Open epage opened 10 months ago
From zulip:
If we sandboxed
build.rs
with wasm, and we could tell whether it did anything non-deterministic (e.g. read the target, read the time, touched the network, touched files outside the crate directory), then we could pre-run and cache the results of deterministic build scripts and ship that in the published crate.
and
If people need to mix deterministic and non-deterministic tasks in their
build.rs
, we could usemetadeps
to isolate those so we'll know which are deterministic and drop their parts of the dependency tree from even running.
This needs an RFC anyway.
A
publish.rs
that runs likebuild.rs
during local development
Alternatively, don't run arbitrary Rust code. Instead provides a set of predefined declarative instructions, so we never require a sandboxed environment. I don't know how it would look like though, given people do weird things during code generations.
Yes, this would require an RFC. I just wanted a place to capture this thought until one is written.
Alternatively, don't run arbitrary Rust code. Instead provides a set of predefined declarative instructions, so we never require a sandboxed environment. I don't know how it would look like though, given people do weird things during code generations.
-sys
crates would like a word... the build.rs
of -sys
crates can get very complicated, there's just so much logic to capture depending on the environment.
I can sandboxing the execution (whether with WASM or not), but creating a declarative language to build the native dependencies is a pipe dream.
Problem
When code-generation happens within
build.rs
or proc macros,Proposed Solution
A
package.rs
that runs likebuild.rs
during local development but the output gets captured oncargo publish
and it, along with its dependencies, are droppedIf this were combined with a .crate differ on crates.io, it would be easy for dependents (or even package maintainers) to audit the results.
Notes
Past discussions
package.rs
script to reduce build dependencies of published crates"Alternatives
Cases not covered:
build.rs
or a proc macro still has to deal with arbitrary code execution and not easily seeing what gets generatedComplications