development/cargo
development/cargo
1
0
Fork 0
mirror of https://github.com/rust-lang/cargo synced 2024-10-13 03:02:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
cargo/crates/crates-io/lib.rs

541 lines
17 KiB
Rust
Raw Normal View History

Update clippy lint allow set.
2021-04-13 16:02:07 +00:00
#![allow(clippy::all)]
Fix 2018 edition idioms
2018-12-06 19:21:24 +00:00
Make manifest serialization deterministic Fixes #4326 `cargo package` (and so `cargo publish`) parses a crate’s `Cargo.toml`, makes some modifications, and re-serializes it. Because the `TomlManifest` struct uses `HashMap` with its default `RandomState` hasher, the maps’ iteration order changed on every run. As a result, when using `cargo vendor`, updating a dependency would generate a diff larger than necessary, with non-significant order-changes obscuring significant changes. This replaces some uses of `HashMap` with `BTreeMap`, whose iteration order is deterministic (based on `Ord`).
2017-10-02 10:04:02 +00:00
use std::collections::BTreeMap;
Change `Config::target_dir` to return Filesystem This is a shared directory among multiple Cargo processes so access to it needs to be properly synchronized. This commit changes the API of `Config::target_dir` and then propagates the changes outward as necessary. One fallout of this change is now we allow release/debug builds to proceed in parallel.
2016-04-02 01:06:20 +00:00
use std::fs::File;
Update to rust master and std::{io, path}
2015-02-27 01:04:25 +00:00
use std::io::prelude::*;
Workaround fs issue in `cargo publish`.
2020-12-05 22:10:29 +00:00
use std::io::{Cursor, SeekFrom};
Give a better error message when crates.io requests time out crates.io is hosted on Heroku, which means we have a hard 30 second time limit on all requests. Typically this is only hit when someone is attempting to upload a crate so large that it would have been eventually rejected anyway, but it can also happen if a user is on a very slow internet connection. When this happens, the request is terminated by the platform and we have no control over the response that gets sent. This results in the user getting a very unhelpful error message from Cargo, and some generic error page HTML spat out into their terminal. We could work around this on our end by adding a 29 second timeout *somewhere else* in the stack, but we have a lot of layers that buffer requests to protect against slow client attacks, and it'd be a pretty decent amount of work. Since we eventually want to switch over to having Cargo do the S3 upload instead of us, it doesn't make sense to spend so much time on an error scenario that eventually will go away. I've tried to keep this uncoupled from crates.io as much as possible, since alternate registries might not be hosted on Heroku or have the same restricitions. But I figure "a 503 that took more than 30 seconds" is a safe bet on this being hit. If we're ok with coupling this to crates.io, I'd like to include "If your crate is less than 10MB you can email help@crates.io for assistance" in the error message. Ref https://github.com/rust-lang/crates.io/issues/1709
2019-05-13 20:18:42 +00:00
use std::time::Instant;
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
Run rustfmt
2020-01-08 03:58:45 +00:00
use curl::easy::{Easy, List};
Update the `url` crate to 2.0 Looks like minor API changes, primarily around percent encoding.
2019-07-24 14:42:14 +00:00
use percent_encoding::{percent_encode, NON_ALPHANUMERIC};
Remove trailing extern crate usage
2018-12-12 21:20:44 +00:00
use serde::{Deserialize, Serialize};
Make crates.io timeout error specific to crates.io
2019-05-14 16:20:54 +00:00
use url::Url;
Adding --limit usage suggestion on search results (#2402)
2016-03-07 08:19:40 +00:00
feat(crates-io): use our own `Result` wrapper everywhere
2023-06-25 08:42:26 +00:00
pub type Result<T> = std::result::Result<T, Error>;
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
pub struct Registry {
Rewrite `login` and registry cleanups.
2018-12-20 01:40:01 +00:00
/// The base URL for issuing API requests.
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
host: String,
Rewrite `login` and registry cleanups.
2018-12-20 01:40:01 +00:00
/// Optional authorization token.
/// If None, commands requiring authorization will fail.
Add a `search` command to cargo
2014-11-22 14:36:14 +00:00
token: Option<String>,
Rewrite `login` and registry cleanups.
2018-12-20 01:40:01 +00:00
/// Curl handle for issuing requests.
Update to curl 0.3
2016-05-18 17:01:40 +00:00
handle: Easy,
Implement RFC 3139: alternative registry authentication support
2022-10-31 16:44:01 +00:00
/// Whether to include the authorization token with all requests.
auth_required: bool,
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
}
Derive Clone when deriving Copy
2015-04-05 07:00:01 +00:00
#[derive(PartialEq, Clone, Copy)]
Add a `search` command to cargo
2014-11-22 14:36:14 +00:00
pub enum Auth {
Authorized,
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
Unauthorized,
Update to curl 0.3
2016-05-18 17:01:40 +00:00
}
Migrate from rustc-serialize to Serde This commit migrates Cargo as much as possible from rustc-serialize to Serde. This not only provides an excellent testing ground for the toml 0.3 release but it also is a big boost to the speed of parsing the JSON bits of the registry. This doesn't completely excise the dependency just yet as docopt still requires it along with handlebars. I'm sure though that in time those crates will migrate to serde!
2017-02-10 20:01:52 +00:00
#[derive(Deserialize)]
Add a `search` command to cargo
2014-11-22 14:36:14 +00:00
pub struct Crate {
pub name: String,
pub description: Option<String>,
Add error-chain errors Convert CargoResult, CargoError into an implementation provided by error-chain. The previous is_human machinery is mostly removed; now errors are displayed unless of the Internal kind, verbose mode will print all errors.
2017-05-24 04:35:54 +00:00
pub max_version: String,
Add a `search` command to cargo
2014-11-22 14:36:14 +00:00
}
cargo-test-support: Make publish http api write to file system
2022-09-22 16:00:49 +00:00
#[derive(Serialize, Deserialize)]
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
pub struct NewCrate {
pub name: String,
pub vers: String,
pub deps: Vec<NewCrateDependency>,
Make manifest serialization deterministic Fixes #4326 `cargo package` (and so `cargo publish`) parses a crate’s `Cargo.toml`, makes some modifications, and re-serializes it. Because the `TomlManifest` struct uses `HashMap` with its default `RandomState` hasher, the maps’ iteration order changed on every run. As a result, when using `cargo vendor`, updating a dependency would generate a diff larger than necessary, with non-significant order-changes obscuring significant changes. This replaces some uses of `HashMap` with `BTreeMap`, whose iteration order is deterministic (based on `Ord`).
