Any chance for a review? We can discuss also the convenience of this approach too.

Hey Alberto,

First of all, thank you for taking time to work on this project and sending this PR :)

I wanted to test this on Zola, but this did not really work. I guess because you have done this only for provides and not for requires.

Can we also extend this to requires/buildrequires? Basically one thing I would love to see is support for workspaces.

Regarding the bundled provides, I think what you have described in here is good enough and can be improved later. Obviously the problem would be if you do %cargo_install and then mv /usr/bin/foo /usr/libexec/foo-init and then pass this thing.. We do that for stratisd, for instance. Also, the features are not going to be propagated (e.g. if you build binary with --no-default-features, the code will still look for default features).

At this point I start to think we need to design some format which would say which binaries to build, in which format and with which features as part of rust2rpm.conf so that inspector could take advantage of this.

That said, I like the idea (though I did not have time to look into the code, hopefully this weekend I will) and I would like to make workspaces handling better as part of this PR. If you will make zola.spec to build with support of workspace/path dependencies, it would be great.

Igor, thanks a lot for making an effort and reviewing this PR that comes from no-where, to support a couple of features that were never discussed : ))

I wanted to test this on Zola, but this did not really work. I guess because you have done this only for provides and not for requires.
Can we also extend this to requires/buildrequires?

Oh I get lost. The last commit only makes sense for Provides no? When vendoring the binary will contain libraries that are Provides: bundled(). This only makes sense when there is a binary in the package, not for crates / libraries. So in the binary, there is not requires anymore, and because is vendored, no buildrequires neither. Is this correct?

The case of use that I have in mind is like this one:

https://build.opensuse.org/package/show/home:firstyear:kanidm/kanidm

The developer decided for a first iteration to provide a vendor.tgz as part of the project. The script will takes care of not publishing any bundled(crates()) if there is not a vendor directory in the BUILD project.

Basically one thing I would love to see is support for workspaces.

This is the first commit. This is an easy hack: take the workspace information and iterate over the different Cargo.toml that compose it. Do you think that we can do more?

Regarding the bundled provides, I think what you have described in here is good enough and can be improved later.

Obviously the problem would be if you do %cargo_install and then mv /usr/bin/foo /usr/libexec/foo-init and then pass this thing..

Ouch! Indeed, the binary will not be found. Very good point. No idea how can I track this ...

We do that for stratisd, for instance.

Do you think that there is a clean fix for this?

Also, the features are not going to be propagated (e.g. if you build binary with --no-default-features, the code will still look for default features).

I need to learn about this. IIUC this will not enable de default feature, but still your Cargo.toml can require packages with some features enabled.

But you are right, cargo build can have this --no-default-features enabled, but my call to manifest is always without this parameter. Again, not sure how to detect that.

Another problem that I see is that the metadata is giving me the resolved dependencies for all the project, not for the sub-workspace that generate this binary. In other words: cargo metadata --manifest-path sub-workspace/Cargo.toml is giving me the same output from cargo metadata --manifest-path another-sub-workspace/Cargo.toml

At this point I start to think we need to design some format which would say which binaries to build, in which format and with which features as part of rust2rpm.conf so that inspector could take advantage of this.

This can be an interesting idea. Are you suggesting that some magic %cargo_build macro will track the compilation options to this file, so cargo-inspect that have later this info?

That said, I like the idea (though I did not have time to look into the code, hopefully this weekend I will) and I would like to make workspaces handling better as part of this PR. If you will make zola.spec to build with support of workspace/path dependencies, it would be great.

I will check!

@ignatenkobrain sorry for the delay, a Christmas holiday crossed in my way. I extended the PR to support workspaces for non-virtual crates like Zola.

I am worried that the refactor is a bit big, but the current test coverage very low, so I do not know what I am breaking.

@ignatenkobrain did you have a chance to test the new code?

