blake3 sdists 1.0.1 / 1.0.2 are not compatible with Rust < 1.78 (Cargo.lock v4)

[tiran]

The source distributions blake3-1.0.2.tar.gz and 1.0.1 contain a Cargo.lock file with new lock format v4. This makes the sdists incompatible with Rust < 1.78. The Rust code itself builds fine with toolchain 1.75 and maybe even older versions. The sdist blake3-1.0.0.tar.gz contains a Cargo.lock v3.

I guess your build system creates the sdist with latest stable version of Rust toolchain. Cargo.lock v4 support was added in Rust 1.78 and became the default in 1.83. Could you please add an appropriate MSRV to Cargo.toml to generate a v3 Cargo.lock?

From Cargo changelog:

Cargo 1.83 (2024-11-28):
Lockfile format v4 is now the default for creating/updating a lockfile. Rust toolchains 1.78+ support lockfile v4. For compatibility with earlier MSRV, consdier setting the package.rust-version to 1.82 or earlier.

See huggingface/hf_transfer#55 / huggingface/hf_transfer#58 for the same type of issue

[ddelange]

@tiran could you open a PR?

[tiran]

Already working on a PR and figuring out the lowest possible MSRV. 1.66 seems to do the trick:

• error: package constant_time_eq v0.3.1 cannot be built because it requires rustc 1.66.0 or newer

[tiran]

Rust 1.66 is the oldest toolchain that can compile blake3 and its dependencies. Our build pipeline is currently on Rust 1.75. I chose the older version just in case somebody else needs to build with an even older toolchain.

For comparison, latest PyCA cryptography release 44.0 has MSRV 1.65, https://github.com/pyca/cryptography/blob/44.0.0/Cargo.toml#L19

[tiran]

@ddelange I didn't bump the release version in my PR. You have tagged the last commit as 1.0.3, but package version is still 1.0.2.

[ddelange]

damn, thanks for opening #58