Stabilize publish-lockfile.

src/bin/cargo/commands/install.rs

@@ -68,15 +68,16 @@ pub fn cli() -> App {
         )
         .after_help(
             "\
-This command manages Cargo's local set of installed binary crates. Only packages
+This command manages Cargo's local set of installed binary crates. Only
-which have [[bin]] targets can be installed, and all binaries are installed into
+packages which have executable [[bin]] or [[example]] targets can be
-the installation root's `bin` folder. The installation root is determined, in
+installed, and all executables are installed into the installation root's
-order of precedence, by `--root`, `$CARGO_INSTALL_ROOT`, the `install.root`
+`bin` folder. The installation root is determined, in order of precedence, by
-configuration key, and finally the home directory (which is either
+`--root`, `$CARGO_INSTALL_ROOT`, the `install.root` configuration key, and
-`$CARGO_HOME` if set or `$HOME/.cargo` by default).
+finally the home directory (which is either `$CARGO_HOME` if set or
+`$HOME/.cargo` by default).
 
 There are multiple sources from which a crate can be installed. The default
-location is crates.io but the `--git`, `--path`, and `registry` flags can
+location is crates.io but the `--git`, `--path`, and `--registry` flags can
 change this source. If the source contains more than one package (such as
 crates.io or a git repository with multiple crates) the `<crate>` argument is
 required to indicate which crate should be installed.

src/cargo/core/features.rs

@@ -186,6 +186,7 @@ features! {
         [stable] rename_dependency: bool,
 
         // Whether a lock file is published with this crate
+        // This is deprecated, and will likely be removed in a future version.
         [unstable] publish_lockfile: bool,
 
         // Overriding profiles for dependencies.

src/cargo/core/manifest.rs

@@ -478,9 +478,6 @@ impl Manifest {
     pub fn publish(&self) -> &Option<Vec<String>> {
         &self.publish
     }
-    pub fn publish_lockfile(&self) -> bool {
-        self.publish_lockfile
-    }
     pub fn replace(&self) -> &[(PackageIdSpec, Dependency)] {
         &self.replace
     }

src/cargo/core/package.rs

@@ -240,8 +240,7 @@ impl Package {
 
     /// Returns if package should include `Cargo.lock`.
     pub fn include_lockfile(&self) -> bool {
-        self.manifest().publish_lockfile()
+        self.targets().iter().any(|t| t.is_example() || t.is_bin())
-            && self.targets().iter().any(|t| t.is_example() || t.is_bin())
     }
 }
 

src/cargo/ops/cargo_package.rs

@@ -42,8 +42,12 @@ pub struct PackageOpts<'cfg> {
 static VCS_INFO_FILE: &'static str = ".cargo_vcs_info.json";
 
 pub fn package(ws: &Workspace<'_>, opts: &PackageOpts<'_>) -> CargoResult<Option<FileLock>> {
-    // Make sure the Cargo.lock is up-to-date and valid.
+    if ws.root().join("Cargo.lock").exists() {
-    ops::resolve_ws(ws)?;
+        // Make sure the Cargo.lock is up-to-date and valid.
+        ops::resolve_ws(ws)?;
+        // If Cargo.lock does not exist, it will be generated by `build_lock`
+        // below, and will be validated during the verification step.
+    }
     let pkg = ws.current()?;
     let config = ws.config();
 
@@ -615,7 +619,7 @@ fn run_verify(ws: &Workspace<'_>, tar: &FileLock, opts: &PackageOpts<'_>) -> Car
     };
 
     let exec: Arc<dyn Executor> = Arc::new(DefaultExecutor);
-    ops::compile_ws(
+    ops::compile_with_exec(
         &ws,
         &ops::CompileOptions {
             config,

src/cargo/util/toml/mod.rs

@@ -1034,6 +1034,11 @@ impl TomlManifest {
         let publish_lockfile = match project.publish_lockfile {
             Some(b) => {
                 features.require(Feature::publish_lockfile())?;
+                warnings.push(
+                    "The `publish-lockfile` feature is deprecated and currently \
+                     has no effect. It may be removed in a future version."
+                        .to_string(),
+                );
                 b
             }
             None => features.is_enabled(Feature::publish_lockfile()),

src/doc/man/cargo-install.adoc

@@ -17,14 +17,15 @@ cargo-install - Build and install a Rust binary
 
 == DESCRIPTION
 
-This command manages Cargo's local set of installed binary crates. Only packages
+This command manages Cargo's local set of installed binary crates. Only
-which have `\[[bin]]` targets can be installed, and all binaries are installed into
+packages which have executable `\[[bin]]` or `\[[example]]` targets can be
-the installation root's `bin` folder.
+installed, and all executables are installed into the installation root's
+`bin` folder.
 
 include::description-install-root.adoc[]
 
 There are multiple sources from which a crate can be installed. The default
-location is crates.io but the `--git`, `--path`, and `registry` flags can
+location is crates.io but the `--git`, `--path`, and `--registry` flags can
 change this source. If the source contains more than one package (such as
 crates.io or a git repository with multiple crates) the _CRATE_ argument is
 required to indicate which crate should be installed.
@@ -42,6 +43,20 @@ specified by setting the `CARGO_TARGET_DIR` environment variable to a relative
 path. In particular, this can be useful for caching build artifacts on
 continuous integration systems.
 
