ecosystem, at the cost of some verbosity/boilerplate. A different solution to the verbosity/boilerplate should seek to attack that problem, not try to move it around, which I feel @Ericson2314's proposals are leaning towards. |
|
@djc I am having a hard time responding to your points. I feel like on one, big changes you say are too complex, and on the other other, smaller not but insignificant changes trying to "blend in" with existing syntax you find too awkward. I feel like you are therefore ruling out the all but the tiniest incremental steps, like the single-character In general, I have find trying to propose ideas for Cargo over the years very frustrating because I feel the overtone window is so narrow, more so than Rust itself. The irony to me is that programming languages itself had similar problems, where on one hand we need to standardize our intuitions over smaller more principled languages, but on the other hand, we have an obligation to continue to support existing programs. The solution was "core languages", where all the existing features in the "surface syntax" are supported, but desugared into the core langauge. This may or may not be done in the implementations (error messages complicate wanting to loose the original representation as quickly as possible), but if even if it doesn't, it provides the community with some agreed upon ways to think about myriad features and how they fit together, as opposed to everyone developing their own intractable intuition. Rust has this with MIR, and Chalk. I think we really need that for Cargo, to take a step back from worrying about what the
I hope per that @djc we could actually agree. And yes that step is certainly off-topic for here, so I will open an internals post for it. I've done that https://internals.rust-lang.org/t/a-core-language-for-cargo/15033 |
|
Thanks everyone for the feedback! I'm going to move forward with FCP, as the team has been discussing this, and would like to proceed in this direction. I understand that there are use cases that the feature system is not able to cover, and I think those can be explored with other RFCs or community discussions. @rfcbot fcp merge |
|
Team member @ehuss has proposed to merge this. The next step is review by the rest of the tagged team members: No concerns currently listed. Once a majority of reviewers approve (and at most 2 approvals are outstanding), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up! See this document for info about what commands tagged team members can give me. |
rfcbot
added
proposed-final-comment-period
|
🔔 This is now entering its final comment period, as per the review above. 🔔 |
rfcbot
removed
the
proposed-final-comment-period
rfcbot
added
finished-final-comment-period
|
The final comment period, with a disposition to merge, as per the review above, is now complete. As the automated representative of the governance process, I would like to thank the author for their work and everyone else who contributed. The RFC will be merged soon. |
ehuss
force-pushed
the
cargo-weak-namespaced-features
branch
from
7c41ed0
to
b120b56
Compare
|
Huzzah! The @rust-lang/cargo team has decided to accept this RFC. To track further discussion, subscribe to the tracking issues here: |
feat: Import cargo-add into cargo ### Motivation The reasons I'm aware of are: - Large interest, see #5586 - Make it easier to add a dependency when you don't care about the version (instead of having to find it or just using the major version if thats all you remember) - Provide a guided experience, including - Catch or prevent errors earlier in the process - Bring the Manifest format documentation into the terminal via `cargo add --help` - Using `version` and `path` for `dependencies` but `path` only for `dev-dependencies` (see crate-ci/cargo-release#288 which led to killercup/cargo-edit#480) ### Drawbacks 1. This is another area of consideration for new RFCs, like rust-lang/rfcs#3143 (this PR supports it) or rust-lang/rfcs#2906 (implementing it will require updating `cargo-add`) 2. This is a high UX feature that will draw a lot of attention (ie Issue influx) e.g. - killercup/cargo-edit#521 - killercup/cargo-edit#126 - killercup/cargo-edit#217 We've tried to reduce the UX influx by focusing the scope to preserving semantic information (custom sort order, comments, etc) but being opinionated on syntax (style of strings, etc) ### Behavior Help output <details> ```console $ cargo run -- add --help cargo-add [4/4594] Add dependencies to a Cargo.toml manifest file USAGE: cargo add [OPTIONS] <DEP>[`@<VERSION>]` ... cargo add [OPTIONS] --path <PATH> ... cargo add [OPTIONS] --git <URL> ... ARGS: <DEP_ID>... Reference to a package to add as a dependency OPTIONS: --no-default-features Disable the default features --default-features Re-enable the default features -F, --features <FEATURES> Space-separated list of features to add --optional Mark the dependency as optional -v, --verbose Use verbose output (-vv very verbose/build.rs output) --no-optional Mark the dependency as required --color <WHEN> Coloring: auto, always, never --rename <NAME> Rename the dependency --frozen Require Cargo.lock and cache are up to date --manifest-path <PATH> Path to Cargo.toml --locked Require Cargo.lock is up to date -p, --package <SPEC> Package to modify --offline Run without accessing the network --config <KEY=VALUE> Override a configuration value (unstable) -q, --quiet Do not print cargo log messages --dry-run Don't actually write the manifest -Z <FLAG> Unstable (nightly-only) flags to Cargo, see 'cargo -Z help' for details -h, --help Print help information SOURCE: --path <PATH> Filesystem path to local crate to add --git <URI> Git repository location --branch <BRANCH> Git branch to download the crate from --tag <TAG> Git tag to download the crate from --rev <REV> Git reference to download the crate from --registry <NAME> Package registry for this dependency SECTION: --dev Add as development dependency --build Add as build dependency --target <TARGET> Add as dependency to the given target platform EXAMPLES: $ cargo add regex --build $ cargo add trycmd --dev $ cargo add --path ./crate/parser/ $ cargo add serde serde_json -F serde/derive ``` </details> Example commands ```rust cargo add regex cargo add regex serde cargo add regex@1 cargo add regex@~1.0 cargo add --path ../dependency ``` For an exhaustive set of examples, see [tests](https://github.com/killercup/cargo-edit/blob/merge-add/crates/cargo-add/tests/testsuite/cargo_add.rs) and associated snapshots Particular points - Effectively there are two modes - Fill in any relevant field for one package - Add multiple packages, erroring for fields that are package-specific (`--rename`) - Note that `--git` and `--path` only accept multiple packages from that one source - We infer if the `dependencies` table is sorted and preserve that sorting when adding a new dependency - Adding a workspace dependency - dev-dependencies always use path - all other dependencies use version + path - Behavior is idempotent, allowing you to run `cargo add serde serde_json -F serde/derive` safely if you already had a dependency on `serde` but without `serde_json` - When a registry dependency's version req is unspecified, we'll first reuse the version req from another dependency section in the manifest. If that doesn't exist, we'll use the latest version in the registry as the version req ### Additional decisions Accepting the proposed `cargo-add` as-is assumes the acceptance of the following: - Add the `-F` short-hand for `--features` to all relevant cargo commands - Support ``@`` in pkgids in other commands where we accept `:` - Add support for `<name>`@<version>`` in more commands, like `cargo yank` and `cargo install` ### Alternatives - Use `:` instead of ``@`` for versions - Flags like `--features`, `--optional`, `--no-default-features` would be position-sensitive, ie they would only apply to the crate immediate preceding them - This removes the dual-mode nature of the command and remove the need for the `+feature` syntax (`cargo add serde -F derive serde_json`) - There was concern over the rarity of position-sensitive flags in CLIs for adopting it here - Support a `--sort` flag to sort the dependencies (existed previously) - To keep the scope small, we didn't want general manifest editing capabilities - `--upgrade <POLICY>` flag to choose constraint (existed previously) - The flag was confusing as-is and we feel we should instead encourage people towards `^` - `--allow-prerelease` so a `cargo add clap` can choose among pre-releases as well - We felt the pre-release story is too weak in cargo-generally atm for making it first class in `cargo-add` - Offer `cargo add serde +derive serde_json` as a shorthand - Infer path from a positional argument ### Prior Art - *(Python)* [poetry add](https://python-poetry.org/docs/cli/#add) - `git+` is needed for inferring git dependencies, no separate `--git` flags - git branch is specified via a URL fragment, instead of a `--branch` - *(Javascript)* [yarn add](https://yarnpkg.com/cli/add) - `name@data` where data can be version, git (with fragment for branch), etc - `-E` / `--exact`, `-T` / `--tilde`, `-C` / `--caret` to control version requirement operator instead of `--upgrade <policy>` (also controlled through `defaultSemverRangePrefix` in config) - `--cached` for using the lock file (killercup/cargo-edit#41) - In addition to `--dev`, it has `--prefer-dev` which will only add the dependency if it doesn't already exist in `dependencies` as well as `dev-dependencies` - `--mode update-lockfile` will ensure the lock file gets updated as well - *(Javascript)* [pnpm-add](https://pnpm.io/cli/add) - *(Javascript)* npm