Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cargo vendor: add source rewriting for private registries included in deps #14716

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

P-E-Meunier
Copy link

In the case where the exact same dependency (hash-wise) is supplied by two different registries, Cargo.lock keeps only one sources. However, in that case, the output of cargo vendor contains only the registry from Cargo.lock, which isn't enough to compile with --offline.

This PR fixes this by adding the dependencies' registries of all vendored packages to the output of cargo vendor.

@rustbot
Copy link
Collaborator

rustbot commented Oct 22, 2024

Thanks for the pull request, and welcome! The Rust team is excited to review your changes, and you should hear from @ehuss (or someone else) some time within the next two weeks.

Please see the contribution instructions for more information. Namely, in order to ensure the minimum review times lag, PR authors and assigned reviewers should ensure that the review label (S-waiting-on-review and S-waiting-on-author) stays updated, invoking these commands when appropriate:

  • @rustbot author: the review is finished, PR author should check the comments and take action accordingly
  • @rustbot review: the author is ready for a review, this PR will be queued again in the reviewer's queue

@rustbot rustbot added Command-vendor S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Oct 22, 2024
@P-E-Meunier P-E-Meunier force-pushed the master branch 2 times, most recently from 8017eaa to 8e9e0ce Compare October 22, 2024 17:41
… deps

In the case where the exact same dependency is supplied by two different registries, Cargo.lock keeps only one. However, in that case, the output of `cargo vendor` contains only the registry from Cargo.lock, which isn't enough to compile with `--offline`.

This commit adds the dependencies' registries of all vendored packages to the output of `cargo vendor`.
Copy link
Member

@weihanglo weihanglo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the pull request. Could you provide a bug reproduction and open an issue first? Without that it is not immediately clear what this patch is for. That workflow is also encouraged in Cargo Contributor Guide.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The contributing guide also encourages writing tests. Tests added before the commit of the actual fix can be seen as an MRE, letting people understand the problematic behavior indeed exists. See https://doc.crates.io/contrib/process/working-on-cargo.html#submitting-a-pull-request

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This only happens when you have two copies of the same private registry, which is hard to test. But I'd of course welcome guidance on that if this is implemented somewhere.

@P-E-Meunier
Copy link
Author

Thanks for the review, I added a detailed explanation in a new issue.

@P-E-Meunier
Copy link
Author

Minimal reproduction: https://github.com/P-E-Meunier/cargo-vendor-test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Command-vendor S-waiting-on-review Status: Awaiting review from the assignee but also interested parties.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants