itsscb/cargo
1
0
Fork 0
mirror of https://github.com/rust-lang/cargo.git synced 2025-09-28 11:20:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Use the shared source building in package

Browse Source 
This changes the registry validation slightly, adding in a check
forbidding implicit source replacement. This affects the tests (which
configure a dummy registry for source replacement), so we also weaken
the checks by only erroring for registry issues when there are actually
local dependencies.
This commit is contained in:
Joe Neeman 2024-08-19 12:06:11 +07:00
parent b3860a4a66
commit a9987f0982
3 changed files with 34 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
src/cargo/ops/cargo_package.rs
View File

@ -1,4 +1,4 @@
use std::collections::{BTreeSet, HashMap, HashSet}; use std::collections::{BTreeSet, HashMap};
use std::fs::{self, File}; use std::fs::{self, File};
use std::io::prelude::*; use std::io::prelude::*;
use std::io::SeekFrom; use std::io::SeekFrom;
@ -16,7 +16,7 @@ use crate::core::{Package, PackageId, PackageSet, Resolve, SourceId};
use crate::ops::lockfile::LOCKFILE_NAME; use crate::ops::lockfile::LOCKFILE_NAME;
use crate::ops::registry::{infer_registry, RegistryOrIndex}; use crate::ops::registry::{infer_registry, RegistryOrIndex};
use crate::sources::registry::index::{IndexPackage, RegistryDependency}; use crate::sources::registry::index::{IndexPackage, RegistryDependency};
use crate::sources::{PathSource, SourceConfigMap, CRATES_IO_REGISTRY}; use crate::sources::{PathSource, CRATES_IO_REGISTRY};
use crate::util::cache_lock::CacheLockMode; use crate::util::cache_lock::CacheLockMode;
use crate::util::context::JobsConfig; use crate::util::context::JobsConfig;
use crate::util::errors::CargoResult; use crate::util::errors::CargoResult;
@ -202,19 +202,28 @@ pub fn package(ws: &Workspace<'_>, opts: &PackageOpts<'_>) -> CargoResult<Vec<Fi
// below, and will be validated during the verification step. // below, and will be validated during the verification step.
} }
let deps = local_deps(pkgs.iter().map(|(p, f)| ((*p).clone(), f.clone())));
let just_pkgs: Vec<_> = pkgs.iter().map(|p| p.0).collect(); let just_pkgs: Vec<_> = pkgs.iter().map(|p| p.0).collect();
let publish_reg = get_registry(ws.gctx(), &just_pkgs, opts.reg_or_index.clone())?;
debug!("packaging for registry {publish_reg}"); // The publish registry doesn't matter unless there are local dependencies,
// so only try to get one if we need it. If they explicitly passed a
// registry on the CLI, we check it no matter what.
let sid = if deps.has_no_dependencies() && opts.reg_or_index.is_none() {
None
} else {
let sid = get_registry(ws.gctx(), &just_pkgs, opts.reg_or_index.clone())?;
debug!("packaging for registry {}", sid);
Some(sid)
};
let mut local_reg = if ws.gctx().cli_unstable().package_workspace { let mut local_reg = if ws.gctx().cli_unstable().package_workspace {
let reg_dir = ws.target_dir().join("package").join("tmp-registry"); let reg_dir = ws.target_dir().join("package").join("tmp-registry");
Some(TmpRegistry::new(ws.gctx(), reg_dir, publish_reg)?) sid.map(|sid| TmpRegistry::new(ws.gctx(), reg_dir, sid))
.transpose()?
} else { } else {
None None
}; };
let deps = local_deps(pkgs.iter().map(|(p, f)| ((*p).clone(), f.clone())));
// Packages need to be created in dependency order, because dependencies must // Packages need to be created in dependency order, because dependencies must
// be added to our local overlay before we can create lockfiles that depend on them. // be added to our local overlay before we can create lockfiles that depend on them.
let sorted_pkgs = deps.sort(); let sorted_pkgs = deps.sort();
@ -258,52 +267,35 @@ pub fn package(ws: &Workspace<'_>, opts: &PackageOpts<'_>) -> CargoResult<Vec<Fi
/// packages that we're packaging: if we're packaging foo-bin and foo-lib, and foo-bin /// packages that we're packaging: if we're packaging foo-bin and foo-lib, and foo-bin
/// depends on foo-lib, then the foo-lib entry in foo-bin's lockfile will depend on the /// depends on foo-lib, then the foo-lib entry in foo-bin's lockfile will depend on the
/// registry that we're building packages for. /// registry that we're building packages for.
pub(crate) fn get_registry( fn get_registry(
gctx: &GlobalContext, gctx: &GlobalContext,
pkgs: &[&Package], pkgs: &[&Package],
reg_or_index: Option<RegistryOrIndex>, reg_or_index: Option<RegistryOrIndex>,
) -> CargoResult<SourceId> { ) -> CargoResult<SourceId> {
let reg_or_index = match reg_or_index { let reg_or_index = match reg_or_index.clone() {
Some(r) => Some(r), Some(r) => Some(r),
None => infer_registry(pkgs)?, None => infer_registry(pkgs)?,
}; };
// Validate the registry against the packages' allow-lists.
let reg = reg_or_index let reg = reg_or_index
.clone() .clone()
.unwrap_or_else(|| RegistryOrIndex::Registry(CRATES_IO_REGISTRY.to_owned())); .unwrap_or_else(|| RegistryOrIndex::Registry(CRATES_IO_REGISTRY.to_owned()));
if let RegistryOrIndex::Registry(reg_name) = reg {
// Validate the registry against the packages' allow-lists. For backwards compatibility, we for pkg in pkgs {
// skip this if only a single package is being published (because in that case the registry if let Some(allowed) = pkg.publish().as_ref() {
// doesn't affect the packaging step). if !allowed.iter().any(|a| a == &reg_name) {
if pkgs.len() > 1 { bail!(
if let RegistryOrIndex::Registry(reg_name) = &reg {
for pkg in pkgs {
if let Some(allowed) = pkg.publish().as_ref() {
if !allowed.iter().any(|a| a == reg_name) {
bail!(
"`{}` cannot be packaged.\n\ "`{}` cannot be packaged.\n\
The registry `{}` is not listed in the `package.publish` value in Cargo.toml.", The registry `{}` is not listed in the `package.publish` value in Cargo.toml.",
pkg.name(), pkg.name(),
reg_name reg_name
); );
}
} }
} }
} }
} }
Ok(ops::registry::get_source_id(gctx, reg_or_index.as_ref())?.replacement)
let sid = match reg {
RegistryOrIndex::Index(url) => SourceId::for_registry(&url)?,
RegistryOrIndex::Registry(reg) if reg == CRATES_IO_REGISTRY => SourceId::crates_io(gctx)?,
RegistryOrIndex::Registry(reg) => SourceId::alt_registry(gctx, &reg)?,
};
// Load source replacements that are built-in to Cargo.
let sid = SourceConfigMap::empty(gctx)?
.load(sid, &HashSet::new())?
.replaced_source_id();
Ok(sid)
} }
/// Just the part of the dependency graph that's between the packages we're packaging. /// Just the part of the dependency graph that's between the packages we're packaging.
@ -322,6 +314,12 @@ impl LocalDependencies {
.map(|name| self.packages[&name].clone()) .map(|name| self.packages[&name].clone())
.collect() .collect()
} }
pub fn has_no_dependencies(&self) -> bool {
self.graph
.iter()
.all(|node| self.graph.edges(node).next().is_none())
}
} }
/// Build just the part of the dependency graph that's between the given packages, /// Build just the part of the dependency graph that's between the given packages,

