From f8d67ec135de10ac16fcc0c1623c911a4783775f Mon Sep 17 00:00:00 2001 From: zimbatm Date: Sat, 24 Aug 2019 14:29:47 +0200 Subject: buildRustPackage: add verifyCargoDeps option One issue with cargoSha256 is that it's hard to detect when it needs to be updated or not. It's possible to upgrade a package and forget to update cargoSha256 and run with old versions of the program or libraries. This commit introduces `verifyCargoDeps` which, when enabled, will check that the Cargo.lock is not out of date in the cargoDeps by comparing it with the package source. --- doc/languages-frameworks/rust.section.md | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'doc') diff --git a/doc/languages-frameworks/rust.section.md b/doc/languages-frameworks/rust.section.md index 2d9338f2e89..83b7b159bd6 100644 --- a/doc/languages-frameworks/rust.section.md +++ b/doc/languages-frameworks/rust.section.md @@ -43,6 +43,7 @@ rustPlatform.buildRustPackage rec { }; cargoSha256 = "0q68qyl2h6i0qsz82z840myxlnjay8p1w5z7hfyr8fqp7wgwa9cx"; + verifyCargoDeps = true; meta = with stdenv.lib; { description = "A fast line-oriented regex search tool, similar to ag and ack"; @@ -64,6 +65,9 @@ When the `Cargo.lock`, provided by upstream, is not in sync with the added in `cargoPatches` will also be prepended to the patches in `patches` at build-time. +When `verifyCargoDeps` is set to `true`, the build will also verify that the +`cargoSha256` is not out of date by comparing the `Cargo.lock` file in both the `cargoDeps` and `src`. Note that this option changes the value of `cargoSha256` since it also copies the `Cargo.lock` in it. To avoid breaking backward-compatibility this option is not enabled by default but hopefully will be in the future. + ## Compiling Rust crates using Nix instead of Cargo ### Simple operation -- cgit 1.4.1