Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Having a [patch] section when publishing is not an error #6535

Merged
merged 1 commit into from
Feb 12, 2019

Conversation

jethrogb
Copy link
Contributor

It is not necessary to throw an error when your Cargo.toml has a [patch] section.

  1. Cargo will normalize your Cargo.toml while packaging, which will remove the [patch] section.
  2. Even if the [patch] section were to somehow get to crates.io, it would be ignored when the crate is used since only the top-level crate's [patch] section is used.

The current behavior is quite annoying for crate maintainers who need a permanent [patch] section, for example, rand. This is the situation that leads to rand needing a permanent [patch] section:

image

Here, rand and rand_core are in the same repository, and rdrand is in a separate repository. When building rand as the top-level crate (e.g. in CI), the rand->rand_core path dependency will be used. This is of course a different crate than the crates.io rand_core used by rdrand. Therefore, when building rand as a top-level crate, you will always need to patch crates-io.rand to the path dependency. When building rand as a dependency, there are no issues, as the crates.io crates are used everywhere.

@rust-highfive
Copy link

r? @nrc

(rust_highfive has picked a reviewer for you, use r? to override)

@nrc
Copy link
Member

nrc commented Jan 10, 2019

This lgtm - I recently hit it and was annoyed. CI seems to be failing though.

r? @alexcrichton who implemented the check in the first place

@rust-highfive rust-highfive assigned alexcrichton and unassigned nrc Jan 10, 2019
@ehuss
Copy link
Contributor

ehuss commented Jan 10, 2019

I think it would be nice to have a test, and check if publish sends the information for the patched dependency or the non-patched one. I can help figure out how to write such a test if you need help, since it might be somewhat tricky to set up.

I don't have a strong opinion about the actual change. It does seem like it might be useful.

@ehuss
Copy link
Contributor

ehuss commented Jan 10, 2019

Oh, and the documentation at https://github.com/rust-lang/cargo/blob/master/src/doc/man/cargo-publish.adoc will need to be updated, though I can take care of that if needed (the Makefile gives instructions for rebuilding which must be done manually).

@jethrogb
Copy link
Contributor Author

jethrogb commented Jan 11, 2019

@ehuss if you could give some pointers on how to test this, that would be great.

@alexcrichton alexcrichton added the T-cargo Team: Cargo label Jan 11, 2019
@alexcrichton
Copy link
Member

Although not explicitly mentioned, it was the intention of the original RFC that this was disallowed. I think enough time has passed and we have enough experience that we can consider changing that decision, and I personally feel that with verification-on-build it's ok to do this.

I would like to get a team sign-off, however, because this is reversing an intentional decision.

@rfcbot fcp merge

@rfcbot
Copy link
Collaborator

rfcbot commented Jan 11, 2019

Team member @alexcrichton has proposed to merge this. The next step is review by the rest of the tagged team members:

No concerns currently listed.

Once a majority of reviewers approve (and none object), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up!

See this document for info about what commands tagged team members can give me.

@Eh2406
Copy link
Contributor

Eh2406 commented Jan 11, 2019

What do you mean exactly by verification-on-build?

I think I would be ok with adding a flag that changes error on patch section to ignore patch section. (assuming good testing) This allows power users that know they need this to use it, while keeping the speed bump that says you are not testing what you are publishing.

@joshtriplett
Copy link
Member

"cargo will remove" seems slightly inaccurate; doesn't that canonicalization happen on the crates.io server?

I'd be fine with this if cargo itself strips out the [patch] section before publishing.

@ehuss
Copy link
Contributor

ehuss commented Jan 11, 2019

I'd be fine with this if cargo itself strips out the [patch] section before publishing.

It is stripped on the Cargo side when the .crate is crated. Here is the stripping logic.

@joshtriplett
Copy link
Member

@ehuss Thanks! That answers my question.

Also, @alexcrichton, are you suggesting that cargo should check that the Cargo.toml of a downloaded .crate file doesn't contain a [patch] section? That seems like a good idea.

@withoutboats
Copy link
Contributor

It seems like it should work the same way I believe having path dependencies works - the build from cargo publish should ignore patches and path dependencies to test that this crate still builds with just the crates.io versions of all the dependencies. (I think that is what alex meant by "verification-on-build")

@alexcrichton
Copy link
Member

@Eh2406 ah by "verification-on-build" I actually mean "verification-on-publish" where I mean that when you cargo publish by default we'll build the crate as it shows up on crates.io, missing [patch] and all.

@joshtriplett ah no sorry that was a misspeak on my part, Cargo won't be performing any verification of downloaded crates.

@withoutboats I think you're right about path deps and such, in which case I actually think we should forgo a warning here at all and basically just delete the check

@joshtriplett
Copy link
Member

ah no sorry that was a misspeak on my part, Cargo won't be performing any verification of downloaded crates.

Could it? It seems appropriate to make sure that a crate can't accidentally pull in a random repo via [patch].

