Rocket: rocket_contrib conflicts with latest ring (0.14)

Created on 29 Jan 2019  路  10Comments  路  Source: SergioBenitez/Rocket

I'm currently trying to prepare a bugfix release but I'm having trouble due to the ring dependency in the cookie crate. It's currently depending on an outdated ring version, but since I don't need cookies at all I would like to disable the need for ring.

It's already possible to build rocket without ring like this:

rocket = { version = "0.4", default-features = false }

This disables the private-cookies feature, which in turn disables the private-cookies feature in rocket_http, which disables the secure feature in cookie.

private-cookies = ["rocket_http/private-cookies"]

This works fine unless you also need rocket_contrib, which is the case for me. rocket_contrib depends on rocket with default features and no way to disable it, which means that the ring dependency in cookie is getting enabled again:

rocket = { version = "0.4.0", path = "../../core/lib/" }

Introducing a feature to disable ring in rocket_contrib would be the best solution for my problem, I'm currently trying to find an alternative solution since that specific version is faulty on aarch64.

Thanks!

accepted deficiency
Source
picture kpcyrd

Most helpful comment

@SergioBenitez @jebrosen Any news here? I'm considering migrating away from rocket at this point.

picture kpcyrd on 14 Apr 2019
👍2

All 10 comments

Confirmed. I had to use a git version of rocket contrib to fix the ring compile problem. Actually, private cookies is needn't by rocket_contrib.

SuperHacker-liuan picture SuperHacker-liuan on 30 Jan 2019

It makes sense for rocket_contrib to only enable private cookies if it needs to and is probably doable as a small change in a minor release. If any features do need private-cookies it can be enabled on those features individually.

jebrosen picture jebrosen on 30 Jan 2019

Resolved in 90296dd in master.

jebrosen picture jebrosen on 2 Feb 2019

@SergioBenitez any updates regarding a 0.4.1 release?

kpcyrd picture kpcyrd on 2 Feb 2019

@kpcyrd Yes. I'm going through all issues and PRs now in hopes of getting out a new release in the next few days.

SergioBenitez picture SergioBenitez on 7 Feb 2019
👍2

Any news on this one?

kpcyrd picture kpcyrd on 19 Feb 2019

I've pushed my first release with a workaround in the meantime to address the AES-GCM issue on aarch64 (https://github.com/briansmith/ring/issues/628).

I've added this to my workspace:

[patch.crates-io]
rocket = { git = "https://github.com/SergioBenitez/Rocket.git", rev="c86f4312fb273c0380fb76a97bfb7fc227800542" }
rocket_contrib = { git = "https://github.com/SergioBenitez/Rocket.git", rev="c86f4312fb273c0380fb76a97bfb7fc227800542" }

During the release I disable this block, remove the server from the workspace, regenerate Cargo.lock and push a release. Afterwards I re-add the server to the workspace, re-enable the [patch] section and regenerate Cargo.lock. Building the rocket server from release tarballs isn't supported anymore in my project.

It seems this issue is also related to #650.

kpcyrd picture kpcyrd on 4 Mar 2019

@SergioBenitez any news?

kpcyrd picture kpcyrd on 25 Mar 2019

@SergioBenitez @jebrosen Any news here? I'm considering migrating away from rocket at this point.

kpcyrd picture kpcyrd on 14 Apr 2019
👍2

@kpcyrd The release happened a couple of days ago, finally. Apologies for the delay.

SergioBenitez picture SergioBenitez on 14 May 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

klnusbaum picture klnusbaum  路  4Comments
Perseus101 picture Perseus101  路  4Comments
incker picture incker  路  3Comments
Ronaldho80 picture Ronaldho80  路  3Comments
lambda-fairy picture lambda-fairy  路  4Comments