@aplanas So this looks mostly fine, but how do we handle license tag generation now? We need "license math" for all the dependencies factored in.

This has been confirmed to be a requirement in one package by @spot already.

@aplanas So this looks mostly fine, but how do we handle license tag generation now? We need "license math" for all the dependencies factored in.

Very good point. I will address this in this same PR.

In [2]: issubclass(KeyboardInterrupt, Exception)
Out[2]: False

hm?

@aplanas The code seems to be fine except of small comment above...

Oh, and btw -- I think it does not ignore dev-dependencies when generating bundled provides. Or did I misunderstand that part?

In [2]: issubclass(KeyboardInterrupt, Exception)
Out[2]: False
hm?

Good catch. Both are from BaseException, so we need to be explicit. I will update.

@aplanas The code seems to be fine except of small comment above...
Oh, and btw -- I think it does not ignore dev-dependencies when generating bundled provides. Or did I misunderstand that part?

I need to check, but this can be true.

I need to check, but this can be true.

If you can make it to ignore them, would be cool. The devel stuff should not leak into the resulting binary license / provides.

Can you please remove those bits from the patch? They are not relevant, and make both the patch and the resulting code harder to read.

Sorry for the review in bits and pieces. Pagure unfortunately isn't suited to anything except the most trivial reviews. I'll just write my comments here in a single comment. I hope that'll be easier to read.

I think the first patch should just be dropped. The formatting changes are for the worse, and the change to exception handling introduces a bug.

 -             for f in features:
+             data.extend(md.provides(f) for f in features)

Not terribly important, but this is O(n²). Maybe data += [md.provides(f) for f in features]?

+ for line in sorted({d for dat in data for d in str(dat).splitlines()}): 

Hmm, that looks very iffy. I assume the set is there to remove duplication. OK, great, so why not use a set from the beginning? Also, you first join lines into a string and then split them... Please just don't join them in the first place, but extend the list (or set preferably) with separate items.

+         if not members:
+             members = [path]
+         for member in members:

Maybe for member in (members or [path]): ?

def _go_to_top_cargo_toml(source_path, path):
   ...

That isn't nice. Please just make the code work relative to a specified directory. Jumping around like this only make sense in an interactive shell, and not in library code which should never modify any global state.

 dependencies = []
 for ... in ...:
    dependencies.append(...)

Please use a list comprehension.

 +     files = [_cargo_toml(args.path, f.rstrip()) for f in files] 

Why this chunk?

"Force print vendoring provides"
– that's not clear at all.

"Path where the source project is living"
– "Path to the source project" ?

 +         if not output.returncode:
+             manifest = json.loads(output.stdout)

So... if there's an error, this just silences it and returns an empty manifest. Sorry, but proper error handling needs to be implemented.

 +         f = f.rstrip() 

Why this line? Is something feeding badly formatted data?

+         mds = Metadata.from_file(f)
+         if isinstance(mds, list):
+             for md in mds:
+                 process_metadata(md)
+         else:
+             process_metadata(mds)

from_file() should just return a list.

 +                 return [
+                     cls.from_json(Metadata.manifest(m)) for m in members
+                 ]

Please make this one line.

I think the first patch should just be dropped. The formatting changes are for the worse, and the change to exception handling introduces a bug.

Uhmm dropped.

I feel tho that we should use a linter. Today black is a tool that any lsp for Python is using, and impose a normalization in the formatting. I will try to do a separate commit for the format adjustment.

- for f in features: + data.extend(md.provides(f) for f in features)
Not terribly important, but this is O(n²). Maybe data += [md.provides(f) for f in features]?

I do not think so... both are O(n) (for n=len(features) in the first case, and n=len(data + features) in the second.

timeit shows that both grows linearly.

+ for line in sorted({d for dat in data for d in str(dat).splitlines()}):
Hmm, that looks very iffy. I assume the set is there to remove duplication. OK, great, so why not use a set from the beginning?. Also, you first join lines into a string and then split them... Please just don't join them in the first place, but extend the list (or set preferably) with separate items.

