search

dalek-cryptography / curve25519-dalek

A pure-Rust implementation of group operations on Ristretto and Curve25519
Other
853 stars 422 forks source link

Unable to introduce dependency ed25519-dalek with features `batch` and `digest` #587

Closed mick-supra closed 9 months ago

mick-supra commented 9 months ago

Attempting to add the digest feature after the batch feature fails.

Repro:

cargo init example
cd example
cargo add ed25519-dalek@2.0.0 --features batch
cargo add ed25519-dalek@2.0.0 --features digest

Output:

> cargo add ed25519-dalek@2.0.0 --features batch
    Updating crates.io index
      Adding ed25519-dalek v2.0.0 to dependencies.
             Features:
             + alloc
             + batch
             + fast
             + merlin
             + rand_core
             + std
             + zeroize
             - asm
             - digest
             - hazmat
             - legacy_compatibility
             - pem
             - pkcs8
             - serde
             - signature
>  cargo add ed25519-dalek@2.0.0 --features digest
    Updating crates.io index
      Adding ed25519-dalek v2.0.0 to dependencies.
             Features:
             + alloc
             + batch
             + digest
             + fast
             + merlin
             + rand_core
             + std
             + zeroize
             - asm
             - hazmat
             - legacy_compatibility
             - pem
             - pkcs8
             - serde
             - signature
error: failed to select a version for `signature`.
    ... required by package `ed25519 v2.2.3`
    ... which satisfies dependency `ed25519 = ">=2.2, <2.3"` (locked to 2.2.3) of package `ed25519-dalek v2.0.0`
    ... which satisfies dependency `ed25519-dalek = "^2.0.0"` (locked to 2.0.0) of package `example v0.1.0 (/home/mick/projects/ed25519-dependency-issue)`
versions that meet the requirements `^2` (locked to 2.1.0) are: 2.1.0

all possible versions conflict with previously selected packages.

  previously selected package `signature v2.0.0`
    ... which satisfies dependency `signature = ">=2.0, <2.1"` of package `ed25519-dalek v2.0.0`
    ... which satisfies dependency `ed25519-dalek = "^2.0.0"` (locked to 2.0.0) of package `example v0.1.0 (/home/mick/projects/ed25519-dependency-issue)`

failed to select a version for `signature` which could resolve this conflict
tarcieri commented 9 months ago

I'm unable to reproduce this. It's likely a conflict with another dependency in your Cargo.toml. FWIW here's an example Cargo.toml that works for me locally:

[package]
name = "example"
version = "0.1.0"

[dependencies]
ed25519-dalek = { version = "2.0.0", features = ["batch", "digest"] }

However I strongly suspect this is related to #582 and it'd be great if we could get that merged/released @rozbb

mick-supra commented 9 months ago

I can not reproduce this anymore either???

Wait, try the following:

cargo init example
cd example
cargo add ed25519-dalek@2.0.0 --features batch
cargo add ed25519-dalek@2.0.0 --features digest

If you add them one by one it fails. Deleting the lockfile and adding both simultaneously works. Updating the description.

tarcieri commented 9 months ago

If anything that sounds like a bug in cargo add.

A bit more investigation: the problem is the original resolution allowed signature v2.1.0, but adding digest currently requires a downgrade from signature 2.1.0 to 2.0.0, which cargo add refuses to perform.

582 will resolve this after we cut a release /cc @rozbb

tarcieri commented 9 months ago

Closing this as #582 is merged and this isn't really a bug in ed25519-dalek per se, but a weird edge case of cargo add