From a098abca7bb49a6570a9ad170589d7c042255664 Mon Sep 17 00:00:00 2001 From: Jacob Heider Date: Mon, 2 Feb 2026 15:15:09 -0500 Subject: [PATCH 1/5] update libsemverator dep pull in the intersection re-entrancy fix from June. --- .github/workflows/ci.yml | 2 ++ Cargo.lock | 12 ++++++------ crates/cli/Cargo.toml | 4 ++-- crates/lib/Cargo.toml | 4 ++-- 4 files changed, 12 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9e6a7822c..5d85d2ac7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -129,6 +129,8 @@ jobs: - run: pkgx -v +agg # testing we correctly handle +pkg syntax for pkgs with no env - run: pkgx +curl.se/ca-certs + # regression test: cargo has deep deps on linux that exercise range intersection + - run: pkgx +cargo - run: '! pkgx flubber-flubbles' # cmd not found machinery - run: '! pkgx --sync flubber-flubbles' # cmd not found machinery separate if branch diff --git a/Cargo.lock b/Cargo.lock index 0d35aeb23..d0a9100dc 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -28,9 +28,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.97" +version = "1.0.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dcfed56ad506cb2c684a14971b8861fdc3baaaae314b9e5f9bb532cbe3ba7a4f" +checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61" [[package]] name = "async-compression" @@ -782,7 +782,7 @@ checksum = "b5aba8db14291edd000dfcc4d620c7ebfb122c613afb886ca8803fa4e128a20a" [[package]] name = "libpkgx" -version = "0.7.0" +version = "0.7.1" dependencies = [ "anyhow", "async-compression", @@ -819,9 +819,9 @@ dependencies = [ [[package]] name = "libsemverator" -version = "0.10.0" +version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89e47a57b20d7a6bef8207b1360f81143a39d45c051098a749789a550356a225" +checksum = "506e8f975ce4cdbac0b8ee267182e3a4a5aa4fe371f91ab3ea38c629c56f6b76" dependencies = [ "anyhow", "lazy_static", @@ -1065,7 +1065,7 @@ checksum = "953ec861398dccce10c670dfeaf3ec4911ca479e9c02154b3a215178c5f566f2" [[package]] name = "pkgx" -version = "2.7.0" +version = "2.7.1" dependencies = [ "console", "indicatif", diff --git a/crates/cli/Cargo.toml b/crates/cli/Cargo.toml index 321f1cf36..ac699ba32 100644 --- a/crates/cli/Cargo.toml +++ b/crates/cli/Cargo.toml @@ -3,7 +3,7 @@ name = "pkgx" description = "Run anything" authors = ["Max Howell ", "Jacob Heider "] license = "Apache-2.0" -version = "2.7.0" +version = "2.7.1" edition = "2021" repository = "https://github.com/pkgxdev/pkgx" @@ -15,7 +15,7 @@ indicatif = "0.18.3" nix = { version = "0.30.1", features = ["process"] } serde_json = "1.0.135" serde = { version = "1.0", features = ["derive"] } -libpkgx = { version = "0.7.0", path = "../lib" } +libpkgx = { version = "0.7.1", path = "../lib" } console = { version = "0.16", default-features = false, features = [ "ansi-parsing", ] } diff --git a/crates/lib/Cargo.toml b/crates/lib/Cargo.toml index e039edecd..f85d858f0 100644 --- a/crates/lib/Cargo.toml +++ b/crates/lib/Cargo.toml @@ -3,7 +3,7 @@ name = "libpkgx" description = "Install and run `pkgx` packages" authors = ["Max Howell ", "Jacob Heider "] license = "Apache-2.0" -version = "0.7.0" +version = "0.7.1" edition = "2021" repository = "https://github.com/pkgxdev/pkgx" @@ -13,7 +13,7 @@ crate-type = ["cdylib", "rlib"] [dependencies] anyhow = "1.0.95" dirs-next = "2.0" -libsemverator = { version = "0.10.0", features = ["serde"] } +libsemverator = { version = "0.10.1", features = ["serde"] } serde = { version = "1.0", features = ["derive"] } serde_yaml = "0.9" tokio = { version = "1.43", features = ["full", "rt-multi-thread"] } From cf595c173b07b4d488b97930524c107b371ed54e Mon Sep 17 00:00:00 2001 From: Jacob Heider Date: Mon, 2 Feb 2026 15:21:34 -0500 Subject: [PATCH 2/5] fix lints --- crates/lib/src/client.rs | 4 ++-- crates/lib/src/install.rs | 10 +++------- crates/lib/src/sync.rs | 4 +--- 3 files changed, 6 insertions(+), 12 deletions(-) diff --git a/crates/lib/src/client.rs b/crates/lib/src/client.rs index 696ca3da3..dee6fc029 100644 --- a/crates/lib/src/client.rs +++ b/crates/lib/src/client.rs @@ -29,8 +29,8 @@ fn get_user_agent() -> String { let os = std::env::consts::OS; let arch = std::env::consts::ARCH; let group = env::var("PKGX_USER_AGENT_GROUP"); - let name = if group.is_ok() { - format!("pkgx[{}]", group.unwrap()) + let name = if let Ok(valid_group) = group { + format!("pkgx[{}]", valid_group) } else { "pkgx".to_string() }; diff --git a/crates/lib/src/install.rs b/crates/lib/src/install.rs index bf097ea5f..ca6441398 100644 --- a/crates/lib/src/install.rs +++ b/crates/lib/src/install.rs @@ -98,9 +98,7 @@ where } }); - let stream = stream - .map_err(|e| futures::io::Error::new(futures::io::ErrorKind::Other, e)) - .into_async_read(); + let stream = stream.map_err(futures::io::Error::other).into_async_read(); let stream = stream.compat(); // Step 2: Create a XZ decoder @@ -169,8 +167,7 @@ async fn symlink(installation: &Installation, config: &Config) -> Result<(), Box }; let most_minor = versions .iter() - .filter(|(version, _)| minor_range.satisfies(version)) - .next_back() + .rfind(|(version, _)| minor_range.satisfies(version)) .ok_or_else(|| { anyhow::anyhow!( "Could not find most minor version for {}", @@ -189,8 +186,7 @@ async fn symlink(installation: &Installation, config: &Config) -> Result<(), Box let most_major = versions .iter() - .filter(|(version, _)| major_range.satisfies(version)) - .next_back() + .rfind(|(version, _)| major_range.satisfies(version)) .ok_or_else(|| anyhow::anyhow!("Could not find most major version"))?; if most_major.0 != installation.pkg.version { diff --git a/crates/lib/src/sync.rs b/crates/lib/src/sync.rs index 6d75138c5..f5df20954 100644 --- a/crates/lib/src/sync.rs +++ b/crates/lib/src/sync.rs @@ -58,9 +58,7 @@ async fn download_and_extract_pantry(url: &str, dest: &PathBuf) -> Result<(), Bo let stream = rsp.bytes_stream(); - let stream = stream - .map_err(|e| futures::io::Error::new(futures::io::ErrorKind::Other, e)) - .into_async_read(); + let stream = stream.map_err(futures::io::Error::other).into_async_read(); let stream = stream.compat(); let decoder = XzDecoder::new(stream); From 3e14026b3176763ab20eb52d0d29adc0da629105 Mon Sep 17 00:00:00 2001 From: Jacob Heider Date: Mon, 2 Feb 2026 18:15:56 -0500 Subject: [PATCH 3/5] fix dependabot updates --- Cargo.lock | 61 +++++++++++++++++++++++++++++----------- crates/cli/Cargo.toml | 2 +- crates/cli/src/dump.rs | 9 +++--- crates/cli/src/execve.rs | 2 +- crates/lib/Cargo.toml | 2 +- 5 files changed, 52 insertions(+), 24 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index d0a9100dc..41c20799f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -126,15 +126,15 @@ checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" [[package]] name = "console" -version = "0.15.10" +version = "0.16.