+By default, the `Cargo.lock` file that is included with the package will be
+ignored. This means that Cargo will recompute which versions of dependencies
+to use, possibly using newer versions that have been released since the
+package was published. The `--locked` flag can be used to force Cargo to use
+the packaged `Cargo.lock` file if it is available. This may be useful for
+ensuring reproducible builds, to use the exact same set of dependencies that
+were available when the package was published. It may also be useful if a
+newer version of a dependency is published that no longer builds on your
+system, or has other problems. The downside to using `--locked` is that you
+will not receive any fixes or updates to any dependency. Note that Cargo did
+not start publishing `Cargo.lock` files until version 1.37, which means
+packages published with prior versions will not have a `Cargo.lock` file
+available.
+
 == OPTIONS
 
 === Install Options

src/doc/man/cargo-package.adoc

@@ -25,6 +25,9 @@ steps:
     - The original `Cargo.toml` file is rewritten and normalized.
     - `[patch]`, `[replace]`, and `[workspace]` sections are removed from the
       manifest.
+    - `Cargo.lock` is automatically included if the package contains an
+      executable binary or example target. man:cargo-install[1] will use the
+      packaged lock file if the `--locked` flag is used.
     - A `.cargo_vcs_info.json` file is included that contains information
       about the current VCS checkout hash if available (not included with
       `--allow-dirty`).

src/doc/man/generated/cargo-install.html

@@ -17,9 +17,10 @@
 <h2 id="cargo_install_description">DESCRIPTION</h2>
 <div class="sectionbody">
 <div class="paragraph">
-<p>This command manages Cargo&#8217;s local set of installed binary crates. Only packages
+<p>This command manages Cargo&#8217;s local set of installed binary crates. Only
-which have <code>[[bin]]</code> targets can be installed, and all binaries are installed into
+packages which have executable <code>[[bin]]</code> or <code>[[example]]</code> targets can be
-the installation root&#8217;s <code>bin</code> folder.</p>
+installed, and all executables are installed into the installation root&#8217;s
+<code>bin</code> folder.</p>
 </div>
 <div class="paragraph">
 <p>The installation root is determined, in order of precedence:</p>
@@ -45,7 +46,7 @@ the installation root&#8217;s <code>bin</code> folder.</p>
 </div>
 <div class="paragraph">
 <p>There are multiple sources from which a crate can be installed. The default
-location is crates.io but the <code>--git</code>, <code>--path</code>, and <code>registry</code> flags can
+location is crates.io but the <code>--git</code>, <code>--path</code>, and <code>--registry</code> flags can
 change this source. If the source contains more than one package (such as
 crates.io or a git repository with multiple crates) the <em>CRATE</em> argument is
 required to indicate which crate should be installed.</p>
@@ -65,6 +66,21 @@ specified by setting the <code>CARGO_TARGET_DIR</code> environment variable to a
 path. In particular, this can be useful for caching build artifacts on
 continuous integration systems.</p>
 </div>
+<div class="paragraph">
+<p>By default, the <code>Cargo.lock</code> file that is included with the package will be
+ignored. This means that Cargo will recompute which versions of dependencies
+to use, possibly using newer versions that have been released since the
+package was published. The <code>--locked</code> flag can be used to force Cargo to use
+the packaged <code>Cargo.lock</code> file if it is available. This may be useful for
+ensuring reproducible builds, to use the exact same set of dependencies that
+were available when the package was published. It may also be useful if a
+newer version of a dependency is published that no longer builds on your
+system, or has other problems. The downside to using <code>--locked</code> is that you
+will not receive any fixes or updates to any dependency. Note that Cargo did
+not start publishing <code>Cargo.lock</code> files until version 1.37, which means
+packages published with prior versions will not have a <code>Cargo.lock</code> file
+available.</p>
+</div>
 </div>
 </div>
 <div class="sect1">

src/doc/man/generated/cargo-package.html

@@ -44,6 +44,11 @@ will ignore the path key for dependencies in published packages.</p>
 manifest.</p>
 </li>
 <li>
+<p><code>Cargo.lock</code> is automatically included if the package contains an
+executable binary or example target. <a href="commands/cargo-install.html">cargo-install(1)</a> will use the
+packaged lock file if the <code>--locked</code> flag is used.</p>
+</li>
+<li>
 <p>A <code>.cargo_vcs_info.json</code> file is included that contains information
 about the current VCS checkout hash if available (not included with
 <code>--allow-dirty</code>).</p>

src/doc/src/reference/publishing.md

@@ -13,7 +13,7 @@ limit to the number of versions which can be published, however.
 First thing’s first, you’ll need an account on [crates.io] to acquire
 an API token. To do so, [visit the home page][crates.io] and log in via a GitHub
 account (required for now). After this, visit your [Account
-Settings](https://crates.io/me) page and run the `cargo login` command
+Settings](https://crates.io/me) page and run the [`cargo login`] command
 specified.
 
 ```console
@@ -21,42 +21,71 @@ $ cargo login abcdefghijklmnopqrstuvwxyz012345
 ```
 
 This command will inform Cargo of your API token and store it locally in your
-`~/.cargo/credentials` (previously it was `~/.cargo/config`). Note that this
+`~/.cargo/credentials`. Note that this token is a **secret** and should not be
-token is a **secret** and should not be shared with anyone else. If it leaks for
+shared with anyone else. If it leaks for any reason, you should regenerate it
-any reason, you should regenerate it immediately.
+immediately.
 
