-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Include cargo_vcs_info.json even for dirty working directories #13695
Comments
Is there a reason to be mutating For #13456, I am actively working on a fix. I posted the last major refactor today (#13693) before I can make the relevant change. That said, I agree with the idea and it makes me wonder why this wasn't considered before. #5886 and its predecessor don't really say much on motivation. Same with #9866. |
The biggest risk with this is if someone assumes the presence of I talked to @joshtriplett to get some historical perspective and they don't see an issue and don't think that above use case should be large enough for us to work around (e.g. adding a |
https://github.com/tokio-rs/async-stream/blob/v0.3.5/async-stream/Cargo.toml#L23 is an example of a crate that removed non-workspace crates-io dev-dep to avoid a cycle (tokio-test) |
I'm not seeing I'm also not too sure the point you are trying to get across. In theory, there isn't a reason to do that manually anymore. However, that is independent of whether we go forward with this and I've marked it as Accepted though I'm assuming we'd hold an FCP for it but I expect that to be relatively smooth. |
Adding a "dirty" field would help here, unless they are just looking for the file (not the contents of the file. In which case there really isn't much you can do about it. Another use case here is that of briansmith/ring#1460 (comment). TLDR: ring has a perl script(!) to generate assembly files, and also pre-compiles these for Windows so users don't need nasm to build ring. I can only assume that this predates stable support for inline assembly / global assembly in Rust. But I can imagine other similar use cases, where you want to pre-generate some data that requires exotic tools / takes an excessive amount of time to build. It's not ideal of course, but the real world rarely is. |
To clarify, I brought that up to talk about the impact on compatibility and not so much about people writing correct code in the future. All they have to go off of right now is the presence of the file. |
Makes sense, but:
|
Sorry, I've pasted a wrong link. It was meant to be async-stream 0.3.5 -> tokio-test -> tokio-stream -> async-stream #13695 (comment) |
Thanks! That is a bit different because they aren't in the same repo and so not using a path dependency between them to allow breaking the cycle. I wonder if that is something we could improve since dev-dependencies don't matter for the Index and so no one should be affected by this virtual cycle. |
@taiki-e can you provide any insight into the async-stream publishing process? What is the direct problem cargo or crates.io is giving you that is leading to tokio-test to be stripped? As noted in my previous message, I'm wondering if there is a change that can be made to make this work. |
tokio-rs/async-stream#102 (comment)
(My understanding has not changed since my previous answer.) |
So I think the issue with async-stream can be solved if #4242 is solved or a workaround that works for dev-dependencies that have a version is added (a known workaround doesn't work with such a case). |
Would love to see this. |
#8434 is also related I believe. |
Include vcs_info even if workspace is dirty ### What does this PR try to resolve? Related to #13695. Generates and packages the `.cargo_vcs_info.json` file even if the worktree is dirty, as long as `--allow-dirty` is passed. Also added a `dirty` field to the file to record if the Git repository status is dirty. Tests are included.
Problem
Currently, Cargo includes a
.cargo_vcs_info.json
file when publishing, but only if the working copy is clean and--allow-dirty
is not used.However, this metadata is needed regardless whether the directory was modified or not. It's unlikely the path in repo would change, and it is still needed for resolving relative paths in README, creating links to the crate, and still helpful for quickly finding the crate in its repository.
Even having the commit hash is still useful, because it provides a base commit to diff from.
There are situations where it's still necessary to edit the
Cargo.toml
file, e.g. to publish crates with circular dev dependencies (#4242), or explicitly specified tests/benchmarks that are excluded from the tarball (#13456). In this case the commit hash is basically still accurate.Note that Cargo omitting the commit hash when the directory is dirty is not a guarantee that packages with a commit hash are matching their commit. Dishonest users can always modify Cargo to make it lie or upload a manipulated tarball themselves, so this file is informational, not an integrity guarantee.
Proposed Solution
Cargo could always include the commit hash when available. Perhaps add
"dirty":true
if reporting that state is deemed important. Alternatively, provide an option of--allow-dirty-but-still-include-the-commit-hash
.Notes
No response
The text was updated successfully, but these errors were encountered: