on cargo publish, check for verified email before compiling

[EverlastingBugstopper]

Describe the problem you are trying to solve
when running cargo publish, the binary is compiled with release mode, and then it checks if your email is verified and you can publish to the crates.io registry.

Describe the solution you'd like
i'd like cargo to check if your email is verified and allowed to publish to the crates.io registry before compiling the binary in release mode.

[metalwarrior665]

Yes please! I'm now compiling for 4th time and always get some error at the end 👍

[heisen-li]

@rustbot claim

[heisen-li]

Is it more reasonable to verify the email address during cargo login?
I mean when executing cargo login xxxxxx, the system returns a message indicating that the email address has not been verified.

[EverlastingBugstopper]

@qiangheisenberg - it may make sense to add that as a "warning" when you run cargo login, but I don't think an unverified email should cause login to fail (I think this would be a breaking change).

However, an unverified email address already makes a publish fail, this issue proposes moving that failure earlier in the process (see: before running an expensive compile).

What do you think?

[heisen-li]

I think your suggestion is very reasonable. This is the most prudent approach.

[heisen-li]

Guys, I read the relevant code. This issue is similar to issue #3662. If you want to quickly get the failure information before compiling the project, you need to send the request in advance, which means you need to send two requests (the first request is to verify the email address and other failure information; the second request is to upload the crate ).

According to the protocol of sending the request, the content of the compiled crates needs to be included. The content here cannot be empty, let alone compiled content.

https://github.com/rust-lang/cargo/blob/master/crates/crates-io/lib.rs#L250-#L256

// Prepare the body. The format of the upload request is:
//
//      <le u32 of json>
//      <json request> (metadata for the package)
//      <le u32 of tarball>
//      <source tarball>

So, how should I handle this request?

I think crates.io needs to add a new API to handle validation requests, and I submitted a new discussion.
rust-lang/crates.io#6174

But they don't seem to have the idea.

[epage]

Could someone help clarify to me which email is being talked about? Is this for validating that your account on crates.io is setup correctly and you are authorized to publish the package?

[ehuss]

Yes, that is my understanding.

[epage]

Ok, so this is something that can only be solved by checking with the registry.