cargo/tests/testsuite/package.rs

3356 lines
88 KiB
Rust
Raw Normal View History

2019-11-25 02:42:45 +00:00
//! Tests for the `cargo package` command.
use cargo_test_support::paths::CargoPathExt;
use cargo_test_support::publish::validate_crate_contents;
use cargo_test_support::registry::{self, Package};
use cargo_test_support::{
2023-11-10 07:49:44 +00:00
basic_manifest, cargo_process, git, path2url, paths, project, symlink_supported, t,
ProjectBuilder,
};
package: canonicalize tar headers for crate packages Currently, when reading a file from disk, we include several pieces of data from the on-disk file, including the user and group names and IDs, the device major and minor, the mode, and the timestamp. This means that our archives differ between systems, sometimes in unhelpful ways. In addition, most users probably did not intend to share information about their user and group settings, operating system and disk type, and umask. While these aren't huge privacy leaks, cargo doesn't use them when extracting archives, so there's no value to including them. Since using consistent data means that our archives are reproducible and don't leak user data, both of which are desirable features, let's canonicalize the header to strip out identifying information. We set the user and group information to 0 and root, since that's the only user that's typically consistent among Unix systems. Setting these values doesn't create a security risk since tar can't change the ownership of files when it's running as a normal unprivileged user. Similarly, we set the device major and minor to 0. There is no useful value here that's portable across systems, and it does not affect extraction in any way. We also set the timestamp to the same one that we use for generated files. This is probably the biggest loss of relevant data, but considering that cargo doesn't otherwise use it and honoring it makes the archives unreproducible, we canonicalize it as well. Finally, we canonicalize the mode of an item we're storing by looking at the executable bit and using mode 755 if it's set and mode 644 if it's not. We already use 644 as the default for generated files, and this is the same algorithm that Git uses to determine whether a file should be considered executable. The tests don't test this case because there's no portable way to create executable files on Windows.
2020-11-15 21:43:39 +00:00
use flate2::read::GzDecoder;
use std::fs::{self, read_to_string, File};
use std::path::Path;
package: canonicalize tar headers for crate packages Currently, when reading a file from disk, we include several pieces of data from the on-disk file, including the user and group names and IDs, the device major and minor, the mode, and the timestamp. This means that our archives differ between systems, sometimes in unhelpful ways. In addition, most users probably did not intend to share information about their user and group settings, operating system and disk type, and umask. While these aren't huge privacy leaks, cargo doesn't use them when extracting archives, so there's no value to including them. Since using consistent data means that our archives are reproducible and don't leak user data, both of which are desirable features, let's canonicalize the header to strip out identifying information. We set the user and group information to 0 and root, since that's the only user that's typically consistent among Unix systems. Setting these values doesn't create a security risk since tar can't change the ownership of files when it's running as a normal unprivileged user. Similarly, we set the device major and minor to 0. There is no useful value here that's portable across systems, and it does not affect extraction in any way. We also set the timestamp to the same one that we use for generated files. This is probably the biggest loss of relevant data, but considering that cargo doesn't otherwise use it and honoring it makes the archives unreproducible, we canonicalize it as well. Finally, we canonicalize the mode of an item we're storing by looking at the executable bit and using mode 755 if it's set and mode 644 if it's not. We already use 644 as the default for generated files, and this is the same algorithm that Git uses to determine whether a file should be considered executable. The tests don't test this case because there's no portable way to create executable files on Windows.
2020-11-15 21:43:39 +00:00
use tar::Archive;
#[cargo_test]
fn simple() {
let p = project()
2018-12-08 11:19:47 +00:00
.file(
"Cargo.toml",
r#"
[package]
2020-09-27 00:59:58 +00:00
name = "foo"
version = "0.0.1"
authors = []
exclude = ["*.txt"]
license = "MIT"
description = "foo"
"#,
2018-12-08 11:19:47 +00:00
)
.file("src/main.rs", r#"fn main() { println!("hello"); }"#)
.file("src/bar.txt", "") // should be ignored when packaging
.build();
p.cargo("package")
.with_stderr(
2018-03-14 15:17:44 +00:00
"\
2016-05-20 00:52:13 +00:00
[WARNING] manifest has no documentation[..]
See [..]
[PACKAGING] foo v0.0.1 ([CWD])
[VERIFYING] foo v0.0.1 ([CWD])
[COMPILING] foo v0.0.1 ([CWD][..])
[FINISHED] dev [unoptimized + debuginfo] target(s) in [..]
[PACKAGED] 4 files, [..] ([..] compressed)
",
2018-12-08 11:19:47 +00:00
)
.run();
2018-08-29 06:11:10 +00:00
assert!(p.root().join("target/package/foo-0.0.1.crate").is_file());
p.cargo("package -l")
.with_stdout(
2018-03-14 15:17:44 +00:00
"\
2019-06-10 19:38:51 +00:00
Cargo.lock
Cargo.toml
Cargo.toml.orig
2018-08-02 09:18:48 +00:00
src/main.rs
2018-03-14 15:17:44 +00:00
",
2018-12-08 11:19:47 +00:00
)
.run();
2023-11-15 22:33:27 +00:00
p.cargo("package")
.with_stderr(
"\
[WARNING] manifest has no documentation[..]
See [..]
[PACKAGING] foo v0.0.1 ([CWD])
[VERIFYING] foo v0.0.1 ([CWD])
[COMPILING] foo v0.0.1 ([CWD][..])
[FINISHED] dev [unoptimized + debuginfo] target(s) in [..]
[PACKAGED] 4 files, [..] ([..] compressed)
",
)
.run();
2014-09-09 02:38:16 +00:00
let f = File::open(&p.root().join("target/package/foo-0.0.1.crate")).unwrap();
validate_crate_contents(
f,
"foo-0.0.1.crate",
2019-06-10 19:38:51 +00:00
&["Cargo.lock", "Cargo.toml", "Cargo.toml.orig", "src/main.rs"],
&[],
);
}
#[cargo_test]
fn metadata_warning() {
let p = project().file("src/main.rs", "fn main() {}").build();
p.cargo("package")
.with_stderr(
2018-03-14 15:17:44 +00:00
"\
2016-05-20 00:52:13 +00:00
warning: manifest has no description, license, license-file, documentation, \
homepage or repository.
2019-01-30 20:34:37 +00:00
See https://doc.rust-lang.org/cargo/reference/manifest.html#package-metadata for more info.
[PACKAGING] foo v0.0.1 ([CWD])
[VERIFYING] foo v0.0.1 ([CWD])
[COMPILING] foo v0.0.1 ([CWD][..])
[FINISHED] dev [unoptimized + debuginfo] target(s) in [..]
[PACKAGED] [..] files, [..] ([..] compressed)
",
2018-12-08 11:19:47 +00:00
)
.run();
let p = project()
2018-03-14 15:17:44 +00:00
.file(
"Cargo.toml",
r#"
[package]
2020-09-27 00:59:58 +00:00
name = "foo"
version = "0.0.1"
authors = []
license = "MIT"
"#,
2018-12-08 11:19:47 +00:00
)
.file("src/main.rs", "fn main() {}")
.build();
p.cargo("package")
.with_stderr(
2018-03-14 15:17:44 +00:00
"\
warning: manifest has no description, documentation, homepage or repository.
2019-01-30 20:34:37 +00:00
See https://doc.rust-lang.org/cargo/reference/manifest.html#package-metadata for more info.
[PACKAGING] foo v0.0.1 ([CWD])
[VERIFYING] foo v0.0.1 ([CWD])
[COMPILING] foo v0.0.1 ([CWD][..])
[FINISHED] dev [unoptimized + debuginfo] target(s) in [..]
[PACKAGED] [..] files, [..] ([..] compressed)
",
2018-12-08 11:19:47 +00:00
)
.run();
let p = project()
2018-03-14 15:17:44 +00:00
.file(
"Cargo.toml",
r#"
[package]
2020-09-27 00:59:58 +00:00
name = "foo"
version = "0.0.1"
authors = []
license = "MIT"
description = "foo"
repository = "bar"
"#,
2018-12-08 11:19:47 +00:00
)
.file("src/main.rs", "fn main() {}")
.build();
p.cargo("package")
.with_stderr(
2018-03-14 15:17:44 +00:00
"\
[PACKAGING] foo v0.0.1 ([CWD])
[VERIFYING] foo v0.0.1 ([CWD])
[COMPILING] foo v0.0.1 ([CWD][..])
[FINISHED] dev [unoptimized + debuginfo] target(s) in [..]
[PACKAGED] [..] files, [..] ([..] compressed)
",
2018-12-08 11:19:47 +00:00
)
.run();
}
#[cargo_test]
fn package_verbose() {
let root = paths::root().join("all");
let repo = git::repo(&root)
2018-07-24 22:35:01 +00:00
.file("Cargo.toml", &basic_manifest("foo", "0.0.1"))
.file("src/main.rs", "fn main() {}")
.file("a/a/Cargo.toml", &basic_manifest("a", "0.0.1"))
.file("a/a/src/lib.rs", "")
.build();
cargo_process("build").cwd(repo.root()).run();
println!("package main repo");
cargo_process("package -v --no-verify")
.cwd(repo.root())
.with_stderr(
2018-03-14 15:17:44 +00:00
"\
2016-05-20 00:52:13 +00:00
[WARNING] manifest has no description[..]
2019-01-30 20:34:37 +00:00
See https://doc.rust-lang.org/cargo/reference/manifest.html#package-metadata for more info.
[PACKAGING] foo v0.0.1 ([..])
[ARCHIVING] .cargo_vcs_info.json
2019-06-10 19:38:51 +00:00
[ARCHIVING] Cargo.lock
[ARCHIVING] Cargo.toml
[ARCHIVING] Cargo.toml.orig
[ARCHIVING] src/main.rs
[PACKAGED] 5 files, [..] ([..] compressed)
2018-03-14 15:17:44 +00:00
",
2018-12-08 11:19:47 +00:00
)
.run();
let f = File::open(&repo.root().join("target/package/foo-0.0.1.crate")).unwrap();
let vcs_contents = format!(
r#"{{
"git": {{
"sha1": "{}"
}},
"path_in_vcs": ""
}}
"#,
repo.revparse_head()
);
validate_crate_contents(
f,
"foo-0.0.1.crate",
&[
2019-06-10 19:38:51 +00:00
"Cargo.lock",
"Cargo.toml",
"Cargo.toml.orig",
"src/main.rs",
".cargo_vcs_info.json",
],
&[(".cargo_vcs_info.json", &vcs_contents)],
);
println!("package sub-repo");
cargo_process("package -v --no-verify")
.cwd(repo.root().join("a/a"))
.with_stderr(
2018-03-14 15:17:44 +00:00
"\
2016-05-20 00:52:13 +00:00
[WARNING] manifest has no description[..]
2019-01-30 20:34:37 +00:00
See https://doc.rust-lang.org/cargo/reference/manifest.html#package-metadata for more info.
[PACKAGING] a v0.0.1 ([..])
[ARCHIVING] .cargo_vcs_info.json
[ARCHIVING] Cargo.toml
[ARCHIVING] Cargo.toml.orig
[ARCHIVING] src/lib.rs
[PACKAGED] 4 files, [..] ([..] compressed)
2018-03-14 15:17:44 +00:00
",
2018-12-08 11:19:47 +00:00
)
.run();
let f = File::open(&repo.root().join("a/a/target/package/a-0.0.1.crate")).unwrap();
let vcs_contents = format!(
r#"{{
"git": {{
"sha1": "{}"
}},
"path_in_vcs": "a/a"
}}
"#,
repo.revparse_head()
);
validate_crate_contents(
f,
"a-0.0.1.crate",
&[
"Cargo.toml",
"Cargo.toml.orig",
"src/lib.rs",
".cargo_vcs_info.json",
],
&[(".cargo_vcs_info.json", &vcs_contents)],
);
}
#[cargo_test]
fn package_verification() {
let p = project().file("src/main.rs", "fn main() {}").build();
p.cargo("build").run();
p.cargo("package")
.with_stderr(
2018-03-14 15:17:44 +00:00
"\
2016-05-20 00:52:13 +00:00
[WARNING] manifest has no description[..]
2019-01-30 20:34:37 +00:00
See https://doc.rust-lang.org/cargo/reference/manifest.html#package-metadata for more info.
[PACKAGING] foo v0.0.1 ([CWD])
[VERIFYING] foo v0.0.1 ([CWD])
[COMPILING] foo v0.0.1 ([CWD][..])
[FINISHED] dev [unoptimized + debuginfo] target(s) in [..]
[PACKAGED] [..] files, [..] ([..] compressed)
",
2018-12-08 11:19:47 +00:00
)
.run();
}
#[cargo_test]
2018-07-24 21:53:30 +00:00
fn vcs_file_collision() {
let p = project().build();
let _ = git::repo(&paths::root().join("foo"))
.file(
"Cargo.toml",
r#"
[package]
2020-09-27 00:59:58 +00:00
name = "foo"
description = "foo"
version = "0.0.1"
authors = []
license = "MIT"
documentation = "foo"
homepage = "foo"
repository = "foo"
exclude = ["*.no-existe"]
"#,
2018-12-08 11:19:47 +00:00
)
.file(
2018-07-24 21:53:30 +00:00
"src/main.rs",
r#"
2020-09-27 00:59:58 +00:00
fn main() {}
"#,
2018-12-08 11:19:47 +00:00
)
.file(".cargo_vcs_info.json", "foo")
2018-07-24 21:53:30 +00:00
.build();
p.cargo("package")
.arg("--no-verify")
.with_status(101)
.with_stderr(
2018-07-24 21:53:30 +00:00
"\
[ERROR] invalid inclusion of reserved file name .cargo_vcs_info.json \
2018-07-24 21:53:30 +00:00
in package source
",
2018-12-08 11:19:47 +00:00
)
.run();
2018-07-24 21:53:30 +00:00
}
#[cargo_test]
fn orig_file_collision() {
let p = project().build();
let _ = git::repo(&paths::root().join("foo"))
.file(
"Cargo.toml",
r#"
[package]
name = "foo"
description = "foo"
version = "0.0.1"
authors = []
license = "MIT"
documentation = "foo"
homepage = "foo"
repository = "foo"
exclude = ["*.no-existe"]
"#,
)
.file(
"src/main.rs",
r#"
fn main() {}
"#,
)
.file("Cargo.toml.orig", "oops")
.build();
p.cargo("package")
.arg("--no-verify")
.with_status(101)
.with_stderr(
"\
[ERROR] invalid inclusion of reserved file name Cargo.toml.orig \
in package source
",
)
.run();
}
#[cargo_test]
fn path_dependency_no_version() {
let p = project()
2018-03-14 15:17:44 +00:00
.file(
"Cargo.toml",
r#"
[package]
2020-09-27 00:59:58 +00:00
name = "foo"
version = "0.0.1"
authors = []
license = "MIT"
description = "foo"
2020-09-27 00:59:58 +00:00
[dependencies.bar]
path = "bar"
"#,
2018-12-08 11:19:47 +00:00
)
.file("src/main.rs", "fn main() {}")
2018-07-24 22:35:01 +00:00
.file("bar/Cargo.toml", &basic_manifest("bar", "0.1.0"))
.file("bar/src/lib.rs", "")
.build();
p.cargo("package")
.with_status(101)
.with_stderr(
2018-03-14 15:17:44 +00:00
"\
[WARNING] manifest has no documentation, homepage or repository.
2019-01-30 20:34:37 +00:00
See https://doc.rust-lang.org/cargo/reference/manifest.html#package-metadata for more info.
[ERROR] all dependencies must have a version specified when packaging.
dependency `bar` does not specify a version\n\
Note: The packaged dependency will use the version from crates.io,
the `path` specification will be removed from the dependency declaration.
",
)
.run();
}
#[cargo_test]
fn git_dependency_no_version() {
registry::init();
let p = project()
.file(
"Cargo.toml",
r#"
[package]
name = "foo"
version = "0.0.1"
authors = []
license = "MIT"
description = "foo"
[dependencies.foo]
git = "git://path/to/nowhere"
"#,
)
.file("src/main.rs", "fn main() {}")
.build();
p.cargo("package")
.with_status(101)
.with_stderr(
"\
[WARNING] manifest has no documentation, homepage or repository.
See https://doc.rust-lang.org/cargo/reference/manifest.html#package-metadata for more info.
[ERROR] all dependencies must have a version specified when packaging.
dependency `foo` does not specify a version
Note: The packaged dependency will use the version from crates.io,
the `git` specification will be removed from the dependency declaration.
2018-03-14 15:17:44 +00:00
",
2018-12-08 11:19:47 +00:00
)
.run();
}
#[cargo_test]
fn exclude() {
let root = paths::root().join("exclude");
let repo = git::repo(&root)
2018-12-08 11:19:47 +00:00
.file(
"Cargo.toml",
r#"
[package]
2020-09-27 00:59:58 +00:00
name = "foo"
version = "0.0.1"
authors = []
exclude = [
"*.txt",
# file in root
"file_root_1", # NO_CHANGE (ignored)
"/file_root_2", # CHANGING (packaged -> ignored)
"file_root_3/", # NO_CHANGE (packaged)
"file_root_4/*", # NO_CHANGE (packaged)
"file_root_5/**", # NO_CHANGE (packaged)
# file in sub-dir
"file_deep_1", # CHANGING (packaged -> ignored)
"/file_deep_2", # NO_CHANGE (packaged)
"file_deep_3/", # NO_CHANGE (packaged)
"file_deep_4/*", # NO_CHANGE (packaged)
"file_deep_5/**", # NO_CHANGE (packaged)
# dir in root
"dir_root_1", # CHANGING (packaged -> ignored)
"/dir_root_2", # CHANGING (packaged -> ignored)
"dir_root_3/", # CHANGING (packaged -> ignored)
"dir_root_4/*", # NO_CHANGE (ignored)
"dir_root_5/**", # NO_CHANGE (ignored)
# dir in sub-dir
"dir_deep_1", # CHANGING (packaged -> ignored)
"/dir_deep_2", # NO_CHANGE
"dir_deep_3/", # CHANGING (packaged -> ignored)
"dir_deep_4/*", # CHANGING (packaged -> ignored)
"dir_deep_5/**", # CHANGING (packaged -> ignored)
]
"#,
2018-12-08 11:19:47 +00:00
)
.file("src/main.rs", r#"fn main() { println!("hello"); }"#)
.file("bar.txt", "")
.file("src/bar.txt", "")
2019-02-03 04:01:23 +00:00
// File in root.
