Closed repi closed 2 years ago
Global/all-package configuration is something I've largely wanted to avoid tbh; as it stands, you could run cargo install-update-config --enforce-lock $pkg
for all pkg in installed crates, or run as CARGO_INSTALL_OPTS=--locked cargo install-update -a
.
The ergonomics of this are, again, questionable, but [insert last paragraph of #192].
ah didn't know you could set CARGO_INSTALL_OPTS=--locked
, that should solve my local use case of upgrading packages either directly with cargo install-update -a
or through topgrade
(which uses it). will try it out.
I do think in general that this ultimately should be the default (also in Cargo) as it is safer and more expected to build with tested dependencies rather than latest available. But being able to use this and start testing with this should solve this specific issue. thx!
can confirm it worked!
for example here was cargo-crev
building with its, no so great, Cargo.lock
file:
Updating cargo-crev
Updating crates.io index
Installing cargo-crev v0.23.3
warning: package `cpufeatures v0.2.2` in Cargo.lock is yanked in registry `crates-io`, consider running without --locked
warning: package `iana-time-zone v0.1.44` in Cargo.lock is yanked in registry `crates-io`, consider running without --locked
warning: package `pest v2.2.1` in Cargo.lock is yanked in registry `crates-io`, consider running without --locked
warning: package `pest_derive v2.2.1` in Cargo.lock is yanked in registry `crates-io`, consider running without --locked
warning: package `pest_generator v2.2.1` in Cargo.lock is yanked in registry `crates-io`, consider running without --locked
warning: package `pest_meta v2.2.1` in Cargo.lock is yanked in registry `crates-io`, consider running without --locked
So they are built with the exact versions of the dependencies that they have been tested on with their
Cargo.lock
(if they have one, which executables should have).Saw there is an
enforce_lock
setting and ancargo install-update-config --enforce-lock
command but unsure how to use this so the commandcargo install-update -a
would build all upgraded executables withcargo build --locked
.Somewhat related Cargo issue: https://github.com/rust-lang/cargo/issues/7169, though while it is an issue that
cargo install xx
doesn't build it with--locked
,cargo install xx --locked
is supported.