Public bug reported: My cargo-auditable implementation will cause all of a package's autopkgtests to fail under the following circumstances:
- The package opts in to cargo-auditable - The package has dev-dependencies - The version string requirement for one or more dev-dependencies does not match the version of the corresponding package in the archives (for example, it requests `libfoobar = "^1"` and the archives have `libfoobar-1.2.0`) - (And the package needs to have any autopkgtests in the first place) Although this is currently a rare case (at time of writing it is only known to happen in rust-bat [1]), as we improve our Rust supply-chain security, we hope to see more Rust packages with autopkgtests on the archives. Fortunately there is an elegant fix [2]. This bug tracks that fix. [1]: https://autopkgtest.ubuntu.com/results/autopkgtest-resolute-petrakat-cargo-auditable-prod-test/resolute/amd64/r/rust-bat/20260302_161909_561f5@/log.gz [2]: Previously I was doing a hack to get around a limitation in stable cargo. I had to create fake empty versions of all the dev-dependencies, which was error-prone. The fix is enabling the nightly feature `-Zsbom` on "stable" cargo; even though you're not "supposed" to do this, our build process already uses some nightly features on stable, so it's no more of a crime than we're already doing :] ** Affects: rustc-1.93 (Ubuntu) Importance: Undecided Assignee: Petrichor Park (petrakat) Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2143339 Title: cargo-auditable implementation sometimes causes autopkgtest failures To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rustc-1.93/+bug/2143339/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
