I have the crates oauth2 (v4.1.0) and sqlx[json] (v0.5.5):
[dependencies]
oauth2 = "4.1.0"
sqlx = { version = "0.5.5", features = ["json"] }
When attempting to build, I am getting the following error:
error: cyclic package dependency: package `ahash v0.7.4` depends on itself. Cycle:
package `ahash v0.7.4`
... which is depended on by `hashbrown v0.11.2`
... which is depended on by `indexmap v1.7.0`
... which is depended on by `serde_json v1.0.64`
... which is depended on by `wasm-bindgen v0.2.74`
... which is depended on by `js-sys v0.3.51`
... which is depended on by `getrandom v0.2.3`
... which is depended on by `ahash v0.7.4`
This only happens when I activate the json feature flag on sqlx. How do I troubleshoot this kind of problem? Are there any workarounds to make these libs/features work together? What are the alternatives?
After trying a few things back and forth, the only solution I found, was to update the lockfile to the latest version, using:
cargo update
After that, cargo clean && cargo build worked like a charm! Seems like some older patch versions seem to have conflicts, but the changes in the Cargo.lock were too big to track down, which crate combination it was. I hope that helps anybody else!
EDIT: After more communication and searching, I got referred to an issue directly at the ahash github project: https://github.com/tkaitchuck/aHash/issues/95.
According to that, the actual official "workaround" was / is, to pin the indexmap crate to:
indexmap = "=1.6.2"
However when looking into my Cargo.lock file, it seems to work with now:
indexmap = "1.7"
Related
I've built a simple app with these dependencies:
[dependencies]
core-foundation = { version = "0.9", features = ["with-chrono"] }
With cargo 1.62.1 (a748cf5a3 2022-06-08). My platform is a Macbook Air M1 (the target might matter, not sure).
And I'm getting this error:
error: cyclic package dependency: package `chrono v0.4.21` depends on itself. Cycle:
package `chrono v0.4.21`
... which satisfies dependency `chrono = "^0.4"` of package `core-foundation v0.9.3`
... which satisfies dependency `core-foundation = "^0.9"` of package `iana-time-zone v0.1.42`
... which satisfies dependency `iana-time-zone = "^0.1.41"` of package `chrono v0.4.21`
If I clone core-foundation and build it myself using cargo build --features="with-chrono", I'm not getting any error.
Any idea how to investigate this issue?
Unfortunately, there isn't much you can do if the cyclic dependency occurs with crates you don't control. You could attempt to "fix" one of the crates by cloning and modifying it to avoid a problematic dependency and override your dependencies with the fixed version.
Your best bet is to notify the maintainers of the crates involved. If the issue only arose recently, you can try locking your dependencies to an earlier version as a workaround.
This particular issue seems to be resolved already. It likely happened when chrono added iana-time-zone as a dependency in version 0.4.21. However, the fix was for iana-time-zone to change its dependency from core-foundation to core-foundation-sys in version 0.1.45 to break the cycle.
I was reading this at the guessing game tutorial inside the rust book
Ensuring Reproducible Builds with the Cargo.lock File
Cargo has a mechanism that ensures you can rebuild the same artifact every time you or anyone else builds your code: Cargo will use only the versions of the dependencies you specified until you indicate otherwise. For example, say that next week version 0.8.4 of the rand crate comes out, and that version contains an important bug fix, but it also contains a regression that will break your code. To handle this, Rust creates the Cargo.lock file the first time you run cargo build, so we now have this in the guessing_game directory.
When you build a project for the first time, Cargo figures out all the versions of the dependencies that fit the criteria and then writes them to the Cargo.lock file. When you build your project in the future, Cargo will see that the Cargo.lock file exists and use the versions specified there rather than doing all the work of figuring out versions again. This lets you have a reproducible build automatically. In other words, your project will remain at 0.8.3 until you explicitly upgrade, thanks to the Cargo.lock file.
but didn't quite understand how cargo garantees that we have/need the correct version of a dependency. For instance, if we put in the [dependecies] rand="0.8.3" it will not exactly download the crate at this version, but the crate the match the needs of our program but it's compatible with this version(?)
Please clarify this logic!
When specifying a crate in Cargo.toml, you can give an exact version (e.g. =0.8.3) or more general indications (e.g. 0.8.*).
