-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Having a [patch] section when publishing is not an error #6535
Conversation
r? @nrc (rust_highfive has picked a reviewer for you, use r? to override) |
This lgtm - I recently hit it and was annoyed. CI seems to be failing though. r? @alexcrichton who implemented the check in the first place |
I think it would be nice to have a test, and check if I don't have a strong opinion about the actual change. It does seem like it might be useful. |
Oh, and the documentation at https://github.com/rust-lang/cargo/blob/master/src/doc/man/cargo-publish.adoc will need to be updated, though I can take care of that if needed (the Makefile gives instructions for rebuilding which must be done manually). |
@ehuss if you could give some pointers on how to test this, that would be great. |
Although not explicitly mentioned, it was the intention of the original RFC that this was disallowed. I think enough time has passed and we have enough experience that we can consider changing that decision, and I personally feel that with verification-on-build it's ok to do this. I would like to get a team sign-off, however, because this is reversing an intentional decision. @rfcbot fcp merge |
Team member @alexcrichton has proposed to merge this. The next step is review by the rest of the tagged team members: No concerns currently listed. Once a majority of reviewers approve (and none object), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up! See this document for info about what commands tagged team members can give me. |
What do you mean exactly by verification-on-build? I think I would be ok with adding a flag that changes error on patch section to ignore patch section. (assuming good testing) This allows power users that know they need this to use it, while keeping the speed bump that says you are not testing what you are publishing. |
"cargo will remove" seems slightly inaccurate; doesn't that canonicalization happen on the crates.io server? I'd be fine with this if cargo itself strips out the |
It is stripped on the Cargo side when the |
@ehuss Thanks! That answers my question. Also, @alexcrichton, are you suggesting that cargo should check that the |
It seems like it should work the same way I believe having path dependencies works - the build from |
@Eh2406 ah by "verification-on-build" I actually mean "verification-on-publish" where I mean that when you @joshtriplett ah no sorry that was a misspeak on my part, Cargo won't be performing any verification of downloaded crates. @withoutboats I think you're right about |
Could it? It seems appropriate to make sure that a crate can't accidentally pull in a random repo via |
Cargo already doesn't use |
I initially tested it myself without the warning, but thought removing it might be too controversial. Happy to remove it if that's the consensus! |
Is @rfcbot stuck? This looks approved to me. So should I get rid of the warning or not? |
No I think all but one must approve (and no remaining concerns) before it goes into the 10 day final comment period. |
Oh, that's different from the @rfcbot comment:
|
(@jethrogb I looked into the details and opened rust-lang/rfcbot-rs#258 to see if it can be improved.) |
We're still waiting on more checkboxes. @Eh2406, @wycats, @withoutboats, mind taking a look at the proposal here? |
🔔 This is now entering its final comment period, as per the review above. 🔔 psst @alexcrichton, I wasn't able to add the |
This will need the test from #6544 (comment) and the documentation updates as well. |
The final comment period, with a disposition to merge, as per the review above, is now complete. |
It's still not clear to me if there should be a warning or not. I'll make the requested changes on Tuesday |
The FCP is to remove the error entirely |
c49c935
to
d3f7bb0
Compare
Removed the message, updated |
@bors: r+ |
📌 Commit d3f7bb0 has been approved by |
Having a [patch] section when publishing is not an error It is not necessary to throw an error when your `Cargo.toml` has a `[patch]` section. 1. Cargo will normalize your `Cargo.toml` while packaging, which will remove the `[patch]` section. 2. Even if the `[patch]` section were to somehow get to crates.io, it would be ignored when the crate is used since only the top-level crate's `[patch]` section is used. The current behavior is quite annoying for crate maintainers who need a permanent `[patch]` section, for example, [`rand`](rust-random/rand#670 (comment)). This is the situation that leads to rand needing a permanent `[patch]` section: ![image](https://user-images.githubusercontent.com/1132307/50951760-54cf3a00-14d4-11e9-8064-a7def2ed402f.png) Here, `rand` and `rand_core` are in the same repository, and `rdrand` is in a separate repository. When building `rand` as the top-level crate (e.g. in CI), the `rand->rand_core` path dependency will be used. This is of course a different crate than the crates.io rand_core used by `rdrand`. Therefore, when building `rand` as a top-level crate, you will *always* need to patch `crates-io.rand` to the path dependency. When building `rand` as a dependency, there are no issues, as the crates.io crates are used everywhere.
☀️ Test successful - checks-travis, status-appveyor |
Update docs for removed `patch` restriction. The html/man pages need to be rebuilt after changes in #6535. I also included a minor clarification about sections that are removed when a package is published.
Update cargo 9 commits in 865cb70106a6b1171a500ff68f93ab52eea56e72..b33ce7fc9092962b0657b4c25354984b5e5c47e4 2019-02-10 15:49:37 +0000 to 2019-02-19 18:42:50 +0000 - Don't retry invalid credentials from git credential helpers (rust-lang/cargo#6681) - Fix some typos in resolver tests (rust-lang/cargo#6682) - Add an unstable option to build proc macros for both the host and the target (rust-lang/cargo#6547) - Test cases proving RUSTC_WRAPPER can be a relative path (rust-lang/cargo#6638) - Add support for Azure DevOps (rust-lang/cargo#6264) - Update docs for removed `patch` restriction. (rust-lang/cargo#6663) - Fix incorrect help message (rust-lang/cargo#6555) - Stabilize Alternative Registries (rust-lang/cargo#6654) - Having a [patch] section when publishing is not an error (rust-lang/cargo#6535)
It is not necessary to throw an error when your
Cargo.toml
has a[patch]
section.Cargo.toml
while packaging, which will remove the[patch]
section.[patch]
section were to somehow get to crates.io, it would be ignored when the crate is used since only the top-level crate's[patch]
section is used.The current behavior is quite annoying for crate maintainers who need a permanent
[patch]
section, for example,rand
. This is the situation that leads to rand needing a permanent[patch]
section:Here,
rand
andrand_core
are in the same repository, andrdrand
is in a separate repository. When buildingrand
as the top-level crate (e.g. in CI), therand->rand_core
path dependency will be used. This is of course a different crate than the crates.io rand_core used byrdrand
. Therefore, when buildingrand
as a top-level crate, you will always need to patchcrates-io.rand
to the path dependency. When buildingrand
as a dependency, there are no issues, as the crates.io crates are used everywhere.