如何调试我的 Cargo.lock 中存在依赖项的原因?

问题描述 投票:0回答:1

我在包含 

quinn
依赖项的项目中的 
Cargo.lock
中出现了神秘的 
request
依赖项,而我希望它由于禁用的功能而不会出现。

在示例应用程序中重现非常容易,这里我提供了重现问题的所有命令:

❯ cargo --version                                    
cargo 1.83.0 (5ffbef321 2024-10-29)

❯ cargo new reqwest-mystery                                    
    Creating binary (application) `reqwest-mystery` package
note: see more `Cargo.toml` keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

❯ cd reqwest-mystery

❯ cargo build              
   Compiling reqwest-mystery v0.1.0 (/Users/user/Developer/Local/reqwest-mystery)
    Finished `dev` profile [unoptimized + debuginfo] target(s) in 1.01s

❯ cat Cargo.lock
# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
version = 4

[[package]]
name = "reqwest-mystery"
version = "0.1.0"

❯ cargo add reqwest --no-default-features                      
    Updating crates.io index
      Adding reqwest v0.12.9 to dependencies
             Features:
             33 deactivated features
    Updating crates.io index
     Locking 104 packages to latest compatible versions
      Adding addr2line v0.24.2
      Adding adler2 v2.0.0
      Adding backtrace v0.3.74
      Adding base64 v0.22.1
      Adding bumpalo v3.16.0
      Adding bytes v1.9.0
      Adding cfg-if v1.0.0
      Adding displaydoc v0.2.5
      Adding fnv v1.0.7
      Adding form_urlencoded v1.2.1
      Adding futures-channel v0.3.31
      Adding futures-core v0.3.31
      Adding futures-task v0.3.31
      Adding futures-util v0.3.31
      Adding gimli v0.31.1
      Adding hermit-abi v0.3.9
      Adding http v1.1.0
      Adding http-body v1.0.1
      Adding http-body-util v0.1.2
      Adding httparse v1.9.5
      Adding hyper v1.5.1
      Adding hyper-util v0.1.10
      Adding icu_collections v1.5.0
      Adding icu_locid v1.5.0
      Adding icu_locid_transform v1.5.0
      Adding icu_locid_transform_data v1.5.0
      Adding icu_normalizer v1.5.0
      Adding icu_normalizer_data v1.5.0
      Adding icu_properties v1.5.1
      Adding icu_properties_data v1.5.0
      Adding icu_provider v1.5.0
      Adding icu_provider_macros v1.5.0
      Adding idna v1.0.3
      Adding idna_adapter v1.2.0
      Adding ipnet v2.10.1
      Adding itoa v1.0.14
      Adding js-sys v0.3.72
      Adding libc v0.2.167
      Adding litemap v0.7.4
      Adding log v0.4.22
      Adding memchr v2.7.4
      Adding mime v0.3.17
      Adding miniz_oxide v0.8.0
      Adding mio v1.0.2
      Adding object v0.36.5
      Adding once_cell v1.20.2
      Adding percent-encoding v2.3.1
      Adding pin-project-lite v0.2.15
      Adding pin-utils v0.1.0
      Adding proc-macro2 v1.0.92
      Adding quote v1.0.37
      Adding reqwest v0.12.9
      Adding rustc-demangle v0.1.24
      Adding ryu v1.0.18
      Adding serde v1.0.215
      Adding serde_derive v1.0.215
      Adding serde_json v1.0.133
      Adding serde_urlencoded v0.7.1
      Adding smallvec v1.13.2
      Adding socket2 v0.5.8
      Adding stable_deref_trait v1.2.0
      Adding syn v2.0.89
      Adding sync_wrapper v1.0.2
      Adding synstructure v0.13.1
      Adding tinystr v0.7.6
      Adding tokio v1.41.1
      Adding tower-service v0.3.3
      Adding tracing v0.1.41
      Adding tracing-core v0.1.33
      Adding try-lock v0.2.5
      Adding unicode-ident v1.0.14
      Adding url v2.5.4
      Adding utf16_iter v1.0.5
      Adding utf8_iter v1.0.4
      Adding want v0.3.1
      Adding wasi v0.11.0+wasi-snapshot-preview1
      Adding wasm-bindgen v0.2.95
      Adding wasm-bindgen-backend v0.2.95
      Adding wasm-bindgen-futures v0.4.45
      Adding wasm-bindgen-macro v0.2.95
      Adding wasm-bindgen-macro-support v0.2.95
      Adding wasm-bindgen-shared v0.2.95
      Adding web-sys v0.3.72
      Adding windows-registry v0.2.0
      Adding windows-result v0.2.0
      Adding windows-strings v0.1.0
      Adding windows-sys v0.52.0
      Adding windows-targets v0.52.6
      Adding windows_aarch64_gnullvm v0.52.6
      Adding windows_aarch64_msvc v0.52.6
      Adding windows_i686_gnu v0.52.6
      Adding windows_i686_gnullvm v0.52.6
      Adding windows_i686_msvc v0.52.6
      Adding windows_x86_64_gnu v0.52.6
      Adding windows_x86_64_gnullvm v0.52.6
      Adding windows_x86_64_msvc v0.52.6
      Adding write16 v1.0.0
      Adding writeable v0.5.5
      Adding yoke v0.7.5
      Adding yoke-derive v0.7.5
      Adding zerofrom v0.1.5
      Adding zerofrom-derive v0.1.5
      Adding zerovec v0.10.4
      Adding zerovec-derive v0.10.3

