Closed Br1ght0ne closed 4 years ago
yaa110
commented
4 years ago Thank you for your feedback.
How can staging of Cargo.lock ease the creation of packages?
Since, a semver of M.N is used for dependencies, only different patches are used to build the binary from time to time, so no break is expected.
Br1ght0ne
commented
4 years ago @yaa110 I appreciate you asking.
This ensures that builds are 100% determistic. For example, https://github.com/NixOS/nixpkgs use Nix - a fully deterministic functional package manager. For every Rust package, all its dependencies at a specific point in time are downloaded and metadata from Cargo.lock is SHA256-hashed. This is to assure that if there are any updates to crates.io registry, SHA256 won't change and break determinism.
For nixpkgs, having Cargo.lock staged is mandatory for all packages.
If I was to add nomino to nixpkgs, I would need to maintain a separate patch for Cargo.lock.
I hope that resolves all unclear points. Thanks for writing awesome software!
yaa110
commented
4 years ago Thanks. Cargo.lock was added to repo.
If
Cargo.lockis checked intogit, it eases the creation of packages, for example, in https://github.com/NixOS/nixpkgs. Please consider checking it in. See https://doc.rust-lang.org/cargo/faq.html#why-do-binaries-have-cargolock-in-version-control-but-not-libraries