.file("file_root_1", "")
.file("file_root_2", "")
.file("file_root_3", "")
.file("file_root_4", "")
.file("file_root_5", "")
2019-02-03 04:01:23 +00:00
// File in sub-dir.
.file("some_dir/file_deep_1", "")
.file("some_dir/file_deep_2", "")
.file("some_dir/file_deep_3", "")
.file("some_dir/file_deep_4", "")
.file("some_dir/file_deep_5", "")
2019-02-03 04:01:23 +00:00
// Dir in root.
.file("dir_root_1/some_dir/file", "")
.file("dir_root_2/some_dir/file", "")
.file("dir_root_3/some_dir/file", "")
.file("dir_root_4/some_dir/file", "")
.file("dir_root_5/some_dir/file", "")
2019-02-03 04:01:23 +00:00
// Dir in sub-dir.
.file("some_dir/dir_deep_1/some_dir/file", "")
.file("some_dir/dir_deep_2/some_dir/file", "")
.file("some_dir/dir_deep_3/some_dir/file", "")
.file("some_dir/dir_deep_4/some_dir/file", "")
.file("some_dir/dir_deep_5/some_dir/file", "")
.build();
cargo_process("package --no-verify -v")
.cwd(repo.root())
.with_stdout("")
.with_stderr(
2018-03-14 15:17:44 +00:00
"\
2016-05-20 00:52:13 +00:00
[WARNING] manifest has no description[..]
2019-01-30 20:34:37 +00:00
See https://doc.rust-lang.org/cargo/reference/manifest.html#package-metadata for more info.
[PACKAGING] foo v0.0.1 ([..])
[ARCHIVING] .cargo_vcs_info.json
[ARCHIVING] Cargo.lock
2019-06-10 19:38:51 +00:00
[ARCHIVING] Cargo.toml
[ARCHIVING] Cargo.toml.orig
2019-06-10 19:38:51 +00:00
[ARCHIVING] file_root_3
[ARCHIVING] file_root_4
[ARCHIVING] file_root_5
[ARCHIVING] some_dir/dir_deep_2/some_dir/file
[ARCHIVING] some_dir/dir_deep_4/some_dir/file
[ARCHIVING] some_dir/dir_deep_5/some_dir/file
[ARCHIVING] some_dir/file_deep_2
[ARCHIVING] some_dir/file_deep_3
[ARCHIVING] some_dir/file_deep_4
[ARCHIVING] some_dir/file_deep_5
[ARCHIVING] src/main.rs
[PACKAGED] 15 files, [..] ([..] compressed)
2018-03-14 15:17:44 +00:00
",
2018-12-08 11:19:47 +00:00
)
.run();
assert!(repo.root().join("target/package/foo-0.0.1.crate").is_file());
cargo_process("package -l")
.cwd(repo.root())
.with_stdout(
2018-03-14 15:17:44 +00:00
"\
.cargo_vcs_info.json
2019-06-10 19:38:51 +00:00
Cargo.lock
Cargo.toml
Cargo.toml.orig
file_root_3
file_root_4
file_root_5
2018-08-02 09:18:48 +00:00
some_dir/dir_deep_2/some_dir/file
some_dir/dir_deep_4/some_dir/file
some_dir/dir_deep_5/some_dir/file
some_dir/file_deep_2
some_dir/file_deep_3
some_dir/file_deep_4
some_dir/file_deep_5
src/main.rs
2018-03-14 15:17:44 +00:00
",
2018-12-08 11:19:47 +00:00
)
.run();
}
#[cargo_test]
fn include() {
let root = paths::root().join("include");
let repo = git::repo(&root)
2018-12-08 11:19:47 +00:00
.file(
"Cargo.toml",
r#"
[package]
2020-09-27 00:59:58 +00:00
name = "foo"
version = "0.0.1"
authors = []
exclude = ["*.txt"]
include = ["foo.txt", "**/*.rs", "Cargo.toml", ".dotfile"]
"#,
2018-12-08 11:19:47 +00:00
)
.file("foo.txt", "")
.file("src/main.rs", r#"fn main() { println!("hello"); }"#)
.file(".dotfile", "")
2019-02-03 04:01:23 +00:00
// Should be ignored when packaging.
.file("src/bar.txt", "")
.build();
cargo_process("package --no-verify -v")
.cwd(repo.root())
.with_stderr(
2018-03-14 15:17:44 +00:00
"\
2016-05-20 00:52:13 +00:00
[WARNING] manifest has no description[..]
2019-01-30 20:34:37 +00:00
See https://doc.rust-lang.org/cargo/reference/manifest.html#package-metadata for more info.
[WARNING] both package.include and package.exclude are specified; the exclude list will be ignored
[PACKAGING] foo v0.0.1 ([..])
[ARCHIVING] .cargo_vcs_info.json
[ARCHIVING] .dotfile
[ARCHIVING] Cargo.lock
2019-06-10 19:38:51 +00:00
[ARCHIVING] Cargo.toml
[ARCHIVING] Cargo.toml.orig
2019-06-10 19:38:51 +00:00
[ARCHIVING] foo.txt
[ARCHIVING] src/main.rs
[PACKAGED] 7 files, [..] ([..] compressed)
2018-03-14 15:17:44 +00:00
",
2018-12-08 11:19:47 +00:00
)
.run();
}
#[cargo_test]
fn package_lib_with_bin() {
let p = project()
.file("src/main.rs", "extern crate foo; fn main() {}")
.file("src/lib.rs", "")
.build();
p.cargo("package -v").run();
}
#[cargo_test]
fn package_git_submodule() {
let project = git::new("foo", |project| {
2018-03-14 15:17:44 +00:00
project
.file(
"Cargo.toml",
r#"
[package]
name = "foo"
version = "0.0.1"
authors = ["foo@example.com"]
license = "MIT"
description = "foo"
repository = "foo"
2018-03-14 15:17:44 +00:00
"#,
2018-12-08 11:19:47 +00:00
)
.file("src/lib.rs", "pub fn foo() {}")
});
let library = git::new("bar", |library| {
library.no_manifest().file("Makefile", "all:")
});
let repository = git2::Repository::open(&project.root()).unwrap();
let url = path2url(library.root()).to_string();
git::add_submodule(&repository, &url, Path::new("bar"));
git::commit(&repository);
let repository = git2::Repository::open(&project.root().join("bar")).unwrap();
2018-03-14 15:17:44 +00:00
repository
.reset(
&repository.revparse_single("HEAD").unwrap(),
git2::ResetType::Hard,
None,
2018-12-08 11:19:47 +00:00
)
.unwrap();
2018-03-14 15:17:44 +00:00
2018-12-08 11:19:47 +00:00
project
.cargo("package --no-verify -v")
.with_stderr_contains("[ARCHIVING] bar/Makefile")
.run();
}
#[cargo_test]
/// Tests if a symlink to a git submodule is properly handled.
///
/// This test requires you to be able to make symlinks.
/// For windows, this may require you to enable developer mode.
fn package_symlink_to_submodule() {
#[cfg(unix)]
use std::os::unix::fs::symlink;
#[cfg(windows)]
use std::os::windows::fs::symlink_dir as symlink;
if !symlink_supported() {
return;
}
let project = git::new("foo", |project| {
project.file("src/lib.rs", "pub fn foo() {}")
});
let library = git::new("submodule", |library| {
library.no_manifest().file("Makefile", "all:")
});
let repository = git2::Repository::open(&project.root()).unwrap();
let url = path2url(library.root()).to_string();
git::add_submodule(&repository, &url, Path::new("submodule"));
t!(symlink(
&project.root().join("submodule"),
&project.root().join("submodule-link")
));
git::add(&repository);
git::commit(&repository);
let repository = git2::Repository::open(&project.root().join("submodule")).unwrap();
repository
.reset(
&repository.revparse_single("HEAD").unwrap(),
git2::ResetType::Hard,
None,
)
.unwrap();
project
.cargo("package --no-verify -v")
.with_stderr_contains("[ARCHIVING] submodule/Makefile")
.run();
}
#[cargo_test]
fn no_duplicates_from_modified_tracked_files() {
let p = git::new("all", |p| p.file("src/main.rs", "fn main() {}"));
p.change_file("src/main.rs", r#"fn main() { println!("A change!"); }"#);
p.cargo("build").run();
p.cargo("package --list --allow-dirty")
.with_stdout(
2018-03-14 15:17:44 +00:00
"\
2019-06-10 19:38:51 +00:00
Cargo.lock
Cargo.toml
Cargo.toml.orig
src/main.rs
2018-03-14 15:17:44 +00:00
",
2018-12-08 11:19:47 +00:00
)
.run();
}
#[cargo_test]
fn ignore_nested() {
let cargo_toml = r#"
[package]
name = "foo"
version = "0.0.1"
authors = []
license = "MIT"
description = "foo"
2023-11-15 22:33:27 +00:00
homepage = "https://example.com/"
"#;
let main_rs = r#"
fn main() { println!("hello"); }
"#;
let p = project()
.file("Cargo.toml", cargo_toml)
.file("src/main.rs", main_rs)
// If a project happens to contain a copy of itself, we should
// ignore it.
.file("a_dir/foo/Cargo.toml", cargo_toml)
.file("a_dir/foo/src/main.rs", main_rs)
.build();
p.cargo("package")
.with_stderr(
2018-03-14 15:17:44 +00:00
"\
[PACKAGING] foo v0.0.1 ([CWD])
[VERIFYING] foo v0.0.1 ([CWD])
[COMPILING] foo v0.0.1 ([CWD][..])
[FINISHED] dev [unoptimized + debuginfo] target(s) in [..]
[PACKAGED] 4 files, [..] ([..] compressed)
",
2018-12-08 11:19:47 +00:00
)
.run();
2018-08-29 06:11:10 +00:00
assert!(p.root().join("target/package/foo-0.0.1.crate").is_file());
p.cargo("package -l")
.with_stdout(
2018-03-14 15:17:44 +00:00
"\
2019-06-10 19:38:51 +00:00
Cargo.lock
Cargo.toml
Cargo.toml.orig
src/main.rs
2018-03-14 15:17:44 +00:00
",
2018-12-08 11:19:47 +00:00
)
.run();
2023-11-15 22:33:27 +00:00
p.cargo("package")
.with_stderr(
"\
[PACKAGING] foo v0.0.1 ([CWD])
[VERIFYING] foo v0.0.1 ([CWD])
[COMPILING] foo v0.0.1 ([CWD][..])
[FINISHED] dev [unoptimized + debuginfo] target(s) in [..]
[PACKAGED] 4 files, [..] ([..] compressed)
",
)
.run();
let f = File::open(&p.root().join("target/package/foo-0.0.1.crate")).unwrap();
validate_crate_contents(
f,
"foo-0.0.1.crate",
2019-06-10 19:38:51 +00:00
&["Cargo.lock", "Cargo.toml", "Cargo.toml.orig", "src/main.rs"],
&[],
);
}
2019-02-03 04:01:23 +00:00
// Windows doesn't allow these characters in filenames.
#[cfg(unix)]
#[cargo_test]
fn package_weird_characters() {
let p = project()
.file("src/main.rs", r#"fn main() { println!("hello"); }"#)
.file("src/:foo", "")
.build();
p.cargo("package")
.with_status(101)
.with_stderr(
2018-03-14 15:17:44 +00:00
"\
warning: [..]
See [..]
[ERROR] cannot package a filename with a special character `:`: src/:foo
2018-03-14 15:17:44 +00:00
",
2018-12-08 11:19:47 +00:00
)
.run();
}
#[cargo_test]
fn repackage_on_source_change() {
let p = project()
.file("src/main.rs", r#"fn main() { println!("hello"); }"#)
.build();
p.cargo("package").run();
// Add another source file
p.change_file("src/foo.rs", r#"fn main() { println!("foo"); }"#);
// Check that cargo rebuilds the tarball
p.cargo("package")
.with_stderr(
2018-03-14 15:17:44 +00:00
"\
[WARNING] [..]
See [..]
[PACKAGING] foo v0.0.1 ([CWD])
[VERIFYING] foo v0.0.1 ([CWD])
[COMPILING] foo v0.0.1 ([CWD][..])
[FINISHED] dev [unoptimized + debuginfo] target(s) in [..]
[PACKAGED] 5 files, [..] ([..] compressed)
",
2018-12-08 11:19:47 +00:00
)
.run();
// Check that the tarball contains the added file
let f = File::open(&p.root().join("target/package/foo-0.0.1.crate")).unwrap();
validate_crate_contents(
f,
"foo-0.0.1.crate",
2019-06-10 19:38:51 +00:00
&[
"Cargo.lock",
"Cargo.toml",
"Cargo.toml.orig",
"src/main.rs",
"src/foo.rs",
],
&[],
);
}
#[cargo_test]
/// Tests if a broken symlink is properly handled when packaging.
///
/// This test requires you to be able to make symlinks.
/// For windows, this may require you to enable developer mode.
fn broken_symlink() {
#[cfg(unix)]
use std::os::unix::fs::symlink;
#[cfg(windows)]
use std::os::windows::fs::symlink_dir as symlink;
if !symlink_supported() {
return;
}
let p = project()
2018-03-14 15:17:44 +00:00
.file(
"Cargo.toml",
r#"
[package]
2020-09-27 00:59:58 +00:00
name = "foo"
version = "0.0.1"
authors = []
license = "MIT"
description = 'foo'
documentation = 'foo'
homepage = 'foo'
repository = 'foo'
"#,
2018-12-08 11:19:47 +00:00
)
.file("src/main.rs", r#"fn main() { println!("hello"); }"#)
.build();
t!(symlink("nowhere", &p.root().join("src/foo.rs")));
p.cargo("package -v")
.with_status(101)
.with_stderr_contains(
2018-03-14 15:17:44 +00:00
"\
[ERROR] failed to prepare local package for uploading
Caused by:
failed to open for archiving: `[..]foo.rs`
Caused by:
[..]
2018-03-14 15:17:44 +00:00
",
2018-12-08 11:19:47 +00:00
)
.run();
}
#[cargo_test]
/// Tests if a broken but excluded symlink is ignored.
/// See issue rust-lang/cargo#10917
///
/// This test requires you to be able to make symlinks.
/// For windows, this may require you to enable developer mode.
fn broken_but_excluded_symlink() {
#[cfg(unix)]
use std::os::unix::fs::symlink;
#[cfg(windows)]
use std::os::windows::fs::symlink_dir as symlink;
if !symlink_supported() {
return;
}
let p = project()
.file(
"Cargo.toml",
r#"
[package]
name = "foo"
version = "0.0.1"
authors = []
license = "MIT"
description = 'foo'
documentation = 'foo'
homepage = 'foo'
repository = 'foo'
exclude = ["src/foo.rs"]
"#,
)
.file("src/main.rs", r#"fn main() { println!("hello"); }"#)
.build();
t!(symlink("nowhere", &p.root().join("src/foo.rs")));
p.cargo("package -v --list")
// `src/foo.rs` is excluded.
.with_stdout(
"\
Cargo.lock
Cargo.toml
Cargo.toml.orig
src/main.rs
",
)
.run();
}
2021-11-05 21:57:40 +00:00
#[cargo_test]
#[cfg(not(windows))] // https://github.com/libgit2/libgit2/issues/6250
/// Test that /dir and /dir/ matches symlinks to directories.
fn gitignore_symlink_dir() {
if !symlink_supported() {
return;
}
let (p, _repo) = git::new_repo("foo", |p| {
p.file("src/main.rs", r#"fn main() { println!("hello"); }"#)
.symlink_dir("src", "src1")
.symlink_dir("src", "src2")
.symlink_dir("src", "src3")
.symlink_dir("src", "src4")
.file(".gitignore", "/src1\n/src2/\nsrc3\nsrc4/")
});
p.cargo("package -l --no-metadata")
.with_stderr("")
.with_stdout(
"\
.cargo_vcs_info.json
.gitignore
Cargo.lock
Cargo.toml
Cargo.toml.orig
src/main.rs
",
)
.run();
}
#[cargo_test]
#[cfg(not(windows))] // https://github.com/libgit2/libgit2/issues/6250
/// Test that /dir and /dir/ matches symlinks to directories in dirty working directory.
fn gitignore_symlink_dir_dirty() {
if !symlink_supported() {
return;
}
let (p, _repo) = git::new_repo("foo", |p| {
p.file("src/main.rs", r#"fn main() { println!("hello"); }"#)
.file(".gitignore", "/src1\n/src2/\nsrc3\nsrc4/")
});
p.symlink("src", "src1");
p.symlink("src", "src2");
p.symlink("src", "src3");
p.symlink("src", "src4");
p.cargo("package -l --no-metadata")
.with_stderr("")
.with_stdout(
"\
.cargo_vcs_info.json
.gitignore
Cargo.lock
Cargo.toml
Cargo.toml.orig
src/main.rs
",
)
.run();
p.cargo("package -l --no-metadata --allow-dirty")
.with_stderr("")
.with_stdout(
"\
.gitignore
Cargo.lock
Cargo.toml
Cargo.toml.orig
src/main.rs
",
)
.run();
}
#[cargo_test]
2019-12-11 14:31:26 +00:00
/// Tests if a symlink to a directory is properly included.