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ea3c6ecd8059b57859df5c69830340ed3c41d30e3da0c1cbed90a96ac853041b" +checksum = "03e45a4a8926227e4197636ba97a9fc9b00477e9f4bd711395687c5f0734bec4" dependencies = [ "encode_unicode", "libc", "once_cell", "unicode-width", - "windows-sys 0.59.0", + "windows-sys 0.61.2", ] [[package]] @@ -735,14 +735,14 @@ dependencies = [ [[package]] name = "indicatif" -version = "0.17.11" +version = "0.18.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "183b3088984b400f4cfac3620d5e076c84da5364016b4f49473de574b2586235" +checksum = "9375e112e4b463ec1b1c6c011953545c65a30164fbab5b581df32b3abf0dcb88" dependencies = [ "console", - "number_prefix", "portable-atomic", "unicode-width", + "unit-prefix", "web-time", ] @@ -776,9 +776,9 @@ checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe" [[package]] name = "libc" -version = "0.2.169" +version = "0.2.180" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5aba8db14291edd000dfcc4d620c7ebfb122c613afb886ca8803fa4e128a20a" +checksum = "bcc35a38544a891a5f7c865aca548a982ccb3b8650a5b06d0fd33a10283c56fc" [[package]] name = "libpkgx" @@ -791,7 +791,7 @@ dependencies = [ "futures", "lazy_static", "libsemverator", - "nix", + "nix 0.30.1", "regex", "reqwest", "rusqlite", @@ -832,9 +832,9 @@ dependencies = [ [[package]] name = "libsqlite3-sys" -version = "0.31.0" +version = "0.35.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ad8935b44e7c13394a179a438e0cebba0fe08fe01b54f152e29a93b5cf993fd4" +checksum = "133c182a6a2c87864fe97778797e46c7e999672690dc9fa3ee8e241aa4a9c13f" dependencies = [ "cc", "pkg-config", @@ -942,10 +942,16 @@ dependencies = [ ] [[package]] -name = "number_prefix" -version = "0.4.0" +name = "nix" +version = "0.30.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "830b246a0e5f20af87141b25c173cd1b609bd7779a4617d6ec582abaf90870f3" +checksum = "74523f3a35e05aba87a1d978330aef40f67b0304ac79c1c00b294c9830543db6" +dependencies = [ + "bitflags 2.7.0", + "cfg-if", + "cfg_aliases", + "libc", +] [[package]] name = "object" @@ -1071,7 +1077,7 @@ dependencies = [ "indicatif", "libpkgx", "native-tls", - "nix", + "nix 0.29.0", "regex", "rusqlite", "serde", @@ -1224,9 +1230,9 @@ dependencies = [ [[package]] name = "rusqlite" -version = "0.33.0" +version = "0.37.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c6d5e5acb6f6129fe3f7ba0a7fc77bca1942cb568535e18e7bc40262baf3110" +checksum = "165ca6e57b20e1351573e3729b958bc62f0e48025386970b6e4d29e7a7e71f3f" dependencies = [ "bitflags 2.7.0", "fallible-iterator", @@ -1721,6 +1727,12 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1fc81956842c57dac11422a97c3b8195a1ff727f06e85c84ed2e8aa277c9a0fd" +[[package]] +name = "unit-prefix" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "81e544489bf3d8ef66c953931f56617f423cd4b5494be343d9b9d3dda037b9a3" + [[package]] name = "unsafe-libyaml" version = "0.2.11" @@ -1908,6 +1920,12 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" +[[package]] +name = "windows-link" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5" + [[package]] name = "windows-registry" version = "0.2.0" @@ -1956,6 +1974,15 @@ dependencies = [ "windows-targets", ] +[[package]] +name = "windows-sys" +version = "0.61.