Bug: unable to locate index metadata for existent sxd-xpath crate

EmbarkStudios / cargo-deny

❌ Cargo plugin for linting your dependencies 🦀

http://embark.rs

Apache License 2.0

1.62k stars 80 forks source link

Bug: unable to locate index metadata for existent sxd-xpath crate #630

Closed SVilgelm closed 4 months ago

SVilgelm commented 4 months ago

Describe the bug

warning[index-failure]: unable to check for yanked crates
    ┌─ ...\Cargo.lock:151:1
    │
151 │ sxd-xpath 0.4.2 registry+https://github.com/rust-lang/crates.io-index
    │ --------------------------------------------------------------------- crate whose registry we failed to query
    │
    = unable to locate index metadata
    = sxd-xpath v0.4.2

To reproduce

add sxd-xpath as dependency
run cargo deny check all

cargo-deny version

cargo-deny 0.14.16

What OS were you running cargo-deny on?

Windows

Additional context

the 0.4.2 version is present in the db: https://github.com/rust-lang/crates.io-index/blob/master/sx/d-/sxd-xpath#L9

but the crate is not present in the advisory-dbs folder: CARGO_HOME\advisory-dbs\github.com-2f857891b7f43c59\crates

Jake-Shadle commented 4 months ago

I'm guessing you or crates.io had a temporary connection issue and cargo was unable to download the index entry for that crate as I cannot repro this issue. cargo-deny does not itself fetch crates nor their index entries but leaves that to cargo. And the advisories-dbs directory only contains clones of advisory databses (eg https://github.com/RustSec/advisory-db), it's completely unrelated to yank checking.

Feel free to re-open if this problem persists.

SVilgelm commented 3 months ago

@Jake-Shadle Do you know how can I debug this issue, because it is constant and reproducible every time on my laptop?

Jake-Shadle commented 3 months ago

Check which index you are actually using, if you are using the sparse index the file should be located in $CARGO_HOME/registry/index/index.crates.io-6f17d22bba15001f/.cache/sx/d-/sxd-xpath, if you are using the git index it should be $CARGO_HOME/registry/index/github.com-1ecc6299db9ec823/.cache/sx/d-/sxd-xpath
Confirm the file actually has the version you expect
If the file is there and valid, then there is an issue with reading the file:
You might be using either an outdated (<1.54) or new (nightly) cargo version which can't be read
Maybe some weird permissions issue?
Maybe the file is locked exclusively and can't be read?

Basically, you can set a breakpoint here and step through until the error is clear. I'll make a PR to actually show the full error in the diagnostic in the meantime since the current one is so unhelpful.

SVilgelm commented 3 months ago

Okay, i've figured out. I work for Microsoft, and due to security rules, we cannot fetch the crates from crates.io, instead we have to use the Azure DevOpst feeds, like an internal mirror. So, the .cargo/config.toml file has an override for crates-io source:

[registries]
WlmOxide = { index = "sparse+https://.../WlmOxide/Cargo/index/" }

[source.crates-io]
replace-with = "WlmOxide"

which means, that cargo tool does not fetch anything from crates.io, but fetches from the internal registry. And the deny worked only because I cloned some other projects on my laptop and build them, so cargo was able to fetch some crates from crates.io. And the issue I had was because of the outdated index. Now deny works fine, I commented out those lines, run cargo update --dry-run to fetch the crates from crates.io and no issues :)

SVilgelm commented 3 months ago

thank you for your help!