Expand description
Build-time dependency-graph fingerprinting (BuildTimeFingerprint).
Two mutually independent feature gates control the facility:
| Feature | Provided symbols |
|---|---|
dependency-graph-build | build::generate_fingerprint — writes a compact, normalised fingerprint.json to $OUT_DIR; pass true to also export a pretty-printed copy alongside Cargo.toml.build::export — standalone pretty-print export (runs a second cargo metadata call). |
dependency-graph-capture | capture::parse — deserialises the embedded snapshot into a typed capture::BuildTimeFingerprintData |
Place dependency-graph-build in [build-dependencies] and
dependency-graph-capture in [dependencies]; neither implies the other.
§Concerns
- The fingerprint is stored as plain text in the binary’s read-only data section. It is informational in nature; it does not constitute a security boundary and is not tamper-evident.
- Calling
generate_fingerprint(true)(orexport(true)) writesfingerprint.jsonto the crate root. Add this file to.gitignoreto prevent unintentional exposure of build-environment details. - The snapshot is fixed at compile time and does not reflect runtime state.
Modules§
- backend_
deps - Re-exports all backend dependencies used by the
dependency-graphmodule. - build
- Build-time fingerprint generator for use in a downstream
build.rs. - capture
- Runtime reader for the
fingerprint.jsonembedded in the binary.