///
/// This test requires you to be able to make symlinks.
/// For windows, this may require you to enable developer mode.
fn package_symlink_to_dir() {
if !symlink_supported() {
return;
}
project()
.file("src/main.rs", r#"fn main() { println!("hello"); }"#)
.file("bla/Makefile", "all:")
.symlink_dir("bla", "foo")
.build()
.cargo("package -v")
.with_stderr_contains("[ARCHIVING] foo/Makefile")
.run();
}
#[cargo_test]
/// Tests if a symlink to ancestor causes filesystem loop error.
///
/// This test requires you to be able to make symlinks.
/// For windows, this may require you to enable developer mode.
fn filesystem_loop() {
if !symlink_supported() {
return;
}
project()
.file("src/main.rs", r#"fn main() { println!("hello"); }"#)
.symlink_dir("a/b", "a/b/c/d/foo")
.build()
.cargo("package -v")
.with_stderr_contains(
"[WARNING] File system loop found: [..]/a/b/c/d/foo points to an ancestor [..]/a/b",
)
.run();
}
#[cargo_test]
fn do_not_package_if_repository_is_dirty() {
let p = project().build();
// Create a Git repository containing a minimal Rust project.
let _ = git::repo(&paths::root().join("foo"))
2018-03-14 15:17:44 +00:00
.file(
"Cargo.toml",
r#"
[package]
2020-09-27 00:59:58 +00:00
name = "foo"
version = "0.0.1"
license = "MIT"
description = "foo"
documentation = "foo"
homepage = "foo"
repository = "foo"
"#,
2018-12-08 11:19:47 +00:00
)
.file("src/main.rs", "fn main() {}")
.build();
// Modify Cargo.toml without committing the change.
2018-03-14 15:17:44 +00:00
p.change_file(
"Cargo.toml",
r#"
[package]
name = "foo"
version = "0.0.1"
license = "MIT"
description = "foo"
documentation = "foo"
homepage = "foo"
repository = "foo"
# change
"#,
2018-03-14 15:17:44 +00:00
);
p.cargo("package")
.with_status(101)
.with_stderr(
2018-03-14 15:17:44 +00:00
"\
error: 1 files in the working directory contain changes that were not yet \
committed into git:
Cargo.toml
2019-12-11 14:31:26 +00:00
to proceed despite this and include the uncommitted changes, pass the `--allow-dirty` flag
2018-03-14 15:17:44 +00:00
",
2018-12-08 11:19:47 +00:00
)
.run();
}
Rewrite Cargo.toml when packaging crates This commit is an implementation of rewriting TOML manifests when we publish them to the registry. The rationale for doing this is to provide a guarantee that downloaded tarballs from crates.io can be built with `cargo build` (literally). This in turn eases a number of other possible consumers of crates from crates.io * Vendored sources can now be more easily modified/checked as cargo build should work and they're standalone crates that suffice for `path` dependencies * Tools like cargobomb/crater no longer need to edit the manifest and can instead perform regression testing on the literal tarballs they download * Other systems such as packaging Rust code may be able to take advantage of this, but this is a less clear benefit. Overall I'm hesitatnt about this, unfortunately. This is a silent translation happening on *publish*, a rare operation, that's difficult to inspect before it flies up to crates.io. I wrote a script to run this transformation over all crates.io crates and found a surprisingly large number of discrepancies. The transformation basically just downloaded all crates at all versions, regenerated the manifest, and then tested if the two manifests were (in memory) the same. Unfortunately historical Cargo had a critical bug which I think made this exercise not too useful. Cargo used to *not* recreate tarballs if one already existed, which I believe led to situations such as: 1. `cargo publish` 2. Cargo generates an error about a dependency. This could be that there's a `version` not present in a `path` dependency, there could be a `git` dependency, etc. 3. Errors are fixed. 4. `cargo publish` 5. Publish is successful In step 4 above historical Cargo *would not recreate the tarball*. This means that the contents of the index (what was published) aren't guaranteed to match with the tarball's `Cargo.toml`. When building from crates.io this is ok as the index is the source of truth for dependency information, but it means that *any* transformation to rewrite Cargo.toml is impossible to verify against all crates on crates.io (due to historical bugs like these). I strove to read as many errors as possible regardless, attempting to suss out bugs in the implementation here. To further guard against surprises I've updated the verification step of packaging to work "normally" in these sense that it's not rewriting dependencies itself or changing summaries. I'm hoping that this serves as a good last-ditch effort that what we're about to publish will indeed build as expected when uploaded to crates.io Overall I'm probably 70% confident in this change. I think it's necessary to make progress, but I think there are going to be very painful bugs that arise from this feature. I'm open to ideas to help weed out these bugs ahead of time! I've done what I can but I fear it may not be entirely enough. Closes #4027
2017-05-11 05:09:44 +00:00
#[cargo_test]
fn dirty_ignored() {
// Cargo warns about an ignored file that will be published.
let (p, repo) = git::new_repo("foo", |p| {
p.file(
"Cargo.toml",
r#"
[package]
name = "foo"
version = "0.1.0"
description = "foo"
license = "foo"
documentation = "foo"
include = ["src", "build"]
"#,
)
.file("src/lib.rs", "")
.file(".gitignore", "build")
});
// Example of adding a file that is confusingly ignored by an overzealous
// gitignore rule.
p.change_file("src/build/mod.rs", "");
p.cargo("package --list")
.with_status(101)
.with_stderr(
"\
error: 1 files in the working directory contain changes that were not yet committed into git:
src/build/mod.rs
to proceed despite this and include the uncommitted changes, pass the `--allow-dirty` flag
",
)
.run();
// Add the ignored file and make sure it is included.
let mut index = t!(repo.index());
t!(index.add_path(Path::new("src/build/mod.rs")));
t!(index.write());
git::commit(&repo);
p.cargo("package --list")
.with_stderr("")
.with_stdout(
"\
.cargo_vcs_info.json
Cargo.toml
Cargo.toml.orig
src/build/mod.rs
src/lib.rs
",
)
.run();
}
#[cargo_test]
Rewrite Cargo.toml when packaging crates This commit is an implementation of rewriting TOML manifests when we publish them to the registry. The rationale for doing this is to provide a guarantee that downloaded tarballs from crates.io can be built with `cargo build` (literally). This in turn eases a number of other possible consumers of crates from crates.io * Vendored sources can now be more easily modified/checked as cargo build should work and they're standalone crates that suffice for `path` dependencies * Tools like cargobomb/crater no longer need to edit the manifest and can instead perform regression testing on the literal tarballs they download * Other systems such as packaging Rust code may be able to take advantage of this, but this is a less clear benefit. Overall I'm hesitatnt about this, unfortunately. This is a silent translation happening on *publish*, a rare operation, that's difficult to inspect before it flies up to crates.io. I wrote a script to run this transformation over all crates.io crates and found a surprisingly large number of discrepancies. The transformation basically just downloaded all crates at all versions, regenerated the manifest, and then tested if the two manifests were (in memory) the same. Unfortunately historical Cargo had a critical bug which I think made this exercise not too useful. Cargo used to *not* recreate tarballs if one already existed, which I believe led to situations such as: 1. `cargo publish` 2. Cargo generates an error about a dependency. This could be that there's a `version` not present in a `path` dependency, there could be a `git` dependency, etc. 3. Errors are fixed. 4. `cargo publish` 5. Publish is successful In step 4 above historical Cargo *would not recreate the tarball*. This means that the contents of the index (what was published) aren't guaranteed to match with the tarball's `Cargo.toml`. When building from crates.io this is ok as the index is the source of truth for dependency information, but it means that *any* transformation to rewrite Cargo.toml is impossible to verify against all crates on crates.io (due to historical bugs like these). I strove to read as many errors as possible regardless, attempting to suss out bugs in the implementation here. To further guard against surprises I've updated the verification step of packaging to work "normally" in these sense that it's not rewriting dependencies itself or changing summaries. I'm hoping that this serves as a good last-ditch effort that what we're about to publish will indeed build as expected when uploaded to crates.io Overall I'm probably 70% confident in this change. I think it's necessary to make progress, but I think there are going to be very painful bugs that arise from this feature. I'm open to ideas to help weed out these bugs ahead of time! I've done what I can but I fear it may not be entirely enough. Closes #4027
2017-05-11 05:09:44 +00:00
fn generated_manifest() {
let registry = registry::alt_init();
Package::new("abc", "1.0.0").publish();
Package::new("def", "1.0.0").alternative(true).publish();
Package::new("ghi", "1.0.0").publish();
2019-06-10 19:38:51 +00:00
Package::new("bar", "0.1.0").publish();
let p = project()
2018-03-14 15:17:44 +00:00
.file(
"Cargo.toml",
r#"
[package]
2020-09-27 00:59:58 +00:00
name = "foo"
version = "0.0.1"
authors = []
exclude = ["*.txt"]
license = "MIT"
description = "foo"
Rewrite Cargo.toml when packaging crates This commit is an implementation of rewriting TOML manifests when we publish them to the registry. The rationale for doing this is to provide a guarantee that downloaded tarballs from crates.io can be built with `cargo build` (literally). This in turn eases a number of other possible consumers of crates from crates.io * Vendored sources can now be more easily modified/checked as cargo build should work and they're standalone crates that suffice for `path` dependencies * Tools like cargobomb/crater no longer need to edit the manifest and can instead perform regression testing on the literal tarballs they download * Other systems such as packaging Rust code may be able to take advantage of this, but this is a less clear benefit. Overall I'm hesitatnt about this, unfortunately. This is a silent translation happening on *publish*, a rare operation, that's difficult to inspect before it flies up to crates.io. I wrote a script to run this transformation over all crates.io crates and found a surprisingly large number of discrepancies. The transformation basically just downloaded all crates at all versions, regenerated the manifest, and then tested if the two manifests were (in memory) the same. Unfortunately historical Cargo had a critical bug which I think made this exercise not too useful. Cargo used to *not* recreate tarballs if one already existed, which I believe led to situations such as: 1. `cargo publish` 2. Cargo generates an error about a dependency. This could be that there's a `version` not present in a `path` dependency, there could be a `git` dependency, etc. 3. Errors are fixed. 4. `cargo publish` 5. Publish is successful In step 4 above historical Cargo *would not recreate the tarball*. This means that the contents of the index (what was published) aren't guaranteed to match with the tarball's `Cargo.toml`. When building from crates.io this is ok as the index is the source of truth for dependency information, but it means that *any* transformation to rewrite Cargo.toml is impossible to verify against all crates on crates.io (due to historical bugs like these). I strove to read as many errors as possible regardless, attempting to suss out bugs in the implementation here. To further guard against surprises I've updated the verification step of packaging to work "normally" in these sense that it's not rewriting dependencies itself or changing summaries. I'm hoping that this serves as a good last-ditch effort that what we're about to publish will indeed build as expected when uploaded to crates.io Overall I'm probably 70% confident in this change. I think it's necessary to make progress, but I think there are going to be very painful bugs that arise from this feature. I'm open to ideas to help weed out these bugs ahead of time! I've done what I can but I fear it may not be entirely enough. Closes #4027
2017-05-11 05:09:44 +00:00
[package.metadata]
2020-09-27 00:59:58 +00:00
foo = 'bar'
2020-09-27 00:59:58 +00:00
[workspace]
Rewrite Cargo.toml when packaging crates This commit is an implementation of rewriting TOML manifests when we publish them to the registry. The rationale for doing this is to provide a guarantee that downloaded tarballs from crates.io can be built with `cargo build` (literally). This in turn eases a number of other possible consumers of crates from crates.io * Vendored sources can now be more easily modified/checked as cargo build should work and they're standalone crates that suffice for `path` dependencies * Tools like cargobomb/crater no longer need to edit the manifest and can instead perform regression testing on the literal tarballs they download * Other systems such as packaging Rust code may be able to take advantage of this, but this is a less clear benefit. Overall I'm hesitatnt about this, unfortunately. This is a silent translation happening on *publish*, a rare operation, that's difficult to inspect before it flies up to crates.io. I wrote a script to run this transformation over all crates.io crates and found a surprisingly large number of discrepancies. The transformation basically just downloaded all crates at all versions, regenerated the manifest, and then tested if the two manifests were (in memory) the same. Unfortunately historical Cargo had a critical bug which I think made this exercise not too useful. Cargo used to *not* recreate tarballs if one already existed, which I believe led to situations such as: 1. `cargo publish` 2. Cargo generates an error about a dependency. This could be that there's a `version` not present in a `path` dependency, there could be a `git` dependency, etc. 3. Errors are fixed. 4. `cargo publish` 5. Publish is successful In step 4 above historical Cargo *would not recreate the tarball*. This means that the contents of the index (what was published) aren't guaranteed to match with the tarball's `Cargo.toml`. When building from crates.io this is ok as the index is the source of truth for dependency information, but it means that *any* transformation to rewrite Cargo.toml is impossible to verify against all crates on crates.io (due to historical bugs like these). I strove to read as many errors as possible regardless, attempting to suss out bugs in the implementation here. To further guard against surprises I've updated the verification step of packaging to work "normally" in these sense that it's not rewriting dependencies itself or changing summaries. I'm hoping that this serves as a good last-ditch effort that what we're about to publish will indeed build as expected when uploaded to crates.io Overall I'm probably 70% confident in this change. I think it's necessary to make progress, but I think there are going to be very painful bugs that arise from this feature. I'm open to ideas to help weed out these bugs ahead of time! I've done what I can but I fear it may not be entirely enough. Closes #4027
2017-05-11 05:09:44 +00:00
2020-09-27 00:59:58 +00:00
[dependencies]
bar = { path = "bar", version = "0.1" }
def = { version = "1.0", registry = "alternative" }
ghi = "1.0"
abc = "1.0"
"#,
2018-12-08 11:19:47 +00:00
)
.file("src/main.rs", "")
2018-07-24 22:35:01 +00:00
.file("bar/Cargo.toml", &basic_manifest("bar", "0.1.0"))
.file("bar/src/lib.rs", "")
.build();
Rewrite Cargo.toml when packaging crates This commit is an implementation of rewriting TOML manifests when we publish them to the registry. The rationale for doing this is to provide a guarantee that downloaded tarballs from crates.io can be built with `cargo build` (literally). This in turn eases a number of other possible consumers of crates from crates.io * Vendored sources can now be more easily modified/checked as cargo build should work and they're standalone crates that suffice for `path` dependencies * Tools like cargobomb/crater no longer need to edit the manifest and can instead perform regression testing on the literal tarballs they download * Other systems such as packaging Rust code may be able to take advantage of this, but this is a less clear benefit. Overall I'm hesitatnt about this, unfortunately. This is a silent translation happening on *publish*, a rare operation, that's difficult to inspect before it flies up to crates.io. I wrote a script to run this transformation over all crates.io crates and found a surprisingly large number of discrepancies. The transformation basically just downloaded all crates at all versions, regenerated the manifest, and then tested if the two manifests were (in memory) the same. Unfortunately historical Cargo had a critical bug which I think made this exercise not too useful. Cargo used to *not* recreate tarballs if one already existed, which I believe led to situations such as: 1. `cargo publish` 2. Cargo generates an error about a dependency. This could be that there's a `version` not present in a `path` dependency, there could be a `git` dependency, etc. 3. Errors are fixed. 4. `cargo publish` 5. Publish is successful In step 4 above historical Cargo *would not recreate the tarball*. This means that the contents of the index (what was published) aren't guaranteed to match with the tarball's `Cargo.toml`. When building from crates.io this is ok as the index is the source of truth for dependency information, but it means that *any* transformation to rewrite Cargo.toml is impossible to verify against all crates on crates.io (due to historical bugs like these). I strove to read as many errors as possible regardless, attempting to suss out bugs in the implementation here. To further guard against surprises I've updated the verification step of packaging to work "normally" in these sense that it's not rewriting dependencies itself or changing summaries. I'm hoping that this serves as a good last-ditch effort that what we're about to publish will indeed build as expected when uploaded to crates.io Overall I'm probably 70% confident in this change. I think it's necessary to make progress, but I think there are going to be very painful bugs that arise from this feature. I'm open to ideas to help weed out these bugs ahead of time! I've done what I can but I fear it may not be entirely enough. Closes #4027
2017-05-11 05:09:44 +00:00
p.cargo("package --no-verify").run();
Rewrite Cargo.toml when packaging crates This commit is an implementation of rewriting TOML manifests when we publish them to the registry. The rationale for doing this is to provide a guarantee that downloaded tarballs from crates.io can be built with `cargo build` (literally). This in turn eases a number of other possible consumers of crates from crates.io * Vendored sources can now be more easily modified/checked as cargo build should work and they're standalone crates that suffice for `path` dependencies * Tools like cargobomb/crater no longer need to edit the manifest and can instead perform regression testing on the literal tarballs they download * Other systems such as packaging Rust code may be able to take advantage of this, but this is a less clear benefit. Overall I'm hesitatnt about this, unfortunately. This is a silent translation happening on *publish*, a rare operation, that's difficult to inspect before it flies up to crates.io. I wrote a script to run this transformation over all crates.io crates and found a surprisingly large number of discrepancies. The transformation basically just downloaded all crates at all versions, regenerated the manifest, and then tested if the two manifests were (in memory) the same. Unfortunately historical Cargo had a critical bug which I think made this exercise not too useful. Cargo used to *not* recreate tarballs if one already existed, which I believe led to situations such as: 1. `cargo publish` 2. Cargo generates an error about a dependency. This could be that there's a `version` not present in a `path` dependency, there could be a `git` dependency, etc. 3. Errors are fixed. 4. `cargo publish` 5. Publish is successful In step 4 above historical Cargo *would not recreate the tarball*. This means that the contents of the index (what was published) aren't guaranteed to match with the tarball's `Cargo.toml`. When building from crates.io this is ok as the index is the source of truth for dependency information, but it means that *any* transformation to rewrite Cargo.toml is impossible to verify against all crates on crates.io (due to historical bugs like these). I strove to read as many errors as possible regardless, attempting to suss out bugs in the implementation here. To further guard against surprises I've updated the verification step of packaging to work "normally" in these sense that it's not rewriting dependencies itself or changing summaries. I'm hoping that this serves as a good last-ditch effort that what we're about to publish will indeed build as expected when uploaded to crates.io Overall I'm probably 70% confident in this change. I think it's necessary to make progress, but I think there are going to be very painful bugs that arise from this feature. I'm open to ideas to help weed out these bugs ahead of time! I've done what I can but I fear it may not be entirely enough. Closes #4027