2017-10-02 10:04:02 +00:00
pub features: BTreeMap<String, Vec<String>>,
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
pub authors: Vec<String>,
pub description: Option<String>,
pub documentation: Option<String>,
pub homepage: Option<String>,
pub readme: Option<String>,
transmit: send README filename as well as content
2017-10-17 05:04:33 +00:00
pub readme_file: Option<String>,
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
pub keywords: Vec<String>,
Upload categories specified in the manifest
2016-11-18 21:49:55 +00:00
pub categories: Vec<String>,
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
pub license: Option<String>,
Add support for a license-file manifest key This key will support projects with nonstandard licenses and the registry will display the license as "nonstandard". Closes #940
2014-11-25 06:18:54 +00:00
pub license_file: Option<String>,
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
pub repository: Option<String>,
Make manifest serialization deterministic Fixes #4326 `cargo package` (and so `cargo publish`) parses a crate’s `Cargo.toml`, makes some modifications, and re-serializes it. Because the `TomlManifest` struct uses `HashMap` with its default `RandomState` hasher, the maps’ iteration order changed on every run. As a result, when using `cargo vendor`, updating a dependency would generate a diff larger than necessary, with non-significant order-changes obscuring significant changes. This replaces some uses of `HashMap` with `BTreeMap`, whose iteration order is deterministic (based on `Ord`).
2017-10-02 10:04:02 +00:00
pub badges: BTreeMap<String, BTreeMap<String, String>>,
Rewrite `login` and registry cleanups.
2018-12-20 01:40:01 +00:00
pub links: Option<String>,
Include rust-version in publish request crates.io reads rust-version from the tarball directly, but we can include it in the publish request for the sake of consistency for third-party registries.
2023-03-24 20:46:59 +00:00
pub rust_version: Option<String>,
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
}
cargo-test-support: Make publish http api write to file system
2022-09-22 16:00:49 +00:00
#[derive(Serialize, Deserialize)]
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
pub struct NewCrateDependency {
pub optional: bool,
pub default_features: bool,
pub name: String,
pub features: Vec<String>,
pub version_req: String,
pub target: Option<String>,
Upload dependency kinds to the registry This ensures that the registry understands whether dependencies are build dependencies or dev dependencies. Closes rust-lang/crates.io#38
2014-11-21 02:17:31 +00:00
pub kind: String,
Fix publishing renamed dependencies to crates.io This commit fixes publishing crates which contain locally renamed dependencies to crates.io. Previously this lack of information meant that although we could resolve the crate graph correctly it wouldn't work well with respect to optional features and optional dependencies. The fix here is to persist this information into the registry about the crate being renamed in `Cargo.toml`, allowing Cargo to correctly deduce feature names as it does when it has `Cargo.toml` locally. A dual side of this commit is to publish this information to crates.io. We'll want to merge the associated PR (link to come soon) on crates.io first and make sure that's deployed as well before we stabilize the crate renaming feature. The index format is updated as well as part of this change. The `name` key for dependencies is now unconditionally what was written in `Cargo.toml` as the left-hand-side of the dependency specification. In other words this is the raw crate name, but only for the local crate. A new key, `package`, is added to dependencies (and it can be `None`). This key indicates the crates.io package is being linked against, an represents the `package` key in `Cargo.toml`. It's important to consider the interaction with older Cargo implementations which don't support the `package` key in the index. In these situations older Cargo binaries will likely fail to resolve entirely as the renamed name is unlikely to exist on crates.io. For example the `futures` crate now has an optional dependency with the name `futures01` which depends on an older version of `futures` on crates.io. The string `futures01` will be listed in the index under the `"name"` key, but no `futures01` crate exists on crates.io so older Cargo will generate an error. If the crate does exist on crates.io, then even weirder error messages will likely result. Closes #5962
2018-09-07 16:37:06 +00:00
#[serde(skip_serializing_if = "Option::is_none")]
pub registry: Option<String>,
#[serde(skip_serializing_if = "Option::is_none")]
pub explicit_name_in_toml: Option<String>,
Add fields for bindeps on the registry
2023-07-30 17:52:22 +00:00
#[serde(skip_serializing_if = "Option::is_none")]
pub artifact: Option<Vec<String>>,
#[serde(skip_serializing_if = "Option::is_none")]
pub bindep_target: Option<String>,
#[serde(default, skip_serializing_if = "is_false")]
pub lib: bool,
}
fn is_false(x: &bool) -> bool {
*x == false
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
}
Migrate from rustc-serialize to Serde This commit migrates Cargo as much as possible from rustc-serialize to Serde. This not only provides an excellent testing ground for the toml 0.3 release but it also is a big boost to the speed of parsing the JSON bits of the registry. This doesn't completely excise the dependency just yet as docopt still requires it along with handlebars. I'm sure though that in time those crates will migrate to serde!
2017-02-10 20:01:52 +00:00
#[derive(Deserialize)]
Implement a command to list owners of a crate Closes #858
2014-11-13 06:15:41 +00:00
pub struct User {
Update to rust master
2015-01-13 16:41:04 +00:00
pub id: u32,
Implement a command to list owners of a crate Closes #858
2014-11-13 06:15:41 +00:00
pub login: String,
add missing Option to avatar
2015-08-05 18:33:56 +00:00
pub avatar: Option<String>,
Implement a command to list owners of a crate Closes #858
2014-11-13 06:15:41 +00:00
pub email: Option<String>,
pub name: Option<String>,
}
Add more structure to the warnings returned from crates.io publish
2016-12-05 17:36:44 +00:00
pub struct Warnings {
pub invalid_categories: Vec<String>,
Upload badge metadata specified in the manifest
2017-01-01 20:14:34 +00:00
pub invalid_badges: Vec<String>,
Support untyped warnings from crates.io with successful publish
2018-10-31 12:34:04 +00:00
pub other: Vec<String>,
Add more structure to the warnings returned from crates.io publish
2016-12-05 17:36:44 +00:00
}
cargo fmt
2018-03-14 15:17:44 +00:00
#[derive(Deserialize)]
struct R {
ok: bool,
}
#[derive(Deserialize)]
struct OwnerResponse {
ok: bool,
msg: String,
}
#[derive(Deserialize)]
struct ApiErrorList {
errors: Vec<ApiError>,
}
#[derive(Deserialize)]
struct ApiError {
detail: String,
}
#[derive(Serialize)]
struct OwnersReq<'a> {
users: &'a [&'a str],
}
#[derive(Deserialize)]
struct Users {
users: Vec<User>,
}
#[derive(Deserialize)]
struct TotalCrates {
total: u32,
}
#[derive(Deserialize)]
struct Crates {
crates: Vec<Crate>,
meta: TotalCrates,
}
Add a ResponseError for registry API interaction. The intent here is to make it easier to work with API errors. This also includes some new tests for checking network errors.
