Commit graph

29 commits

Author SHA1 Message Date
Ed Page
675224b3a0 test(config): Shift to config.toml 2024-01-26 13:40:46 -06:00
Weihang Lo
4fafa69a4d
fix: respect umask when unpacking .crate files
Without this, an attacker can leverage globally writable files buried
in the `.crate` file. After a user downloaded and unpacked the file,
the attacker can then write malicous code to the downloaded sources.
2023-08-03 13:41:08 +01:00
Arlo Siemsen
78d4f2cb84 Make sparse the default protocol for crates.io 2023-03-02 10:50:22 -06:00
Scott Schafer
221938a2a0 chore: update vendor tests to use check 2023-02-20 12:22:29 -06:00
Scott Schafer
b64b605236 fix(vendor): Make vendor use Manifest's "original" Cargo.toml 2023-01-18 22:19:56 -06:00
Weihang Lo
c51c6bb6ac
chore: reflect to clap updates 2023-01-14 09:23:39 +00:00
Atkins Chang
0200d3b3ca
Add test for vendor with different revs from same git repo
Signed-off-by: Atkins Chang <atkinschang@gmail.com>
2022-12-21 11:44:23 +08:00
Arlo Siemsen
1da79baf54 Store the sparse+ prefix in the URL for sparse registries 2022-11-17 14:25:47 -06:00
Ed Page
a9f704aaaa fix: Remove leading newline in vendor output
This supersedes #11271
2022-10-21 12:27:21 -05:00
Ed Page
96948f7a24 refactor(cli): Upgrade to clap v4 2022-09-28 13:32:14 -05:00
Weihang Lo
378e292cfa
test: cargo-vendor with path specified 2022-05-13 20:46:33 +08:00
Weihang Lo
6651781593
Remove unnecessary dbg! 2022-05-13 20:46:32 +08:00
Andrew Eikum
d41f5ccd7e vendor: Don't allow multiple values for --sync 2022-03-11 10:41:12 -06:00
Ed Page
fb9d11b8fc fix(vendor): Use tables for sample config
Fixes #10345
2022-01-31 09:57:56 -06:00
Weihang Lo
8a8d39a459
Do not suggest source config if nothing to vendor 2021-12-05 00:10:09 +08:00
Weihang Lo
153146ecc5
test(vendor): respect to Cargo.toml [package.exclude] 2021-03-01 22:06:57 +08:00
Eric Huss
33f648ab3b Fix permission issue with cargo vendor. 2021-02-03 17:37:00 -08:00
Eric Huss
340656e29d Add RegistryBuilder to help initializing test registries.
The intent here is to make it more flexible to create different registry
setups, and to reuse code a little more easily.
2021-02-02 15:48:48 -08:00
Alexis Beingessner
4a1e71072d Mask out system core.autocrlf settings before resetting git repos
This fixes an issue the gecko developers noticed when vendoring
on windows. [0] If a user has `core.autocrlf=true` set
(a reasonable default on windows), vendoring from a git source
would cause all the newlines to be rewritten to include carriage
returns, creating churn and platform-specific results.

To fix this, we simply set the global cargo checkout's "local"
core.autocrlf value before performing a `reset`. This masks out
the system configuration without interfering with the user's
own system/project settings.

[0]:  https://bugzilla.mozilla.org/show_bug.cgi?id=1647582
2020-07-21 12:38:03 -04:00
Alex Crichton
6514c289d2 Improve git error messages a bit
This commit is targeted at further improving the error messages
generated from git errors. For authentication errors the actual URL
fetched is now printed out as well if it's different from the original
URL. This should help handle `insteadOf` logic where SSH urls are used
instead of HTTPS urls and users can know to track that down.

Otherwise the logic about recommending `net.git-fetch-with-cli` was
tweaked a bit and moved to the same location as the rest of our error
reporting.

Note that a change piggy-backed here as well is that `Caused by:` errors
are now automatically all tabbed over a bit instead of only having the
first line tabbed over. This required a good number of tests to be
updated, but it's just an updated in renderings.
2020-06-25 08:47:15 -07:00
Eric Huss
723748fabf vendor: support alt registries 2019-12-17 17:44:37 -08:00
Jeremy Fitzhardinge
fd80795503 Convert --explicit-version -> --versioned-dirs 2019-12-06 00:53:29 -08:00
Jeremy Fitzhardinge
3235a3de3a vendor: implement --explicit-version
Implement --explicit-version from standalone cargo-vendor. This helps with
vendoring performance as it avoids redundantly deleting and re-copying
already vendored packages.

For example, when re-vendoring cargo's dependencies it makes a big
improvement on wallclock time. For initial vendoring it makes no
difference, but re-vendoring (ie, when most or all dependencies haven't
changed) without explicit versions is actually slightly slower (5.8s ->
6s), but with explicit versions it goes from 5.8s -> 1.6s.