 ### Before publishing a new crate
 
 Keep in mind that crate names on [crates.io] are allocated on a first-come-first-
 serve basis. Once a crate name is taken, it cannot be used for another crate.
 
+Check out the [metadata you can
+specify](reference/manifest.html#package-metadata) in `Cargo.toml` to ensure
+your crate can be discovered more easily! Before publishing, make sure you have
+filled out the following fields:
+
+- `authors`
+- `license` or `license-file`
+- `description`
+- `homepage`
+- `documentation`
+- `repository`
+
+It would also be a good idea to include some `keywords` and `categories`,
+though they are not required.
+
+If you are publishing a library, you may also want to consult the [Rust API
+Guidelines].
+
 #### Packaging a crate
 
-The next step is to package up your crate into a format that can be uploaded to
+The next step is to package up your crate and upload it to [crates.io]. For
-[crates.io]. For this we’ll use the `cargo package` subcommand. This will take
+this we’ll use the [`cargo publish`] subcommand. This command performs the following
-our entire crate and package it all up into a `*.crate` file in the
+steps:
-`target/package` directory.
+
+1. Perform some verification checks on your package.
+2. Compress your source code into a `.crate` file.
+3. Extract the `.crate` file into a temporary directory and verify that it
+   compiles.
+4. Upload the `.crate` file to [crates.io].
+5. The registry will perform some additional checks on the uploaded package
+   before adding it.
+
+It is recommended that you first run `cargo publish --dry-run` (or [`cargo
+package`] which is equivalent) to ensure there aren't any warnings or errors
+before publishing. This will perform the first three steps listed above.
 
 ```console
-$ cargo package
+$ cargo publish --dry-run
 ```
 
-As an added bonus, the `*.crate` will be verified independently of the current
+You can inspect the generated `.crate` file in the `target/package` directory.
-source tree. After the `*.crate` is created, it’s unpacked into
+[crates.io] currently has a 10MB size limit on the `.crate` file. You may want
-`target/package` and then built from scratch to ensure that all necessary files
+to check the size of the `.crate` file to ensure you didn't accidentally
-are there for the build to succeed. This behavior can be disabled with the
+package up large assets that are not required to build your package, such as
-`--no-verify` flag.
+test data, website documentation, or code generation. You can check which
+files are included with the following command:
 
-Now’s a good time to take a look at the `*.crate` file to make sure you didn’t
+```console
-accidentally package up that 2GB video asset, or large data files used for code
+$ cargo package --list
-generation, integration tests, or benchmarking. There is currently a 10MB
+```
-upload size limit on `*.crate` files. So, if the size of `tests` and `benches`
-directories and their dependencies are up to a couple of MBs, you can keep them
-in your package; otherwise, better to exclude them.
 
 Cargo will automatically ignore files ignored by your version control system
 when packaging, but if you want to specify an extra set of files to ignore you
-can use the `exclude` key in the manifest:
+can use the [`exclude`
+key](reference/manifest.html#the-exclude-and-include-fields-optional) in the
+manifest:
 
 ```toml
 [package]
@@ -67,10 +96,8 @@ exclude = [
 ]
 ```
 
-The syntax of each element in this array is what
+If you’d rather explicitly list the files to include, Cargo also supports an
-[rust-lang/glob](https://github.com/rust-lang/glob) accepts. If you’d rather
+`include` key, which if set, overrides the `exclude` key:
-roll with a whitelist instead of a blacklist, Cargo also supports an `include`
-key, which if set, overrides the `exclude` key:
 
 ```toml
 [package]
@@ -83,28 +110,22 @@ include = [
 
 ### Uploading the crate
 
-Now that we’ve got a `*.crate` file ready to go, it can be uploaded to
+When you are ready to publish, use the [`cargo publish`] command
-[crates.io] with the `cargo publish` command. And that’s it, you’ve now published
+to upload to [crates.io]:
-your first crate!
 
