Fix publishing renamed dependencies to crates.io

[alexcrichton]

This commit fixes publishing crates which contain locally renamed dependencies
to crates.io. Previously this lack of information meant that although we could
resolve the crate graph correctly it wouldn't work well with respect to optional
features and optional dependencies. The fix here is to persist this information
into the registry about the crate being renamed in Cargo.toml, allowing Cargo
to correctly deduce feature names as it does when it has Cargo.toml locally.

A dual side of this commit is to publish this information to crates.io. We'll
want to merge the associated PR (link to come soon) on crates.io first and make
sure that's deployed as well before we stabilize the crate renaming feature.

The index format is updated as well as part of this change. The name key for
dependencies is now unconditionally what was written in Cargo.toml as the
left-hand-side of the dependency specification. In other words this is the raw
crate name, but only for the local crate. A new key, package, is added to
dependencies (and it can be None). This key indicates the crates.io package is
being linked against, an represents the package key in Cargo.toml.

It's important to consider the interaction with older Cargo implementations
which don't support the package key in the index. In these situations older
Cargo binaries will likely fail to resolve entirely as the renamed name is
unlikely to exist on crates.io. For example the futures crate now has an
optional dependency with the name futures01 which depends on an older version
of futures on crates.io. The string futures01 will be listed in the index
under the "name" key, but no futures01 crate exists on crates.io so older
Cargo will generate an error. If the crate does exist on crates.io, then even
weirder error messages will likely result.

Closes #5962

[rust-highfive]

r? @matklad

(rust_highfive has picked a reviewer for you, use r? to override)

[alexcrichton]

r? @ehuss

cc @withoutboats

[Eh2406]

It's important to consider the interaction with older Cargo implementations
which don't support the package key in the index.

This is a radical thought for how to make sure that older cargos do not see this package, what if we rename the name field to package_name_in_index if explicit_name_in_toml is Some. Now older cargos that expect the name field to be present will just not deserialize it from the index.

[withoutboats]

@Eh2406 There's a trade off there: on the one hand, always erroring on data you don't understand makes sure you don't have any kind of spurious success; on the other hand, sometimes the program could've succeeded & now won't because it doesn't care about the name field (thinking of extension tools), but it still expects it to be there during deserialization.

I think there's no risk of users downloading the wrong package, because if they get a different package named name, it won't checksum, right? (Unless someone's written a custom tool which doesn't validate the checksums, but I think that's out of scope for us.)

[alexcrichton]

@Eh2406 an interesting though! I think it's certainly possible we could do that, although we've never really focused on this before. Historically all features we've added to Cargo which changed the index just made older Cargos confused.

@withoutboats ah unfortunately checksums are only in place once you've got a lock file, typically this error would be hit when you're forming a lock file. In that sense I don't think the checksums protect us, but I don't think we need to bend over backwards too much here.

[alexcrichton]

@ehuss I think you mentioned on IRC, but does this strategy look ok to you? If so I'll get the crates.io PR merged and then we can merge this

[ehuss]

Ah, yea, this seems fine to me. 👍

There is the bigger question of schema compatibility and versioning to provide better error messages. However, that seems like a much bigger issue similar to the scope of RFC 2495, and I don't see that happening soon, and getting this bug fixed seems pretty important for this feature.

[alexcrichton]

@bors: r=ehuss

[bors]

📌 Commit e82443d has been approved by ehuss

[bors]

⌛ Testing commit e82443d with merge 6a811f462b071663eba66f75c40968ed743113e1...

[bors]

💔 Test failed - status-appveyor

[alexcrichton]

@bors: retry

[bors]

⌛ Testing commit e82443d with merge 74b4f4f...

[bors]

☀️ Test successful - status-appveyor, status-travis
Approved by: ehuss
Pushing 74b4f4f to master...