❯ cat Cargo.toml                         
[package]
name = "reqwest-mystery"
version = "0.1.0"
edition = "2021"

[dependencies]
reqwest = { version = "0.12.9", default-features = false }

❯ cat Cargo.lock | grep -iE quinn
  [no output]

❯ cargo add reqwest --no-default-features --features rustls-tls
    Updating crates.io index
      Adding reqwest v0.12.9 to dependencies
             Features:
             + __rustls
             + __rustls-ring
             + __tls
             + rustls-tls
             + rustls-tls-webpki-roots
             + rustls-tls-webpki-roots-no-provider
             27 deactivated features
     Locking 34 packages to latest compatible versions
      Adding autocfg v1.4.0
      Adding byteorder v1.5.0
      Adding cc v1.2.2
      Adding cfg_aliases v0.2.1
      Adding getrandom v0.2.15
      Adding hyper-rustls v0.27.3
      Adding ppv-lite86 v0.2.20
      Adding quinn v0.11.6
      Adding quinn-proto v0.11.9
      Adding quinn-udp v0.5.7
      Adding rand v0.8.5
      Adding rand_chacha v0.3.1
      Adding rand_core v0.6.4
      Adding ring v0.17.8
      Adding rustc-hash v2.0.0
      Adding rustls v0.23.19
      Adding rustls-pemfile v2.2.0
      Adding rustls-pki-types v1.10.0
      Adding rustls-webpki v0.102.8
      Adding shlex v1.3.0
      Adding slab v0.4.9
      Adding spin v0.9.8
      Adding subtle v2.6.1
      Adding thiserror v2.0.3
      Adding thiserror-impl v2.0.3
      Adding tinyvec v1.8.0
      Adding tinyvec_macros v0.1.1
      Adding tokio-rustls v0.26.0
      Adding untrusted v0.9.0
      Adding web-time v1.1.0
      Adding webpki-roots v0.26.7
      Adding zerocopy v0.7.35
      Adding zerocopy-derive v0.7.35
      Adding zeroize v1.8.1

❯ cat Cargo.toml                                               
[package]
name = "reqwest-mystery"
version = "0.1.0"
edition = "2021"

[dependencies]
reqwest = { version = "0.12.9", default-features = false, features = ["rustls-tls"] }

❯ cat Cargo.lock | grep -iE quinn                              
name = "quinn"
 "quinn-proto",
 "quinn-udp",
name = "quinn-proto"
name = "quinn-udp"
 "quinn",

我尝试使用 

cargo tree
找出如何添加依赖项 - 但 
quinn
未包含在 
cargo tree
输出中。

❯ cargo tree -e normal --no-dedupe | grep -iE quinn 
  [no output]
❯ cargo tree -e features --no-dedupe | grep -iE quinn
  [no output]
❯ cargo tree -e all --no-dedupe | grep -iE quinn
  [no output]

所以我的问题是如何正确调试依赖树?如何理解为什么特定的依赖包含在

Cargo.lock
中? 到目前为止,我发现的唯一可靠的方法是随机注释 
Cargo.toml
中的内容,以了解哪些依赖项最终包含在 
Cargo.lock
中,但必须有更好的方法。

rust dependency-management rust-cargo
1个回答
2
投票

这是 Cargo 中的一个 bug ,希望有一天它能得到修复。截至 2024 年,Cargo 会在所有功能均已启用的假设下生成锁定文件。请记住,即使包位于您的 Cargo.lock 中,也不意味着它会被编译。显然,由于许多其他原因,它可能会出现问题 - 例如,运行 cargo-audit 或类似工具的 CI 可能会报告有关您从未使用过的包的安全问题。您甚至可能会遇到因此而无法解决项目依赖关系的情况。

如果你需要找出哪个包使用了有问题的板条箱,那就有点问题了,因为它是一个错误。至少有两种方法:

  1. 看看 Cargo.lock,你可以看到它只是一个以 TOML 格式编写的简单文件,对于每个包你都可以看到它的依赖关系:
[[package]]
name = "reqwest"
version = "0.12.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a77c62af46e79de0a562e1a9849205ffcb7fc1238876e9bd743357570e04046f"
dependencies = [
 ...
 "quinn",
 ...
]
  1. 虽然 
    cargo tree
    受到该错误的影响,但 
    cargo metadata
    则不受该错误影响。您只需在 crate 根目录中运行它,它将返回一个 JSON 文件,其中包含依赖项树中使用的所有包及其依赖项。请记住,此文件可能会变得相当大,并且不适合人类可读(使用像 jq 这样的工具可能会有所帮助)。

有关更多背景信息:您可以在错误报告中阅读:

锁定文件的生成需要假设所有可能的功能都已启用。 #5133 涵盖了生成没有可选功能的锁定文件

您可能想要跟踪问题 #5133,以便在问题得到解决时收到通知。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.