2021-01-28 20:39:51 +00:00
refactor(crates-io): remove `anyhow` This removes the dependency `anyhow` and uses our own custom Error enum, so that crates-io consumer can access `Error::API::challenge` field.
2023-06-25 09:58:35 +00:00
/// Error returned when interacting with a registry.
refactor(crates-io): use `thiserror` Optionally use `thiserror` to reduce boilerplates but this part can be dropped if we don't want.
2023-06-25 13:27:58 +00:00
#[derive(Debug, thiserror::Error)]
refactor(crates-io): rename `ResponseError` to `Error`
2023-07-06 12:36:23 +00:00
pub enum Error {
refactor(crates-io): remove `anyhow` This removes the dependency `anyhow` and uses our own custom Error enum, so that crates-io consumer can access `Error::API::challenge` field.
2023-06-25 09:58:35 +00:00
/// Error from libcurl.
refactor(crates-io): use `thiserror` Optionally use `thiserror` to reduce boilerplates but this part can be dropped if we don't want.
2023-06-25 13:27:58 +00:00
#[error(transparent)]
Curl(#[from] curl::Error),
refactor(crates-io): remove `anyhow` This removes the dependency `anyhow` and uses our own custom Error enum, so that crates-io consumer can access `Error::API::challenge` field.
2023-06-25 09:58:35 +00:00
chore: Fix typos This is a repeat of #11561
2023-09-19 20:28:38 +00:00
/// Error from seriailzing the request payload and deserializing the
refactor(crates-io): remove `anyhow` This removes the dependency `anyhow` and uses our own custom Error enum, so that crates-io consumer can access `Error::API::challenge` field.
2023-06-25 09:58:35 +00:00
/// response body (like response body didn't match expected structure).
refactor(crates-io): use `thiserror` Optionally use `thiserror` to reduce boilerplates but this part can be dropped if we don't want.
2023-06-25 13:27:58 +00:00
#[error(transparent)]
Json(#[from] serde_json::Error),
refactor(crates-io): remove `anyhow` This removes the dependency `anyhow` and uses our own custom Error enum, so that crates-io consumer can access `Error::API::challenge` field.
2023-06-25 09:58:35 +00:00
/// Error from IO. Mostly from reading the tarball to upload.
refactor(crates-io): use `thiserror` Optionally use `thiserror` to reduce boilerplates but this part can be dropped if we don't want.
2023-06-25 13:27:58 +00:00
#[error("failed to seek tarball")]
Io(#[from] std::io::Error),
refactor(crates-io): remove `anyhow` This removes the dependency `anyhow` and uses our own custom Error enum, so that crates-io consumer can access `Error::API::challenge` field.
2023-06-25 09:58:35 +00:00
/// Response body was not valid utf8.
refactor(crates-io): use `thiserror` Optionally use `thiserror` to reduce boilerplates but this part can be dropped if we don't want.
2023-06-25 13:27:58 +00:00
#[error("invalid response body from server")]
Utf8(#[from] std::string::FromUtf8Error),
refactor(crates-io): remove `anyhow` This removes the dependency `anyhow` and uses our own custom Error enum, so that crates-io consumer can access `Error::API::challenge` field.
2023-06-25 09:58:35 +00:00
/// Error from API response containing JSON field `errors.details`.
refactor(crates-io): use `thiserror` Optionally use `thiserror` to reduce boilerplates but this part can be dropped if we don't want.
2023-06-25 13:27:58 +00:00
#[error(
"the remote server responded with an error{}: {}",
status(*code),
errors.join(", "),
)]
Add a ResponseError for registry API interaction. The intent here is to make it easier to work with API errors. This also includes some new tests for checking network errors.
2021-01-28 20:39:51 +00:00
Api {
code: u32,
feat(crates-io): expose headers for `ResponseError::Api` In response to RFC 3231 [^1], our registry client need to return headers to caller, so that the caller (cargo binary) can continue parsing challenge headers. [^1]: https://rust-lang.github.io/rfcs/3231-cargo-asymmetric-tokens.html#the-authentication-process
2023-07-06 10:55:02 +00:00
headers: Vec<String>,
Add a ResponseError for registry API interaction. The intent here is to make it easier to work with API errors. This also includes some new tests for checking network errors.
2021-01-28 20:39:51 +00:00
errors: Vec<String>,
},
refactor(crates-io): remove `anyhow` This removes the dependency `anyhow` and uses our own custom Error enum, so that crates-io consumer can access `Error::API::challenge` field.
2023-06-25 09:58:35 +00:00
/// Error from API response which didn't have pre-programmed `errors.details`.
refactor(crates-io): use `thiserror` Optionally use `thiserror` to reduce boilerplates but this part can be dropped if we don't want.
2023-06-25 13:27:58 +00:00
#[error(
"failed to get a 200 OK response, got {code}\nheaders:\n\t{}\nbody:\n{body}",
headers.join("\n\t"),
)]
Add a ResponseError for registry API interaction. The intent here is to make it easier to work with API errors. This also includes some new tests for checking network errors.
2021-01-28 20:39:51 +00:00
Code {
code: u32,
headers: Vec<String>,
body: String,
},
refactor(crates-io): remove `anyhow` This removes the dependency `anyhow` and uses our own custom Error enum, so that crates-io consumer can access `Error::API::challenge` field.
2023-06-25 09:58:35 +00:00
/// Reason why the token was invalid.
refactor(crates-io): use `thiserror` Optionally use `thiserror` to reduce boilerplates but this part can be dropped if we don't want.
2023-06-25 13:27:58 +00:00
#[error("{0}")]
refactor(crates-io): remove `anyhow` This removes the dependency `anyhow` and uses our own custom Error enum, so that crates-io consumer can access `Error::API::challenge` field.
2023-06-25 09:58:35 +00:00
InvalidToken(&'static str),
/// Server was unavailable and timeouted. Happened when uploading a way
/// too large tarball to crates.io.
refactor(crates-io): use `thiserror` Optionally use `thiserror` to reduce boilerplates but this part can be dropped if we don't want.
2023-06-25 13:27:58 +00:00
#[error(
"Request timed out after 30 seconds. If you're trying to \
upload a crate it may be too large. If the crate is under \
10MB in size, you can email help@crates.io for assistance.\n\
Total size was {0}."
)]
refactor(crates-io): remove `anyhow` This removes the dependency `anyhow` and uses our own custom Error enum, so that crates-io consumer can access `Error::API::challenge` field.
2023-06-25 09:58:35 +00:00
Timeout(u64),
Add a ResponseError for registry API interaction. The intent here is to make it easier to work with API errors. This also includes some new tests for checking network errors.
2021-01-28 20:39:51 +00:00
}
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
impl Registry {
Remove Registry::new.
2021-01-22 19:06:51 +00:00
/// Creates a new `Registry`.