2017-05-11 05:09:44 +00:00
let f = File::open(&p.root().join("target/package/foo-0.0.1.crate")).unwrap();
let rewritten_toml = format!(
r#"{}
Rewrite Cargo.toml when packaging crates This commit is an implementation of rewriting TOML manifests when we publish them to the registry. The rationale for doing this is to provide a guarantee that downloaded tarballs from crates.io can be built with `cargo build` (literally). This in turn eases a number of other possible consumers of crates from crates.io * Vendored sources can now be more easily modified/checked as cargo build should work and they're standalone crates that suffice for `path` dependencies * Tools like cargobomb/crater no longer need to edit the manifest and can instead perform regression testing on the literal tarballs they download * Other systems such as packaging Rust code may be able to take advantage of this, but this is a less clear benefit. Overall I'm hesitatnt about this, unfortunately. This is a silent translation happening on *publish*, a rare operation, that's difficult to inspect before it flies up to crates.io. I wrote a script to run this transformation over all crates.io crates and found a surprisingly large number of discrepancies. The transformation basically just downloaded all crates at all versions, regenerated the manifest, and then tested if the two manifests were (in memory) the same. Unfortunately historical Cargo had a critical bug which I think made this exercise not too useful. Cargo used to *not* recreate tarballs if one already existed, which I believe led to situations such as: 1. `cargo publish` 2. Cargo generates an error about a dependency. This could be that there's a `version` not present in a `path` dependency, there could be a `git` dependency, etc. 3. Errors are fixed. 4. `cargo publish` 5. Publish is successful In step 4 above historical Cargo *would not recreate the tarball*. This means that the contents of the index (what was published) aren't guaranteed to match with the tarball's `Cargo.toml`. When building from crates.io this is ok as the index is the source of truth for dependency information, but it means that *any* transformation to rewrite Cargo.toml is impossible to verify against all crates on crates.io (due to historical bugs like these). I strove to read as many errors as possible regardless, attempting to suss out bugs in the implementation here. To further guard against surprises I've updated the verification step of packaging to work "normally" in these sense that it's not rewriting dependencies itself or changing summaries. I'm hoping that this serves as a good last-ditch effort that what we're about to publish will indeed build as expected when uploaded to crates.io Overall I'm probably 70% confident in this change. I think it's necessary to make progress, but I think there are going to be very painful bugs that arise from this feature. I'm open to ideas to help weed out these bugs ahead of time! I've done what I can but I fear it may not be entirely enough. Closes #4027
2017-05-11 05:09:44 +00:00
[package]
name = "foo"
version = "0.0.1"
authors = []
exclude = ["*.txt"]
description = "foo"
license = "MIT"
[package.metadata]
foo = "bar"
[dependencies.abc]
version = "1.0"
Rewrite Cargo.toml when packaging crates This commit is an implementation of rewriting TOML manifests when we publish them to the registry. The rationale for doing this is to provide a guarantee that downloaded tarballs from crates.io can be built with `cargo build` (literally). This in turn eases a number of other possible consumers of crates from crates.io * Vendored sources can now be more easily modified/checked as cargo build should work and they're standalone crates that suffice for `path` dependencies * Tools like cargobomb/crater no longer need to edit the manifest and can instead perform regression testing on the literal tarballs they download * Other systems such as packaging Rust code may be able to take advantage of this, but this is a less clear benefit. Overall I'm hesitatnt about this, unfortunately. This is a silent translation happening on *publish*, a rare operation, that's difficult to inspect before it flies up to crates.io. I wrote a script to run this transformation over all crates.io crates and found a surprisingly large number of discrepancies. The transformation basically just downloaded all crates at all versions, regenerated the manifest, and then tested if the two manifests were (in memory) the same. Unfortunately historical Cargo had a critical bug which I think made this exercise not too useful. Cargo used to *not* recreate tarballs if one already existed, which I believe led to situations such as: 1. `cargo publish` 2. Cargo generates an error about a dependency. This could be that there's a `version` not present in a `path` dependency, there could be a `git` dependency, etc. 3. Errors are fixed. 4. `cargo publish` 5. Publish is successful In step 4 above historical Cargo *would not recreate the tarball*. This means that the contents of the index (what was published) aren't guaranteed to match with the tarball's `Cargo.toml`. When building from crates.io this is ok as the index is the source of truth for dependency information, but it means that *any* transformation to rewrite Cargo.toml is impossible to verify against all crates on crates.io (due to historical bugs like these). I strove to read as many errors as possible regardless, attempting to suss out bugs in the implementation here. To further guard against surprises I've updated the verification step of packaging to work "normally" in these sense that it's not rewriting dependencies itself or changing summaries. I'm hoping that this serves as a good last-ditch effort that what we're about to publish will indeed build as expected when uploaded to crates.io Overall I'm probably 70% confident in this change. I think it's necessary to make progress, but I think there are going to be very painful bugs that arise from this feature. I'm open to ideas to help weed out these bugs ahead of time! I've done what I can but I fear it may not be entirely enough. Closes #4027
2017-05-11 05:09:44 +00:00
[dependencies.bar]
version = "0.1"
[dependencies.def]
version = "1.0"
2018-01-18 19:53:12 +00:00
registry-index = "{}"
[dependencies.ghi]
version = "1.0"
"#,
cargo::core::package::MANIFEST_PREAMBLE,
registry.index_url()
);
validate_crate_contents(
f,
"foo-0.0.1.crate",
2019-06-10 19:38:51 +00:00
&["Cargo.lock", "Cargo.toml", "Cargo.toml.orig", "src/main.rs"],
&[("Cargo.toml", &rewritten_toml)],
2018-03-14 15:17:44 +00:00
);
Rewrite Cargo.toml when packaging crates This commit is an implementation of rewriting TOML manifests when we publish them to the registry. The rationale for doing this is to provide a guarantee that downloaded tarballs from crates.io can be built with `cargo build` (literally). This in turn eases a number of other possible consumers of crates from crates.io * Vendored sources can now be more easily modified/checked as cargo build should work and they're standalone crates that suffice for `path` dependencies * Tools like cargobomb/crater no longer need to edit the manifest and can instead perform regression testing on the literal tarballs they download * Other systems such as packaging Rust code may be able to take advantage of this, but this is a less clear benefit. Overall I'm hesitatnt about this, unfortunately. This is a silent translation happening on *publish*, a rare operation, that's difficult to inspect before it flies up to crates.io. I wrote a script to run this transformation over all crates.io crates and found a surprisingly large number of discrepancies. The transformation basically just downloaded all crates at all versions, regenerated the manifest, and then tested if the two manifests were (in memory) the same. Unfortunately historical Cargo had a critical bug which I think made this exercise not too useful. Cargo used to *not* recreate tarballs if one already existed, which I believe led to situations such as: 1. `cargo publish` 2. Cargo generates an error about a dependency. This could be that there's a `version` not present in a `path` dependency, there could be a `git` dependency, etc. 3. Errors are fixed. 4. `cargo publish` 5. Publish is successful In step 4 above historical Cargo *would not recreate the tarball*. This means that the contents of the index (what was published) aren't guaranteed to match with the tarball's `Cargo.toml`. When building from crates.io this is ok as the index is the source of truth for dependency information, but it means that *any* transformation to rewrite Cargo.toml is impossible to verify against all crates on crates.io (due to historical bugs like these). I strove to read as many errors as possible regardless, attempting to suss out bugs in the implementation here. To further guard against surprises I've updated the verification step of packaging to work "normally" in these sense that it's not rewriting dependencies itself or changing summaries. I'm hoping that this serves as a good last-ditch effort that what we're about to publish will indeed build as expected when uploaded to crates.io Overall I'm probably 70% confident in this change. I think it's necessary to make progress, but I think there are going to be very painful bugs that arise from this feature. I'm open to ideas to help weed out these bugs ahead of time! I've done what I can but I fear it may not be entirely enough. Closes #4027
2017-05-11 05:09:44 +00:00
}
#[cargo_test]
Rewrite Cargo.toml when packaging crates This commit is an implementation of rewriting TOML manifests when we publish them to the registry. The rationale for doing this is to provide a guarantee that downloaded tarballs from crates.io can be built with `cargo build` (literally). This in turn eases a number of other possible consumers of crates from crates.io * Vendored sources can now be more easily modified/checked as cargo build should work and they're standalone crates that suffice for `path` dependencies * Tools like cargobomb/crater no longer need to edit the manifest and can instead perform regression testing on the literal tarballs they download * Other systems such as packaging Rust code may be able to take advantage of this, but this is a less clear benefit. Overall I'm hesitatnt about this, unfortunately. This is a silent translation happening on *publish*, a rare operation, that's difficult to inspect before it flies up to crates.io. I wrote a script to run this transformation over all crates.io crates and found a surprisingly large number of discrepancies. The transformation basically just downloaded all crates at all versions, regenerated the manifest, and then tested if the two manifests were (in memory) the same. Unfortunately historical Cargo had a critical bug which I think made this exercise not too useful. Cargo used to *not* recreate tarballs if one already existed, which I believe led to situations such as: 1. `cargo publish` 2. Cargo generates an error about a dependency. This could be that there's a `version` not present in a `path` dependency, there could be a `git` dependency, etc. 3. Errors are fixed. 4. `cargo publish` 5. Publish is successful In step 4 above historical Cargo *would not recreate the tarball*. This means that the contents of the index (what was published) aren't guaranteed to match with the tarball's `Cargo.toml`. When building from crates.io this is ok as the index is the source of truth for dependency information, but it means that *any* transformation to rewrite Cargo.toml is impossible to verify against all crates on crates.io (due to historical bugs like these). I strove to read as many errors as possible regardless, attempting to suss out bugs in the implementation here. To further guard against surprises I've updated the verification step of packaging to work "normally" in these sense that it's not rewriting dependencies itself or changing summaries. I'm hoping that this serves as a good last-ditch effort that what we're about to publish will indeed build as expected when uploaded to crates.io Overall I'm probably 70% confident in this change. I think it's necessary to make progress, but I think there are going to be very painful bugs that arise from this feature. I'm open to ideas to help weed out these bugs ahead of time! I've done what I can but I fear it may not be entirely enough. Closes #4027
2017-05-11 05:09:44 +00:00
fn ignore_workspace_specifier() {
let p = project()
2018-03-14 15:17:44 +00:00
.file(
"Cargo.toml",
r#"
[package]
2020-09-27 00:59:58 +00:00
name = "foo"
version = "0.0.1"
2020-09-27 00:59:58 +00:00
authors = []
Rewrite Cargo.toml when packaging crates This commit is an implementation of rewriting TOML manifests when we publish them to the registry. The rationale for doing this is to provide a guarantee that downloaded tarballs from crates.io can be built with `cargo build` (literally). This in turn eases a number of other possible consumers of crates from crates.io * Vendored sources can now be more easily modified/checked as cargo build should work and they're standalone crates that suffice for `path` dependencies * Tools like cargobomb/crater no longer need to edit the manifest and can instead perform regression testing on the literal tarballs they download * Other systems such as packaging Rust code may be able to take advantage of this, but this is a less clear benefit. Overall I'm hesitatnt about this, unfortunately. This is a silent translation happening on *publish*, a rare operation, that's difficult to inspect before it flies up to crates.io. I wrote a script to run this transformation over all crates.io crates and found a surprisingly large number of discrepancies. The transformation basically just downloaded all crates at all versions, regenerated the manifest, and then tested if the two manifests were (in memory) the same. Unfortunately historical Cargo had a critical bug which I think made this exercise not too useful. Cargo used to *not* recreate tarballs if one already existed, which I believe led to situations such as: 1. `cargo publish` 2. Cargo generates an error about a dependency. This could be that there's a `version` not present in a `path` dependency, there could be a `git` dependency, etc. 3. Errors are fixed. 4. `cargo publish` 5. Publish is successful In step 4 above historical Cargo *would not recreate the tarball*. This means that the contents of the index (what was published) aren't guaranteed to match with the tarball's `Cargo.toml`. When building from crates.io this is ok as the index is the source of truth for dependency information, but it means that *any* transformation to rewrite Cargo.toml is impossible to verify against all crates on crates.io (due to historical bugs like these). I strove to read as many errors as possible regardless, attempting to suss out bugs in the implementation here. To further guard against surprises I've updated the verification step of packaging to work "normally" in these sense that it's not rewriting dependencies itself or changing summaries. I'm hoping that this serves as a good last-ditch effort that what we're about to publish will indeed build as expected when uploaded to crates.io Overall I'm probably 70% confident in this change. I think it's necessary to make progress, but I think there are going to be very painful bugs that arise from this feature. I'm open to ideas to help weed out these bugs ahead of time! I've done what I can but I fear it may not be entirely enough. Closes #4027
2017-05-11 05:09:44 +00:00
2020-09-27 00:59:58 +00:00
[workspace]
Rewrite Cargo.toml when packaging crates This commit is an implementation of rewriting TOML manifests when we publish them to the registry. The rationale for doing this is to provide a guarantee that downloaded tarballs from crates.io can be built with `cargo build` (literally). This in turn eases a number of other possible consumers of crates from crates.io * Vendored sources can now be more easily modified/checked as cargo build should work and they're standalone crates that suffice for `path` dependencies * Tools like cargobomb/crater no longer need to edit the manifest and can instead perform regression testing on the literal tarballs they download * Other systems such as packaging Rust code may be able to take advantage of this, but this is a less clear benefit. Overall I'm hesitatnt about this, unfortunately. This is a silent translation happening on *publish*, a rare operation, that's difficult to inspect before it flies up to crates.io. I wrote a script to run this transformation over all crates.io crates and found a surprisingly large number of discrepancies. The transformation basically just downloaded all crates at all versions, regenerated the manifest, and then tested if the two manifests were (in memory) the same. Unfortunately historical Cargo had a critical bug which I think made this exercise not too useful. Cargo used to *not* recreate tarballs if one already existed, which I believe led to situations such as: 1. `cargo publish` 2. Cargo generates an error about a dependency. This could be that there's a `version` not present in a `path` dependency, there could be a `git` dependency, etc. 3. Errors are fixed. 4. `cargo publish` 5. Publish is successful In step 4 above historical Cargo *would not recreate the tarball*. This means that the contents of the index (what was published) aren't guaranteed to match with the tarball's `Cargo.toml`. When building from crates.io this is ok as the index is the source of truth for dependency information, but it means that *any* transformation to rewrite Cargo.toml is impossible to verify against all crates on crates.io (due to historical bugs like these). I strove to read as many errors as possible regardless, attempting to suss out bugs in the implementation here. To further guard against surprises I've updated the verification step of packaging to work "normally" in these sense that it's not rewriting dependencies itself or changing summaries. I'm hoping that this serves as a good last-ditch effort that what we're about to publish will indeed build as expected when uploaded to crates.io Overall I'm probably 70% confident in this change. I think it's necessary to make progress, but I think there are going to be very painful bugs that arise from this feature. I'm open to ideas to help weed out these bugs ahead of time! I've done what I can but I fear it may not be entirely enough. Closes #4027
2017-05-11 05:09:44 +00:00
2020-09-27 00:59:58 +00:00
[dependencies]
bar = { path = "bar", version = "0.1" }
"#,
2018-12-08 11:19:47 +00:00
)
.file("src/main.rs", "")
2018-03-14 15:17:44 +00:00
.file(
"bar/Cargo.toml",
r#"
2020-09-27 00:59:58 +00:00
[package]
name = "bar"
version = "0.1.0"
authors = []
workspace = ".."
