Skip to main content

Module build

toolkit_zero::dependency_graph

Module build 

Source
Expand description

Build-time fingerprint generator for use in a downstream build.rs.

Produces fingerprint.json in $OUT_DIR: a compact, normalised, deterministically sorted JSON document capturing a stable snapshot of the build environment.

§Functions

FunctionDescription
generate_fingerprintAlways call this. Writes compact fingerprint.json to $OUT_DIR and emits cargo:rerun-if-changed directives. Pass true to also export a pretty-printed copy alongside Cargo.toml.
exportOptional standalone export. Writes a pretty-printed fingerprint.json alongside Cargo.toml. Note: incurs a second cargo metadata call if used after generate_fingerprint(false).

§Sections captured

SectionContents
packageCrate name and version
buildProfile, opt-level, target triple, rustc version, and active feature flags
depsFull normalised cargo metadata dependency graph (sorted, no absolute paths)
cargo_lock_sha256SHA-256 of Cargo.lock (comment lines stripped)
sourceSHA-256 of every .rs file under src/

§Usage

In the downstream crate’s build.rs:

fn main() {
    // Pass `true` to also write a pretty-printed copy alongside Cargo.toml.
    toolkit_zero::dependency_graph::build::generate_fingerprint(cfg!(debug_assertions))
        .expect("fingerprint generation failed");
}

Embed the fingerprint in the binary:

const BUILD_TIME_FINGERPRINT: &str = include_str!(concat!(env!("OUT_DIR"), "/fingerprint.json"));

§Concerns

  • Not tamper-proof — the fingerprint resides as plain text in the binary’s read-only data section. It is informational in nature; it does not constitute a security boundary.
  • Export filegenerate_fingerprint(true) (or export(true)) writes fingerprint.json to the crate root. Add it to .gitignore to prevent unintentional commits.
  • Build-time overheadcargo metadata is executed on every rebuild. The cargo:rerun-if-changed directives restrict this to changes in src/, Cargo.toml, or Cargo.lock.
  • Path stripping — absolute paths (workspace_root, manifest_path, src_path, path, and others) are removed from cargo metadata output to ensure the fingerprint is stable across machines and checkout locations.
  • Feature scopebuild.features captures the active features of the crate being built, not toolkit-zero’s own features.
  • Compile-time only — the snapshot does not update at runtime.
  • Atomic writes — both fingerprint files are written via a .tmp rename so a partially-written file is never observed by a parallel reader.

Enums§

BuildTimeFingerprintError
Errors that can occur while generating fingerprint.json.

Functions§

export
Write a pretty-printed fingerprint.json alongside the crate’s Cargo.toml when enabled is true.
generate_fingerprint
Generate fingerprint.json in $OUT_DIR.