Please bump git2

[0323pin]

Duplicates

• I have searched the existing issues

Current behavior 😯

onefetch no longer builds on NetBSD, since we have updated libgit2 to 1.6.4 and onefetch still depends on git2 0.16 that pulls libgit2-sys 1.5.1 causing a mismatch with the installed libgit2.

Please bump git2 to 0.17.1 that uses libgit2-sys 1.6.4

Thanks!

Expected behavior 🤔

No response

Steps to reproduce 🕹

No response

Additional context/Screenshots 🔦

No response

Possible Solution 💡

No response

[spenserblack]

@o2sh Thoughts? Patch release for NetBSD compatibility?

@0323pin Could you provide some insight into how Rust projects are typically built for NetBSD? I'm assuming you use a pre-built binary. Are the exact dependencies from Cargo.lock used? Just wondering if a broader version range like >= 0.16, < 0.18 would be of any help.

If I'm not mistaken, I think we can also enable the vendored-libgit2 feature to use a version of libgit2 vendored by the git2-sys crate instead of whatever is installed on the system.

[0323pin]

@spenserblack Thanks.

We have had our share of issues with libgit2, libgit2/libgit2#6457 and libgit2/libgit2#6458

But, the issues are now fixed. We have waited for a while to merge it, since it breaks quite a few Rust packages. Now, we have decided it was time. We have patched the Rust packages that were still using the old version and only two are still a problem, onefetch and gerb.

Could you provide some insight into how Rust projects are typically built for NetBSD?

The packages are build with cargo locked and offline.

Just wondering if a broader version range like >= 0.16, < 0.18 would be of any help.

It will use whatever Cargo.lock defines.

Please don't enable the vendored feature, we prefer not to.

The following patch fixes the build on 7be7ea9

--- Cargo.toml.orig	2023-04-26 18:52:59.000000000 +0000
+++ Cargo.toml
@@ -29,7 +29,7 @@ gix-features-for-configuration-only = { 
 gix = { version = "0.44.0", default-features = false, features = [
     "max-performance-safe",
 ] }
-git2 = { version = "0.16.1", default-features = false }
+git2 = { version = "0.17.1", default-features = false }
 human-panic = "1.1.0"
 image = "0.24.6"
 num-format = "0.4.4"

Of course, also patching Cargo.lock.

[0323pin]

On a second thought, I'll patch it locally on NetBSD now but, could you please bump git2 for the next release?

[spenserblack]

#1030

[spenserblack]

Also, just an FYI that we're hoping to eventually drop libgit2 as a dependency.

[0323pin]

Also, just an FYI that we're hoping to eventually drop libgit2 as a dependency.

That would also be a solution 😃

[o2sh]

Thanks @0323pin for bringing this to our attention and for maintaining the package on NetBSD.

The git2 dependency is now up to date.

Thanks @spenserblack for merging some of the dependabot backlog, I completely forgot about the 5 PR limit 😓

We can maybe keep this issue open until the next release. BTW, @0323pin did you find a workaround? or do you need a new release asap?

[0323pin]

@o2sh Everything is fine for now, thanks!
As mentioned above, I've patched our package with,

--- Cargo.toml.orig	2023-04-26 18:52:59.000000000 +0000
+++ Cargo.toml
@@ -29,7 +29,7 @@ gix-features-for-configuration-only = { 
 gix = { version = "0.44.0", default-features = false, features = [
     "max-performance-safe",
 ] }
-git2 = { version = "0.16.1", default-features = false }
+git2 = { version = "0.17.1", default-features = false }
 human-panic = "1.1.0"
 image = "0.24.6"
 num-format = "0.4.4"

and it builds fine. So, no rush with a new release, thanks for asking.

[o2sh]

2.17.1 is out 🎉