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc" +dependencies = [ + "windows-link", +] + [[package]] name = "windows-targets" version = "0.52.6" diff --git a/crates/cli/Cargo.toml b/crates/cli/Cargo.toml index ac699ba32..4d584b2d3 100644 --- a/crates/cli/Cargo.toml +++ b/crates/cli/Cargo.toml @@ -21,7 +21,7 @@ console = { version = "0.16", default-features = false, features = [ ] } [target.'cfg(not(target_os = "macos"))'.dependencies] -rusqlite = { version = "0.33.0", features = ["bundled"] } +rusqlite = { version = "0.37.0", features = ["bundled"] } native-tls = { version = "0.2", features = ["vendored"] } # ^^ this is a transitive dependency # ^^ we vendor OpenSSL ∵ we want to be standalone and just work inside minimal docker images diff --git a/crates/cli/src/dump.rs b/crates/cli/src/dump.rs index 624c3fff0..06b2c09b2 100644 --- a/crates/cli/src/dump.rs +++ b/crates/cli/src/dump.rs @@ -44,10 +44,11 @@ pub fn dump( } let programs = pantry_db::programs_for_project(&project, &conn)?; - let companions = pantry_db::companions_for_projects(&[project.clone()], &conn)? - .iter() - .map(|c| c.to_string()) - .collect::>(); + let companions = + pantry_db::companions_for_projects(std::slice::from_ref(&project), &conn)? + .iter() + .map(|c| c.to_string()) + .collect::>(); let pkg = JsonV2Pkg { path: installation.path, diff --git a/crates/cli/src/execve.rs b/crates/cli/src/execve.rs index 7d2e74ff0..ca072be21 100644 --- a/crates/cli/src/execve.rs +++ b/crates/cli/src/execve.rs @@ -47,7 +47,7 @@ pub fn execve( // Replace the process with the new command, arguments, and environment let execve_result = nix_execve(&c_command, &c_args, &c_env); if execve_result.is_err() { - let errno = execve_result.unwrap_err(); + let Err(errno) = execve_result; return Err(format!("execve failed with errno: {}", errno).into()); } diff --git a/crates/lib/Cargo.toml b/crates/lib/Cargo.toml index f85d858f0..5cd0e7d2a 100644 --- a/crates/lib/Cargo.toml +++ b/crates/lib/Cargo.toml @@ -33,4 +33,4 @@ fs2 = "0.4.3" tempfile = "3.16.0" [target.'cfg(not(target_os = "macos"))'.dependencies] -rusqlite = { version = "0.33.0", features = ["bundled"] } +rusqlite = { version = "0.37.0", features = ["bundled"] } From 2f7779638af732f17d1507d2c01e418e2b2ae988 Mon Sep 17 00:00:00 2001 From: Jacob Heider Date: Mon, 2 Feb 2026 18:21:38 -0500 Subject: [PATCH 4/5] debian doesn't publish apt sources for buster anymore --- .github/workflows/cd.yml | 5 ++--- .github/workflows/ci.ca-cert.yml | 4 ++-- .github/workflows/ci.yml | 12 ++++++------ Cargo.lock | 16 ++-------------- 4 files changed, 12 insertions(+), 25 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 661444495..77c2e5f06 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -46,8 +46,7 @@ jobs: run: gh release upload --clobber v${{ github.event.inputs.version }} ../$FILENAME.tar.xz - working-directory: - ${{ env.FILENAME }} + working-directory: ${{ env.FILENAME }} env: # using this token rather than github.token due to `release not found` bug # https://github.com/pkgxdev/cli/issues/5252 @@ -69,7 +68,7 @@ jobs: build-id: darwin+x86-64 pkgs: gh - os: ubuntu-latest - container: debian:buster-slim + container: debian:bullseye-slim build-id: linux+x86-64 pkgs: gh - os: macos-latest diff --git a/.github/workflows/ci.ca-cert.yml b/.github/workflows/ci.ca-cert.yml index 2f0f784e5..76cdc3666 100644 --- a/.github/workflows/ci.ca-cert.yml +++ b/.github/workflows/ci.ca-cert.yml @@ -16,7 +16,7 @@ on: jobs: build: runs-on: ubuntu-latest - container: debian:buster-slim + container: debian:bullseye-slim steps: - uses: actions/checkout@v5 - run: apt-get update && apt-get install -y curl gcc perl make @@ -30,7 +30,7 @@ jobs: test: needs: build runs-on: ubuntu-latest - container: debian:buster-slim + container: debian:bullseye-slim steps: - uses: actions/download-artifact@v6 with: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5d85d2ac7..cb660a05c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -119,7 +119,7 @@ jobs: - run: pkgx -qq git --version - run: pkgx -s git --version - run: pkgx -j +git - - run: pkgx git\* --version # test star constraints are valid + - run: pkgx git\* --version # test star constraints are valid - run: pkgx /usr/bin/awk --version - run: pkgx +yarnpkg.com yarn --version - run: pkgx +yarnpkg.com -- yarn --version @@ -132,8 +132,8 @@ jobs: # regression test: cargo has deep deps on linux that exercise range intersection - run: pkgx +cargo - - run: '! pkgx flubber-flubbles' # cmd not found machinery - - run: '! pkgx --sync flubber-flubbles' # cmd not found machinery separate if branch + - run: "! pkgx flubber-flubbles" # cmd not found machinery + - run: "! pkgx --sync flubber-flubbles" # cmd not found machinery separate if branch # create a fork bomb, but since it’s via pkgx we prevent it - run: | @@ -168,7 +168,7 @@ jobs: pkgx -Q - run: if [ $(find ~/.pkgx -name .tmp\* -type d | wc -l) -gt 0 ]; then - exit 1; + exit 1; fi - name: --shebang test 1 @@ -180,7 +180,7 @@ jobs: - name: --shebang test 2 run: test $(pkgx -q! echo fail hi) = hi - - name: '@latest' + - name: "@latest" run: | pkgx semverator eq $(pkgx krampus=0.2.0 --version) 0.2.0 pkgx semverator gt $(pkgx krampus@latest --version) 0.2.0 @@ -232,7 +232,7 @@ jobs: test-minimal-container: needs: fmt runs-on: ubuntu-latest - container: debian:buster-slim + container: debian:bullseye-slim steps: - uses: actions/checkout@v5 - run: apt-get update && apt-get install -y curl make gcc perl diff --git a/Cargo.lock b/Cargo.lock index 41c20799f..6922dff3d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -791,7 +791,7 @@ dependencies = [ "futures", "lazy_static", "libsemverator", - "nix 0.30.1", + "nix", "regex", "reqwest", "rusqlite", @@ -929,18 +929,6 @@ dependencies = [ "tempfile", ] -[[package]] -name = "nix" -version = "0.29.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "71e2746dc3a24dd78b3cfcb7be93368c6de9963d30f43a6a73998a9cf4b17b46" -dependencies = [ - "bitflags 2.7.0", - "cfg-if", - "cfg_aliases", - "libc", -] - [[package]] name = "nix" version = "0.30.1" @@ -1077,7 +1065,7 @@ dependencies = [ "indicatif", "libpkgx", "native-tls", - "nix 0.29.0", + "nix", "regex", "rusqlite", "serde", From 4994bea8d00499d8a356bd4cabfe0896a8316e7b Mon Sep 17 00:00:00 2001 From: Jacob Heider Date: Mon, 2 Feb 2026 19:13:58 -0500 Subject: [PATCH 5/5] keep building on buster for compatibility --- .github/workflows/cd.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 77c2e5f06..94eaa281b 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -68,7 +68,7 @@ jobs: build-id: darwin+x86-64 pkgs: gh - os: ubuntu-latest - container: debian:bullseye-slim + container: debian:buster-slim build-id: linux+x86-64 pkgs: gh - os: macos-latest @@ -89,6 +89,15 @@ jobs: with: name: srcs + # debian:buster is archived, so we need to fix its sources.list + - name: fix debian:buster + if: ${{ matrix.platform.container == 'debian:buster-slim' }} + run: sed -i 's/deb.debian.org/archive.debian.org/g' /etc/apt/sources.list + + - run: | + apt-get update + apt-get install curl gcc perl-modules openssl make xz-utils --yes + - uses: pkgxdev/setup@v4 with: +: ${{ matrix.platform.pkgs }}