Closed stefan-vatov closed 1 year ago
Worth mentioning, searched online, I tried doing cargo update
scrapping the .lock
file or putting the 0.16.20
under [dependencies]
in the project, but none of that seemed to resolve the issue.
More than happy if there is another solution besides the dependency update :)
First time I'm hitting this problem with Rust, seems to be an interesting one with creates that have C code π
Based on Cargo.toml it should pick 0.16.20 automatically already?
From what I gather the problem is within the dependency graphs and cargo cannot resolve them.
That's odd because from Cargo POV, the current Cargo.toml and the one in the PR should identical assuming you do cargo update
.
Here is the error:
β― cargo add mongodb
Updating `<repository>` index
Adding mongodb v2.6.0 to dependencies.
Features:
+ serde_bytes
+ tokio-runtime
- async-std
- async-std-resolver
- async-std-runtime
- aws-auth
- azure-kms
- bson-chrono-0_4
- bson-serde_with
- bson-uuid-0_8
- bson-uuid-1
- flate2
- gcp-kms
- in-use-encryption-unstable
- log
- mongocrypt
- num_cpus
- openssl
- openssl-probe
- openssl-tls
- rayon
- reqwest
- snap
- snappy-compression
- sync
- tokio-openssl
- tokio-sync
- tracing
- tracing-unstable
- zlib-compression
- zstd
- zstd-compression
Updating `<repository>` index
error: failed to select a version for `ring`.
... required by package `webpki v0.22.0 (registry `<repository>`)`
... which satisfies dependency `webpki = "^0.22"` of package `tokio-rustls v0.23.2 (registry `<repository>`)`
... which satisfies dependency `tokio-rustls = "^0.23.2"` of package `mongodb v2.6.0 (registry `<repository>`)`
... which satisfies dependency `mongodb = "^2.6.0"` of package `<project> v0.1.0 (/<project>)`
versions that meet the requirements `^0.16.19` are: 0.16.20, 0.16.19
the package `ring` links to the native library `ring-asm`, but it conflicts with a previous package which links to `ring-asm` as well:
package `ring v0.16.20`
... which satisfies dependency `ring = "^0.16.5"` (locked to 0.16.20) of package `jsonwebtoken v8.3.0`
... which satisfies dependency `jsonwebtoken = "^8.3.0"` (locked to 8.3.0) of package `<internal-lib> v0.1.2 (registry `<repository>`)`
... which satisfies dependency `<internal-lib> = "^0.1.2"` (locked to 0.1.2) of package `<project> v0.1.0 (/<project>)`
Only one package in the dependency graph may specify the same links value. This helps ensure that only one copy of a native library is linked in the final binary. Try to adjust your dependencies so that only one package uses the links ='ring' value. For more information, see https://doc.rust-lang.org/cargo/reference/resolver.html#links.
failed to select a version for `ring` which could resolve this conflict
After scouring online I found a proposed way to work around it:
[patch.<repo>]
ring = "=0.16.20"
which looked like it's working for a bit, but it fails to compile the dependencies:
error[E0308]: mismatched types
--> /<projet-path>/webpki-0.22.0/src/trust_anchor.rs:95:22
|
95 | skip(tbs, der::Tag::Sequence)?; // signature.
| ---- ^^^ expected `Reader<'_>`, found `untrusted::Reader<'_>`
| |
| arguments to this function are incorrect
|
error[E0308]: mismatched types
--> /<projet-path>/webpki-0.22.0/src/trust_anchor.rs:96:22
|
96 | skip(tbs, der::Tag::Sequence)?; // issuer.
| ---- ^^^ expected `Reader<'_>`, found `untrusted::Reader<'_>`
| |
| arguments to this function are incorrect
actually problem some were in you project. You can run cargo tree and look all place where ring is coming from.
ββ /tmp
β°β$ cargo new --bin json_web_test 130 β΅
Created binary (application) `json_web_test` package
ββ/tmp
β°β$ cd json_web_test
ββ /tmp/json_web_test βΉmasterββΊ
β°β$ cargo add jsonwebtoken
Updating crates.io index
Adding jsonwebtoken v8.3.0 to dependencies.
Features:
+ pem
+ simple_asn1
+ use_pem
ββ /tmp/json_web_test βΉmasterββΊ
β°β$ cargo add mongodb
Updating crates.io index
Adding mongodb v2.6.0 to dependencies.
Features:
+ serde_bytes
+ tokio-runtime
- async-std
- async-std-resolver
- async-std-runtime
- aws-auth
- azure-kms
- bson-chrono-0_4
- bson-serde_with
- bson-uuid-0_8
- bson-uuid-1
- flate2
- gcp-kms
- in-use-encryption-unstable
- log
- mongocrypt
- num_cpus
- openssl
- openssl-probe
- openssl-tls
- rayon
- reqwest
- snap
- snappy-compression
- sync
- tokio-openssl
- tokio-sync
- tracing
- tracing-unstable
- zlib-compression
- zstd
- zstd-compression
ββ /tmp/json_web_test βΉmasterββΊ
β°β$ cargo tree
...
βββ jsonwebtoken v8.3.0
β βββ base64 v0.21.2
β βββ pem v1.1.1
β β βββ base64 v0.13.1
β βββ ring v0.16.20
....
βββ rustls v0.20.8
β βββ log v0.4.19
β βββ ring v0.16.20 (*)
β βββ sct v0.7.0
β β βββ ring v0.16.20 (*)
β β βββ untrusted v0.7.1
β βββ webpki v0.22.0
β βββ ring v0.16.20 (*)
β βββ untrusted v0.7.1
...
I resolved the problem, it was something to do with the custom registry and how it's set up π
After some debuging, it did work as you explained above (which made it that much more confusing) π
The older version of the
ring
dependency makes it impossible to use in projects with dependencies that use the current versions ofrustls
since cargo cannot satisfy thering
dependency for both.cargo test
passed locallyTried looking through https://github.com/briansmith/ring for a changelog but didn't find anything.
I'm not sure if I missed something and there is a way to determine what the changes are. Going by the version numbers, it's patches so I assumed it shoudn't be breaking changes.