"#,
2018-12-08 11:19:47 +00:00
)
.file("bar/src/lib.rs", "")
.build();
Rewrite Cargo.toml when packaging crates This commit is an implementation of rewriting TOML manifests when we publish them to the registry. The rationale for doing this is to provide a guarantee that downloaded tarballs from crates.io can be built with `cargo build` (literally). This in turn eases a number of other possible consumers of crates from crates.io * Vendored sources can now be more easily modified/checked as cargo build should work and they're standalone crates that suffice for `path` dependencies * Tools like cargobomb/crater no longer need to edit the manifest and can instead perform regression testing on the literal tarballs they download * Other systems such as packaging Rust code may be able to take advantage of this, but this is a less clear benefit. Overall I'm hesitatnt about this, unfortunately. This is a silent translation happening on *publish*, a rare operation, that's difficult to inspect before it flies up to crates.io. I wrote a script to run this transformation over all crates.io crates and found a surprisingly large number of discrepancies. The transformation basically just downloaded all crates at all versions, regenerated the manifest, and then tested if the two manifests were (in memory) the same. Unfortunately historical Cargo had a critical bug which I think made this exercise not too useful. Cargo used to *not* recreate tarballs if one already existed, which I believe led to situations such as: 1. `cargo publish` 2. Cargo generates an error about a dependency. This could be that there's a `version` not present in a `path` dependency, there could be a `git` dependency, etc. 3. Errors are fixed. 4. `cargo publish` 5. Publish is successful In step 4 above historical Cargo *would not recreate the tarball*. This means that the contents of the index (what was published) aren't guaranteed to match with the tarball's `Cargo.toml`. When building from crates.io this is ok as the index is the source of truth for dependency information, but it means that *any* transformation to rewrite Cargo.toml is impossible to verify against all crates on crates.io (due to historical bugs like these). I strove to read as many errors as possible regardless, attempting to suss out bugs in the implementation here. To further guard against surprises I've updated the verification step of packaging to work "normally" in these sense that it's not rewriting dependencies itself or changing summaries. I'm hoping that this serves as a good last-ditch effort that what we're about to publish will indeed build as expected when uploaded to crates.io Overall I'm probably 70% confident in this change. I think it's necessary to make progress, but I think there are going to be very painful bugs that arise from this feature. I'm open to ideas to help weed out these bugs ahead of time! I've done what I can but I fear it may not be entirely enough. Closes #4027
2017-05-11 05:09:44 +00:00
2019-04-05 19:55:01 +00:00
p.cargo("package --no-verify").cwd("bar").run();
Rewrite Cargo.toml when packaging crates This commit is an implementation of rewriting TOML manifests when we publish them to the registry. The rationale for doing this is to provide a guarantee that downloaded tarballs from crates.io can be built with `cargo build` (literally). This in turn eases a number of other possible consumers of crates from crates.io * Vendored sources can now be more easily modified/checked as cargo build should work and they're standalone crates that suffice for `path` dependencies * Tools like cargobomb/crater no longer need to edit the manifest and can instead perform regression testing on the literal tarballs they download * Other systems such as packaging Rust code may be able to take advantage of this, but this is a less clear benefit. Overall I'm hesitatnt about this, unfortunately. This is a silent translation happening on *publish*, a rare operation, that's difficult to inspect before it flies up to crates.io. I wrote a script to run this transformation over all crates.io crates and found a surprisingly large number of discrepancies. The transformation basically just downloaded all crates at all versions, regenerated the manifest, and then tested if the two manifests were (in memory) the same. Unfortunately historical Cargo had a critical bug which I think made this exercise not too useful. Cargo used to *not* recreate tarballs if one already existed, which I believe led to situations such as: 1. `cargo publish` 2. Cargo generates an error about a dependency. This could be that there's a `version` not present in a `path` dependency, there could be a `git` dependency, etc. 3. Errors are fixed. 4. `cargo publish` 5. Publish is successful In step 4 above historical Cargo *would not recreate the tarball*. This means that the contents of the index (what was published) aren't guaranteed to match with the tarball's `Cargo.toml`. When building from crates.io this is ok as the index is the source of truth for dependency information, but it means that *any* transformation to rewrite Cargo.toml is impossible to verify against all crates on crates.io (due to historical bugs like these). I strove to read as many errors as possible regardless, attempting to suss out bugs in the implementation here. To further guard against surprises I've updated the verification step of packaging to work "normally" in these sense that it's not rewriting dependencies itself or changing summaries. I'm hoping that this serves as a good last-ditch effort that what we're about to publish will indeed build as expected when uploaded to crates.io Overall I'm probably 70% confident in this change. I think it's necessary to make progress, but I think there are going to be very painful bugs that arise from this feature. I'm open to ideas to help weed out these bugs ahead of time! I've done what I can but I fear it may not be entirely enough. Closes #4027
2017-05-11 05:09:44 +00:00
let f = File::open(&p.root().join("target/package/bar-0.1.0.crate")).unwrap();
let rewritten_toml = format!(
r#"{}
Rewrite Cargo.toml when packaging crates This commit is an implementation of rewriting TOML manifests when we publish them to the registry. The rationale for doing this is to provide a guarantee that downloaded tarballs from crates.io can be built with `cargo build` (literally). This in turn eases a number of other possible consumers of crates from crates.io * Vendored sources can now be more easily modified/checked as cargo build should work and they're standalone crates that suffice for `path` dependencies * Tools like cargobomb/crater no longer need to edit the manifest and can instead perform regression testing on the literal tarballs they download * Other systems such as packaging Rust code may be able to take advantage of this, but this is a less clear benefit. Overall I'm hesitatnt about this, unfortunately. This is a silent translation happening on *publish*, a rare operation, that's difficult to inspect before it flies up to crates.io. I wrote a script to run this transformation over all crates.io crates and found a surprisingly large number of discrepancies. The transformation basically just downloaded all crates at all versions, regenerated the manifest, and then tested if the two manifests were (in memory) the same. Unfortunately historical Cargo had a critical bug which I think made this exercise not too useful. Cargo used to *not* recreate tarballs if one already existed, which I believe led to situations such as: 1. `cargo publish` 2. Cargo generates an error about a dependency. This could be that there's a `version` not present in a `path` dependency, there could be a `git` dependency, etc. 3. Errors are fixed. 4. `cargo publish` 5. Publish is successful In step 4 above historical Cargo *would not recreate the tarball*. This means that the contents of the index (what was published) aren't guaranteed to match with the tarball's `Cargo.toml`. When building from crates.io this is ok as the index is the source of truth for dependency information, but it means that *any* transformation to rewrite Cargo.toml is impossible to verify against all crates on crates.io (due to historical bugs like these). I strove to read as many errors as possible regardless, attempting to suss out bugs in the implementation here. To further guard against surprises I've updated the verification step of packaging to work "normally" in these sense that it's not rewriting dependencies itself or changing summaries. I'm hoping that this serves as a good last-ditch effort that what we're about to publish will indeed build as expected when uploaded to crates.io Overall I'm probably 70% confident in this change. I think it's necessary to make progress, but I think there are going to be very painful bugs that arise from this feature. I'm open to ideas to help weed out these bugs ahead of time! I've done what I can but I fear it may not be entirely enough. Closes #4027
2017-05-11 05:09:44 +00:00
[package]
name = "bar"
version = "0.1.0"
authors = []
"#,
cargo::core::package::MANIFEST_PREAMBLE
);
validate_crate_contents(
f,
"bar-0.1.0.crate",
&["Cargo.toml", "Cargo.toml.orig", "src/lib.rs"],
&[("Cargo.toml", &rewritten_toml)],
2018-03-14 15:17:44 +00:00
);
Rewrite Cargo.toml when packaging crates This commit is an implementation of rewriting TOML manifests when we publish them to the registry. The rationale for doing this is to provide a guarantee that downloaded tarballs from crates.io can be built with `cargo build` (literally). This in turn eases a number of other possible consumers of crates from crates.io * Vendored sources can now be more easily modified/checked as cargo build should work and they're standalone crates that suffice for `path` dependencies * Tools like cargobomb/crater no longer need to edit the manifest and can instead perform regression testing on the literal tarballs they download * Other systems such as packaging Rust code may be able to take advantage of this, but this is a less clear benefit. Overall I'm hesitatnt about this, unfortunately. This is a silent translation happening on *publish*, a rare operation, that's difficult to inspect before it flies up to crates.io. I wrote a script to run this transformation over all crates.io crates and found a surprisingly large number of discrepancies. The transformation basically just downloaded all crates at all versions, regenerated the manifest, and then tested if the two manifests were (in memory) the same. Unfortunately historical Cargo had a critical bug which I think made this exercise not too useful. Cargo used to *not* recreate tarballs if one already existed, which I believe led to situations such as: 1. `cargo publish` 2. Cargo generates an error about a dependency. This could be that there's a `version` not present in a `path` dependency, there could be a `git` dependency, etc. 3. Errors are fixed. 4. `cargo publish` 5. Publish is successful In step 4 above historical Cargo *would not recreate the tarball*. This means that the contents of the index (what was published) aren't guaranteed to match with the tarball's `Cargo.toml`. When building from crates.io this is ok as the index is the source of truth for dependency information, but it means that *any* transformation to rewrite Cargo.toml is impossible to verify against all crates on crates.io (due to historical bugs like these). I strove to read as many errors as possible regardless, attempting to suss out bugs in the implementation here. To further guard against surprises I've updated the verification step of packaging to work "normally" in these sense that it's not rewriting dependencies itself or changing summaries. I'm hoping that this serves as a good last-ditch effort that what we're about to publish will indeed build as expected when uploaded to crates.io Overall I'm probably 70% confident in this change. I think it's necessary to make progress, but I think there are going to be very painful bugs that arise from this feature. I'm open to ideas to help weed out these bugs ahead of time! I've done what I can but I fear it may not be entirely enough. Closes #4027
2017-05-11 05:09:44 +00:00
}
#[cargo_test]
fn package_two_kinds_of_deps() {
Package::new("other", "1.0.0").publish();
Package::new("other1", "1.0.0").publish();
let p = project()
2018-03-14 15:17:44 +00:00
.file(
"Cargo.toml",
r#"
[package]
2020-09-27 00:59:58 +00:00
name = "foo"
version = "0.0.1"
authors = []
2020-09-27 00:59:58 +00:00
[dependencies]
other = "1.0"
other1 = { version = "1.0" }
"#,
2018-12-08 11:19:47 +00:00
)
.file("src/main.rs", "")
.build();
p.cargo("package --no-verify").run();
}
2018-02-05 21:42:42 +00:00
#[cargo_test]
2018-03-21 16:41:22 +00:00
fn test_edition() {
let p = project()
2018-03-14 15:17:44 +00:00
.file(
"Cargo.toml",
r#"
2020-09-27 00:59:58 +00:00
cargo-features = ["edition"]
[package]
name = "foo"
version = "0.0.1"
authors = []
edition = "2018"
"#,
2018-12-08 11:19:47 +00:00
)
.file("src/lib.rs", r#" "#)
2018-02-05 21:42:42 +00:00
.build();
p.cargo("check -v")
2018-12-08 11:19:47 +00:00
.with_stderr_contains(
"\
[CHECKING] foo v0.0.1 ([..])
[RUNNING] `rustc [..]--edition=2018 [..]
2018-12-08 11:19:47 +00:00
",
)
.run();
2018-02-05 21:42:42 +00:00
}
#[cargo_test]
fn edition_with_metadata() {
let p = project()
.file(
"Cargo.toml",
r#"
[package]
name = "foo"
version = "0.0.1"
authors = []
edition = "2018"
[package.metadata.docs.rs]
features = ["foobar"]
"#,
2018-12-08 11:19:47 +00:00
)
.file("src/lib.rs", "")
.build();
p.cargo("package").run();
2018-02-05 21:42:42 +00:00
}
#[cargo_test]
2018-03-21 16:41:22 +00:00
fn test_edition_malformed() {
let p = project()
2018-03-14 15:17:44 +00:00
.file(
"Cargo.toml",
r#"
[package]
name = "foo"
version = "0.0.1"
authors = []
edition = "chicken"
"#,
2018-12-08 11:19:47 +00:00
)
.file("src/lib.rs", r#" "#)
2018-02-05 21:42:42 +00:00
.build();
p.cargo("check -v")
.with_status(101)
.with_stderr(
2018-03-14 15:17:44 +00:00
"\
2018-02-05 21:42:42 +00:00
error: failed to parse manifest at `[..]`
Caused by:
failed to parse the `edition` key
Caused by:
2023-10-04 16:13:16 +00:00
supported edition values are `2015`, `2018`, `2021`, or `2024`, but `chicken` is unknown
2018-12-08 11:19:47 +00:00
"
.to_string(),
)
.run();
2018-02-05 21:42:42 +00:00
}
2020-04-15 14:03:09 +00:00
#[cargo_test]
fn test_edition_from_the_future() {
let p = project()
.file(
"Cargo.toml",
r#"[package]
edition = "2038"
name = "foo"
version = "99.99.99"
authors = []
"#,
)
.file("src/main.rs", r#""#)
.build();
p.cargo("check")
2020-04-15 14:03:09 +00:00
.with_status(101)
.with_stderr(
"\
error: failed to parse manifest at `[..]`
Caused by:
failed to parse the `edition` key
Caused by:
2023-10-04 16:13:16 +00:00
this version of Cargo is older than the `2038` edition, and only supports `2015`, `2018`, `2021`, and `2024` editions.
2020-04-15 14:03:09 +00:00
"
.to_string(),
)
.run();
}
#[cargo_test]
fn do_not_package_if_src_was_modified() {
let p = project()
.file("src/main.rs", r#"fn main() { println!("hello"); }"#)
.file("dir/foo.txt", "")
2019-03-13 03:33:45 +00:00
.file("bar.txt", "")
.file(
"build.rs",
r#"
2020-09-27 00:59:58 +00:00
use std::fs;
fn main() {
fs::write("src/generated.txt",
"Hello, world of generated files."
).expect("failed to create file");
fs::remove_file("dir/foo.txt").expect("failed to remove file");
fs::remove_dir("dir").expect("failed to remove dir");
fs::write("bar.txt", "updated content").expect("failed to update");
fs::create_dir("new-dir").expect("failed to create dir");
}
"#,
2018-12-08 11:19:47 +00:00
)
.build();
p.cargo("package")
.with_status(101)
.with_stderr_contains(
"\
2018-05-29 09:05:34 +00:00
error: failed to verify package tarball
Caused by:
Source directory was modified by build.rs during cargo publish. \
Build scripts should not modify anything outside of OUT_DIR.
Changed: [CWD]/target/package/foo-0.0.1/bar.txt
Added: [CWD]/target/package/foo-0.0.1/new-dir
<tab>[CWD]/target/package/foo-0.0.1/src/generated.txt
Removed: [CWD]/target/package/foo-0.0.1/dir
<tab>[CWD]/target/package/foo-0.0.1/dir/foo.txt
To proceed despite this, pass the `--no-verify` flag.",
2018-12-08 11:19:47 +00:00
)
.run();
p.cargo("package --no-verify").run();
}
#[cargo_test]
fn package_with_select_features() {
let p = project()
.file(
"Cargo.toml",
r#"
[package]
2020-09-27 00:59:58 +00:00
name = "foo"
version = "0.0.1"
authors = []
license = "MIT"
description = "foo"
2020-09-27 00:59:58 +00:00
[features]
required = []
optional = []
"#,
2019-01-27 13:39:49 +00:00
)
.file(
"src/main.rs",
"#[cfg(not(feature = \"required\"))]
compile_error!(\"This crate requires `required` feature!\");
fn main() {}",
2019-01-27 13:39:49 +00:00
)
.build();
p.cargo("package --features required").run();
}
#[cargo_test]
fn package_with_all_features() {
let p = project()
.file(
"Cargo.toml",
r#"
[package]
2020-09-27 00:59:58 +00:00
name = "foo"
version = "0.0.1"
authors = []
license = "MIT"
description = "foo"
2020-09-27 00:59:58 +00:00
[features]
required = []
optional = []
"#,
2019-01-27 13:39:49 +00:00
)
.file(
"src/main.rs",
"#[cfg(not(feature = \"required\"))]
compile_error!(\"This crate requires `required` feature!\");
fn main() {}",
2019-01-27 13:39:49 +00:00
)
.build();
p.cargo("package --all-features").run();
}
#[cargo_test]
fn package_no_default_features() {
let p = project()
.file(
"Cargo.toml",
r#"
[package]
2020-09-27 00:59:58 +00:00
name = "foo"
version = "0.0.1"
authors = []
license = "MIT"
description = "foo"
2020-09-27 00:59:58 +00:00
[features]
default = ["required"]
required = []
"#,
2019-01-27 13:39:49 +00:00
)
.file(
"src/main.rs",
"#[cfg(not(feature = \"required\"))]
compile_error!(\"This crate requires `required` feature!\");
fn main() {}",
2019-01-27 13:39:49 +00:00
)
.build();
p.cargo("package --no-default-features")
.with_stderr_contains("error: This crate requires `required` feature!")
.with_status(101)
.run();
}
#[cargo_test]
fn include_cargo_toml_implicit() {
let p = project()
.file(
"Cargo.toml",
r#"
[package]
name = "foo"
version = "0.1.0"
include = ["src/lib.rs"]
"#,
)
.file("src/lib.rs", "")
.build();
p.cargo("package --list")
.with_stdout("Cargo.toml\nCargo.toml.orig\nsrc/lib.rs\n")
.run();
}
2019-07-23 20:49:17 +00:00
fn include_exclude_test(include: &str, exclude: &str, files: &[&str], expected: &str) {
let mut pb = project().file(
"Cargo.toml",
&format!(
r#"
[package]
name = "foo"
version = "0.1.0"
authors = []
license = "MIT"
description = "foo"
documentation = "foo"
homepage = "foo"
repository = "foo"
include = {}
exclude = {}
"#,
include, exclude
),
);
for file in files {
pb = pb.file(file, "");
}
let p = pb.build();
2019-07-23 20:49:17 +00:00
p.cargo("package --list")
.with_stderr("")
.with_stdout(expected)
.run();
p.root().rm_rf();
}
#[cargo_test]
fn package_include_ignore_only() {
// Test with a gitignore pattern that fails to parse with glob.
