Add --locked to installation of cargo fuzz

[alexcrichton]

Helps pin dependencies at the time of when cargo-fuzz itself was published to avoid dependency updates breaking builds. This fixes a current issue where all Rust projects using cargo fuzz are broken due to the installation of cargo-fuzz failing due to failing to build a newer dependency with an older nightly.

Closes #12168

[jonathanmetzman]

/gcbrun trial_build.py rust

[catenacyber]

Hope it solves https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70200 libhtp fuzzing build failure, thanks Alex

[alexcrichton]

According to the logs it looks like a timeout with gitoxide caused the run to fail. I'm not sure if that's hiding other failures, but locally I've built gitoxide with this and it succeeds.

[oliverchang]

thanks a ton for this!

[catenacyber]

@alexcrichton I still get

error[E0658]: `#[diagnostic]` attribute name space is experimental
   --> /rust/registry/src/index.crates.io-6f17d22bba15001f/serde-1.0.204/src/de/mod.rs:537:5
    |
537 |     diagnostic::on_unimplemented(
    |     ^^^^^^^^^^
    |
    = note: see issue #111996 <https://github.com/rust-lang/rust/issues/111996> for more information
    = help: add `#![feature(diagnostic_namespace)]` to the crate attributes to enable
    = note: this compiler was built on 2024-02-11; consider upgrading it if it is out of date

for libhtp running cargo fuzz build -O cf https://oss-fuzz-build-logs.storage.googleapis.com/log-e78f7b45-f5e4-4d58-b8ae-24d37635cb70.txt

Do you know how to fix it ?

[alexcrichton]

@catenacyber that look like libhttp will want to downgrade the serde it's using. It's the same root cause as this issue but in a different place. For example cargo fuzz got installed alright but the build of libhttp itself is failing.

The only other option is to update rustc but that seems like it's blocked on quite a few other things, so it likely won't happen soon.

[catenacyber]

Thanks, trying something in #12217