Skip to content

xtask: Add local-rust-deps command for auto-detecting path dependencies #1942

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cgwalters merged 3 commits into from
Jan 23, 2026
Merged

xtask: Add local-rust-deps command for auto-detecting path dependencies #1942

cgwalters merged 3 commits into from
Jan 23, 2026
+156 −25

Conversation

@cgwalters
Copy link
Collaborator

@cgwalters cgwalters commented Jan 22, 2026

Add cargo xtask local-rust-deps which uses cargo metadata to find local path dependencies outside the workspace (e.g., from [patch] sections) and outputs podman bind mount arguments.

This enables a cleaner workflow for local development against modified dependencies like composefs-rs:

  1. Add a [patch] section to Cargo.toml with real local paths
  2. Run just build - the Justfile auto-detects and bind-mounts them

Benefits over the previous BOOTC_extra_src approach:

  • No manual env var needed
  • Paths work for both local cargo build and container builds
  • No /run/extra-src indirection or Cargo.toml path munging required
  • Auto-detection means it Just Works™

The Justfile's build target now calls cargo xtask local-rust-deps to get bind mount args, falling back gracefully if there are no external deps. The old BOOTC_extra_src mechanism is still supported for backwards compat.

Assisted-by: Claude Sonnet 4 (via OpenCode)

@bootc-bot bootc-bot bot requested a review from jeckersb January 22, 2026 23:07
gemini-code-assist[bot]
gemini-code-assist bot reviewed Jan 22, 2026
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a new "cargo xtask local-rust-deps" command to automatically detect and configure bind mounts for local path dependencies, significantly improving the local development workflow. However, the current implementation is vulnerable to command and argument injection due to unsafe interpolation in the Justfile and improper escaping of file paths in the xtask tool. Additionally, there are suggestions to improve debuggability and code clarity, such as avoiding error message swallowing in the Justfile and refactoring podman argument generation in the Rust code.

@cgwalters cgwalters mentioned this pull request Jan 22, 2026
Open
@cgwalters cgwalters force-pushed the local-rust-deps branch 3 times, most recently from f8c931e to 23fcacd Compare January 23, 2026 13:09
@cgwalters
ci: Ensure access to Rust toolchain with sudo
9520b3d 
I want to be able to write build rules in Rust that may be
invoked from outside of a container build, but in the default
GHA runners Rust is installed via `rustup` which lives just in
the `runner` user's homedir.

When using `sudo` it resets `$PATH` so we lose access to it.
Fix this by passing `$PATH` in.

Assisted-by: OpenCode (claude-sonnet-4-20250514)
Signed-off-by: Colin Walters <walters@verbum.org>
@cgwalters
xtask: Fix sorting stability for tests
cf4efa3 
Tests with equal numbers were getting unstable sorting, causing
the generated file to flap.

Signed-off-by: Colin Walters <walters@verbum.org>
@cgwalters
xtask: Add local-rust-deps command for auto-detecting path dependencies
a88a97d 
Add `cargo xtask local-rust-deps` which uses `cargo metadata` to find
local path dependencies outside the workspace (e.g., from [patch] sections)
and outputs podman bind mount arguments.

This enables a cleaner workflow for local development against modified
dependencies like composefs-rs:

1. Add a [patch] section to Cargo.toml with real local paths
2. Run `just build` - the Justfile auto-detects and bind-mounts them

Benefits over the previous BOOTC_extra_src approach:
- No manual env var needed
- Paths work for both local `cargo build` and container builds
- No /run/extra-src indirection or Cargo.toml path munging required
- Auto-detection means it Just Works™

The Justfile's build target now calls `cargo xtask local-rust-deps` to
get bind mount args, falling back gracefully if there are no external deps.
The old BOOTC_extra_src mechanism is still supported for backwards compat.

Assisted-by: OpenCode (Opus 4.5)
Signed-off-by: Colin Walters <walters@verbum.org>
@cgwalters cgwalters enabled auto-merge (rebase) January 23, 2026 14:38
@jeckersb
Copy link
Collaborator

jeckersb commented Jan 23, 2026

Not sure what's up with the CI failure

+ cargo build --release -p tests-integration
...
   Compiling fnv v1.0.7
error: couldn't read `/home/runner/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/fnv-1.0.7/lib.rs`: Permission denied (os error 13)

Doesn't seem like that should be related to anything in this, but with this touching cargo... maybe?

jeckersb
jeckersb approved these changes Jan 23, 2026
View reviewed changes
Copy link
Collaborator

@jeckersb jeckersb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mildly suspicious of CI but otherwise LGTM

tmt/plans/integration.fmf
test:
- /tmt/tests/tests/test-22-logically-bound-install

/plan-23-usroverlay:
Copy link
Collaborator

@jeckersb jeckersb Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unrelated to this but I'll do a follow-up to dedupe these 23 tests, or otherwise figure out why the sort order isn't stable and we keep getting these diffs showing up

Copy link
Collaborator Author

@cgwalters cgwalters Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fix was in this PR cf4efa3

Sorry I forgot to edit the PR description after adding that commit.

What I really want is for github to default to showing a list of commit messages and the PR description is like an optional extra...

Copy link
Collaborator

@jeckersb jeckersb Jan 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah perfect, I (obviously) didn't look through commit-by-commit and just looked at the big diff so I missed it. I even saw the PartialOrd stuff but just at a glance assumed it was boilerplate for sorting something related to the local rust deps.

@cgwalters cgwalters merged commit 21babe7 into bootc-dev:main Jan 23, 2026
35 of 36 checks passed
@cgwalters
Copy link
Collaborator Author

cgwalters commented Jan 23, 2026

Doesn't seem like that should be related to anything in this, but with this touching cargo... maybe?

No this PR does break it, I was going to dig in more but test-install isn't gating (yet)...though it probably should be.

Anyways I'll work on it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeckersb jeckersb jeckersb approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cgwalters @jeckersb