// This is a somewhat nonsense pattern, but is an example of something git
// allows and glob does not.
assert!(glob::Pattern::new("src/abc**").is_err());
include_exclude_test(
r#"["Cargo.toml", "src/abc**", "src/lib.rs"]"#,
"[]",
&["src/lib.rs", "src/abc1.rs", "src/abc2.rs", "src/abc/mod.rs"],
"Cargo.toml\n\
Cargo.toml.orig\n\
src/abc/mod.rs\n\
src/abc1.rs\n\
src/abc2.rs\n\
src/lib.rs\n\
",
)
}
#[cargo_test]
fn gitignore_patterns() {
include_exclude_test(
r#"["Cargo.toml", "foo"]"#, // include
"[]",
&["src/lib.rs", "foo", "a/foo", "a/b/foo", "x/foo/y", "bar"],
"Cargo.toml\n\
Cargo.toml.orig\n\
a/b/foo\n\
a/foo\n\
foo\n\
x/foo/y\n\
",
);
include_exclude_test(
r#"["Cargo.toml", "/foo"]"#, // include
"[]",
&["src/lib.rs", "foo", "a/foo", "a/b/foo", "x/foo/y", "bar"],
"Cargo.toml\n\
Cargo.toml.orig\n\
foo\n\
",
);
include_exclude_test(
"[]",
r#"["foo/"]"#, // exclude
&["src/lib.rs", "foo", "a/foo", "x/foo/y", "bar"],
"Cargo.toml\n\
Cargo.toml.orig\n\
a/foo\n\
bar\n\
foo\n\
src/lib.rs\n\
",
);
include_exclude_test(
"[]",
r#"["*.txt", "[ab]", "[x-z]"]"#, // exclude
&[
"src/lib.rs",
"foo.txt",
"bar/foo.txt",
"other",
"a",
"b",
"c",
"x",
"y",
"z",
],
"Cargo.toml\n\
Cargo.toml.orig\n\
c\n\
other\n\
src/lib.rs\n\
",
);
include_exclude_test(
r#"["Cargo.toml", "**/foo/bar"]"#, // include
"[]",
&["src/lib.rs", "a/foo/bar", "foo", "bar"],
"Cargo.toml\n\
Cargo.toml.orig\n\
a/foo/bar\n\
",
);
include_exclude_test(
r#"["Cargo.toml", "foo/**"]"#, // include
"[]",
&["src/lib.rs", "a/foo/bar", "foo/x/y/z"],
"Cargo.toml\n\
Cargo.toml.orig\n\
foo/x/y/z\n\
",
);
include_exclude_test(
r#"["Cargo.toml", "a/**/b"]"#, // include
"[]",
&["src/lib.rs", "a/b", "a/x/b", "a/x/y/b"],
"Cargo.toml\n\
Cargo.toml.orig\n\
a/b\n\
a/x/b\n\
a/x/y/b\n\
",
);
}
#[cargo_test]
fn gitignore_negate() {
include_exclude_test(
r#"["Cargo.toml", "*.rs", "!foo.rs", "\\!important"]"#, // include
"[]",
&["src/lib.rs", "foo.rs", "!important"],
"!important\n\
Cargo.toml\n\
Cargo.toml.orig\n\
src/lib.rs\n\
",
);
// NOTE: This is unusual compared to git. Git treats `src/` as a
// short-circuit which means rules like `!src/foo.rs` would never run.
// However, because Cargo only works by iterating over *files*, it doesn't
// short-circuit.
include_exclude_test(
r#"["Cargo.toml", "src/", "!src/foo.rs"]"#, // include
"[]",
&["src/lib.rs", "src/foo.rs"],
"Cargo.toml\n\
Cargo.toml.orig\n\
src/lib.rs\n\
",
);
include_exclude_test(
r#"["Cargo.toml", "src/*.rs", "!foo.rs"]"#, // include
"[]",
&["src/lib.rs", "foo.rs", "src/foo.rs", "src/bar/foo.rs"],
"Cargo.toml\n\
Cargo.toml.orig\n\
src/lib.rs\n\
",
);
include_exclude_test(
"[]",
r#"["*.rs", "!foo.rs", "\\!important"]"#, // exclude
&["src/lib.rs", "foo.rs", "!important"],
"Cargo.toml\n\
Cargo.toml.orig\n\
foo.rs\n\
",
);
}
#[cargo_test]
fn exclude_dot_files_and_directories_by_default() {
include_exclude_test(
"[]",
"[]",
&["src/lib.rs", ".dotfile", ".dotdir/file"],
"Cargo.toml\n\
Cargo.toml.orig\n\
src/lib.rs\n\
",
);
include_exclude_test(
r#"["Cargo.toml", "src/lib.rs", ".dotfile", ".dotdir/file"]"#,
"[]",
&["src/lib.rs", ".dotfile", ".dotdir/file"],
".dotdir/file\n\
.dotfile\n\
Cargo.toml\n\
Cargo.toml.orig\n\
src/lib.rs\n\
",
);
}
#[cargo_test]
fn empty_readme_path() {
// Warn but don't fail if `readme` is empty.
// Issue #11522.
let p = project()
.file(
"Cargo.toml",
r#"
[package]
name = "foo"
version = "1.0.0"
readme = ""
license = "MIT"
description = "foo"
homepage = "foo"
"#,
)
.file("src/lib.rs", "")
.build();
p.cargo("package --no-verify")
.with_stderr(
"\
[WARNING] readme `` does not appear to exist (relative to `[..]/foo`).
Please update the readme setting in the manifest at `[..]/foo/Cargo.toml`
This may become a hard error in the future.
[PACKAGING] foo v1.0.0 ([..]/foo)
[PACKAGED] [..] files, [..] ([..] compressed)
",
)
.run();
}
#[cargo_test]
fn invalid_readme_path() {
// Warn but don't fail if `readme` path is invalid.
// Issue #11522.
let p = project()
.file(
"Cargo.toml",
r#"
[package]
name = "foo"
version = "1.0.0"
readme = "DOES-NOT-EXIST"
license = "MIT"
description = "foo"
homepage = "foo"
"#,
)
.file("src/lib.rs", "")
.build();
p.cargo("package --no-verify")
.with_stderr(
"\
[WARNING] readme `DOES-NOT-EXIST` does not appear to exist (relative to `[..]/foo`).
Please update the readme setting in the manifest at `[..]/foo/Cargo.toml`
This may become a hard error in the future.
[PACKAGING] foo v1.0.0 ([..]/foo)
[PACKAGED] [..] files, [..] ([..] compressed)
",
)
.run();
}
#[cargo_test]
fn readme_or_license_file_is_dir() {
// Test warning when `readme` or `license-file` is a directory, not a file.
// Issue #11522.
let p = project()
.file(
"Cargo.toml",
r#"
[package]
name = "foo"
version = "1.0.0"
readme = "./src"
license-file = "./src"
description = "foo"
homepage = "foo"
"#,
)
.file("src/lib.rs", "")
.build();
p.cargo("package --no-verify")
.with_stderr(
"\
[WARNING] license-file `./src` does not appear to exist (relative to `[..]/foo`).
Please update the license-file setting in the manifest at `[..]/foo/Cargo.toml`
This may become a hard error in the future.
[WARNING] readme `./src` does not appear to exist (relative to `[..]/foo`).
Please update the readme setting in the manifest at `[..]/foo/Cargo.toml`
This may become a hard error in the future.
[PACKAGING] foo v1.0.0 ([..]/foo)
[PACKAGED] [..] files, [..] ([..] compressed)
",
)
.run();
}
#[cargo_test]
fn empty_license_file_path() {
// Warn but don't fail if license-file is empty.
// Issue #11522.
let p = project()
.file(
"Cargo.toml",
r#"
[package]
name = "foo"
version = "1.0.0"
license-file = ""
description = "foo"
homepage = "foo"
"#,
)
.file("src/lib.rs", "")
.build();
p.cargo("package --no-verify")
.with_stderr(
"\
[WARNING] manifest has no license or license-file.
See https://doc.rust-lang.org/cargo/reference/manifest.html#package-metadata for more info.
[WARNING] license-file `` does not appear to exist (relative to `[..]/foo`).
Please update the license-file setting in the manifest at `[..]/foo/Cargo.toml`
This may become a hard error in the future.
[PACKAGING] foo v1.0.0 ([..]/foo)
[PACKAGED] [..] files, [..] ([..] compressed)
",
)
.run();
}
#[cargo_test]
fn invalid_license_file_path() {
// Test warning when license-file points to a non-existent file.
let p = project()
.file(
"Cargo.toml",
r#"
[package]
name = "foo"
version = "1.0.0"
license-file = "does-not-exist"
description = "foo"
homepage = "foo"
"#,
)
.file("src/lib.rs", "")
.build();
p.cargo("package --no-verify")
.with_stderr(
"\
[WARNING] license-file `does-not-exist` does not appear to exist (relative to `[..]/foo`).
Please update the license-file setting in the manifest at `[..]/foo/Cargo.toml`
This may become a hard error in the future.
[PACKAGING] foo v1.0.0 ([..]/foo)
[PACKAGED] [..] files, [..] ([..] compressed)
",
)
.run();
}
#[cargo_test]
fn license_file_implicit_include() {
// license-file should be automatically included even if not listed.
let p = git::new("foo", |p| {
p.file(
"Cargo.toml",
r#"
[package]
name = "foo"
version = "1.0.0"
license-file = "subdir/LICENSE"
description = "foo"
homepage = "foo"
include = ["src"]
"#,
)
.file("src/lib.rs", "")
.file("subdir/LICENSE", "license text")
});
p.cargo("package --list")
.with_stdout(
"\
.cargo_vcs_info.json
Cargo.toml
Cargo.toml.orig
src/lib.rs
subdir/LICENSE
",
)
.with_stderr("")
.run();
p.cargo("package --no-verify -v")
.with_stderr(
"\
[PACKAGING] foo v1.0.0 [..]
[ARCHIVING] .cargo_vcs_info.json
[ARCHIVING] Cargo.toml
[ARCHIVING] Cargo.toml.orig
[ARCHIVING] src/lib.rs
[ARCHIVING] subdir/LICENSE
[PACKAGED] 5 files, [..] ([..] compressed)
",
)
.run();
let f = File::open(&p.root().join("target/package/foo-1.0.0.crate")).unwrap();
validate_crate_contents(
f,
"foo-1.0.0.crate",
&[
".cargo_vcs_info.json",
"Cargo.toml",
"Cargo.toml.orig",
"subdir/LICENSE",
"src/lib.rs",
],
&[("subdir/LICENSE", "license text")],
);
}
#[cargo_test]
fn relative_license_included() {
// license-file path outside of package will copy into root.
let p = project()
.file(
"Cargo.toml",
r#"
[package]
name = "foo"
version = "1.0.0"
license-file = "../LICENSE"
description = "foo"
homepage = "foo"
"#,
)
.file("src/lib.rs", "")
.file("../LICENSE", "license text")
.build();
p.cargo("package --list")
.with_stdout(
"\
Cargo.toml
Cargo.toml.orig
LICENSE
src/lib.rs
",
)
.with_stderr("")
.run();
p.cargo("package")
.with_stderr(
"\
[PACKAGING] foo v1.0.0 [..]
[VERIFYING] foo v1.0.0 [..]
[COMPILING] foo v1.0.0 [..]
[FINISHED] [..]
[PACKAGED] 4 files, [..] ([..] compressed)
",
)
.run();
let f = File::open(&p.root().join("target/package/foo-1.0.0.crate")).unwrap();
validate_crate_contents(
f,
"foo-1.0.0.crate",
&["Cargo.toml", "Cargo.toml.orig", "LICENSE", "src/lib.rs"],
&[("LICENSE", "license text")],
);
let manifest =
std::fs::read_to_string(p.root().join("target/package/foo-1.0.0/Cargo.toml")).unwrap();
assert!(manifest.contains("license-file = \"LICENSE\""));
let orig =
std::fs::read_to_string(p.root().join("target/package/foo-1.0.0/Cargo.toml.orig")).unwrap();
assert!(orig.contains("license-file = \"../LICENSE\""));
}
#[cargo_test]
fn relative_license_include_collision() {
// Can't copy a relative license-file if there is a file with that name already.
let p = project()
.file(
"Cargo.toml",
r#"
[package]
name = "foo"
version = "1.0.0"
license-file = "../LICENSE"
description = "foo"
homepage = "foo"
"#,
)
.file("src/lib.rs", "")
.file("../LICENSE", "outer license")
.file("LICENSE", "inner license")
.build();
p.cargo("package --list")
.with_stdout(
"\
Cargo.toml
Cargo.toml.orig
LICENSE
src/lib.rs
",
)
.with_stderr("[WARNING] license-file `../LICENSE` appears to be [..]")
.run();
p.cargo("package")
.with_stderr(
"\
[WARNING] license-file `../LICENSE` appears to be [..]
[PACKAGING] foo v1.0.0 [..]
[VERIFYING] foo v1.0.0 [..]
[COMPILING] foo v1.0.0 [..]
[FINISHED] [..]
[PACKAGED] 4 files, [..] ([..] compressed)
",
)
.run();
let f = File::open(&p.root().join("target/package/foo-1.0.0.crate")).unwrap();
validate_crate_contents(
f,
"foo-1.0.0.crate",
&["Cargo.toml", "Cargo.toml.orig", "LICENSE", "src/lib.rs"],
&[("LICENSE", "inner license")],
);
let manifest = read_to_string(p.root().join("target/package/foo-1.0.0/Cargo.toml")).unwrap();
assert!(manifest.contains("license-file = \"LICENSE\""));
let orig = read_to_string(p.root().join("target/package/foo-1.0.0/Cargo.toml.orig")).unwrap();
assert!(orig.contains("license-file = \"../LICENSE\""));
}
#[cargo_test]
#[cfg(not(windows))] // Don't want to create invalid files on Windows.
fn package_restricted_windows() {
let p = project()
.file(
"Cargo.toml",
r#"
[package]
name = "foo"
version = "0.1.0"
license = "MIT"
description = "foo"
homepage = "foo"
"#,
)
.file("src/lib.rs", "pub mod con;\npub mod aux;")
.file("src/con.rs", "pub fn f() {}")
.file("src/aux/mod.rs", "pub fn f() {}")
.build();
p.cargo("package")
// use unordered here because the order of the warning is different on each platform.
.with_stderr_unordered(
"\
[WARNING] file src/aux/mod.rs is a reserved Windows filename, it will not work on Windows platforms
[WARNING] file src/con.rs is a reserved Windows filename, it will not work on Windows platforms
[PACKAGING] foo [..]
[VERIFYING] foo [..]
[COMPILING] foo [..]
[PACKAGED] [..] files, [..] ([..] compressed)
[FINISHED] [..]
",
)
.run();
}
#[cargo_test]
fn finds_git_in_parent() {
// Test where `Cargo.toml` is not in the root of the git repo.
let repo_path = paths::root().join("repo");
fs::create_dir(&repo_path).unwrap();
let p = project()
.at("repo/foo")
.file("Cargo.toml", &basic_manifest("foo", "0.1.0"))
.file("src/lib.rs", "")
.build();
let repo = git::init(&repo_path);
git::add(&repo);
git::commit(&repo);
p.change_file("ignoreme", "");
p.change_file("ignoreme2", "");
p.cargo("package --list --allow-dirty")
.with_stdout(
"\
Cargo.toml
Cargo.toml.orig
ignoreme
ignoreme2
src/lib.rs
",
)
.run();
p.change_file(".gitignore", "ignoreme");
p.cargo("package --list --allow-dirty")
.with_stdout(
"\
.gitignore
Cargo.toml
Cargo.toml.orig
ignoreme2
src/lib.rs
",
)
.run();
fs::write(repo_path.join(".gitignore"), "ignoreme2").unwrap();
p.cargo("package --list --allow-dirty")
.with_stdout(
"\
.gitignore
Cargo.toml
Cargo.toml.orig
src/lib.rs
",
)
.run();
}
#[cargo_test]
#[cfg(windows)]
fn reserved_windows_name() {
// If we are running on a version of Windows that allows these reserved filenames,
// skip this test.
if paths::windows_reserved_names_are_allowed() {
return;
}
Package::new("bar", "1.0.0")
.file("src/lib.rs", "pub mod aux;")
.file("src/aux.rs", "")
.publish();
let p = project()
.file(
"Cargo.toml",
r#"
[package]
2020-09-27 00:59:58 +00:00
name = "foo"
version = "0.0.1"
authors = []
license = "MIT"
description = "foo"
2020-09-27 00:59:58 +00:00
[dependencies]
bar = "1.0.0"
"#,
)
.file("src/main.rs", "extern crate bar;\nfn main() { }")
.build();
p.cargo("package")
.with_status(101)
.with_stderr_contains(
"\
error: failed to verify package tarball
Caused by:
failed to download replaced source registry `[..]`
Caused by:
failed to unpack package `[..] `[..]`)`
Caused by:
failed to unpack entry at `[..]aux.rs`
Caused by:
`[..]aux.rs` appears to contain a reserved Windows path, it cannot be extracted on Windows
Caused by:
failed to unpack `[..]aux.rs`
Caused by:
failed to unpack `[..]aux.rs` into `[..]aux.rs`",
)
.run();
}
#[cargo_test]
fn list_with_path_and_lock() {
// Allow --list even for something that isn't packageable.
// Init an empty registry because a versionless path dep will search for
// the package on crates.io.
registry::init();
let p = project()
.file(
"Cargo.toml",
r#"
[package]
name = "foo"
version = "0.1.0"
license = "MIT"
description = "foo"
homepage = "foo"
[dependencies]
bar = {path="bar"}
"#,
)
.file("src/main.rs", "fn main() {}")
.file("bar/Cargo.toml", &basic_manifest("bar", "0.1.0"))
.file("bar/src/lib.rs", "")
.build();
p.cargo("package --list")
.with_stdout(
"\
Cargo.lock
Cargo.toml
Cargo.toml.orig
src/main.rs
",
)
.run();
p.cargo("package")
.with_status(101)
.with_stderr(
"\
[ERROR] all dependencies must have a version specified when packaging.
dependency `bar` does not specify a version
Note: The packaged dependency will use the version from crates.io,
the `path` specification will be removed from the dependency declaration.