2
src/cargo/ops/registry/mod.rs
View File

@ -191,7 +191,7 @@ fn registry(
/// ///
/// The return value is a pair of `SourceId`s: The first may be a built-in replacement of /// The return value is a pair of `SourceId`s: The first may be a built-in replacement of
/// crates.io (such as index.crates.io), while the second is always the original source. /// crates.io (such as index.crates.io), while the second is always the original source.
fn get_source_id( pub(crate) fn get_source_id(
gctx: &GlobalContext, gctx: &GlobalContext,
reg_or_index: Option<&RegistryOrIndex>, reg_or_index: Option<&RegistryOrIndex>,
) -> CargoResult<RegistrySourceIds> { ) -> CargoResult<RegistrySourceIds> {

3
tests/testsuite/package.rs
View File

@ -5999,7 +5999,8 @@ fn registry_not_in_publish_list() {
.masquerade_as_nightly_cargo(&["package-workspace"]) .masquerade_as_nightly_cargo(&["package-workspace"])
.with_status(101) .with_status(101)
.with_stderr_data(str![[r#" .with_stderr_data(str![[r#"
[ERROR] registry index was not found in any configuration: `alternative` [ERROR] `foo` cannot be packaged.
The registry `alternative` is not listed in the `package.publish` value in Cargo.toml.
"#]]) "#]])
.run(); .run();