closes https://github.com/ziglang/zig/issues/14283
Release Notes
Instead of being fetched into $GLOBAL_ZIG_CACHE/p/$HASH, package dependencies are now fetched into a "zig-pkg" directory relative to the build root (next to build.zig). Users are generally encouraged to not commit these files to source control, however it is understood that some will choose to do so for convenience.
After a package is fetched, the filters are applied (paths field in build.zig.zon) in order to delete files not part of the hash, and then the package is recompressed into a canonical $GLOBAL_ZIG_CACHE/p/$HASH.tar.gz in order to avoid network next time the same package is needed.
The motivation for this change is to make it easier to tinker. Go ahead and edit those files, see what happens. Swap out your package directory with a git clone. Grep your dependencies all together. Configure your IDE to auto-complete based on zig-pkgs directory. Run baobab on your dependency tree. Furthermore, by having the global cache have compressed files instead makes it easier to share that cached data between computers.
zig build will now fail when encountering package dependencies without fingerprint field or with name as a string rather than enum literal. Fingerprint is needed in order to determine that two packages with different versions are intended to be different versions of the same project. It will become an error to have the same fingerprint, same version, different hash in your dependency tree because it means somebody forgot to bump a version number, or somebody is trying to do a hostile package fork and now you have to choose a side.
Zig no longer observes ZIG_BTRFS_WORKAROUND environment variable. The bug has been fixed in upstream Linux a long time ago by now. https://github.com/ziglang/zig/issues/17095
Followup Work
- #31139
- when showing package fetching errors, also show dependency trace (which package drags in the package with the error?)
- ability to specify name, version, and paths for dependency URLs that do not have a build.zig.zon file inside
- #31124
- https://github.com/ziglang/zig/issues/14288
- https://github.com/ziglang/zig/issues/23236
- a tool for verifying integrity of package directories (detects when the hash does not match the contents)