Indeed. Done.

+ if not members: + members = [path] + for member in members:
Maybe for member in (members or [path]): ?

IMHO the internal or hide a bit the intention, but I do not mind to change it. Done.

def _go_to_top_cargo_toml(source_path, path): ...
That isn't nice. Please just make the code work relative to a specified directory. Jumping around like this only make sense in an interactive shell, and not in library code which should never modify any global state.

I will try, but some cargo commands require to be in some specific place. If I address this, will be in a future commit.

dependencies = [] for ... in ...: dependencies.append(...)
Please use a list comprehension.

Not possible. I am fetching name and version form one field of the element that I iterate, that is used later to build the Dependency object. Or do you see a way?

+ files = [_cargo_toml(args.path, f.rstrip()) for f in files]
Why this chunk?

What do you mean? This is collecting all the "Cargo.toml" present in the project, but searching from the executable name. The input can be from the command line parameter, or from stdin. IIRC the rstrip() was needed because depending of the input method, one will add a \n at the end.

"Force print vendoring provides"
– that's not clear at all.

Right. I changed --force with --vendor and updated the help. Done.

"Path where the source project is living"
– "Path to the source project" ?

Done

+ if not output.returncode: + manifest = json.loads(output.stdout)
So... if there's an error, this just silences it and returns an empty manifest. Sorry, but proper error handling needs to be implemented.

I changed this a bit, but actually yes. If it fails (because a corner case in the read-manifest or metadata subcomands) we want to continue with the next Cargo.toml, and generate an RPM, even with incomplete information.

I see this code as an approximation, that I hope will iterate more later.

+ f = f.rstrip()
Why this line? Is something feeding badly formatted data?

This line is a deletion, I removed it. But yes, as commented before is a difference between when the data comes from a parameter or comes from stdin

+ mds = Metadata.from_file(f) + if isinstance(mds, list): + for md in mds: + process_metadata(md) + else: + process_metadata(mds)
from_file() should just return a list.

It does, I think that you are commenting in an old code.

+ return [ + cls.from_json(Metadata.manifest(m)) for m in members + ]
Please make this one line.

Uhm, I think that this is not there anymore. But this is an indication that a run for black is needed, so we can avoid point to this kind of changes.

Done all except the one about the change dir one. Thanks for the reviews!

@ignatenkobrain @aplanas What else is left here to get this to land?

@ignatenkobrain @aplanas What else is left here to get this to land?

I am deeply ashamed. There are some changes that I need to do in this PR (as I recall not mutch), but I am always with something more to do in a different area.

Maybe a problem of this PR is that is mixing two topics: the bundled() for tracking and the improvement of the workspaces. I can try to split it, I just need to invest time for getting the context again and finalizing the job.

I am close to finalizing a project and I can try to put this PR as a top priority before moving to the next (I am very bad working on parallel with non-trivial problems : ( ). I am still very very interested in resolving this problem.

No worries, we appreciate you working on this! If you need help, just feel free to reach out. :smile:

I think that this can be reviewed again, sorry for the delay.

I addressed some of the older complains, like for example do not chdir into the Cargo.toml. I tested it against a version of zola with vedoring (creating .cargo/config.toml after calling cargo vendor), and with kanidm as was the principal motivator (as is a good example of package with pure virtual manifest)

There are some missing points:

• License math. This can go in a different PR, and I think that can first be coupled only to the --provides-vendor option, and later discussed if makes sense in the generic case as the executable will include the crates with independence of is the source RPM has vendoring or not.

• Propagate in the closure the enabled features of the package. I suspect that the current logic of ._closure() is maybe including too much because mismanagement of features enabled.

• Full refactoring of the code and full test coverage. This second time I had problems understanding the kind of object that Metadata.from_json is creating. Also I am not 100% sure that we have a right model for features.