///
/// ## Example
///
/// ```rust
/// use curl::easy::Easy;
/// use crates_io::Registry;
///
/// let mut handle = Easy::new();
/// // If connecting to crates.io, a user-agent is required.
/// handle.useragent("my_crawler (example.com/info)");
fix test failed
2023-04-28 09:08:04 +00:00
/// let mut reg = Registry::new_handle(String::from("https://crates.io"), None, handle, true);
Remove Registry::new.
2021-01-22 19:06:51 +00:00
/// ```
Implement RFC 3139: alternative registry authentication support
2022-10-31 16:44:01 +00:00
pub fn new_handle(
host: String,
token: Option<String>,
handle: Easy,
auth_required: bool,
) -> Registry {
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
Registry {
intellij rust suggested fixes (cherry picked from commit 24836e9)
2018-02-23 23:27:53 +00:00
host,
token,
handle,
Implement RFC 3139: alternative registry authentication support
2022-10-31 16:44:01 +00:00
auth_required,
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
}
}
Send asymmetric tokens with mutations
2022-12-12 17:49:22 +00:00
pub fn set_token(&mut self, token: Option<String>) {
self.token = token;
}
Validate token on publish.
2023-04-09 19:15:40 +00:00
fn token(&self) -> Result<&str> {
refactor(crates-io): remove `anyhow` This removes the dependency `anyhow` and uses our own custom Error enum, so that crates-io consumer can access `Error::API::challenge` field.
2023-06-25 09:58:35 +00:00
let token = self.token.as_ref().ok_or_else(|| {
Error::InvalidToken("no upload token found, please run `cargo login`")
})?;
Validate token on publish.
2023-04-09 19:15:40 +00:00
check_token(token)?;
Ok(token)
}
Rewrite `login` and registry cleanups.
2018-12-20 01:40:01 +00:00
pub fn host(&self) -> &str {
&self.host
}
Make crates.io timeout error specific to crates.io
2019-05-14 16:20:54 +00:00
pub fn host_is_crates_io(&self) -> bool {
Add a warning when using `registry.token` with source replacement.
2020-03-07 01:29:12 +00:00
is_url_crates_io(&self.host)
Make crates.io timeout error specific to crates.io
2019-05-14 16:20:54 +00:00
}
i don't know if this works but i should commit
2017-09-26 21:01:50 +00:00
pub fn add_owners(&mut self, krate: &str, owners: &[&str]) -> Result<String> {
Migrate from rustc-serialize to Serde This commit migrates Cargo as much as possible from rustc-serialize to Serde. This not only provides an excellent testing ground for the toml 0.3 release but it also is a big boost to the speed of parsing the JSON bits of the registry. This doesn't completely excise the dependency just yet as docopt still requires it along with handlebars. I'm sure though that in time those crates will migrate to serde!
2017-02-10 20:01:52 +00:00
let body = serde_json::to_string(&OwnersReq { users: owners })?;
a large number of clippy suggestions
2018-07-20 19:39:05 +00:00
let body = self.put(&format!("/crates/{}/owners", krate), body.as_bytes())?;
add boolean to struct to support what crates is sending in case an old version of cargo is being used. the old version should be able to decode the boolean and ignore the string.
2017-09-28 19:23:48 +00:00
assert!(serde_json::from_str::<OwnerResponse>(&body)?.ok);
Ok(serde_json::from_str::<OwnerResponse>(&body)?.msg)
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
}
pub fn remove_owners(&mut self, krate: &str, owners: &[&str]) -> Result<()> {
Migrate from rustc-serialize to Serde This commit migrates Cargo as much as possible from rustc-serialize to Serde. This not only provides an excellent testing ground for the toml 0.3 release but it also is a big boost to the speed of parsing the JSON bits of the registry. This doesn't completely excise the dependency just yet as docopt still requires it along with handlebars. I'm sure though that in time those crates will migrate to serde!
2017-02-10 20:01:52 +00:00
let body = serde_json::to_string(&OwnersReq { users: owners })?;
a large number of clippy suggestions
2018-07-20 19:39:05 +00:00
let body = self.delete(&format!("/crates/{}/owners", krate), Some(body.as_bytes()))?;
add boolean to struct to support what crates is sending in case an old version of cargo is being used. the old version should be able to decode the boolean and ignore the string.
2017-09-28 19:23:48 +00:00
assert!(serde_json::from_str::<OwnerResponse>(&body)?.ok);
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
Ok(())
}
Implement a command to list owners of a crate Closes #858
2014-11-13 06:15:41 +00:00
pub fn list_owners(&mut self, krate: &str) -> Result<Vec<User>> {
a large number of clippy suggestions
2018-07-20 19:39:05 +00:00
let body = self.get(&format!("/crates/{}/owners", krate))?;
Migrate from rustc-serialize to Serde This commit migrates Cargo as much as possible from rustc-serialize to Serde. This not only provides an excellent testing ground for the toml 0.3 release but it also is a big boost to the speed of parsing the JSON bits of the registry. This doesn't completely excise the dependency just yet as docopt still requires it along with handlebars. I'm sure though that in time those crates will migrate to serde!
2017-02-10 20:01:52 +00:00
Ok(serde_json::from_str::<Users>(&body)?.users)
Implement a command to list owners of a crate Closes #858
2014-11-13 06:15:41 +00:00
}
Workaround fs issue in `cargo publish`.
2020-12-05 22:10:29 +00:00
pub fn publish(&mut self, krate: &NewCrate, mut tarball: &File) -> Result<Warnings> {
Migrate from rustc-serialize to Serde This commit migrates Cargo as much as possible from rustc-serialize to Serde. This not only provides an excellent testing ground for the toml 0.3 release but it also is a big boost to the speed of parsing the JSON bits of the registry. This doesn't completely excise the dependency just yet as docopt still requires it along with handlebars. I'm sure though that in time those crates will migrate to serde!
2017-02-10 20:01:52 +00:00
let json = serde_json::to_string(krate)?;
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
// Prepare the body. The format of the upload request is:
//
// <le u32 of json>
// <json request> (metadata for the package)
// <le u32 of tarball>
// <source tarball>
Workaround fs issue in `cargo publish`.
2020-12-05 22:10:29 +00:00
// NOTE: This can be replaced with `stream_len` if it is ever stabilized.
//
// This checks the length using seeking instead of metadata, because
// on some filesystems, getting the metadata will fail because
// the file was renamed in ops::package.
refactor(crates-io): remove `anyhow` This removes the dependency `anyhow` and uses our own custom Error enum, so that crates-io consumer can access `Error::API::challenge` field.
