search

chronotope / chrono

Date and time library for Rust
Other
3.28k stars 518 forks source link

v0.4.21 patch upgrade breaks SGX builds #770

Closed nhynes closed 1 year ago

nhynes commented 2 years ago

chrono v0.4.21 introduces a new default feature clock which transitively pulls in iana-time-zone, which doesn't build on SGX. This PATCH version upgrade has caused a sever-incompatible change on the SGX target (and others for which iana-time-zone doesn't work).

I would suggest:

  1. yanking v0.4.21
  2. publishing v0.5.0 with the new feature+transitive dep

Until then, essentially all users of the SGX target via core crates such as mbedtls will need to carefully manage lockfiles, which isn't super fun.

https://github.com/chronotope/chrono/pull/767 thankfully fixes the problem. Hopefully the new patch version gets through okay.

rdeaton commented 2 years ago

This release also introduces a cyclic dependency. The following in Cargo.toml is sufficient to reproduce:

[dependencies]
core-foundation = { version = "0.9", features = ["with-chrono"] }
error: cyclic package dependency: package `chrono v0.4.21` depends on itself. Cycle:
package `chrono v0.4.21`
    ... which satisfies dependency `chrono = "^0.4"` of package `core-foundation v0.9.3`
    ... which satisfies dependency `core-foundation = "^0.9"` of package `iana-time-zone v0.1.42`
    ... which satisfies dependency `iana-time-zone = "^0.1.41"` of package `chrono v0.4.21
esheppa commented 2 years ago

Thanks for the report @nhynes and @rdeaton - and apologies for the breakage. It looks like we have a few options here:

djc commented 2 years ago

Sorry for the regression!

It seems like 0.4.20 would also be broken on SGX, and I don't think we're going to yank both -- and I'm guessing the audience for whom 0.4.21 improves things is much larger than the audience for whom it makes things worse. In this case I think we should just get a 0.4.22 out as soon as possible.

pitdicker commented 1 year ago

We are now at 0.4.26, this can be closed?