If you specify rand = "=0.8.3" in Cargo.toml, then cargo will take version 0.8.3 (note the extra = inside the version requirement). But if you specify rand = "*", then the first time you build your crate it will take the latest version and write this version to Cargo.lock. That way if you rebuild your crate later cargo will reuse the same version even if a new version has been published on crates.io in the meantime.
Note btw that specifying rand = "0.8.3" does not mean "exactly version 0.8.3", but instead means "any version >=0.8.3 and <0.9": link.
I'm following this tutorial here and have also looked into Rocket's official guide of setting up a web server.
I've set as default the nightly builds. But I get the following error:
error: failed to select a version for the requirement `ring = "^0.11.0"`
candidate versions found which didn't match: 0.16.11, 0.16.10, 0.16.9, ...
location searched: crates.io index
required by package `cookie v0.9.1`
... which is depended on by `rocket v0.3.6`
... which is depended on by `my-project`
Obviously there's some mismatch with the dependencies, but since ring is something required by the framework itself, I'm not sure how to debug this... furthermore, I'm using the latest versions of cargo and rust:
cargo 1.43.0-nightly (... 2020-02-18)
rustc 1.43.0-nightly (... 2020-02-21)
ring v0.11.0 was yanked from crates.io (see this issue for some background). Since some versions rocket depended on versions of ring that were yanked, those versions of rocket will no longer work.
Upgrading to rocket v0.4.0 (or the latest v0.4.2) should solve this issue.
I'm setting up a Rust server with Rocket and I'm trying to use it with a JWT library. They use different versions of the *ring* crate and I get an error during cargo build:
error: multiple packages link to native library `ring-asm`, but a native library can be linked only once
package `ring v0.12.1`
... which is depended on by `jsonwebtoken v4.0.1`
... which is depended on by `auther v0.1.0 (file:///home/drpytho/x/downloadble/auther)`
links to native library `ring-asm`
package `ring v0.11.0`
... which is depended on by `cookie v0.9.2`
... which is depended on by `rocket v0.3.6`
... which is depended on by `rocket_codegen v0.3.6`
... which is depended on by `auther v0.1.0 (file:///home/drpytho/x/downloadble/auther)`
also links to native library `ring-asm`
My Cargo.toml
[package]
name = "auther"
version = "0.1.0"
authors = ["Name <Email#mail.se>"]
[dependencies]
rocket = "0.3.6"
rocket_codegen = "0.3.6"
jsonwebtoken = "4"
serde_derive = "1"
serde = "1"
I read that you are supposed to fix the mismatching dependencies in your Cargo file, but I can't figure out how to do it.
You have to fix this by not transitively depending on different versions of crates that link to a native library.
There's no newer version of rocket available that depends on version 0.10 of cookie, which depends on ring 0.12, so you'll need to downgrade jsonwebtoken to 2.0.3.
You can work this out by checking the crates.io pages for the crates in question (like with jsonwebtoken), going back through older versions, and looking to see what dependencies it needs.
I'm facing this problem when I try to cargo build:
error: native library openssl is being linked to by more than one version of the same package, but it can only be linked once; try updating or pinning your dependencies to ensure that this package only shows up once
openssl-sys v0.6.7
openssl-sys v0.7.13
Cargo and Rust versions:
$ cargo --version
cargo 0.11.0-nightly (3ff108a 2016-05-24)
$ rustc --version
rustc 1.11.0-nightly (7746a334d 2016-05-28)
Files:
Cargo.toml
Cargo.lock
can't get why this doesn't compile and how to solve this problem.
Thank you!
The way that linking works, you can only have a single version of a native library linked, otherwise you end up with duplicate symbols. Cargo's links manifest key helps prevent you from accidentally linking to the same set of symbols twice.
To solve it, you need to read through your Cargo.lock (it's not a difficult file format to understand). Find the crates that have the offending library as a dependency and note which ones have conflicting versions.
Then you have to manually resolve your dependencies so that their dependencies use the same version of the native library.
In this case, the important aspects of the dependency chain are:
server (0.0.1) => cookie (0.2.4) => openssl (0.7.13)
=> hyper (0.6.16) => cookie (0.1.21) => openssl (0.6.7)
To fix it, modify your Cargo.toml to use the same version of cookie as hyper. Then you will implicitly get the same version of openssl.
To be honest, this is one of the roughest parts of Rust at the moment. At least this version of the "multiple different versions of the same crate" strangeness provides a straight-forward Cargo error.