[Pkg-rust-maintainers] Bug#1015743: debcargo: feature package confusion related to std, indexmap, and preserve_order in rust-serde-json

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Jul 20 05:54:46 BST 2022 

Package: debcargo
Version: 2.5.0-3+b3
Control: affects -1 src:rust-serde-json

when rust-serde-json moved from 1.0.80 to 1.0.81, Cargo.toml changed in
the following two ways:

------------
commit 6c3dfe948a1d088198cfa82f777858502bdb39c2
Author: David Tolnay <dtolnay at gmail.com>
Date:   Tue May 3 12:18:24 2022 -0700

    Make it clearer that preserve_order implies a std dependency
    
    As indicated in the summary of #885.

diff --git a/Cargo.toml b/Cargo.toml
index 795f679..cae892f 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -56,7 +56,7 @@ alloc = ["serde/alloc"]
 # Make serde_json::Map use a representation which maintains insertion order.
 # This allows data to be read into a Value and written back to a JSON string
 # while preserving the order of map keys in the input.
-preserve_order = ["indexmap"]
+preserve_order = ["indexmap", "std"]
 
 # Use sufficient precision when parsing fixed precision floats from JSON to
 # ensure that they maintain accuracy when round-tripped through JSON. This comes
------------
commit 27939bb1f99728c8b878778db8ac51b3d98f9c70
Author: Josh Stone <cuviper at gmail.com>
Date:   Tue May 3 11:57:05 2022 -0700

    Explicitly enable indexmap/std

diff --git a/Cargo.toml b/Cargo.toml
index 7222bd7..795f679 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -14,7 +14,7 @@ rust-version = "1.36"
 
 [dependencies]
 serde = { version = "1.0.100", default-features = false }
-indexmap = { version = "1.5", optional = true }
+indexmap = { version = "1.5.2", features = ["std"], optional = true }
 itoa = "1.0"
 ryu = "1.0"

------------


When debcargo tries to map this into debian feature packages, it goes
from producing four binary packages in 1.0.80-2:

    librust-serde-json+alloc-dev
    librust-serde-json+indexmap-dev
    librust-serde-json+std-dev
    librust-serde-json-dev

to adding a fifth in my attempt at packaging 1.0.82-1:

    librust-serde-json+preserve-order-dev

in 1.0.80-2, librust-serde-json+preserve-order-dev is Provided: by
librust-serde-json+indexmap-dev.

But since librust-serde-json+indexmap-dev now depends on the std feature
of indexmap, presumably that means that indexmap itself depends on the
std feature as well, so preserve_order's dependencies (on both indexmap
and std) are again identical to those of indexmap.

So the Provides should remain the same, and a new binary package should
not be generated, but debcargo does anyway.

I have three options, as a result:

a) ship as debcargo creates, which requires a trip through NEW for the
   new package, and potentially antagonizes the ftp team

b) collapse_features = true -- but i don't know whether that's going to
   create the scary cyclic dependency warnings that debcargo warns about
   but doesn't diagnose for me.

c) commit debian/control and debian/control.debcargo.hint, creating a
   maintenance hassle for future uploads of the serde_json crate.

None of these options are great.  It would be better if debcargo could
identify the minimal feature split correctly here.

   --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-rust-maintainers/attachments/20220720/06224ad8/attachment.sig>

More information about the Pkg-rust-maintainers mailing list