cargo check --frozen requires the cargo home to be writable on nightly

[pietroalbini]

Problem

On Rust 1.34.1, as long as all the dependencies were pre-fetched with cargo fetch, running cargo check --frozen never touched the ~/.cargo directory, allowing it to be read-only. This behavior is used by Crater to prevent misbehaving crates from messing up the cargo installation.

The latest nightly instead requires that directory to be writable:

error: failed to acquire package cache lock  

Caused by:
  failed to open: /home/pietro/tmp/repro/tmp-cargo-home/.package-cache

Caused by:
  Permission denied (os error 13)

Steps

#!/bin/bash
set +euo pipefail

if [[ $# -ne 1 ]]; then
    echo "usage: $0 <toolchain-name>"
    exit 1
fi
export RUSTUP_TOOLCHAIN="$1"

# Use a temporary cargo home so the user-wide one is not messed up
export CARGO_HOME=tmp-cargo-home

set -x

# Create a simple repro crate which depends on lazy_static
cargo init --bin repro
cd repro
echo 'lazy_static = "1"' >> Cargo.toml

# Generate the lockfile and fetch the dependencies using it
cargo generate-lockfile
cargo fetch --locked

# Make the cargo home read-only
chmod -w -R "${CARGO_HOME}"

cargo check --frozen

• bash repro.sh stable for the correct behavior
• bash repro.sh nightly for the wrong behavior

Possible Solution(s)

After talking to @Eh2406 the issue seems to be caused by #6880.

[Eh2406]

cc @alexcrichton

[pietroalbini]

Other than ~/.cargo/.package-cache, ~/.cargo/registry/src also seems to be required to be writable from now on. My guess is that before crate unpacking was done during fetch and now during the actual build.

All of this (especially source unpacking, I can work around the package cache thingy) is bad for Crater: we want as much as possible in the containers to be read-only to prevent all the damage misbehaving or malicious crates can do during a run, and locking down {RUSTUP,CARGO}_HOME is one of the key steps of that isolation.

[ehuss]

I think the read-only issue with extracting is due to this change: https://github.com/rust-lang/cargo/pull/6880/files#diff-ce3ac564b3688633fe9c7ccb934e6253L470

It previously was careful to open the lock in read-only mode, but it no longer does that.

[pietroalbini]

If it's needed I can work around the .package-cache file on the Crater side (by mounting only that file in rw mode). I'd really prefer not to mount the whole cargo home rw to allow extracting the source though.