Non-deterministic errors resolving multple versions of openssl-sys in rust beta 1.13.0-beta.3

[brson]

I found this on crater in our new builds of cargo that we paired with the Rust 1.13 beta. It affects cargo-edit-0.1.3 and megam_api-0.1.10 at least, but seems to be non-deterministic, so may affect others.

When building either of these crates without a lockfile I sometimes get this error:

error: native library `openssl` is being linked to by more than one version of the same package, but it can only be linked once; try updating or pinning your dependencies to ensure that this package only shows up once

  openssl-sys v0.9.0
  openssl-sys v0.7.17

Rerunning cargo build sometimes makes it go away.

[brson]

cc @alexcrichton

[brson]

Crater report.

[brson]

I've also seen this once with cargo on stable (cargo +stable build in rustup):

brian@host:~/dev/test/cargo-edit-0.1.3⟫ cargo +stable clean
brian@host:~/dev/test/cargo-edit-0.1.3⟫ rm Cargo.lock
brian@host:~/dev/test/cargo-edit-0.1.3⟫ cargo +stable build
    Updating registry `https://github.com/rust-lang/crates.io-index`
   Compiling strsim v0.5.1
   Compiling rustc-serialize v0.3.19
   Compiling utf8-ranges v0.1.3
   Compiling lazy_static v0.2.1
   Compiling nom v1.2.4
   Compiling unicode-normalization v0.1.2
   Compiling pkg-config v0.3.8
   Compiling semver v0.2.3
   Compiling gcc v0.3.38
   Compiling log v0.3.6
   Compiling unicode-width v0.1.3
   Compiling pad v0.1.4
   Compiling openssl-sys v0.7.17
   Compiling libc v0.2.17
   Compiling libz-sys v1.0.6
   Compiling regex-syntax v0.3.9
   Compiling memchr v0.1.11
   Compiling matches v0.1.4
   Compiling aho-corasick v0.5.3
   Compiling unicode-bidi v0.2.3
   Compiling winapi-build v0.1.1
   Compiling idna v0.1.0
   Compiling winapi v0.2.8
   Compiling kernel32-sys v0.2.2
   Compiling thread-id v2.0.0
   Compiling thread_local v0.2.7
   Compiling curl-sys v0.1.34
   Compiling regex v0.1.80
   Compiling url v1.2.3
   Compiling quick-error v1.1.0
   Compiling toml v0.1.30
   Compiling docopt v0.6.86
   Compiling curl v0.2.19
   Compiling cargo-edit v0.1.3 (file:///mnt2/dev/test/cargo-edit-0.1.3)
    Finished debug [unoptimized + debuginfo] target(s) in 90.81 secs
brian@host:~/dev/test/cargo-edit-0.1.3⟫ cargo +stable build
error: native library `openssl` is being linked to by more than one version of the same package, but it can only be linked once; try updating or pinning your dependencies to ensure that this package only shows up
once

  openssl-sys v0.9.0
  openssl-sys v0.7.17
101 brian@host:~/dev/test/cargo-edit-0.1.3⟫ cargo +stable -V
cargo 0.13.0-nightly (109cb7c 2016-08-19)
brian@host:~/dev/test/cargo-edit-0.1.3⟫ rustc +stable -V
rustc 1.12.1 (d4f39402a 2016-10-19)

[brson]

This command fails for me 7/17 times:

$ rm -f Cargo.lock && cargo +stable build
    Updating registry `https://github.com/rust-lang/crates.io-index`
error: native library `openssl` is being linked to by more than one version of the same package, but it can only be linked once; try updating or pinning your dependencies to ensure that this package only shows up once

  openssl-sys v0.9.0
  openssl-sys v0.7.17

[brson]

Whatever is happening here seems to be in the stable release.

[alexcrichton]

The nondeterminism is a very long lasting "bug" in Cargo (#2064) so in that sense I don't believe this is a regression. This is showing up now because openssl-sys was release, which unfortunately breaks a few crates by default (for various, but unrelated, reasons).

Basically tl;dr; this is a known bug but not a regression

[alexcrichton]

I believe I've fixed all crates in question

[brson]

Here's a list with some more such errors.

[brson]

Why are these results non-deterministic?

[alexcrichton]

I believe all of those are related to the curl 0.2 library, which I just fixed with a new publish to crates.io. The results are nondeterministic because Cargo's graph traversal is slightly nondeterministic (uses a HashMap somewhere)

[brson]

Thanks for the explanation @alexcrichton!