-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Verify that src dir wasn't modified by build.rs when publishing #5584
Conversation
Co-authored-by: Gabriel Feron <feron.gabriel@gmail.com>
Co-authored-by: boxdot <d@zerovolt.org>
Thanks for the pull request, and welcome! The Rust team is excited to review your changes, and you should hear from @alexcrichton (or someone else) soon. If any changes to this PR are deemed necessary, please add them as extra commits. This ensures that the reviewer can see what has changed since they last reviewed the code. Due to the way GitHub handles out-of-date commits, this should also make it reasonably obvious what issues have or haven't been addressed. Large or tricky changes may require several passes of review and changes. Please see the contribution instructions for more information. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Excellent!
tests/testsuite/publish.rs
Outdated
.build(); | ||
|
||
assert_that( | ||
p.cargo("publish") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can use cargo package
here, to avoid the need to setup the publishing infra.
tests/testsuite/publish.rs
Outdated
.arg("--index") | ||
.arg(publish::registry().to_string()), | ||
execs().with_status(101), | ||
); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's also check that running cargo pacakge --no-verify
suppresses this check!
…d while publishing
Co-authored-by: Gabriel Feron <feron.gabriel@gmail.com>
tests/testsuite/package.rs
Outdated
); | ||
|
||
assert_that( | ||
p.cargo("package") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This can be more compactly written as p.cargo("package --no-verify")
, the testing infra gained ability to split arguments automatically fairly recently.
Co-authored-by: boxdot <d@zerovolt.org>
@@ -272,6 +272,11 @@ There’s a couple of points of note here: | |||
output files should be located. It can use the process’ current working | |||
directory to find where the input files should be located, but in this case we | |||
don’t have any input files. | |||
* In general, build scripts should not modify any files outside of `OUT_DIR`. | |||
It may seem fine on the first blush, but it does cause problems when you use |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @matklad for formulating this already in the issue.
src/cargo/ops/cargo_package.rs
Outdated
bail!( | ||
"Source directory was modified by build.rs during cargo publish. \ | ||
Build scripts should not modify anything outside of OUT_DIR. \ | ||
Modified file: {}", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One more thing: let's add use '--no-verify' flag to suppress this check
to the error message?
@alexcrichton, are we comfortable with enabling this behavior by default?
We can down tone this to a warning perhaps? I personally am fine with a hard error. |
👍 I'm in favor of enabling this by default I think the error message should indicate that it can be fixed with the |
tests/testsuite/package.rs
Outdated
|
||
Caused by: | ||
Source directory was modified by build.rs during cargo publish. \ | ||
Build scripts should not modify anything outside of OUT_DIR. Modified file: [..]src/generated.txt |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You need src[/]generated.txt
here to pass the test on windows.
📌 Commit 987ce87 has been approved by |
Verify that src dir wasn't modified by build.rs when publishing Fixes issue #5073. Implemented during RustFest Paris `impl days`.
☀️ Test successful - status-appveyor, status-travis |
Can src directory contain immutable code which includes contents of something from build dir written by build.rs? vergen crate, for example. |
@vityafx of course yeah! |
How does that mix with bindgen? I want to generate the bindings using build.rs and they usually live in |
@lu-zero build scripts should place the files they create in the OUT_DIR: https://doc.rust-lang.org/cargo/reference/build-scripts.html#case-study-code-generation |
Looks quite bulky (and in my case quite a bit of churn). I can live with that, but would be nicer to provide a better mean to hide it. |
Also, forces me to create an empty file with just that line. Since doing mod foo {
include!(concat!(env!("OUT_DIR"), "/foo.rs"));
} Does not work. |
Also having the empty file leads to :
|
So basically you made impossible to publish crates that rely on bindgen or there is a way around it? |
@lu-zero try using setup which is described in bindgen’s docs: https://rust-lang-nursery.github.io/rust-bindgen/tutorial-3.html There’s also —no-verify flag which you can use to suppress this check. I would advise against using it, if possible: mutating sources during the build will make lives of consumers of your library harder. |
What is suggested does not seem to work at least with the bindgen 0.37.4. #![allow(non_upper_case_globals)]
#![allow(non_camel_case_types)]
#![allow(non_snake_case)]
include!(concat!(env!("OUT_DIR"), "/aom.rs")); The generated file still contains: /* automatically generated by rust-bindgen */
#![allow(dead_code)]
#![allow(non_camel_case_types)]
#![allow(non_snake_case)]
#![allow(non_upper_case_globals)]
... The result is :
|
Oh, right I forgot to change the build.rs recipe to not append those there. |
With Rust 1.28.0: Cargo will now no longer allow you to publish crates with build scripts that modify the src directory. The src directory in a crate should be considered to be immutable. rust-lang/cargo#5584
This is due to rust-lang/cargo#5584 that forbids writing to `src/` and is present since Rust 1.28.
… by `cargo package` (see rust-lang/cargo#5584)
…r caused by `cargo package` (see rust-lang/cargo#5584)" This reverts commit 712c54a.
…h di `OUT_DIR` lalu di-include via `mod.rs`, hal ini dikarenakan oleh: rust-lang/cargo#5584 Tambah beberapa proto message.
Fixes issue #5073.
Implemented during RustFest Paris
impl days
.