Vendored crates should be checked for changes

[glandium]

I was building Firefox, and tried to do some changes to some rust crate. Doing so made the build fail with something like

error: the listed checksum of ... has changed:
expected: ...
actual: ...

directory sources are not intended to be edited, if modifications are required then it is recommended that [replace] is used with a forked copy of the source

That's an IMO annoying feature of cargo, but this is not what this issue is about. The problem is the following: if I actually build the crate first, and then make the changes, rebuilding just goes on acting as if I had made no change, saying Fresh $crate_name.

It seems to me cargo should fail with the exact same error as if I hadn't already built.

Cc: @alexcrichton

[alexcrichton]

This is currently expected behavior in that Cargo treats vendored crates like it does crates.io, it doesn't check any mtimes as it assumes it's all read-only. It is a performance optimization to not even look at the filesystem for these crates on incremental builds.

The correct way to modify a vendored crate is to use [patch] or a path dependency, and Cargo will then correctly handle the crate on incremental rebuilds as it knows that it's not a readonly dependency.

[ctrlcctrlv]

The correct way to modify a vendored crate is to use [patch] or a path dependency, and Cargo will then correctly handle the crate on incremental rebuilds as it knows that it's not a readonly dependency.

Fortunately GNU Guix can bypass this pointless check, as I today discovered.

https://fredrickbrennan.medium.com/how-to-bypass-rust-cargo-error-directory-sources-are-not-intended-to-be-edited-ab2f257b89da

[k3d3]

When I vendor code into my repository, it changes line endings (and nothing else) which triggers this check. Is there any way to disable or at least mitigate the error in this situation?

[ctrlcctrlv]

Does revendor.scm not work for you?

[epage]

As this is expected behavior and is important for performance reasons, I'm going to propose to the cargo team that we close this.

[weihanglo]

Instead of closing this now, I would like to see an improvement in the cargo-vendor doc. Could document that vendored sources are not intended to be modified, and [patch] is the correct way to do it.

[briansmith]

Instead of closing this now, I would like to see an improvement in the cargo-vendor doc. Could document that vendored sources are not intended to be modified, and [patch] is the correct way to do it.

cargo-vendor should have an option to generate the necessary [patch] for the vendored crates.

[LuuuXXX]

claim first, question it later~ @rustbot claim

[weihanglo]

#13512 has improved the doc a bit, so I am fine closing this.

cargo-vendor should have an option to generate the necessary [patch] for the vendored crates.

@briansmith feel free to open an issue if you have an idea how it would look like. Thank you :)