 ```console
 $ cargo publish
 ```
 
-If you’d like to skip the `cargo package` step, the `cargo publish` subcommand
+And that’s it, you’ve now published your first crate!
-will automatically package up the local crate if a copy isn’t found already.
-
-Be sure to check out the [metadata you can
-specify](reference/manifest.html#package-metadata) to ensure your crate can be
-discovered more easily!
 
 ### Publishing a new version of an existing crate
 
-In order to release a new version, change the `version` value specified in your
+In order to release a new version, change the `version` value specified in
-`Cargo.toml` manifest. Keep in mind [the semver
+your `Cargo.toml` manifest. Keep in mind [the semver
-rules](reference/manifest.html#the-version-field). Then optionally run `cargo package` if
+rules](reference/manifest.html#the-version-field), and consult [RFC 1105] for
-you want to inspect the `*.crate` file for the new version before publishing,
+what constitutes a semver-breaking change. Then run [`cargo publish`] as
-and run `cargo publish` to upload the new version.
+described above to upload the new version.
 
 ### Managing a crates.io-based crate
 
@@ -176,7 +197,7 @@ is likely for you to encounter the following message when working with them:
 > It looks like you don’t have permission to query a necessary property from
 GitHub to complete this request. You may need to re-authenticate on [crates.io]
 to grant permission to read GitHub org memberships. Just go to
-https://crates.io/login
+<https://crates.io/login>.
 
 This is basically a catch-all for “you tried to query a team, and one of the
 five levels of membership access control denied this”. That is not an
@@ -195,7 +216,7 @@ you will get the error above. You may also see this error if you ever try to
 publish a crate that you don’t own at all, but otherwise happens to have a team.
 
 If you ever change your mind, or just aren’t sure if [crates.io] has sufficient
-permission, you can always go to https://crates.io/login, which will prompt you
+permission, you can always go to <https://crates.io/login>, which will prompt you
 for permission if [crates.io] doesn’t have all the scopes it would like to.
 
 An additional barrier to querying GitHub is that the organization may be
@@ -218,5 +239,11 @@ the “Grant Access” button next to its name:
 
 ![Authentication Access Control](images/auth-level-acl.png)
 
+[RFC 1105]: https://github.com/rust-lang/rfcs/blob/master/text/1105-api-evolution.md
+[Rust API Guidelines]: https://rust-lang-nursery.github.io/api-guidelines/
+[`cargo login`]: commands/cargo-login.html
+[`cargo package`]: commands/cargo-package.html
+[`cargo publish`]: commands/cargo-publish.html
 [crates.io]: https://crates.io/
 [oauth-scopes]: https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/
+

src/doc/src/reference/unstable.md

@@ -10,26 +10,6 @@ command-line flags. Options requiring this will be called out below.
 Some unstable features will require you to specify the `cargo-features` key in
 `Cargo.toml`.
 
-### publish-lockfile
-* Original Issue: [#2263](https://github.com/rust-lang/cargo/issues/2263)
-* PR: [#5093](https://github.com/rust-lang/cargo/pull/5093)
-* Tracking Issue: [#5654](https://github.com/rust-lang/cargo/issues/5654)
-
-When creating a `.crate` file for distribution, Cargo has historically
-not included the `Cargo.lock` file. This can cause problems with
-using `cargo install` with a binary. You can specify that your package
-should include the `Cargo.lock` file when using `cargo package` or `cargo publish`
-by specifying the `publish-lockfile` key in `Cargo.toml`. This also requires the
-appropriate `cargo-features`:
-
-```toml
-cargo-features = ["publish-lockfile"]
-
-[package]
-...
-publish-lockfile = true
-```
-
 ### no-index-update
 * Original Issue: [#3479](https://github.com/rust-lang/cargo/issues/3479)
 

src/etc/man/cargo-install.1

@@ -2,12 +2,12 @@
 .\"     Title: cargo-install
 .\"    Author: [see the "AUTHOR(S)" section]
 .\" Generator: Asciidoctor 1.5.8
-.\"      Date: 2019-05-12
+.\"      Date: 2019-06-10
 .\"    Manual: \ \&
 .\"    Source: \ \&
 .\"  Language: English
 .\"
-.TH "CARGO\-INSTALL" "1" "2019-05-12" "\ \&" "\ \&"
+.TH "CARGO\-INSTALL" "1" "2019-06-10" "\ \&" "\ \&"
 .ie \n(.g .ds Aq \(aq
 .el       .ds Aq '
 .ss \n[.ss] 0
@@ -40,9 +40,10 @@ cargo\-install \- Build and install a Rust binary
 \fBcargo install [\fIOPTIONS\fP] \-\-list\fP
 .SH "DESCRIPTION"
 .sp