2023-06-25 09:58:35 +00:00
let tarball_len = tarball.seek(SeekFrom::End(0))?;
tarball.seek(SeekFrom::Start(0))?;
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
let header = {
Update to rust master and std::{io, path}
2015-02-27 01:04:25 +00:00
let mut w = Vec::new();
Use u32/64::to/from_le_bytes instead of bit fiddling
2020-11-09 22:23:46 +00:00
w.extend(&(json.len() as u32).to_le_bytes());
chore(clippy): Fix test assertion and simplify code in crates-io
2018-04-04 21:06:26 +00:00
w.extend(json.as_bytes().iter().cloned());
Workaround fs issue in `cargo publish`.
2020-12-05 22:10:29 +00:00
w.extend(&(tarball_len as u32).to_le_bytes());
Update to rust master and std::{io, path}
2015-02-27 01:04:25 +00:00
w
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
};
Workaround fs issue in `cargo publish`.
2020-12-05 22:10:29 +00:00
let size = tarball_len as usize + header.len();
Update to rust master and std::{io, path}
2015-02-27 01:04:25 +00:00
let mut body = Cursor::new(header).chain(tarball);
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
let url = format!("{}/api/v1/crates/new", self.host);
Add a `search` command to cargo
2014-11-22 14:36:14 +00:00
Changed try! macros to ? operator Since the stabilization of the ? operator (release 1.13.0) the ? operator should be used to use idiomatic Rust.
2016-11-11 13:25:20 +00:00
self.handle.put(true)?;
self.handle.url(&url)?;
self.handle.in_filesize(size as u64)?;
Update to curl 0.3
2016-05-18 17:01:40 +00:00
let mut headers = List::new();
Changed try! macros to ? operator Since the stabilization of the ? operator (release 1.13.0) the ? operator should be used to use idiomatic Rust.
2016-11-11 13:25:20 +00:00
headers.append("Accept: application/json")?;
Validate token on publish.
2023-04-09 19:15:40 +00:00
headers.append(&format!("Authorization: {}", self.token()?))?;
Changed try! macros to ? operator Since the stabilization of the ? operator (release 1.13.0) the ? operator should be used to use idiomatic Rust.
2016-11-11 13:25:20 +00:00
self.handle.http_headers(headers)?;
Update to curl 0.3
2016-05-18 17:01:40 +00:00
Add a ResponseError for registry API interaction. The intent here is to make it easier to work with API errors. This also includes some new tests for checking network errors.
2021-01-28 20:39:51 +00:00
let started = Instant::now();
let body = self
.handle(&mut |buf| body.read(buf).unwrap_or(0))
.map_err(|e| match e {
refactor(crates-io): rename `ResponseError` to `Error`
2023-07-06 12:36:23 +00:00
Error::Code { code, .. }
Add a ResponseError for registry API interaction. The intent here is to make it easier to work with API errors. This also includes some new tests for checking network errors.
2021-01-28 20:39:51 +00:00
if code == 503
&& started.elapsed().as_secs() >= 29
&& self.host_is_crates_io() =>
{
refactor(crates-io): remove `anyhow` This removes the dependency `anyhow` and uses our own custom Error enum, so that crates-io consumer can access `Error::API::challenge` field.
2023-06-25 09:58:35 +00:00
Error::Timeout(tarball_len)
Add a ResponseError for registry API interaction. The intent here is to make it easier to work with API errors. This also includes some new tests for checking network errors.
2021-01-28 20:39:51 +00:00
}
_ => e.into(),
})?;
Upload badge metadata specified in the manifest
2017-01-01 20:14:34 +00:00
chore(clippy): Fix test assertion and simplify code in crates-io
2018-04-04 21:06:26 +00:00
let response = if body.is_empty() {
Migrate from rustc-serialize to Serde This commit migrates Cargo as much as possible from rustc-serialize to Serde. This not only provides an excellent testing ground for the toml 0.3 release but it also is a big boost to the speed of parsing the JSON bits of the registry. This doesn't completely excise the dependency just yet as docopt still requires it along with handlebars. I'm sure though that in time those crates will migrate to serde!
2017-02-10 20:01:52 +00:00
"{}".parse()?
chore(clippy): Fix test assertion and simplify code in crates-io
2018-04-04 21:06:26 +00:00
} else {
body.parse::<serde_json::Value>()?
Have a fallback for an empty response This happens in tests.
2016-11-29 21:09:00 +00:00
};
Upload badge metadata specified in the manifest
2017-01-01 20:14:34 +00:00
Add error-chain errors Convert CargoResult, CargoError into an implementation provided by error-chain. The previous is_human machinery is mostly removed; now errors are displayed unless of the Internal kind, verbose mode will print all errors.
2017-05-24 04:35:54 +00:00
let invalid_categories: Vec<String> = response
.get("warnings")
.and_then(|j| j.get("invalid_categories"))
.and_then(|j| j.as_array())
.map(|x| x.iter().flat_map(|j| j.as_str()).map(Into::into).collect())
.unwrap_or_else(Vec::new);
let invalid_badges: Vec<String> = response
.get("warnings")
.and_then(|j| j.get("invalid_badges"))
.and_then(|j| j.as_array())
.map(|x| x.iter().flat_map(|j| j.as_str()).map(Into::into).collect())
.unwrap_or_else(Vec::new);
Upload badge metadata specified in the manifest
2017-01-01 20:14:34 +00:00
Support untyped warnings from crates.io with successful publish
2018-10-31 12:34:04 +00:00
let other: Vec<String> = response
.get("warnings")
.and_then(|j| j.get("other"))
.and_then(|j| j.as_array())
.map(|x| x.iter().flat_map(|j| j.as_str()).map(Into::into).collect())
.unwrap_or_else(Vec::new);
Upload badge metadata specified in the manifest
2017-01-01 20:14:34 +00:00
Ok(Warnings {
intellij rust suggested fixes (cherry picked from commit 24836e9)
2018-02-23 23:27:53 +00:00
invalid_categories,
invalid_badges,
Support untyped warnings from crates.io with successful publish
2018-10-31 12:34:04 +00:00
other,
Upload badge metadata specified in the manifest
2017-01-01 20:14:34 +00:00
})
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
}
Validate the limit argument
2018-03-10 14:42:08 +00:00
pub fn search(&mut self, query: &str, limit: u32) -> Result<(Vec<Crate>, u32)> {
Update the `url` crate to 2.0 Looks like minor API changes, primarily around percent encoding.
2019-07-24 14:42:14 +00:00
let formatted_query = percent_encode(query.as_bytes(), NON_ALPHANUMERIC);
Changed try! macros to ? operator Since the stabilization of the ? operator (release 1.13.0) the ? operator should be used to use idiomatic Rust.
