Path: csiph.com!news.samoylyk.net!gothmog.csi.it!bofh.it!news.nic.it!robomod From: Ananthu C V Newsgroups: linux.debian.maint.python Subject: Re: Requesting guidance on the best way to package Python packages that include Rust code (specifically uv_build) Date: Fri, 19 Sep 2025 13:40:01 +0200 Message-ID: References: X-Original-To: Soren Stoutner X-Mailbox-Line: From debian-python-request@lists.debian.org Fri Sep 19 11:33:11 2025 Old-Return-Path: X-Amavis-Spam-Status: No, score=-114.51 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_MED=-2.3, UNPARSEABLE_RELAY=0.001, USER_IN_DKIM_WELCOMELIST=-0.01, USER_IN_DKIM_WHITELIST=-100] autolearn=unavailable autolearn_force=no Mail-Followup-To: Soren Stoutner , debian-python@lists.debian.org, debian-rust@lists.debian.org, Manuel Guerra MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="FO0jioJ4czqTVWO7" Content-Disposition: inline Organization: The Debian Project X-Debian-User: weepingclown X-Mailing-List: archive/latest/23260 List-ID: List-URL: List-Archive: https://lists.debian.org/msgid-search/aM0_U6d9YDKesK7m@debian.org Approved: robomod@news.nic.it Lines: 78 Sender: robomod@news.nic.it X-Original-Cc: debian-python@lists.debian.org, debian-rust@lists.debian.org, Manuel Guerra X-Original-Date: Fri, 19 Sep 2025 17:02:35 +0530 X-Original-Message-ID: X-Original-References: <13846854.uLZWGnKmhe@soren-desktop> Xref: csiph.com linux.debian.maint.python:17077 --FO0jioJ4czqTVWO7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Soren, On Thu, Sep 18, 2025 at 02:08:47PM -0700, Soren Stoutner wrote: > There are a couple of Python packages I maintain which have introduced ne= w=20 > dependencies written in Python but containing Rust code. In particular, = this=20 > email is regarding uv_build, which is a Python build system that is being= =20 > adopted by a number of upstream projects whose packages I maintain. >=20 > Manuel Guerra has been looking into how difficult it is to package uv_bui= ld. I will talk more about this below. > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D1115616 >=20 > By default, it wants to download Rust code at build-time based on a=20 > Cargo.toml. I assume this is not unique nor the first time this can come= up=20 > with a Python package. My question is, what is the canonical way for han= ding=20 > such dependencies? The rust cargo wrapper is currently the way we usually go with, you can refer to [0]. pollo already shared an example, some other ones are python-orjson, pendulum etc. This is all under the impression of your package not using uv_build itself as build backend, or you will have to eit= her switch it over to another build backend or wait until uv_build is packaged. Coming back to the packaging of uv_build, there is already ongoing effor for packaging uv. But it is not easy as the dependency is tree is quite huge. I'd expect most of it to be packaged though, but there's a huge pain with uv itself. uv has an insane amount of internal crates, none of which are in crates.io, which means the typical rust team workflow can't be applied to them at least. A simple 'find crates/ -maxdepth 1 -name uv-* -type d | wc -l' in the uv repo will give you 61 as result, which is 60 other internal crates than uv itself. Now uv_build does not require all of that, but working on this will require a lot of things to be figured out first; such as what all binaries need to be shipped, how to handle the build, etc. So it is quite complicated and probably will take some time to get sorted out. [0] https://rust-team.pages.debian.net/book/process-workspace.html --=20 Best, Ananthu --FO0jioJ4czqTVWO7 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEUtW9Dn1NsITjS1hl1KQc+t2yDbUFAmjNP1AACgkQ1KQc+t2y DbVVlg//UFiP2DxaNlwFzRfDhPfzQSKc98xO9Cwv6V0v7m99exXYPxmO7tyVVFCD waUeTs4XD4x2c02TBpHdhP7V/qsgPG/gIzH2gl2efhj+8BhmjfdQWd3pwt4UtR7L MojyUR5hqk9UjwI6INWUGcgjz23+RvE1Au5XDyjxP3OjFRdanZLjX8uLhbK8sVyf KwH54R26Ej/VK2q8DV7BEpU2d3MuHUrLxXMhvg/cifWZ8Bn4aMoGLT5/yDe8DeUb p6r4ixMDRRmlqZtkGVVkter+At2/YLFLsKw8+8O7ve/eK/Uug1S/p8n4e8egCkg0 GG5Y3K18+n1NJtNzvr+EgDuTm6mMFN46tJAk2avi2bSg9Legj95apU01SMND4Gnh Q+gT/iUAOP5ZGa1aI0F/FWBZfz/RwXO75JBEUxtlLFi1Wh/ZKcLcLEU6RzleUmQL hJB9MIOH5lbhTt9rbRKjklE8kiuSaFZub9lD8Go5nOpH/n69LeWdYNquWRco2hy+ SOeKeI9oesHskOT+VpVi4YzGhnRy+XHI6NISwVdu4R/ds37DDdSapVn2JAaeQtjJ 2b4DHrMB1rxjjyYcPrAS1hhoqk4HV9nuKc4wtj61uBUHl668S6a3zvMIG+B1MIGg IbMw2qsy4LRxAa+ya0+23Hgjis/lKXGLS+wXM4/lnTan5OncI74= =Rnjf -----END PGP SIGNATURE----- --FO0jioJ4czqTVWO7--