-This command manages Cargo\(cqs local set of installed binary crates. Only packages
+This command manages Cargo\(cqs local set of installed binary crates. Only
-which have \fB[[bin]]\fP targets can be installed, and all binaries are installed into
+packages which have executable \fB[[bin]]\fP or \fB[[example]]\fP targets can be
-the installation root\(cqs \fBbin\fP folder.
+installed, and all executables are installed into the installation root\(cqs
+\fBbin\fP folder.
 .sp
 The installation root is determined, in order of precedence:
 .sp
@@ -103,7 +104,7 @@ The installation root is determined, in order of precedence:
 .RE
 .sp
 There are multiple sources from which a crate can be installed. The default
-location is crates.io but the \fB\-\-git\fP, \fB\-\-path\fP, and \fBregistry\fP flags can
+location is crates.io but the \fB\-\-git\fP, \fB\-\-path\fP, and \fB\-\-registry\fP flags can
 change this source. If the source contains more than one package (such as
 crates.io or a git repository with multiple crates) the \fICRATE\fP argument is
 required to indicate which crate should be installed.
@@ -120,6 +121,20 @@ in a temporary target directory. To avoid this, the target directory can be
 specified by setting the \fBCARGO_TARGET_DIR\fP environment variable to a relative
 path. In particular, this can be useful for caching build artifacts on
 continuous integration systems.
+.sp
+By default, the \fBCargo.lock\fP file that is included with the package will be
+ignored. This means that Cargo will recompute which versions of dependencies
+to use, possibly using newer versions that have been released since the
+package was published. The \fB\-\-locked\fP flag can be used to force Cargo to use
+the packaged \fBCargo.lock\fP file if it is available. This may be useful for
+ensuring reproducible builds, to use the exact same set of dependencies that
+were available when the package was published. It may also be useful if a
+newer version of a dependency is published that no longer builds on your
+system, or has other problems. The downside to using \fB\-\-locked\fP is that you
+will not receive any fixes or updates to any dependency. Note that Cargo did
+not start publishing \fBCargo.lock\fP files until version 1.37, which means
+packages published with prior versions will not have a \fBCargo.lock\fP file
+available.
 .SH "OPTIONS"
 .SS "Install Options"
 .sp

src/etc/man/cargo-package.1

@@ -2,12 +2,12 @@
 .\"     Title: cargo-package
 .\"    Author: [see the "AUTHOR(S)" section]
 .\" Generator: Asciidoctor 1.5.8
-.\"      Date: 2019-05-20
+.\"      Date: 2019-06-10
 .\"    Manual: \ \&
 .\"    Source: \ \&
 .\"  Language: English
 .\"
-.TH "CARGO\-PACKAGE" "1" "2019-05-20" "\ \&" "\ \&"
+.TH "CARGO\-PACKAGE" "1" "2019-06-10" "\ \&" "\ \&"
 .ie \n(.g .ds Aq \(aq
 .el       .ds Aq '
 .ss \n[.ss] 0
@@ -103,6 +103,19 @@ manifest.
 .  sp -1
 .  IP \(bu 2.3
 .\}
+\fBCargo.lock\fP is automatically included if the package contains an
+executable binary or example target. \fBcargo\-install\fP(1) will use the
+packaged lock file if the \fB\-\-locked\fP flag is used.
+.RE
+.sp
+.RS 4
+.ie n \{\
+\h'-04'\(bu\h'+03'\c
+.\}
+.el \{\
+.  sp -1
+.  IP \(bu 2.3
+.\}
 A \fB.cargo_vcs_info.json\fP file is included that contains information
 about the current VCS checkout hash if available (not included with
 \fB\-\-allow\-dirty\fP).

tests/testsuite/alt_registry.rs

@@ -361,7 +361,7 @@ fn publish_with_registry_dependency() {
             "vers": "0.0.1"
         }"#,
         "foo-0.0.1.crate",
-        &["Cargo.toml", "Cargo.toml.orig", "src/main.rs"],
+        &["Cargo.lock", "Cargo.toml", "Cargo.toml.orig", "src/main.rs"],
     );
 }
 
@@ -460,7 +460,7 @@ fn publish_to_alt_registry() {
             "vers": "0.0.1"
         }"#,
         "foo-0.0.1.crate",
-        &["Cargo.toml", "Cargo.toml.orig", "src/main.rs"],
+        &["Cargo.lock", "Cargo.toml", "Cargo.toml.orig", "src/main.rs"],
     );
 }
 
@@ -523,7 +523,7 @@ fn publish_with_crates_io_dep() {
             "vers": "0.0.1"
         }"#,
         "foo-0.0.1.crate",
-        &["Cargo.toml", "Cargo.toml.orig", "src/main.rs"],
+        &["Cargo.lock", "Cargo.toml", "Cargo.toml.orig", "src/main.rs"],
     );
 }
 

tests/testsuite/cross_publish.rs

@@ -53,7 +53,7 @@ fn simple_cross_package() {
     publish::validate_crate_contents(
         f,
         "foo-0.0.0.crate",
-        &["Cargo.toml", "Cargo.toml.orig", "src/main.rs"],
+        &["Cargo.lock", "Cargo.toml", "Cargo.toml.orig", "src/main.rs"],