Timings:

Without explicit versions, initial vendor
real	0m5.810s
user	0m0.924s
sys	0m2.491s

Re-vendor:
real	0m6.083s
user	0m0.937s
sys	0m2.654s

With explicit versions, initial vendor:
real	0m5.810s
user	0m0.937s
sys	0m2.461s

Re-vendor:
real	0m1.567s
user	0m0.578s
sys	0m0.967s

The summaries of syscalls executed shows why:

Revendoring without explicit versions:
```
% time     seconds  usecs/call     calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
 25.17    1.104699          18     59432      1065 openat
 19.86    0.871574          21     41156     13825 unlink
 13.64    0.598739           2    210510           lstat
  9.02    0.395948          29     13208           copy_file_range
  8.00    0.351242          11     30245           read
  6.36    0.279005           3     72487      4476 statx
  5.35    0.235027           6     37219           write
  4.02    0.176267           3     58368           close
```
with explicit versions:
```
 29.38    0.419068          15     27798     13825 unlink
 25.52    0.364021           1    209586           lstat
 20.67    0.294788          16     17967      1032 openat
 10.42    0.148586           4     35646           write
  3.53    0.050350           3     13825           chmod
  3.14    0.044786           2     16701      1622 statx
  2.19    0.031171           1     16936           close
  1.86    0.026538          24      1078           rmdir
```

Specifically, there are a lot fewer opens, copy_file_ranges, and unlinks.
2019-12-06 00:53:29 -08:00
Eric Huss
83571aee56 Minor testsuite organization. 2019-11-24 18:42:45 -08:00
Alex Crichton
9115b2c326 Extract support directory to its own crate
Extract out all our test support code to its own standalone crate so it
can be shared between multiple test suites if necessary.
2019-09-16 11:47:09 -07:00
Eric Huss
492abb3504 cargo vendor: Don't delete hidden top-level files. 2019-08-12 22:29:44 -07:00
Eric Huss
3c20a24335 Clean up some git test support functions. 2019-08-12 22:25:36 -07:00
Jethro Beekman
0e0d968825 Update #[test] attribute on all tests in the testsuite
sed -i 's/^#\[test\]/#[cargo_test]/' $(rg -l '^#\[test\]')

Manual fixes:
* proc_macro::proc_macro_doctest
2019-06-07 12:41:26 -07:00
Alex Crichton
3842d8e6f2 Import the cargo-vendor subcommand into Cargo
This commit imports the external [alexcrichton/cargo-vendor
repository][repo] into Cargo itself. This means it will no longer be
necessary to install the `cargo-vendor` subcommand in order to vendor
dependencies. Additionally it'll always support the latest feature set
of Cargo as it'll be built into Cargo!

All tests were imported as part of this commit, but not all features
were imported. Some flags have been left out that were added later in
the lifetime of `cargo vendor` which seem like they're more questionable
to stabilize. I'm hoping that they can have separate PRs adding their
implementation here, and we can make a decision of their stabilization
at a later date.

The current man page for `cargo vendor -h` will look like:

    cargo-vendor
    Vendor all dependencies for a project locally

    USAGE:
	cargo vendor [OPTIONS] [--] [path]

    OPTIONS:
	-q, --quiet                    No output printed to stdout
	    --manifest-path <PATH>     Path to Cargo.toml
	    --no-delete                Don't delete older crates in the vendor directory
	-s, --sync <TOML>...           Additional `Cargo.toml` to sync and vendor
	    --respect-source-config    Respect `[source]` config in `.cargo/config`
	-v, --verbose                  Use verbose output (-vv very verbose/build.rs output)
	    --color <WHEN>             Coloring: auto, always, never
	    --frozen                   Require Cargo.lock and cache are up to date
	    --locked                   Require Cargo.lock is up to date
	-Z <FLAG>...                   Unstable (nightly-only) flags to Cargo, see 'cargo -Z help' for details
	-h, --help                     Prints help information

    ARGS:
	<path>    Where to vendor crates (`vendor` by default)

    This cargo subcommand will vendor all crates.io and git dependencies for a
    project into the specified directory at `<path>`. After this command completes
    the vendor directory specified by `<path>` will contain all remote sources from
    dependencies specified. Additionally manifest beyond the default one can be
    specified with the `-s` option.

    The `cargo vendor` command will also print out the configuration necessary
    to use the vendored sources, which when needed is then encoded into
    `.cargo/config`.

Since this change is not importing 100% of the functionality of the
existing `cargo vendor` this change does run a risk of being a breaking
change for any folks using such functionality. Executing `cargo vendor`
will favor the built-in command rather than an external subcommand,
causing unimplemented features to become errors about flag usage.

[repo]: https://github.com/alexcrichton/cargo-vendor
2019-05-21 07:02:17 -07:00