",
)
.run();
}
2020-07-05 00:52:02 +00:00
#[cargo_test]
fn long_file_names() {
// Filenames over 100 characters require a GNU extension tarfile.
// See #8453.
registry::init();
let long_name = concat!(
"012345678901234567890123456789012345678901234567890123456789",
"012345678901234567890123456789012345678901234567890123456789",
"012345678901234567890123456789012345678901234567890123456789"
);
if cfg!(windows) {
// Long paths on Windows require a special registry entry that is
// disabled by default (even on Windows 10).
// https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file
// If the directory where Cargo runs happens to be more than 80 characters
// long, then it will bump into this limit.
//
// First create a directory to account for various paths Cargo will
// be using in the target directory (such as "target/package/foo-0.1.0").
let test_path = paths::root().join("test-dir-probe-long-path-support");
test_path.mkdir_p();
let test_path = test_path.join(long_name);
if let Err(e) = File::create(&test_path) {
// write to stderr directly to avoid output from being captured
// and always display text, even without --nocapture
use std::io::Write;
writeln!(
std::io::stderr(),
"\nSkipping long_file_names test, this OS or filesystem does not \
appear to support long file paths: {:?}\n{:?}",
e,
test_path
)
.unwrap();
return;
}
}
2020-07-05 00:52:02 +00:00
let p = project()
.file(
"Cargo.toml",
r#"
[package]
name = "foo"
version = "0.1.0"
license = "MIT"
description = "foo"
homepage = "foo"
[dependencies]
"#,
)
.file(long_name, "something")
.file("src/main.rs", "fn main() {}")
.build();
p.cargo("package").run();
p.cargo("package --list")
.with_stdout(&format!(
"\
{}
Cargo.lock
Cargo.toml
Cargo.toml.orig
src/main.rs
",
long_name
))
.run();
}
package: canonicalize tar headers for crate packages Currently, when reading a file from disk, we include several pieces of data from the on-disk file, including the user and group names and IDs, the device major and minor, the mode, and the timestamp. This means that our archives differ between systems, sometimes in unhelpful ways. In addition, most users probably did not intend to share information about their user and group settings, operating system and disk type, and umask. While these aren't huge privacy leaks, cargo doesn't use them when extracting archives, so there's no value to including them. Since using consistent data means that our archives are reproducible and don't leak user data, both of which are desirable features, let's canonicalize the header to strip out identifying information. We set the user and group information to 0 and root, since that's the only user that's typically consistent among Unix systems. Setting these values doesn't create a security risk since tar can't change the ownership of files when it's running as a normal unprivileged user. Similarly, we set the device major and minor to 0. There is no useful value here that's portable across systems, and it does not affect extraction in any way. We also set the timestamp to the same one that we use for generated files. This is probably the biggest loss of relevant data, but considering that cargo doesn't otherwise use it and honoring it makes the archives unreproducible, we canonicalize it as well. Finally, we canonicalize the mode of an item we're storing by looking at the executable bit and using mode 755 if it's set and mode 644 if it's not. We already use 644 as the default for generated files, and this is the same algorithm that Git uses to determine whether a file should be considered executable. The tests don't test this case because there's no portable way to create executable files on Windows.
2020-11-15 21:43:39 +00:00
#[cargo_test]
fn reproducible_output() {
let p = project()
.file(
"Cargo.toml",
r#"
[package]
package: canonicalize tar headers for crate packages Currently, when reading a file from disk, we include several pieces of data from the on-disk file, including the user and group names and IDs, the device major and minor, the mode, and the timestamp. This means that our archives differ between systems, sometimes in unhelpful ways. In addition, most users probably did not intend to share information about their user and group settings, operating system and disk type, and umask. While these aren't huge privacy leaks, cargo doesn't use them when extracting archives, so there's no value to including them. Since using consistent data means that our archives are reproducible and don't leak user data, both of which are desirable features, let's canonicalize the header to strip out identifying information. We set the user and group information to 0 and root, since that's the only user that's typically consistent among Unix systems. Setting these values doesn't create a security risk since tar can't change the ownership of files when it's running as a normal unprivileged user. Similarly, we set the device major and minor to 0. There is no useful value here that's portable across systems, and it does not affect extraction in any way. We also set the timestamp to the same one that we use for generated files. This is probably the biggest loss of relevant data, but considering that cargo doesn't otherwise use it and honoring it makes the archives unreproducible, we canonicalize it as well. Finally, we canonicalize the mode of an item we're storing by looking at the executable bit and using mode 755 if it's set and mode 644 if it's not. We already use 644 as the default for generated files, and this is the same algorithm that Git uses to determine whether a file should be considered executable. The tests don't test this case because there's no portable way to create executable files on Windows.
2020-11-15 21:43:39 +00:00
name = "foo"
version = "0.0.1"
authors = []
exclude = ["*.txt"]
license = "MIT"
description = "foo"
"#,
)
.file("src/main.rs", r#"fn main() { println!("hello"); }"#)
.build();
p.cargo("package").run();
package: canonicalize tar headers for crate packages Currently, when reading a file from disk, we include several pieces of data from the on-disk file, including the user and group names and IDs, the device major and minor, the mode, and the timestamp. This means that our archives differ between systems, sometimes in unhelpful ways. In addition, most users probably did not intend to share information about their user and group settings, operating system and disk type, and umask. While these aren't huge privacy leaks, cargo doesn't use them when extracting archives, so there's no value to including them. Since using consistent data means that our archives are reproducible and don't leak user data, both of which are desirable features, let's canonicalize the header to strip out identifying information. We set the user and group information to 0 and root, since that's the only user that's typically consistent among Unix systems. Setting these values doesn't create a security risk since tar can't change the ownership of files when it's running as a normal unprivileged user. Similarly, we set the device major and minor to 0. There is no useful value here that's portable across systems, and it does not affect extraction in any way. We also set the timestamp to the same one that we use for generated files. This is probably the biggest loss of relevant data, but considering that cargo doesn't otherwise use it and honoring it makes the archives unreproducible, we canonicalize it as well. Finally, we canonicalize the mode of an item we're storing by looking at the executable bit and using mode 755 if it's set and mode 644 if it's not. We already use 644 as the default for generated files, and this is the same algorithm that Git uses to determine whether a file should be considered executable. The tests don't test this case because there's no portable way to create executable files on Windows.
2020-11-15 21:43:39 +00:00
assert!(p.root().join("target/package/foo-0.0.1.crate").is_file());
let f = File::open(&p.root().join("target/package/foo-0.0.1.crate")).unwrap();
let decoder = GzDecoder::new(f);
let mut archive = Archive::new(decoder);
for ent in archive.entries().unwrap() {
let ent = ent.unwrap();
println!("checking {:?}", ent.path());
package: canonicalize tar headers for crate packages Currently, when reading a file from disk, we include several pieces of data from the on-disk file, including the user and group names and IDs, the device major and minor, the mode, and the timestamp. This means that our archives differ between systems, sometimes in unhelpful ways. In addition, most users probably did not intend to share information about their user and group settings, operating system and disk type, and umask. While these aren't huge privacy leaks, cargo doesn't use them when extracting archives, so there's no value to including them. Since using consistent data means that our archives are reproducible and don't leak user data, both of which are desirable features, let's canonicalize the header to strip out identifying information. We set the user and group information to 0 and root, since that's the only user that's typically consistent among Unix systems. Setting these values doesn't create a security risk since tar can't change the ownership of files when it's running as a normal unprivileged user. Similarly, we set the device major and minor to 0. There is no useful value here that's portable across systems, and it does not affect extraction in any way. We also set the timestamp to the same one that we use for generated files. This is probably the biggest loss of relevant data, but considering that cargo doesn't otherwise use it and honoring it makes the archives unreproducible, we canonicalize it as well. Finally, we canonicalize the mode of an item we're storing by looking at the executable bit and using mode 755 if it's set and mode 644 if it's not. We already use 644 as the default for generated files, and this is the same algorithm that Git uses to determine whether a file should be considered executable. The tests don't test this case because there's no portable way to create executable files on Windows.
2020-11-15 21:43:39 +00:00
let header = ent.header();
assert_eq!(header.mode().unwrap(), 0o644);
assert!(header.mtime().unwrap() != 0);
assert_eq!(header.username().unwrap().unwrap(), "");
assert_eq!(header.groupname().unwrap().unwrap(), "");
package: canonicalize tar headers for crate packages Currently, when reading a file from disk, we include several pieces of data from the on-disk file, including the user and group names and IDs, the device major and minor, the mode, and the timestamp. This means that our archives differ between systems, sometimes in unhelpful ways. In addition, most users probably did not intend to share information about their user and group settings, operating system and disk type, and umask. While these aren't huge privacy leaks, cargo doesn't use them when extracting archives, so there's no value to including them. Since using consistent data means that our archives are reproducible and don't leak user data, both of which are desirable features, let's canonicalize the header to strip out identifying information. We set the user and group information to 0 and root, since that's the only user that's typically consistent among Unix systems. Setting these values doesn't create a security risk since tar can't change the ownership of files when it's running as a normal unprivileged user. Similarly, we set the device major and minor to 0. There is no useful value here that's portable across systems, and it does not affect extraction in any way. We also set the timestamp to the same one that we use for generated files. This is probably the biggest loss of relevant data, but considering that cargo doesn't otherwise use it and honoring it makes the archives unreproducible, we canonicalize it as well. Finally, we canonicalize the mode of an item we're storing by looking at the executable bit and using mode 755 if it's set and mode 644 if it's not. We already use 644 as the default for generated files, and this is the same algorithm that Git uses to determine whether a file should be considered executable. The tests don't test this case because there's no portable way to create executable files on Windows.
2020-11-15 21:43:39 +00:00
}
}
#[cargo_test]
fn package_with_resolver_and_metadata() {
let p = project()
.file(
"Cargo.toml",
r#"
[package]
name = "foo"
version = "0.0.1"
authors = []
resolver = '2'
[package.metadata.docs.rs]
all-features = true
"#,
)
.file("src/lib.rs", "")
.build();
p.cargo("package").run();
}
#[cargo_test]
fn deleted_git_working_tree() {
// When deleting a file, but not staged, cargo should ignore the file.
let (p, repo) = git::new_repo("foo", |p| {
p.file("src/lib.rs", "").file("src/main.rs", "fn main() {}")
});
p.root().join("src/lib.rs").rm_rf();
p.cargo("package --allow-dirty --list")
.with_stdout(
"\
Cargo.lock
Cargo.toml
Cargo.toml.orig
src/main.rs
",
)
.run();
p.cargo("package --allow-dirty").run();
let mut index = t!(repo.index());
t!(index.remove(Path::new("src/lib.rs"), 0));
t!(index.write());
p.cargo("package --allow-dirty --list")
.with_stdout(
"\
Cargo.lock
Cargo.toml
Cargo.toml.orig
src/main.rs
",
)
.run();
p.cargo("package --allow-dirty").run();
}
#[cargo_test]
fn in_workspace() {
let p = project()
.file(
"Cargo.toml",
r#"
[package]
name = "foo"
version = "0.0.1"
authors = []
license = "MIT"
description = "foo"
[workspace]
members = ["bar"]
"#,
)
.file("src/main.rs", "fn main() {}")
.file(
"bar/Cargo.toml",
r#"
[package]
name = "bar"
version = "0.0.1"
authors = []
license = "MIT"
description = "bar"
workspace = ".."
"#,
)
.file("bar/src/main.rs", "fn main() {}")
.build();
p.cargo("package --workspace")
.with_stderr(
"\
[WARNING] manifest has no documentation, [..]
See [..]
[PACKAGING] bar v0.0.1 ([CWD]/bar)
[VERIFYING] bar v0.0.1 ([CWD]/bar)
[COMPILING] bar v0.0.1 ([CWD][..])
[FINISHED] dev [unoptimized + debuginfo] target(s) in [..]
[PACKAGED] [..] files, [..] ([..] compressed)
[WARNING] manifest has no documentation, [..]
See [..]
[PACKAGING] foo v0.0.1 ([CWD])
[VERIFYING] foo v0.0.1 ([CWD])
[COMPILING] foo v0.0.1 ([CWD][..])
[FINISHED] dev [unoptimized + debuginfo] target(s) in [..]
[PACKAGED] [..] files, [..] ([..] compressed)
",
)
.run();
assert!(p.root().join("target/package/foo-0.0.1.crate").is_file());
assert!(p.root().join("target/package/bar-0.0.1.crate").is_file());
}
#[cargo_test]
fn workspace_noconflict_readme() {
let p = project()
.file(
"Cargo.toml",
r#"
[workspace]
members = ["bar"]
"#,
)
.file("README.md", "workspace readme")
.file(
"bar/Cargo.toml",
r#"
[package]
name = "bar"
version = "0.0.1"
repository = "https://github.com/bar/bar"
authors = []
license = "MIT"
description = "bar"
readme = "../README.md"
workspace = ".."
"#,
)
.file("bar/src/main.rs", "fn main() {}")
.file("bar/example/README.md", "# example readmdBar")
.build();
p.cargo("package")
.with_stderr(
"\
[PACKAGING] bar v0.0.1 ([CWD]/bar)
[VERIFYING] bar v0.0.1 ([CWD]/bar)
[COMPILING] bar v0.0.1 ([CWD]/[..])
[FINISHED] dev [unoptimized + debuginfo] target(s) in [..]
[PACKAGED] [..] files, [..] ([..] compressed)
",
)
.run();
}
#[cargo_test]
fn workspace_conflict_readme() {
let p = project()
.file(
"Cargo.toml",
r#"
[workspace]
members = ["bar"]
"#,
)
.file("README.md", "workspace readme")
.file(
"bar/Cargo.toml",
r#"
[package]
name = "bar"
version = "0.0.1"
repository = "https://github.com/bar/bar"
authors = []
license = "MIT"
description = "bar"
readme = "../README.md"
workspace = ".."
"#,
)
.file("bar/src/main.rs", "fn main() {}")
.file("bar/README.md", "# workspace member: Bar")
.build();
p.cargo("package")
.with_stderr(
"\
warning: readme `../README.md` appears to be a path outside of the package, but there is already a file named `README.md` in the root of the package. The archived crate will contain the copy in the root of the package. Update the readme to point to the path relative to the root of the package to remove this warning.
[PACKAGING] bar v0.0.1 ([CWD]/bar)
[VERIFYING] bar v0.0.1 ([CWD]/bar)
[COMPILING] bar v0.0.1 ([CWD]/[..])
[FINISHED] dev [unoptimized + debuginfo] target(s) in [..]
[PACKAGED] [..] files, [..] ([..] compressed)
",
)
.run();
}
#[cargo_test]
fn workspace_overrides_resolver() {
let p = project()
.file(
"Cargo.toml",
r#"
[workspace]
members = ["bar", "baz"]
"#,
)
.file(
"bar/Cargo.toml",
r#"
[package]
name = "bar"
version = "0.1.0"
edition = "2021"
"#,
)
.file("bar/src/lib.rs", "")
.file(
"baz/Cargo.toml",
r#"
[package]
name = "baz"
version = "0.1.0"
edition = "2015"
"#,
)
.file("baz/src/lib.rs", "")
.build();
p.cargo("package --no-verify -p bar -p baz").run();
let f = File::open(&p.root().join("target/package/bar-0.1.0.crate")).unwrap();
let rewritten_toml = format!(
r#"{}
[package]
edition = "2021"
name = "bar"
version = "0.1.0"
resolver = "1"
"#,
cargo::core::package::MANIFEST_PREAMBLE
);
validate_crate_contents(
f,
"bar-0.1.0.crate",
&["Cargo.toml", "Cargo.toml.orig", "src/lib.rs"],
&[("Cargo.toml", &rewritten_toml)],
);
// When the crate has the same implicit resolver as the workspace it is not overridden
let f = File::open(&p.root().join("target/package/baz-0.1.0.crate")).unwrap();
let rewritten_toml = format!(
r#"{}
[package]
edition = "2015"
name = "baz"
version = "0.1.0"
"#,
cargo::core::package::MANIFEST_PREAMBLE
);
validate_crate_contents(
f,
"baz-0.1.0.crate",
&["Cargo.toml", "Cargo.toml.orig", "src/lib.rs"],
&[("Cargo.toml", &rewritten_toml)],
);
}
2022-10-21 05:52:15 +00:00
fn verify_packaged_status_line(
output: std::process::Output,
num_files: usize,
uncompressed_size: u64,
compressed_size: u64,
) {
use cargo::util::human_readable_bytes;
let stderr = String::from_utf8(output.stderr).unwrap();
let mut packaged_lines = stderr
.lines()
.filter(|line| line.trim().starts_with("Packaged"));
let packaged_line = packaged_lines
.next()
.expect("`Packaged` status line should appear in stderr");
assert!(
packaged_lines.next().is_none(),
"Only one `Packaged` status line should appear in stderr"
);
let size_info = packaged_line.trim().trim_start_matches("Packaged").trim();
let uncompressed = human_readable_bytes(uncompressed_size);
let compressed = human_readable_bytes(compressed_size);
let expected = format!(
"{} files, {:.1}{} ({:.1}{} compressed)",
num_files, uncompressed.0, uncompressed.1, compressed.0, compressed.1
);
assert_eq!(size_info, expected);
}
#[cargo_test]
fn basic_filesizes() {
let cargo_toml_orig_contents = r#"
[package]
name = "foo"
version = "0.0.1"
authors = []
exclude = ["*.txt"]
license = "MIT"
description = "foo"
2023-11-15 22:33:27 +00:00
homepage = "https://example.com/"
2022-10-21 05:52:15 +00:00
"#;
let main_rs_contents = r#"fn main() { println!("🦀"); }"#;
let cargo_toml_contents = format!(
r#"{}
[package]
name = "foo"
version = "0.0.1"
authors = []
exclude = ["*.txt"]
description = "foo"
2023-11-15 22:33:27 +00:00
homepage = "https://example.com/"
2022-10-21 05:52:15 +00:00
license = "MIT"
"#,
cargo::core::package::MANIFEST_PREAMBLE
);
let cargo_lock_contents = r#"# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
version = 3
[[package]]
name = "foo"
version = "0.0.1"
"#;
let p = project()
.file("Cargo.toml", cargo_toml_orig_contents)
.file("src/main.rs", main_rs_contents)
.file("src/bar.txt", "Ignored text file contents") // should be ignored when packaging
.build();
let uncompressed_size = (cargo_toml_orig_contents.len()
+ main_rs_contents.len()
+ cargo_toml_contents.len()
+ cargo_lock_contents.len()) as u64;
let output = p.cargo("package").exec_with_output().unwrap();
assert!(p.root().join("target/package/foo-0.0.1.crate").is_file());
p.cargo("package -l")
.with_stdout(
"\
Cargo.lock
Cargo.toml
Cargo.toml.orig
src/main.rs
",
)
.run();
2023-11-15 22:33:27 +00:00
p.cargo("package")
.with_stderr(
"\
[PACKAGING] foo v0.0.1 [..]