         &[],
     );
 }

tests/testsuite/package.rs

@@ -46,6 +46,7 @@ See [..]
     p.cargo("package -l")
         .with_stdout(
             "\
+Cargo.lock
 Cargo.toml
 src/main.rs
 ",
@@ -57,7 +58,7 @@ src/main.rs
     validate_crate_contents(
         f,
         "foo-0.0.1.crate",
-        &["Cargo.toml", "Cargo.toml.orig", "src/main.rs"],
+        &["Cargo.lock", "Cargo.toml", "Cargo.toml.orig", "src/main.rs"],
         &[],
     );
 }
@@ -151,9 +152,10 @@ fn package_verbose() {
 [WARNING] manifest has no description[..]
 See https://doc.rust-lang.org/cargo/reference/manifest.html#package-metadata for more info.
 [PACKAGING] foo v0.0.1 ([..])
-[ARCHIVING] [..]
+[ARCHIVING] Cargo.toml
-[ARCHIVING] [..]
+[ARCHIVING] src/main.rs
 [ARCHIVING] .cargo_vcs_info.json
+[ARCHIVING] Cargo.lock
 ",
         )
         .run();
@@ -172,6 +174,7 @@ See https://doc.rust-lang.org/cargo/reference/manifest.html#package-metadata for
         f,
         "foo-0.0.1.crate",
         &[
+            "Cargo.lock",
             "Cargo.toml",
             "Cargo.toml.orig",
             "src/main.rs",
@@ -377,19 +380,20 @@ See [..]
 [WARNING] [..] file `some_dir/file_deep_1` is now excluded.
 See [..]
 [PACKAGING] foo v0.0.1 ([..])
-[ARCHIVING] [..]
+[ARCHIVING] Cargo.toml
-[ARCHIVING] [..]
+[ARCHIVING] file_root_3
-[ARCHIVING] [..]
+[ARCHIVING] file_root_4
-[ARCHIVING] [..]
+[ARCHIVING] file_root_5
-[ARCHIVING] [..]
+[ARCHIVING] some_dir/dir_deep_2/some_dir/file
-[ARCHIVING] [..]
+[ARCHIVING] some_dir/dir_deep_4/some_dir/file
-[ARCHIVING] [..]
+[ARCHIVING] some_dir/dir_deep_5/some_dir/file
-[ARCHIVING] [..]
+[ARCHIVING] some_dir/file_deep_2
-[ARCHIVING] [..]
+[ARCHIVING] some_dir/file_deep_3
-[ARCHIVING] [..]
+[ARCHIVING] some_dir/file_deep_4
-[ARCHIVING] [..]
+[ARCHIVING] some_dir/file_deep_5
-[ARCHIVING] [..]
+[ARCHIVING] src/main.rs
 [ARCHIVING] .cargo_vcs_info.json
+[ARCHIVING] Cargo.lock
 ",
         )
         .run();
@@ -401,6 +405,7 @@ See [..]
         .with_stdout(
             "\
 .cargo_vcs_info.json
+Cargo.lock
 Cargo.toml
 file_root_3
 file_root_4
@@ -447,10 +452,11 @@ fn include() {
 See https://doc.rust-lang.org/cargo/reference/manifest.html#package-metadata for more info.
 [WARNING] both package.include and package.exclude are specified; the exclude list will be ignored
 [PACKAGING] foo v0.0.1 ([..])
-[ARCHIVING] [..]
+[ARCHIVING] Cargo.toml
-[ARCHIVING] [..]
+[ARCHIVING] foo.txt
-[ARCHIVING] [..]
+[ARCHIVING] src/main.rs
 [ARCHIVING] .cargo_vcs_info.json
+[ARCHIVING] Cargo.lock
 ",
         )
         .run();
@@ -526,6 +532,7 @@ fn no_duplicates_from_modified_tracked_files() {
         .cwd(p.root())
         .with_stdout(
             "\
+Cargo.lock
 Cargo.toml
 src/main.rs
 ",
@@ -571,6 +578,7 @@ See https://doc.rust-lang.org/cargo/reference/manifest.html#package-metadata for
     p.cargo("package -l")
         .with_stdout(
             "\
+Cargo.lock
 Cargo.toml
 src[..]main.rs
 ",
@@ -582,7 +590,7 @@ src[..]main.rs
     validate_crate_contents(
         f,
         "foo-0.0.1.crate",
-        &["Cargo.toml", "Cargo.toml.orig", "src/main.rs"],
+        &["Cargo.lock", "Cargo.toml", "Cargo.toml.orig", "src/main.rs"],
         &[],
     );
 }
@@ -652,7 +660,13 @@ See [..]
     validate_crate_contents(
         f,
         "foo-0.0.1.crate",
-        &["Cargo.toml", "Cargo.toml.orig", "src/main.rs", "src/foo.rs"],
+        &[
+            "Cargo.lock",
+            "Cargo.toml",
+            "Cargo.toml.orig",
+            "src/main.rs",
+            "src/foo.rs",
+        ],
         &[],
     );
 }
@@ -755,6 +769,7 @@ fn generated_manifest() {
     Package::new("abc", "1.0.0").publish();
     Package::new("def", "1.0.0").alternative(true).publish();
     Package::new("ghi", "1.0.0").publish();
+    Package::new("bar", "0.1.0").publish();
 
     let p = project()
         .file(
@@ -830,7 +845,7 @@ version = "1.0"
     validate_crate_contents(
         f,
         "foo-0.0.1.crate",
-        &["Cargo.toml", "Cargo.toml.orig", "src/main.rs"],
+        &["Cargo.lock", "Cargo.toml", "Cargo.toml.orig", "src/main.rs"],
         &[("Cargo.toml", &rewritten_toml)],
     );
 }

tests/testsuite/publish.rs

@@ -52,7 +52,7 @@ fn validate_upload_foo() {
           }
         "#,
         "foo-0.0.1.crate",
-        &["Cargo.toml", "Cargo.toml.orig", "src/main.rs"],
+        &["Cargo.lock", "Cargo.toml", "Cargo.toml.orig", "src/main.rs"],
     );
 }
 
@@ -61,6 +61,7 @@ fn validate_upload_foo_clean() {