doesn't have a native solution - Specify version with ``@<version>`` - Also overloads `<name>[`@<version>]`` with path and repo - Supports a git host-specific protocol for shorthand, like `github:user/repo` - Uses fragment for git ref, seems to have some kind of special semver syntax for tags? - Only supports `--save-exact` / `-E` for operators outside of the default - *(Go)* [go get](https://go.dev/ref/mod#go-get) - Specify version with ``@<version>`` - Remove dependency with ``@none`` - *(Haskell)* stack doesn't seem to have a native solution - *(Julia)* [pkg Add](https://docs.julialang.org/en/v1/stdlib/Pkg/) - *(Ruby)* [bundle add](https://bundler.io/v2.2/man/bundle-add.1.html) - Uses `--version` / `-v` instead of `--vers` (we use `--vers` because of `--version` / `-V`) - `--source` instead of `path` (`path` correlates to manifest field) - Uses `--git` / `--branch` like `cargo-add` - *(Dart)* [pub add](https://dart.dev/tools/pub/cmd/pub-add) - Uses `--git-url` instead of `--git` - Uses `--git-ref` instead of `--branch`, `--tag`, `--rev` ### Future Possibilities - Update lock file accordingly - Exploring the idea of a [`--local` flag](killercup/cargo-edit#590) - Take the MSRV into account when automatically creating version req (killercup/cargo-edit#587) - Integrate rustsec to report advisories on new dependencies (killercup/cargo-edit#512) - Integrate with licensing to report license, block add, etc (e.g. killercup/cargo-edit#386) - Pull version from lock file (killercup/cargo-edit#41) - Exploring if any vendoring integration would be beneficial (currently errors) - Upstream `cargo-rm` (#10520), `cargo-upgrade` (#10498), and `cargo-set-version` (in that order of priority) - Update crates.io with `cargo add` snippets in addition to or replacing the manifest snippets For more, see https://github.com/killercup/cargo-edit/issues?q=is%3Aissue+is%3Aopen+label%3Acargo-add ### How should we test and review this PR? This is intentionally broken up into several commits to help reviewing 1. Import of production code from cargo-edit's `merge-add` branch, with only changes made to let it compile (e.g. fixing up of `use` statements). 2. Import of test code / snapshots. The only changes outside of the import were to add the `snapbox` dev-dependency and to `mod cargo_add` into the testsuite 3. This extends the work in #10425 so I could add back in the color highlighting I had to remove as part of switching `cargo-add` from direct termcolor calls to calling into `Shell` Structure-wise, this is similar to other commands - `bin` only defines a CLI and adapts it to an `AddOptions` - `ops` contains a focused API with everything buried under it The "op" contains a directory, instead of just a file, because of the amount of content. Currently, all editing code is contained in there. Most of this will be broken out and reused when other `cargo-edit` commands are added but holding off on that for now to separate out the editing API discussions from just getting the command in. Within the github UI, I'd recommend looking at individual commits (and the `merge-add` branch if interested), skipping commit 2. Commit 2 would be easier to browse locally. `cargo-add` is mostly covered by end-to-end tests written using `snapbox`, including error cases. There is additional cleanup that would ideally happen that was excluded intentionally from this PR to keep it better scoped, including - Consolidating environment variables for end-to-end tests of `cargo` - Pulling out the editing API, as previously mentioned - Where the editing API should live (`cargo::edit`?) - Any more specific naming of types to reduce clashes (e.g. `Dependency` or `Manifest` being fairly generic). - Possibly sharing `SourceId` creation between `cargo install` and `cargo edit` - Explore using `snapbox` in more of cargo's tests Implementation justifications: - `dunce` and `pathdiff` dependencies: needed for taking paths relative to the user and make them relative to the manifest being edited - `indexmap` dependency (already a transitive dependency): Useful for preserving uniqueness while preserving order, like with feature values - `snapbox` dev-dependency: Originally it was used to make it easy to update tests as the UX changed in prep for merging but it had the added benefit of making some UX bugs easier to notice so they got fixed. Overall, I'd like to see it become the cargo-agnostic version of `cargo-test-support` so there is a larger impact when improvements are made - `parse_feature` function: `CliFeatures` forces items through a `BTreeSet`, losing the users specified order which we wanted to preserve. ### Additional Information See also [the internals thread](https://internals.rust-lang.org/t/feedback-on-cargo-add-before-its-merged/16024). Fixes #5586
This proposes to stabilize the weak-dep-features and namespaced-features.
Rendered