当 crate 既是 rust 库又是可执行文件时,是否应该提交 Cargo.lock?
Should Cargo.lock be committed when the crate is both a rust library and an executable?
我读过https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
如果我理解正确,当我将 Cargo.lock 提交到我的 crate(既是库又是可执行文件)的存储库中,并将其发布到 crates.io 时,下游 crate 将忽略它并构建它自己的快照,对吗?
我从优秀项目 ripgrep, which split's itself into several crates. For the binary crate in the root, they track Cargo.lock, but for library crates that provide functionality for the application (for example, pcre2) 中找到了最佳实践,但他们没有。
是的,依赖于您的图书馆的箱子将忽略您的 Cargo.lock。 Cargo FAQ 提供 more details:
Why do binaries have Cargo.lock in version control, but not libraries?
The purpose of a Cargo.lock is to describe the state of the world at the time
of a successful build. It is then used to provide deterministic builds across
whatever machine is building the package by ensuring that the exact same
dependencies are being compiled.
This property is most desirable from applications and packages which are at the
very end of the dependency chain (binaries). As a result, it is recommended that
all binaries check in their Cargo.lock.
For libraries the situation is somewhat different. A library is not only used by
the library developers, but also any downstream consumers of the library. Users
dependent on the library will not inspect the library’s Cargo.lock (even if it
exists). This is precisely because a library should not be deterministically
recompiled for all users of the library.
If a library ends up being used transitively by several dependencies, it’s
likely that just a single copy of the library is desired (based on semver
compatibility). If Cargo used all of the dependencies' Cargo.lock files,
then multiple copies of the library could be used, and perhaps even a version
conflict.
In other words, libraries specify semver requirements for their dependencies but
cannot see the full picture. Only end products like binaries have a full
picture to decide what versions of dependencies should be used.
我读过https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
如果我理解正确,当我将 Cargo.lock 提交到我的 crate(既是库又是可执行文件)的存储库中,并将其发布到 crates.io 时,下游 crate 将忽略它并构建它自己的快照,对吗?
我从优秀项目 ripgrep, which split's itself into several crates. For the binary crate in the root, they track Cargo.lock, but for library crates that provide functionality for the application (for example, pcre2) 中找到了最佳实践,但他们没有。
是的,依赖于您的图书馆的箱子将忽略您的 Cargo.lock。 Cargo FAQ 提供 more details:
Why do binaries have
Cargo.lockin version control, but not libraries?The purpose of a
Cargo.lockis to describe the state of the world at the time of a successful build. It is then used to provide deterministic builds across whatever machine is building the package by ensuring that the exact same dependencies are being compiled.This property is most desirable from applications and packages which are at the very end of the dependency chain (binaries). As a result, it is recommended that all binaries check in their
Cargo.lock.For libraries the situation is somewhat different. A library is not only used by the library developers, but also any downstream consumers of the library. Users dependent on the library will not inspect the library’s
Cargo.lock(even if it exists). This is precisely because a library should not be deterministically recompiled for all users of the library.If a library ends up being used transitively by several dependencies, it’s likely that just a single copy of the library is desired (based on semver compatibility). If Cargo used all of the dependencies'
Cargo.lockfiles, then multiple copies of the library could be used, and perhaps even a version conflict.In other words, libraries specify semver requirements for their dependencies but cannot see the full picture. Only end products like binaries have a full picture to decide what versions of dependencies should be used.