Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cargo publish fails with an error #139

Open
dupgit opened this issue Mar 26, 2024 · 1 comment
Open

cargo publish fails with an error #139

dupgit opened this issue Mar 26, 2024 · 1 comment

Comments

@dupgit
Copy link

dupgit commented Mar 26, 2024

Problem description

Hi,

I have two small projects [1] [2] using bash-builtins crate and can not publish them to crates.io as cargo publish command used along with the alias alias cargo="cargo auditable" does throw the following error:

->  cargo publish
    Updating crates.io index
   Packaging createdir-bash-builtin v0.1.0 (/home/dup/Dossiers_Perso/projets/rust-projects/createdir-bash-builtin)
   Verifying createdir-bash-builtin v0.1.0 (/home/dup/Dossiers_Perso/projets/rust-projects/createdir-bash-builtin)
    Updating crates.io index
   Compiling proc-macro2 v1.0.79
…
    Finished dev [unoptimized + debuginfo] target(s) in 4.97s
error: failed to verify package tarball

Caused by:
  Source directory was modified by build.rs during cargo publish. Build scripts should not modify anything outside of OUT_DIR.
  Added: /home/dup/Dossiers_Perso/projets/rust-projects/createdir-bash-builtin/target/package/createdir-bash-builtin-0.1.0/Cargo.lock

  To proceed despite this, pass the `--no-verify` flag.

Thanks to Ed Page remarks in cargo issue 13642 I managed to figure out that running without auditable (\cargo publish) just gets the job done.

[1] cpubind-bash-builtin
[2] createdir

I do not know how to go further to provide more trace or logs or anything that could help. Please let me know how I can help more here (and also if my explanations need more precision)

Versions

-> cargo version -v
cargo 1.77.0 (3fe68eabf 2024-02-29)
release: 1.77.0
commit-hash: 3fe68eabf93cbf3772bbcad09a9206c783e2de3f
commit-date: 2024-02-29
host: x86_64-unknown-linux-gnu
libgit2: 1.7.2 (sys:0.18.2 vendored)
libcurl: 8.5.0-DEV (sys:0.4.70+curl-8.5.0 vendored ssl:OpenSSL/1.1.1w)
ssl: OpenSSL 1.1.1w  11 Sep 2023
os: Debian 12 (bookworm) [64-bit]

->  cat ~/.cargo/.crates2.json | jq .installs | grep auditable
  "cargo-auditable 0.6.2 (registry+https://github.com/rust-lang/crates.io-index)": {
      "cargo-auditable"
@dupgit
Copy link
Author

dupgit commented Mar 30, 2024

Thanks to @ayosec the author of bash-builtins that took some time to investigate this bug it seems that cargo auditable is unable to publish crates with crate-type = cdylib. With cargo auditable installed and alias cargo="cargo auditable" set one can use the simple reproducer below which consist to create an empty cdylib crate and try to publish it without really doing so (with --dry-run) :

$ cargo new --lib cdylib
     Created library `cdylib` package

$ cd cdylib
$ echo -e '\n[lib]\ncrate-type = [ "cdylib" ]\n' >>Cargo.toml
$ cargo build
   Compiling cdylib v0.1.0 (/home/dup/Dossiers_Perso/projets/rust-projects/rust-tests/cdylib)
    Finished dev [unoptimized + debuginfo] target(s) in 0.17s

$ git add .
$ git  commit -a -m "Testing cargo auditable publish"
[master (commit racine) 65d64b1] Testing cargo auditable publish
 4 files changed, 34 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 Cargo.lock
 create mode 100644 Cargo.toml
 create mode 100644 src/lib.rs

$ cargo publish --dry-run
    Updating crates.io index
warning: manifest has no description, license, license-file, documentation, homepage or repository.
See https://doc.rust-lang.org/cargo/reference/manifest.html#package-metadata for more info.
   Packaging cdylib v0.1.0 (/home/dup/Dossiers_Perso/projets/rust-projects/rust-tests/cdylib)
   Verifying cdylib v0.1.0 (/home/dup/Dossiers_Perso/projets/rust-projects/rust-tests/cdylib)
   Compiling cdylib v0.1.0 (/home/dup/Dossiers_Perso/projets/rust-projects/rust-tests/cdylib/target/package/cdylib-0.1.0)
    Finished dev [unoptimized + debuginfo] target(s) in 0.30s
error: failed to verify package tarball

Caused by:
  Source directory was modified by build.rs during cargo publish. Build scripts should not modify anything outside of OUT_DIR.
  Added: /home/dup/Dossiers_Perso/projets/rust-projects/rust-tests/cdylib/target/package/cdylib-0.1.0/Cargo.lock

  To proceed despite this, pass the `--no-verify` flag.

$echo $?
101

Rust has been updated to latest :

cargo version -v
cargo 1.77.1 (e52e36006 2024-03-26)
release: 1.77.1
commit-hash: e52e360061cacbbeac79f7f1215a7a90b6f08442
commit-date: 2024-03-26
host: x86_64-unknown-linux-gnu
libgit2: 1.7.2 (sys:0.18.2 vendored)
libcurl: 8.5.0-DEV (sys:0.4.70+curl-8.5.0 vendored ssl:OpenSSL/1.1.1w)
ssl: OpenSSL 1.1.1w  11 Sep 2023
os: Debian 12 (bookworm) [64-bit]

cargo auditable hasn't changed and is still 0.6.2.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dupgit