Skip to main content

Module dependency_graph

Module dependency_graph 

Source
Expand description

Build-time dependency-graph fingerprinting (BuildTimeFingerprint).

Two mutually independent feature gates control the facility:

FeatureProvided symbols
dependency-graph-buildbuild::generate_fingerprint — writes a compact, normalised fingerprint.json to $OUT_DIR; pass true to also export a pretty-printed copy alongside Cargo.toml.
build::export — standalone pretty-print export (runs a second cargo metadata call).
dependency-graph-capturecapture::parse — deserialises the embedded snapshot into a typed capture::BuildTimeFingerprintData

Place dependency-graph-build in [build-dependencies] and dependency-graph-capture in [dependencies]; neither implies the other.

§Concerns

  • The fingerprint is stored as plain text in the binary’s read-only data section. It is informational in nature; it does not constitute a security boundary and is not tamper-evident.
  • Calling generate_fingerprint(true) (or export(true)) writes fingerprint.json to the crate root. Add this file to .gitignore to prevent unintentional exposure of build-environment details.
  • The snapshot is fixed at compile time and does not reflect runtime state.

Modules§

backend_deps
Re-exports all backend dependencies used by the dependency-graph module.
build
Build-time fingerprint generator for use in a downstream build.rs.
capture
Runtime reader for the fingerprint.json embedded in the binary.