fix(sdist): regenerate Cargo.lock when workspace members are removed#3192
Open
ckhordiasma wants to merge 5 commits into
Open
fix(sdist): regenerate Cargo.lock when workspace members are removed#3192ckhordiasma wants to merge 5 commits into
ckhordiasma wants to merge 5 commits into
Conversation
Fixes PyO3#2609. When maturin builds an sdist from a workspace, `rewrite_cargo_toml` strips workspace members not needed by the package. The Cargo.lock was copied verbatim and still referenced those removed crates, so `cargo build --locked` inside the sdist would fail. After all sdist entries are assembled, materialize them to a temp directory, run `cargo generate-lockfile` to reconcile the lockfile, and replace the tracker entry with the regenerated Cargo.lock. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Exercises the fix for PyO3#2609: builds an sdist from a workspace member while a sibling member (`devtool`, with a unique `rand` dependency) is stripped, then asserts `cargo metadata --frozen` succeeds in the unpacked sdist. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes sdists produced from Cargo workspaces where rewrite_cargo_toml removes unneeded workspace members but the copied Cargo.lock still references them, causing cargo build --locked / cargo metadata --frozen to fail inside the unpacked sdist.
Changes:
- Add
VirtualWriter<SDistWriter>::materialize_toandreplace_byteshelpers to support post-processing tracked sdist entries. - After assembling workspace-related sdist entries, materialize the sdist to a temp dir, run
cargo generate-lockfile, and replace the sdist’sCargo.lockwith the regenerated version. - Add a regression test that constructs a two-member workspace, builds an sdist for one member, unpacks it, and asserts
cargo metadata --frozensucceeds.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
tests/run/sdist.rs |
Adds regression coverage ensuring workspace-member sdists have a usable Cargo.lock. |
src/source_distribution/mod.rs |
Adds regenerate_cargo_lock step in the sdist build pipeline to reconcile lockfiles after workspace-member stripping. |
src/module_writer/virtual_writer.rs |
Adds helpers to materialize tracked sdist entries to disk and replace a tracked file’s bytes in-memory. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Use `workspace_members.len() > 1` instead of path-inequality heuristic so workspace-root packages are also covered. - Make `replace_bytes` return `Result` and error if the target entry does not exist in the tracker. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Set file permissions based on the tracked executable flag after writing each entry, matching the existing default_permission pattern. Unix-only via #[cfg(unix)], consistent with the rest of the codebase. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- Preserve original executable flag and source path when replacing a tracker entry in replace_bytes. - Include stdout and working directory in cargo generate-lockfile error messages. - Use output() instead of status() in test for better failure diagnostics. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes #2609.
When maturin builds an sdist from a workspace,
rewrite_cargo_tomlstrips workspace membersnot needed by the package. The
Cargo.lockwas copied verbatim and still referenced thoseremoved crates, so
cargo build --lockedinside the sdist would fail.After all sdist entries are assembled in the virtual writer, materialize them to a temp
directory, run
cargo generate-lockfileto reconcile the lockfile, and replace the trackerentry with the regenerated
Cargo.lock. This only runs for workspace crates that have aCargo.lockentry in the sdist.Changes
materialize_toandreplace_byteshelpers onVirtualWriter<SDistWriter>regenerate_cargo_lockstep afteradd_workspace_manifestin the sdist buildera unique dependency), unpacks it, and asserts
cargo metadata --frozensucceedsTest plan
cargo test --test run -- sdist_workspace_removed_members_cargo_lockpasses with the fixmainwithout the fix (verified on a separate branch)cargo fmtandcargo clippyclean🤖 Generated with Claude Code — ~40 back-and-forth messages covering issue analysis, implementation, line-by-line code walkthrough, test authoring, failure verification, style review, and PR creation.