[VERIFYING] foo v0.0.1 [..]
[COMPILING] foo v0.0.1 [..]
[FINISHED] [..]
[PACKAGED] 4 files[..]
",
)
.run();
2022-10-21 05:52:15 +00:00
let f = File::open(&p.root().join("target/package/foo-0.0.1.crate")).unwrap();
let compressed_size = f.metadata().unwrap().len();
verify_packaged_status_line(output, 4, uncompressed_size, compressed_size);
validate_crate_contents(
f,
"foo-0.0.1.crate",
&["Cargo.lock", "Cargo.toml", "Cargo.toml.orig", "src/main.rs"],
&[
("Cargo.lock", cargo_lock_contents),
("Cargo.toml", &cargo_toml_contents),
("Cargo.toml.orig", cargo_toml_orig_contents),
("src/main.rs", main_rs_contents),
],
);
}
#[cargo_test]
fn larger_filesizes() {
let cargo_toml_orig_contents = r#"
[package]
name = "foo"
version = "0.0.1"
authors = []
license = "MIT"
description = "foo"
2023-11-15 22:33:27 +00:00
documentation = "https://example.com/"
2022-10-21 05:52:15 +00:00
"#;
let lots_of_crabs = std::iter::repeat("🦀").take(1337).collect::<String>();
let main_rs_contents = format!(r#"fn main() {{ println!("{}"); }}"#, lots_of_crabs);
let bar_txt_contents = "This file is relatively uncompressible, to increase the compressed
package size beyond 1KiB.
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt
ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation
ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in
reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur
sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est
laborum.";
let cargo_toml_contents = format!(
r#"{}
[package]
name = "foo"
version = "0.0.1"
authors = []
description = "foo"
2023-11-15 22:33:27 +00:00
documentation = "https://example.com/"
2022-10-21 05:52:15 +00:00
license = "MIT"
"#,
cargo::core::package::MANIFEST_PREAMBLE
);
let cargo_lock_contents = r#"# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
version = 3
[[package]]
name = "foo"
version = "0.0.1"
"#;
let p = project()
.file("Cargo.toml", cargo_toml_orig_contents)
.file("src/main.rs", &main_rs_contents)
.file("src/bar.txt", bar_txt_contents)
.build();
let uncompressed_size = (cargo_toml_orig_contents.len()
+ main_rs_contents.len()
+ cargo_toml_contents.len()
+ cargo_lock_contents.len()
+ bar_txt_contents.len()) as u64;
let output = p.cargo("package").exec_with_output().unwrap();
assert!(p.root().join("target/package/foo-0.0.1.crate").is_file());
p.cargo("package -l")
.with_stdout(
"\
Cargo.lock
Cargo.toml
Cargo.toml.orig
src/bar.txt
src/main.rs
",
)
.run();
2023-11-15 22:33:27 +00:00
p.cargo("package")
.with_stderr(
"\
[PACKAGING] foo v0.0.1 [..]
[VERIFYING] foo v0.0.1 [..]
[COMPILING] foo v0.0.1 [..]
[FINISHED] [..]
[PACKAGED] 5 files, [..]
",
)
.run();
2022-10-21 05:52:15 +00:00
let f = File::open(&p.root().join("target/package/foo-0.0.1.crate")).unwrap();
let compressed_size = f.metadata().unwrap().len();
verify_packaged_status_line(output, 5, uncompressed_size, compressed_size);
validate_crate_contents(
f,
"foo-0.0.1.crate",
&[
"Cargo.lock",
"Cargo.toml",
"Cargo.toml.orig",
"src/bar.txt",
"src/main.rs",
],
&[
("Cargo.lock", cargo_lock_contents),
("Cargo.toml", &cargo_toml_contents),
("Cargo.toml.orig", cargo_toml_orig_contents),
("src/bar.txt", bar_txt_contents),
("src/main.rs", &main_rs_contents),
],
);
}
#[cargo_test]
fn symlink_filesizes() {
if !symlink_supported() {
return;
}
let cargo_toml_orig_contents = r#"
[package]
name = "foo"
version = "0.0.1"
authors = []
license = "MIT"
description = "foo"
2023-11-15 22:33:27 +00:00
homepage = "https://example.com/"
2022-10-21 05:52:15 +00:00
"#;
let lots_of_crabs = std::iter::repeat("🦀").take(1337).collect::<String>();
let main_rs_contents = format!(r#"fn main() {{ println!("{}"); }}"#, lots_of_crabs);
let bar_txt_contents = "This file is relatively uncompressible, to increase the compressed
package size beyond 1KiB.
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt
ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation
ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in
reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur
sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est
laborum.";
let cargo_toml_contents = format!(
r#"{}
[package]
name = "foo"
version = "0.0.1"
authors = []
description = "foo"
2023-11-15 22:33:27 +00:00
homepage = "https://example.com/"
2022-10-21 05:52:15 +00:00
license = "MIT"
"#,
cargo::core::package::MANIFEST_PREAMBLE
);
let cargo_lock_contents = r#"# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
version = 3
[[package]]
name = "foo"
version = "0.0.1"
"#;
let p = project()
.file("Cargo.toml", cargo_toml_orig_contents)
.file("src/main.rs", &main_rs_contents)
.file("bla/bar.txt", bar_txt_contents)
.symlink("src/main.rs", "src/main.rs.bak")
.symlink_dir("bla", "foo")
.build();
let uncompressed_size = (cargo_toml_orig_contents.len()
+ main_rs_contents.len() * 2
+ cargo_toml_contents.len()
+ cargo_lock_contents.len()
+ bar_txt_contents.len() * 2) as u64;
let output = p.cargo("package").exec_with_output().unwrap();
assert!(p.root().join("target/package/foo-0.0.1.crate").is_file());
p.cargo("package -l")
.with_stdout(
"\
Cargo.lock
Cargo.toml
Cargo.toml.orig
bla/bar.txt
foo/bar.txt
src/main.rs
src/main.rs.bak
",
)
.run();
2023-11-15 22:33:27 +00:00
p.cargo("package")
.with_stderr(
"\
[PACKAGING] foo v0.0.1 [..]
[VERIFYING] foo v0.0.1 [..]
[COMPILING] foo v0.0.1 [..]
[FINISHED] [..]
[PACKAGED] 7 files, [..]
",
)
.run();
2022-10-21 05:52:15 +00:00
let f = File::open(&p.root().join("target/package/foo-0.0.1.crate")).unwrap();
let compressed_size = f.metadata().unwrap().len();
verify_packaged_status_line(output, 7, uncompressed_size, compressed_size);
validate_crate_contents(
f,
"foo-0.0.1.crate",
&[
"Cargo.lock",
"Cargo.toml",
"Cargo.toml.orig",
"bla/bar.txt",
"foo/bar.txt",
"src/main.rs",
"src/main.rs.bak",
],
&[
("Cargo.lock", cargo_lock_contents),
("Cargo.toml", &cargo_toml_contents),
("Cargo.toml.orig", cargo_toml_orig_contents),
("bla/bar.txt", bar_txt_contents),
("foo/bar.txt", bar_txt_contents),
("src/main.rs", &main_rs_contents),
("src/main.rs.bak", &main_rs_contents),
],
);
}
#[cargo_test]
#[cfg(windows)] // windows is the platform that is most consistently configured for case insensitive filesystems
fn normalize_case() {
let p = project()
.file("src/main.rs", r#"fn main() { println!("hello"); }"#)
.file("src/bar.txt", "") // should be ignored when packaging
.build();
// Workaround `project()` making a `Cargo.toml` on our behalf
std::fs::remove_file(p.root().join("Cargo.toml")).unwrap();
std::fs::write(
p.root().join("cargo.toml"),
r#"
[package]
name = "foo"
version = "0.0.1"
authors = []
exclude = ["*.txt"]
license = "MIT"
description = "foo"
"#,
)
.unwrap();
p.cargo("package")
.with_stderr(
"\
[WARNING] manifest has no documentation[..]
See [..]
[PACKAGING] foo v0.0.1 ([CWD])
[VERIFYING] foo v0.0.1 ([CWD])
[COMPILING] foo v0.0.1 ([CWD][..])
[FINISHED] dev [unoptimized + debuginfo] target(s) in [..]
[PACKAGED] 4 files, [..] ([..] compressed)
",
)
.run();
assert!(p.root().join("target/package/foo-0.0.1.crate").is_file());
p.cargo("package -l")
.with_stdout(
"\
Cargo.lock
Cargo.toml
Cargo.toml.orig
src/main.rs
",
)
.run();
2023-11-15 22:33:27 +00:00
p.cargo("package")
.with_stderr(
"\
[WARNING] manifest has no documentation[..]
See [..]
[PACKAGING] foo v0.0.1 ([CWD])
[VERIFYING] foo v0.0.1 ([CWD])
[COMPILING] foo v0.0.1 ([CWD][..])
[FINISHED] dev [unoptimized + debuginfo] target(s) in [..]
[PACKAGED] 4 files, [..] ([..] compressed)
",
)
.run();
let f = File::open(&p.root().join("target/package/foo-0.0.1.crate")).unwrap();
validate_crate_contents(
f,
"foo-0.0.1.crate",
&["Cargo.lock", "Cargo.toml", "Cargo.toml.orig", "src/main.rs"],
&[],
);
}
#[cargo_test]
#[cfg(target_os = "linux")] // linux is generally configured to be case sensitive
fn mixed_case() {
let manifest = r#"
[package]
name = "foo"
version = "0.0.1"
authors = []
exclude = ["*.txt"]
license = "MIT"
description = "foo"
"#;
let p = project()
.file("Cargo.toml", manifest)
.file("cargo.toml", manifest)
.file("src/main.rs", r#"fn main() { println!("hello"); }"#)
.file("src/bar.txt", "") // should be ignored when packaging
.build();
p.cargo("package")
.with_stderr(
"\
[WARNING] manifest has no documentation[..]
See [..]
[PACKAGING] foo v0.0.1 ([CWD])
[VERIFYING] foo v0.0.1 ([CWD])
[COMPILING] foo v0.0.1 ([CWD][..])
[FINISHED] dev [unoptimized + debuginfo] target(s) in [..]
[PACKAGED] 4 files, [..] ([..] compressed)
",
)
.run();
assert!(p.root().join("target/package/foo-0.0.1.crate").is_file());
p.cargo("package -l")
.with_stdout(
"\
Cargo.lock
Cargo.toml
Cargo.toml.orig
src/main.rs
",
)
.run();
2023-11-15 22:33:27 +00:00
p.cargo("package")
.with_stderr(
"\
[WARNING] manifest has no documentation[..]
See [..]
[PACKAGING] foo v0.0.1 ([CWD])
[VERIFYING] foo v0.0.1 ([CWD])
[COMPILING] foo v0.0.1 ([CWD][..])
[FINISHED] dev [unoptimized + debuginfo] target(s) in [..]
[PACKAGED] 4 files, [..] ([..] compressed)
",
)
.run();
let f = File::open(&p.root().join("target/package/foo-0.0.1.crate")).unwrap();
validate_crate_contents(
f,
"foo-0.0.1.crate",
&["Cargo.lock", "Cargo.toml", "Cargo.toml.orig", "src/main.rs"],
&[],
);
}
#[cargo_test]
fn versionless_package() {
let p = project()
.file(
"Cargo.toml",
r#"
[package]
name = "foo"
description = "foo"
"#,
)
.file("src/main.rs", r#"fn main() { println!("hello"); }"#)
.build();
p.cargo("package")
.with_stderr(
"\
warning: manifest has no license, license-file, documentation, homepage or repository.
See https://doc.rust-lang.org/cargo/reference/manifest.html#package-metadata for more info.
Packaging foo v0.0.0 ([CWD])
Verifying foo v0.0.0 ([CWD])
Compiling foo v0.0.0 ([CWD]/target/package/foo-0.0.0)
Finished dev [unoptimized + debuginfo] target(s) in [..]s
Packaged 4 files, [..]B ([..]B compressed)
",
)
.run();
let f = File::open(&p.root().join("target/package/foo-0.0.0.crate")).unwrap();
validate_crate_contents(
f,
"foo-0.0.0.crate",
&["Cargo.lock", "Cargo.toml", "Cargo.toml.orig", "src/main.rs"],
&[],
);
}
#[cargo_test]
fn include_files_called_target_project() {
// https://github.com/rust-lang/cargo/issues/12790
// files and folders called "target" should be included, unless they're the actual target directory
let p = init_and_add_inner_target(project())
.file("target/foo.txt", "")
.build();
p.cargo("package -l")
.with_stdout(
"\
Cargo.lock
Cargo.toml
Cargo.toml.orig
data/not_target
data/target
derp/not_target/foo.txt
derp/target/foo.txt
src/main.rs
",
)
.run();
}
#[cargo_test]
fn include_files_called_target_git() {
// https://github.com/rust-lang/cargo/issues/12790
// files and folders called "target" should be included, unless they're the actual target directory
let (p, repo) = git::new_repo("foo", |p| init_and_add_inner_target(p));
// add target folder but not committed.
_ = fs::create_dir(p.build_dir()).unwrap();
_ = fs::write(p.build_dir().join("foo.txt"), "").unwrap();
p.cargo("package -l")
.with_stdout(
"\
.cargo_vcs_info.json
Cargo.lock
Cargo.toml
Cargo.toml.orig
data/not_target
data/target
derp/not_target/foo.txt
derp/target/foo.txt
src/main.rs
",
)
.run();
// if target is committed, it should be include.
git::add(&repo);
git::commit(&repo);
p.cargo("package -l")
.with_stdout(
"\
.cargo_vcs_info.json
Cargo.lock
Cargo.toml
Cargo.toml.orig
data/not_target
data/target
derp/not_target/foo.txt
derp/target/foo.txt
src/main.rs
target/foo.txt
",
)
.run();
}
fn init_and_add_inner_target(p: ProjectBuilder) -> ProjectBuilder {
p.file(
"Cargo.toml",
r#"
[package]
name = "foo"
version = "0.0.1"
authors = []
license = "MIT"
description = "foo"
"#,
)
.file("src/main.rs", r#"fn main() { println!("hello"); }"#)
// file called target, should be included
.file("data/target", "")
.file("data/not_target", "")
// folder called target, should be included
.file("derp/target/foo.txt", "")
.file("derp/not_target/foo.txt", "")
}
#[cargo_test]
fn build_script_outside_pkg_root() {
let p = project()
.file(
"Cargo.toml",
r#"
[package]
name = "foo"
version = "0.0.1"
license = "MIT"
description = "foo"
authors = []
build = "../t_custom_build/custom_build.rs"
"#,
)
.file("src/main.rs", "fn main() {}")
.build();
let mut expect_msg = String::from("\
warning: manifest has no documentation, homepage or repository.
See https://doc.rust-lang.org/cargo/reference/manifest.html#package-metadata for more info.
2023-11-22 03:09:55 +00:00
error: the source file of build script doesn't appear to exist.
This may cause issue during packaging, as modules resolution and resources included via macros are often relative to the path of source files.
Please update the `build` setting in the manifest at `[CWD]/Cargo.toml` and point to a path inside the root of the package.
");
// custom_build.rs does not exist
p.cargo("package -l")
.with_status(101)
.with_stderr(&expect_msg)
.run();
// custom_build.rs outside the package root
let custom_build_root = paths::root().join("t_custom_build");
_ = fs::create_dir(&custom_build_root).unwrap();
_ = fs::write(&custom_build_root.join("custom_build.rs"), "fn main() {}");
expect_msg = format!(
"\
warning: manifest has no documentation, homepage or repository.
See https://doc.rust-lang.org/cargo/reference/manifest.html#package-metadata for more info.
2023-11-22 03:09:55 +00:00
error: the source file of build script doesn't appear to be a path inside of the package.
It is at `{}/t_custom_build/custom_build.rs`, whereas the root the package is `[CWD]`.
This may cause issue during packaging, as modules resolution and resources included via macros are often relative to the path of source files.
Please update the `build` setting in the manifest at `[CWD]/Cargo.toml` and point to a path inside the root of the package.
", paths::root().display());
p.cargo("package -l")
.with_status(101)
.with_stderr(&expect_msg)
.run();
}