Rand crate depends on fuchsia-zircon?

Hi all, first rust question here: please be gentle on the newbie.

I’ve been working through the rust-lang book second-edition, and I’m doing the guessing_game for the second time. I got to the part where it talks about cargo update, which I dutifully did, and it updated rand v0.3.19 -> v0.3.20 and libc, both of which I expected. It also updated fuchsia-zircon and fuchsia-zircon-sys, which I didn’t expect. Slight poking at https://crates.io/crates/fuchsia-zircon/reverse_dependencies suggests that indeed, rand requires fuchsia-zircon. (so does mio).

Have I done something dumb with my setup or configuration? It seems weird that something as simple and self-contained as a random number generator would depend on language bindings for an experimental, unreleased operating system that I don’t have…

1 Like

If you look in the rand crate’s Cargo.toml, you’ll see that fuchsia-zircon is a dependency when the build target is fuchsia, but it’s unused otherwise.

I can’t tell you why your cargo setup decided to update it, though. That sounds odd but maybe it’s intended usage (cargo doesn’t know if you’re going to try to cross-compile, for instance).

1 Like

I’m pretty sure cargo will keep track of all dependencies on all targets, so that Cargo.lock stays consistent between all platforms. If working on a git repository with both Windows and Linux, I wouldn’t really want every other commit to be adding ‘winapi’ to the Cargo.lock when a Windows dev works on it or removing it when a Linux dev does.

In this case, as @Bees said, rand depends on fuchsia-zircon only on the fuchsia target. It isn’t really likely you’ll compile for that, so you won’t ever compile it, but it will definitely be added to Cargo.lock.

From rand:

[target.'cfg(target_os = "fuchsia")'.dependencies]
fuchsia-zircon = "0.3.2"

Yeah, that’s true. Another, also confusing, fact is that Cargo will also download all git repositories for other targets, even though it does absolutely nothing with them, as far as I know. I’m not sure if it does the same thing for non-git dependencies, though.

1 Like

I looked in my registry cache, and it seems I have fuchsia-zircon downloaded from crates.io too. Maybe it needs them in order to look at Cargo.toml and create the rest of the dependency graph including their dependencies?

1 Like

That makes a lot of sense: Cargo.lock is a file that’s part of the project. I guess that it didn’t pull in dependencies for any of the other OSes that I’m not using because their base-layer OS wrappers would be part of the standard library?

So one day, when Fuscia is the fourth most popular OS, those dependencies will probably go away, pulled into the core language libraries?

I think that’d be the case if accessing OS random number generation was part of the standard library.

As it stands though rand has to pull in dependencies for pretty much every platform. On Linux, OSx and other Unix, it uses libc. On windows, it depends on winapi.

On redox, it uses std::fs::File, because that’s how redox does things… but I don’t think that’s typical.