         CLEAN_FOO_JSON,
         "foo-0.0.1.crate",
         &[
+            "Cargo.lock",
             "Cargo.toml",
             "Cargo.toml.orig",
             "src/main.rs",
@@ -498,6 +499,7 @@ fn publish_when_ignored() {
         CLEAN_FOO_JSON,
         "foo-0.0.1.crate",
         &[
+            "Cargo.lock",
             "Cargo.toml",
             "Cargo.toml.orig",
             "src/main.rs",
@@ -539,7 +541,13 @@ fn ignore_when_crate_ignored() {
     publish::validate_upload(
         CLEAN_FOO_JSON,
         "foo-0.0.1.crate",
-        &["Cargo.toml", "Cargo.toml.orig", "src/main.rs", "baz"],
+        &[
+            "Cargo.lock",
+            "Cargo.toml",
+            "Cargo.toml.orig",
+            "src/main.rs",
+            "baz",
+        ],
     );
 }
 
@@ -713,6 +721,7 @@ fn publish_allowed_registry() {
         CLEAN_FOO_JSON,
         "foo-0.0.1.crate",
         &[
+            "Cargo.lock",
             "Cargo.toml",
             "Cargo.toml.orig",
             "src/main.rs",
@@ -974,7 +983,7 @@ fn publish_with_patch() {
           }
         "#,
         "foo-0.0.1.crate",
-        &["Cargo.toml", "Cargo.toml.orig", "src/main.rs"],
+        &["Cargo.lock", "Cargo.toml", "Cargo.toml.orig", "src/main.rs"],
     );
 }
 

tests/testsuite/publish_lockfile.rs

@@ -9,9 +9,7 @@ use crate::support::{
 fn pl_manifest(name: &str, version: &str, extra: &str) -> String {
     format!(
         r#"
-        cargo-features = ["publish-lockfile"]
+        [package]
-
-        [project]
         name = "{}"
         version = "{}"
         authors = []
@@ -20,7 +18,6 @@ fn pl_manifest(name: &str, version: &str, extra: &str) -> String {
         documentation = "foo"
         homepage = "foo"
         repository = "foo"
-        publish-lockfile = true
 
         {}
         "#,
@@ -28,6 +25,41 @@ fn pl_manifest(name: &str, version: &str, extra: &str) -> String {
     )
 }
 
+#[cargo_test]
+fn deprecated() {
+    let p = project()
+        .file(
+            "Cargo.toml",
+            r#"
+            cargo-features = ["publish-lockfile"]
+            [package]
+            name = "foo"
+            version = "0.1.0"
+            publish-lockfile = true
+            license = "MIT"
+            description = "foo"
+            documentation = "foo"
+            homepage = "foo"
+            repository = "foo"
+            "#,
+        )
+        .file("src/lib.rs", "")
+        .build();
+    p.cargo("package")
+        .masquerade_as_nightly_cargo()
+        .with_stderr(
+            "\
+[PACKAGING] foo v0.1.0 ([..])
+[VERIFYING] foo v0.1.0 ([..])
+[WARNING] The `publish-lockfile` feature is deprecated and currently has no effect. \
+    It may be removed in a future version.
+[COMPILING] foo v0.1.0 ([..])
+[FINISHED] dev [..]
+",
+        )
+        .run();
+}
+
 #[cargo_test]
 fn package_lockfile() {
     let p = project()
@@ -36,7 +68,6 @@ fn package_lockfile() {
         .build();
 
     p.cargo("package")
-        .masquerade_as_nightly_cargo()
         .with_stderr(
             "\
 [PACKAGING] foo v0.0.1 ([CWD])
@@ -48,7 +79,6 @@ fn package_lockfile() {
         .run();
     assert!(p.root().join("target/package/foo-0.0.1.crate").is_file());
     p.cargo("package -l")
-        .masquerade_as_nightly_cargo()
         .with_stdout(
             "\
 Cargo.lock
@@ -57,10 +87,7 @@ src/main.rs
 ",
         )
         .run();
-    p.cargo("package")
+    p.cargo("package").with_stdout("").run();
-        .masquerade_as_nightly_cargo()
-        .with_stdout("")
-        .run();
 
     let f = File::open(&p.root().join("target/package/foo-0.0.1.crate")).unwrap();
     validate_crate_contents(
@@ -80,7 +107,6 @@ fn package_lockfile_git_repo() {
         .build();
     cargo_process("package -l")
         .cwd(g.root())
-        .masquerade_as_nightly_cargo()
         .with_stdout(
             "\
 .cargo_vcs_info.json
@@ -92,7 +118,6 @@ src/main.rs
         .run();
     cargo_process("package -v")
         .cwd(g.root())
-        .masquerade_as_nightly_cargo()
         .with_stderr(
             "\
 [PACKAGING] foo v0.0.1 ([..])
@@ -116,7 +141,7 @@ fn no_lock_file_with_library() {
         .file("src/lib.rs", "")
         .build();
 
-    p.cargo("package").masquerade_as_nightly_cargo().run();
+    p.cargo("package").run();
 
     let f = File::open(&p.root().join("target/package/foo-0.0.1.crate")).unwrap();
     validate_crate_contents(
@@ -141,10 +166,7 @@ fn lock_file_and_workspace() {