2016-11-11 13:25:20 +00:00
let body = self.req(
a large number of clippy suggestions
2018-07-20 19:39:05 +00:00
&format!("/crates?q={}&per_page={}", formatted_query, limit),
cargo fmt
2018-03-14 15:17:44 +00:00
None,
Auth::Unauthorized,
Changed try! macros to ? operator Since the stabilization of the ? operator (release 1.13.0) the ? operator should be used to use idiomatic Rust.
2016-11-11 13:25:20 +00:00
)?;
Add a `search` command to cargo
2014-11-22 14:36:14 +00:00
Migrate from rustc-serialize to Serde This commit migrates Cargo as much as possible from rustc-serialize to Serde. This not only provides an excellent testing ground for the toml 0.3 release but it also is a big boost to the speed of parsing the JSON bits of the registry. This doesn't completely excise the dependency just yet as docopt still requires it along with handlebars. I'm sure though that in time those crates will migrate to serde!
2017-02-10 20:01:52 +00:00
let crates = serde_json::from_str::<Crates>(&body)?;
Adding --limit usage suggestion on search results (#2402)
2016-03-07 08:19:40 +00:00
Ok((crates.crates, crates.meta.total))
Add a `search` command to cargo
2014-11-22 14:36:14 +00:00
}
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
pub fn yank(&mut self, krate: &str, version: &str) -> Result<()> {
a large number of clippy suggestions
2018-07-20 19:39:05 +00:00
let body = self.delete(&format!("/crates/{}/{}/yank", krate, version), None)?;
Migrate from rustc-serialize to Serde This commit migrates Cargo as much as possible from rustc-serialize to Serde. This not only provides an excellent testing ground for the toml 0.3 release but it also is a big boost to the speed of parsing the JSON bits of the registry. This doesn't completely excise the dependency just yet as docopt still requires it along with handlebars. I'm sure though that in time those crates will migrate to serde!
2017-02-10 20:01:52 +00:00
assert!(serde_json::from_str::<R>(&body)?.ok);
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
Ok(())
}
pub fn unyank(&mut self, krate: &str, version: &str) -> Result<()> {
a large number of clippy suggestions
2018-07-20 19:39:05 +00:00
let body = self.put(&format!("/crates/{}/{}/unyank", krate, version), &[])?;
Migrate from rustc-serialize to Serde This commit migrates Cargo as much as possible from rustc-serialize to Serde. This not only provides an excellent testing ground for the toml 0.3 release but it also is a big boost to the speed of parsing the JSON bits of the registry. This doesn't completely excise the dependency just yet as docopt still requires it along with handlebars. I'm sure though that in time those crates will migrate to serde!
2017-02-10 20:01:52 +00:00
assert!(serde_json::from_str::<R>(&body)?.ok);
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
Ok(())
}
a large number of clippy suggestions
2018-07-20 19:39:05 +00:00
fn put(&mut self, path: &str, b: &[u8]) -> Result<String> {
Changed try! macros to ? operator Since the stabilization of the ? operator (release 1.13.0) the ? operator should be used to use idiomatic Rust.
2016-11-11 13:25:20 +00:00
self.handle.put(true)?;
Update to curl 0.3
2016-05-18 17:01:40 +00:00
self.req(path, Some(b), Auth::Authorized)
Implement a command to list owners of a crate Closes #858
2014-11-13 06:15:41 +00:00
}
a large number of clippy suggestions
2018-07-20 19:39:05 +00:00
fn get(&mut self, path: &str) -> Result<String> {
Changed try! macros to ? operator Since the stabilization of the ? operator (release 1.13.0) the ? operator should be used to use idiomatic Rust.
2016-11-11 13:25:20 +00:00
self.handle.get(true)?;
Update to curl 0.3
2016-05-18 17:01:40 +00:00
self.req(path, None, Auth::Authorized)
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
}
a large number of clippy suggestions
2018-07-20 19:39:05 +00:00
fn delete(&mut self, path: &str, b: Option<&[u8]>) -> Result<String> {
Changed try! macros to ? operator Since the stabilization of the ? operator (release 1.13.0) the ? operator should be used to use idiomatic Rust.
2016-11-11 13:25:20 +00:00
self.handle.custom_request("DELETE")?;
Update to curl 0.3
2016-05-18 17:01:40 +00:00
self.req(path, b, Auth::Authorized)
Implement a command to list owners of a crate Closes #858
2014-11-13 06:15:41 +00:00
}
a large number of clippy suggestions
2018-07-20 19:39:05 +00:00
fn req(&mut self, path: &str, body: Option<&[u8]>, authorized: Auth) -> Result<String> {
Changed try! macros to ? operator Since the stabilization of the ? operator (release 1.13.0) the ? operator should be used to use idiomatic Rust.
2016-11-11 13:25:20 +00:00
self.handle.url(&format!("{}/api/v1{}", self.host, path))?;
Update to curl 0.3
2016-05-18 17:01:40 +00:00
let mut headers = List::new();
Changed try! macros to ? operator Since the stabilization of the ? operator (release 1.13.0) the ? operator should be used to use idiomatic Rust.
2016-11-11 13:25:20 +00:00
headers.append("Accept: application/json")?;
headers.append("Content-Type: application/json")?;
Add a `search` command to cargo
2014-11-22 14:36:14 +00:00
Implement RFC 3139: alternative registry authentication support
2022-10-31 16:44:01 +00:00
if self.auth_required || authorized == Auth::Authorized {
Validate token on publish.
2023-04-09 19:15:40 +00:00
headers.append(&format!("Authorization: {}", self.token()?))?;
Add a `search` command to cargo
2014-11-22 14:36:14 +00:00
}
Changed try! macros to ? operator Since the stabilization of the ? operator (release 1.13.0) the ? operator should be used to use idiomatic Rust.
2016-11-11 13:25:20 +00:00
self.handle.http_headers(headers)?;
Implement a command to list owners of a crate Closes #858
2014-11-13 06:15:41 +00:00
match body {
Update to curl 0.3
2016-05-18 17:01:40 +00:00
Some(mut body) => {
Changed try! macros to ? operator Since the stabilization of the ? operator (release 1.13.0) the ? operator should be used to use idiomatic Rust.
2016-11-11 13:25:20 +00:00
self.handle.upload(true)?;
self.handle.in_filesize(body.len() as u64)?;
Make crates.io timeout error specific to crates.io
2019-05-14 16:20:54 +00:00
self.handle(&mut |buf| body.read(buf).unwrap_or(0))
Add a ResponseError for registry API interaction. The intent here is to make it easier to work with API errors. This also includes some new tests for checking network errors.
2021-01-28 20:39:51 +00:00
.map_err(|e| e.into())
Update to curl 0.3
2016-05-18 17:01:40 +00:00
}
Add a ResponseError for registry API interaction. The intent here is to make it easier to work with API errors. This also includes some new tests for checking network errors.
