Update crates.io index when necessary to avoid errors #340
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mystor
commented
Oct 14, 2022
If we would generate an error due to an audit-as-crates-io policy being specified for a crate which doesn't appear to be in the index, it may be because the local copy of the index is out-of-date. With these changes, if we notice the index is out of date in this way, we'll update our local copy of the index and re-run our checks. This should avoid potential issues with new audits being added for audit-as-crates-io = true crates reporting errors on machines which have an out-of-date copy of the index.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
If we would generate an error due to an
audit-as-crates-iopolicy being specified for a crate which doesn't appear to be in the index, it may be because the local copy of the index is out-of-date.With these changes, if we notice the index is out of date in this way, we'll update our local copy of the index and re-run our checks. This should avoid potential issues with new audits being added for
audit-as-crates-io = truecrates reporting errors on machines which have an out-of-date copy of the index.In the future, we may want to switch to instead using the sparse http API for crates.io, rather than using
crates-index, in order to handle running on machines using the new sparse crates.io registry support which may be stabilized soon (rust-lang/cargo#11224). Alternatively it may be worth askingcargoto add a new subcommand to check if a specific crate exists in the index, which could take advantage of whatever representation is currently being used as well as any caching cargo performs under the hood.The bulk of this patch involves changing how the mock index is handled in tests to make it possible to test this updating behaviour.