         .file("foo/src/main.rs", "fn main() {}")
         .build();
 
-    p.cargo("package")
+    p.cargo("package").cwd("foo").run();
-        .cwd("foo")
-        .masquerade_as_nightly_cargo()
-        .run();
 
     let f = File::open(&p.root().join("target/package/foo-0.0.1.crate")).unwrap();
     validate_crate_contents(
@@ -188,15 +210,12 @@ fn note_resolve_changes() {
         .file("patched/src/lib.rs", "")
         .build();
 
-    p.cargo("generate-lockfile")
+    p.cargo("generate-lockfile").run();
-        .masquerade_as_nightly_cargo()
-        .run();
 
     // Make sure this does not change or warn.
     Package::new("updated", "1.0.1").publish();
 
     p.cargo("package --no-verify -v --allow-dirty")
-        .masquerade_as_nightly_cargo()
         .with_stderr_unordered(
             "\
 [PACKAGING] foo v0.0.1 ([..])
@@ -220,14 +239,11 @@ fn outdated_lock_version_change_does_not_warn() {
         .file("src/main.rs", "fn main() {}")
         .build();
 
-    p.cargo("generate-lockfile")
+    p.cargo("generate-lockfile").run();
-        .masquerade_as_nightly_cargo()
-        .run();
 
     p.change_file("Cargo.toml", &pl_manifest("foo", "0.2.0", ""));
 
     p.cargo("package --no-verify")
-        .masquerade_as_nightly_cargo()
         .with_stderr("[PACKAGING] foo v0.2.0 ([..])")
         .run();
 }
@@ -271,12 +287,9 @@ fn no_warn_workspace_extras() {
         )
         .file("b/src/main.rs", "fn main() {}")
         .build();
-    p.cargo("generate-lockfile")
+    p.cargo("generate-lockfile").run();
-        .masquerade_as_nightly_cargo()
-        .run();
     p.cargo("package --no-verify")
         .cwd("a")
-        .masquerade_as_nightly_cargo()
         .with_stderr(
             "\
 [PACKAGING] a v0.1.0 ([..])
@@ -303,14 +316,11 @@ fn warn_package_with_yanked() {
         )
         .file("src/main.rs", "fn main() {}")
         .build();
-    p.cargo("generate-lockfile")
+    p.cargo("generate-lockfile").run();
-        .masquerade_as_nightly_cargo()
-        .run();
     Package::new("bar", "0.1.0").yanked(true).publish();
     // Make sure it sticks with the locked (yanked) version.
     Package::new("bar", "0.1.1").publish();
     p.cargo("package --no-verify")
-        .masquerade_as_nightly_cargo()
         .with_stderr(
             "\
 [PACKAGING] foo v0.0.1 ([..])
@@ -386,66 +396,3 @@ dependencies = [
         )
         .run();
 }
-
-#[cargo_test]
-fn publish_lockfile_default() {
-    let p = project()
-        .file(
-            "Cargo.toml",
-            r#"
-            cargo-features = ["publish-lockfile"]
-            [package]
-            name = "foo"
-            version = "1.0.0"
-            authors = []
-            license = "MIT"
-            description = "foo"
-            documentation = "foo"
-            homepage = "foo"
-            repository = "foo"
-            "#,
-        )
-        .file("src/main.rs", "fn main() {}")
-        .build();
-
-    p.cargo("package -l")
-        .masquerade_as_nightly_cargo()
-        .with_stdout(
-            "\
-Cargo.lock
-Cargo.toml
-src/main.rs
-",
-        )
-        .run();
-
-    let p = project()
-        .file(
-            "Cargo.toml",
-            r#"
-            cargo-features = ["publish-lockfile"]
-            [package]
-            name = "foo"
-            version = "1.0.0"
-            authors = []
-            license = "MIT"
-            description = "foo"
-            documentation = "foo"
-            homepage = "foo"
-            repository = "foo"
-            publish-lockfile = false
-            "#,
-        )
-        .file("src/main.rs", "fn main() {}")
-        .build();
-
-    p.cargo("package -l")
-        .masquerade_as_nightly_cargo()
-        .with_stdout(
-            "\
-Cargo.toml
-src/main.rs
-",
-        )
-        .run();
-}

tests/testsuite/registry.rs

@@ -363,7 +363,7 @@ fn package_with_path_deps() {
         .with_status(101)
         .with_stderr_contains(
             "\
-[ERROR] failed to verify package tarball
+[ERROR] failed to prepare local package for uploading
 
 Caused by:
   no matching package named `notyet` found
@@ -379,8 +379,8 @@ required by package `foo v0.0.1 ([..])`
         .with_stderr(
             "\
 [PACKAGING] foo v0.0.1 ([CWD])
-[VERIFYING] foo v0.0.1 ([CWD])
 [UPDATING] `[..]` index
+[VERIFYING] foo v0.0.1 ([CWD])
 [DOWNLOADING] crates ...
 [DOWNLOADED] notyet v0.0.1 (registry `[ROOT][..]`)
 [COMPILING] notyet v0.0.1