@alexcrichton
Copy link
Member

Cargo already doesn't use [patch] in dependencies at all, so I don't think we have much to gain about warning about it

@jethrogb
Copy link
Contributor Author

I initially tested it myself without the warning, but thought removing it might be too controversial. Happy to remove it if that's the consensus!

@jethrogb
Copy link
Contributor Author

Is @rfcbot stuck? This looks approved to me.

So should I get rid of the warning or not?

@dwijnand
Copy link
Member

No I think all but one must approve (and no remaining concerns) before it goes into the 10 day final comment period.

@jethrogb
Copy link
Contributor Author

Oh, that's different from the @rfcbot comment:

Once a majority of reviewers approve (and none object), this will enter its final comment period.

@dwijnand
Copy link
Member

(@jethrogb I looked into the details and opened rust-lang/rfcbot-rs#258 to see if it can be improved.)

@alexcrichton
Copy link
Member

We're still waiting on more checkboxes.

@Eh2406, @wycats, @withoutboats, mind taking a look at the proposal here?

@rfcbot
Copy link
Collaborator

rfcbot commented Jan 28, 2019

🔔 This is now entering its final comment period, as per the review above. 🔔

psst @alexcrichton, I wasn't able to add the final-comment-period label, please do so.

@ehuss
Copy link
Contributor

ehuss commented Jan 28, 2019

This will need the test from #6544 (comment) and the documentation updates as well.

@rfcbot
Copy link
Collaborator

rfcbot commented Feb 7, 2019

The final comment period, with a disposition to merge, as per the review above, is now complete.

@jethrogb
Copy link
Contributor Author

jethrogb commented Feb 7, 2019

It's still not clear to me if there should be a warning or not.

I'll make the requested changes on Tuesday

@alexcrichton
Copy link
Member

The FCP is to remove the error entirely

@jethrogb
Copy link
Contributor Author

Removed the message, updated publish::publish_with_patch test, updated documentation.

@alexcrichton
Copy link
Member

@bors: r+

@bors
Copy link
Contributor

bors commented Feb 12, 2019

📌 Commit d3f7bb0 has been approved by alexcrichton

@bors
Copy link
Contributor

bors commented Feb 12, 2019

⌛ Testing commit d3f7bb0 with merge 8fbabe3...

bors added a commit that referenced this pull request Feb 12, 2019
Having a [patch] section when publishing is not an error

It is not necessary to throw an error when your `Cargo.toml` has a `[patch]` section.

1. Cargo will normalize your `Cargo.toml` while packaging, which will remove the `[patch]` section.
2. Even if the `[patch]` section were to somehow get to crates.io, it would be ignored when the crate is used since only the top-level crate's `[patch]` section is used.

The current behavior is quite annoying for crate maintainers who need a permanent `[patch]` section, for example, [`rand`](rust-random/rand#670 (comment)). This is the situation that leads to rand needing a permanent `[patch]` section:

![image](https://user-images.githubusercontent.com/1132307/50951760-54cf3a00-14d4-11e9-8064-a7def2ed402f.png)

Here, `rand` and `rand_core` are in the same repository, and `rdrand` is in a separate repository. When building `rand` as the top-level crate (e.g. in CI), the `rand->rand_core` path dependency will be used. This is of course a different crate than the crates.io rand_core used by `rdrand`. Therefore, when building `rand` as a top-level crate, you will *always* need to patch `crates-io.rand` to the path dependency. When building `rand` as a dependency, there are no issues, as the crates.io crates are used everywhere.
@bors
Copy link
Contributor

bors commented Feb 12, 2019

☀️ Test successful - checks-travis, status-appveyor
Approved by: alexcrichton
Pushing 8fbabe3 to master...

@bors bors merged commit d3f7bb0 into rust-lang:master Feb 12, 2019
bors added a commit that referenced this pull request Feb 14, 2019
Update docs for removed `patch` restriction.

The html/man pages need to be rebuilt after changes in #6535. I also included a minor clarification about sections that are removed when a package is published.
bors added a commit to rust-lang/rust that referenced this pull request Feb 21, 2019
Update cargo

9 commits in 865cb70106a6b1171a500ff68f93ab52eea56e72..b33ce7fc9092962b0657b4c25354984b5e5c47e4
2019-02-10 15:49:37 +0000 to 2019-02-19 18:42:50 +0000
- Don't retry invalid credentials from git credential helpers (rust-lang/cargo#6681)
- Fix some typos in resolver tests (rust-lang/cargo#6682)
- Add an unstable option to build proc macros for both the host and the target (rust-lang/cargo#6547)
- Test cases proving RUSTC_WRAPPER can be a relative path (rust-lang/cargo#6638)
- Add support for Azure DevOps (rust-lang/cargo#6264)
- Update docs for removed `patch` restriction. (rust-lang/cargo#6663)
- Fix incorrect help message (rust-lang/cargo#6555)
- Stabilize Alternative Registries (rust-lang/cargo#6654)
- Having a [patch] section when publishing is not an error (rust-lang/cargo#6535)
@ehuss ehuss added this to the 1.34.0 milestone Feb 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.