2021-01-28 20:39:51 +00:00
None => self.handle(&mut |_| 0).map_err(|e| e.into()),
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
}
}
Update to curl 0.3
2016-05-18 17:01:40 +00:00
feat(crates-io): use our own `Result` wrapper everywhere
2023-06-25 08:42:26 +00:00
fn handle(&mut self, read: &mut dyn FnMut(&mut [u8]) -> usize) -> Result<String> {
Make crates.io timeout error specific to crates.io
2019-05-14 16:20:54 +00:00
let mut headers = Vec::new();
let mut body = Vec::new();
{
let mut handle = self.handle.transfer();
handle.read_function(|buf| Ok(read(buf)))?;
handle.write_function(|data| {
body.extend_from_slice(data);
Ok(data.len())
})?;
handle.header_function(|data| {
Add a ResponseError for registry API interaction. The intent here is to make it easier to work with API errors. This also includes some new tests for checking network errors.
2021-01-28 20:39:51 +00:00
// Headers contain trailing \r\n, trim them to make it easier
// to work with.
let s = String::from_utf8_lossy(data).trim().to_string();
fix(crates-io): don't let server sneak extra lines anywhere From https://github.com/rust-lang/cargo/blob/5febbe5587b74108165f748e79a4f8badbdf5e0e/src/cargo/sources/registry/http_remote.rs#L234-L237
2023-07-06 12:25:34 +00:00
// Don't let server sneak extra lines anywhere.
if s.contains('\n') {
return true;
}
Add a ResponseError for registry API interaction. The intent here is to make it easier to work with API errors. This also includes some new tests for checking network errors.
2021-01-28 20:39:51 +00:00
headers.push(s);
Make crates.io timeout error specific to crates.io
2019-05-14 16:20:54 +00:00
true
})?;
handle.perform()?;
Give a better error message when crates.io requests time out crates.io is hosted on Heroku, which means we have a hard 30 second time limit on all requests. Typically this is only hit when someone is attempting to upload a crate so large that it would have been eventually rejected anyway, but it can also happen if a user is on a very slow internet connection. When this happens, the request is terminated by the platform and we have no control over the response that gets sent. This results in the user getting a very unhelpful error message from Cargo, and some generic error page HTML spat out into their terminal. We could work around this on our end by adding a 29 second timeout *somewhere else* in the stack, but we have a lot of layers that buffer requests to protect against slow client attacks, and it'd be a pretty decent amount of work. Since we eventually want to switch over to having Cargo do the S3 upload instead of us, it doesn't make sense to spend so much time on an error scenario that eventually will go away. I've tried to keep this uncoupled from crates.io as much as possible, since alternate registries might not be hosted on Heroku or have the same restricitions. But I figure "a 503 that took more than 30 seconds" is a safe bet on this being hit. If we're ok with coupling this to crates.io, I'd like to include "If your crate is less than 10MB you can email help@crates.io for assistance" in the error message. Ref https://github.com/rust-lang/crates.io/issues/1709
2019-05-13 20:18:42 +00:00
}
Make crates.io timeout error specific to crates.io
2019-05-14 16:20:54 +00:00
refactor(crates-io): remove `anyhow` This removes the dependency `anyhow` and uses our own custom Error enum, so that crates-io consumer can access `Error::API::challenge` field.
2023-06-25 09:58:35 +00:00
let body = String::from_utf8(body)?;
format crates-io and cargo-test-macro subcrates
2019-06-22 22:29:52 +00:00
let errors = serde_json::from_str::<ApiErrorList>(&body)
.ok()
.map(|s| s.errors.into_iter().map(|s| s.detail).collect::<Vec<_>>());
Make crates.io timeout error specific to crates.io
2019-05-14 16:20:54 +00:00
match (self.handle.response_code()?, errors) {
Add a ResponseError for registry API interaction. The intent here is to make it easier to work with API errors. This also includes some new tests for checking network errors.
2021-01-28 20:39:51 +00:00
(0, None) | (200, None) => Ok(body),
refactor(crates-io): rename `ResponseError` to `Error`
2023-07-06 12:36:23 +00:00
(code, Some(errors)) => Err(Error::Api {
fix(crates-io): don't let server sneak extra lines anywhere From https://github.com/rust-lang/cargo/blob/5febbe5587b74108165f748e79a4f8badbdf5e0e/src/cargo/sources/registry/http_remote.rs#L234-L237
2023-07-06 12:25:34 +00:00
code,
headers,
errors,
}),
refactor(crates-io): rename `ResponseError` to `Error`
2023-07-06 12:36:23 +00:00
(code, None) => Err(Error::Code {
format crates-io and cargo-test-macro subcrates
2019-06-22 22:29:52 +00:00
code,
Add a ResponseError for registry API interaction. The intent here is to make it easier to work with API errors. This also includes some new tests for checking network errors.
2021-01-28 20:39:51 +00:00
headers,
format crates-io and cargo-test-macro subcrates
2019-06-22 22:29:52 +00:00
body,
Add a ResponseError for registry API interaction. The intent here is to make it easier to work with API errors. This also includes some new tests for checking network errors.
2021-01-28 20:39:51 +00:00
}),
Always nicely show errors from crates.io if possible Currently if Cargo ever gets a non-200 response, it will either not show the error at all (if it was a 403 or 404), or spit out the entire response body. Historically crates.io has served a 200 for most errors to work around this, but we've stopped doing this as it causes problems for other clients. Additionally, we're starting to server more errors that have semantic meaning (429 for rate limiting, 503 when we're in read only mode). If the request specifies "Accept: application/json", we should ideally return the errors formatted nicely. This isn't always true, but it's what we'd like to do going forward. While the output that Cargo puts out at least contains the actual message, it's buried under a ton of useless info. This changes the behavior so that if the response was valid JSON in the format that Cargo expects, it just shows that (along with a description of the response status), and only falls back to spitting out everything if it can't parse the response body. I'd love to add some more tests for this, but I've had trouble finding anywhere in the test suite that exercises these paths.
2019-03-21 18:10:43 +00:00
}
Make crates.io timeout error specific to crates.io
2019-05-14 16:20:54 +00:00
}
Update how cargo talks to the registry This commit includes a laundry list of updates and tweaks to reflect the current API of the registry: * `registry.host` has been renamed to `registry.index` * New top-level manifest keys are now accepted: * `homepage` - url * `documentation` - url * `repository` - url * `description` - a markdown-less blurb * `license` - string (verified by the registry on upload) * `keywords` - string array * `readme` - string pointing at a file * Authors are now uploaded to the registry * The upload format to the registry has changed to a body json payload * Unpacking tarballs respects the executable bit for scripts and such. * Downloading now follows redirects to go to S3. * The download URL for a package has changed slightly. * Verify path dependencies have a version listed when being uploaded * Rename `upload` to `publish` * Rename `ops::cargo_upload` to `ops::registry` * Add a new `registry` package for interoperating with the registry * Add the ability to modify owners via `cargo owner` * Add a `readme` key to the manifest, and upload its contents to the registry. * Add the ability to yank crates and their versions * When packaging a library, verify that it builds from the packaged source by unpacking the tarball and simulate running `cargo build` inside of it.
2014-09-27 04:14:46 +00:00
}
Remove dependency on `winapi` 0.2 This commit removes Cargo's dependency on `winapi` 0.2 which takes an excessively long time to build, slowing down Windows builds. The `winapi` 0.2 crate was pulled in via a dependency chain that looked like: cargo \- crates-io \- http \- bytes \- iovec \- winapi 0.2 The fix implemented here was to remove the `http` crate dependency from `crates-io` which is only used for rendering status codes, but it's easy enough to inline that function locally.
2019-09-19 18:48:34 +00:00
refactor(crates-io): use `thiserror` Optionally use `thiserror` to reduce boilerplates but this part can be dropped if we don't want.
2023-06-25 13:27:58 +00:00
fn status(code: u32) -> String {
if code == 200 {
String::new()
} else {
let reason = reason(code);
format!(" (status {code} {reason})")
}
}
Remove dependency on `winapi` 0.2 This commit removes Cargo's dependency on `winapi` 0.2 which takes an excessively long time to build, slowing down Windows builds. The `winapi` 0.2 crate was pulled in via a dependency chain that looked like: cargo \- crates-io \- http \- bytes \- iovec \- winapi 0.2 The fix implemented here was to remove the `http` crate dependency from `crates-io` which is only used for rendering status codes, but it's easy enough to inline that function locally.
2019-09-19 18:48:34 +00:00
fn reason(code: u32) -> &'static str {
// Taken from https://developer.mozilla.org/en-US/docs/Web/HTTP/Status
match code {
100 => "Continue",
101 => "Switching Protocol",
103 => "Early Hints",
200 => "OK",
201 => "Created",
202 => "Accepted",
203 => "Non-Authoritative Information",
204 => "No Content",
205 => "Reset Content",
206 => "Partial Content",
300 => "Multiple Choice",
301 => "Moved Permanently",
302 => "Found",
303 => "See Other",
304 => "Not Modified",
307 => "Temporary Redirect",
308 => "Permanent Redirect",
400 => "Bad Request",
401 => "Unauthorized",
402 => "Payment Required",
403 => "Forbidden",
404 => "Not Found",
405 => "Method Not Allowed",
406 => "Not Acceptable",
407 => "Proxy Authentication Required",
408 => "Request Timeout",
409 => "Conflict",
410 => "Gone",
411 => "Length Required",
412 => "Precondition Failed",
413 => "Payload Too Large",
414 => "URI Too Long",
415 => "Unsupported Media Type",
416 => "Request Range Not Satisfiable",
417 => "Expectation Failed",
429 => "Too Many Requests",
431 => "Request Header Fields Too Large",
500 => "Internal Server Error",
501 => "Not Implemented",
502 => "Bad Gateway",
503 => "Service Unavailable",
504 => "Gateway Timeout",
_ => "<unknown>",
}
}
Add a warning when using `registry.token` with source replacement.
2020-03-07 01:29:12 +00:00
/// Returns `true` if the host of the given URL is "crates.io".
pub fn is_url_crates_io(url: &str) -> bool {
Url::parse(url)
.map(|u| u.host_str() == Some("crates.io"))
.unwrap_or(false)
}
Error on invalid token for registry auth When using registry operations with authentication there will be now an error if the given token is not valid. This is a technically a breaking change because a registry might give some tokens which will be denied by these new checks. In practice these tokens cause issues with HTTP so no registry should generate them.
2023-02-16 15:42:30 +00:00
/// Checks if a token is valid or malformed.
///
/// This check is necessary to prevent sending tokens which create an invalid HTTP request.
/// It would be easier to check just for alphanumeric tokens, but we can't be sure that all
/// registries only create tokens in that format so that is as less restricted as possible.
pub fn check_token(token: &str) -> Result<()> {
Address review comments * moved `is_empty` check into `check_token` * improved error message (is quite long now but should explain the error well) * removed one helper function from new test
2023-02-16 18:12:46 +00:00
if token.is_empty() {
refactor(crates-io): remove `anyhow` This removes the dependency `anyhow` and uses our own custom Error enum, so that crates-io consumer can access `Error::API::challenge` field.
2023-06-25 09:58:35 +00:00
return Err(Error::InvalidToken("please provide a non-empty token"));
Address review comments * moved `is_empty` check into `check_token` * improved error message (is quite long now but should explain the error well) * removed one helper function from new test
2023-02-16 18:12:46 +00:00
}
if token.bytes().all(|b| {
Fix credential token format validation.
2023-04-09 18:53:46 +00:00
// This is essentially the US-ASCII limitation of
// https://www.rfc-editor.org/rfc/rfc9110#name-field-values. That is,
// visible ASCII characters (0x21-0x7e), space, and tab. We want to be
// able to pass this in an HTTP header without encoding.
b >= 32 && b < 127 || b == b'\t'
Address review comments * moved `is_empty` check into `check_token` * improved error message (is quite long now but should explain the error well) * removed one helper function from new test
2023-02-16 18:12:46 +00:00
}) {
Error on invalid token for registry auth When using registry operations with authentication there will be now an error if the given token is not valid. This is a technically a breaking change because a registry might give some tokens which will be denied by these new checks. In practice these tokens cause issues with HTTP so no registry should generate them.
2023-02-16 15:42:30 +00:00
Ok(())
} else {
refactor(crates-io): remove `anyhow` This removes the dependency `anyhow` and uses our own custom Error enum, so that crates-io consumer can access `Error::API::challenge` field.
2023-06-25 09:58:35 +00:00
Err(Error::InvalidToken(
Address review comments * moved `is_empty` check into `check_token` * improved error message (is quite long now but should explain the error well) * removed one helper function from new test
2023-02-16 18:12:46 +00:00
"token contains invalid characters.\nOnly printable ISO-8859-1 characters \
refactor(crates-io): remove `anyhow` This removes the dependency `anyhow` and uses our own custom Error enum, so that crates-io consumer can access `Error::API::challenge` field.
2023-06-25 09:58:35 +00:00
are allowed as it is sent in a HTTPS header.",
))
Error on invalid token for registry auth When using registry operations with authentication there will be now an error if the given token is not valid. This is a technically a breaking change because a registry might give some tokens which will be denied by these new checks. In practice these tokens cause issues with HTTP so no registry should generate them.
2023-02-16 15:42:30 +00:00
}
}
Reference in a new issue Copy permalink