search

crev-dev / cargo-crev

A cryptographically verifiable code review system for the cargo (Rust) package manager.
Apache License 2.0
2.09k stars 89 forks source link

Bug: "the lock file needs to be updated" #725

Open lolbinarycat opened 6 months ago

lolbinarycat commented 6 months ago

Reproduction steps:

$ mv Cargo.lock Cargo.lock.old # also happens if Cargo.lock contains old library versions, but this is simpler to reproduce
$ cargo crev verify --show-all

command output:

    Updating crates.io index
the lock file /home/binarycat/src/rs/rdeck/Cargo.lock needs to be updated but --locked was passed to prevent this
If you want to try to generate the lock file without accessing the network, remove the --locked flag and use --offline instead.

it is impossible to get a backtrace, as the program exits successfully (status code 0), but fails to do anything.

$ cargo crev --version
cargo-crev 0.25.4

crev installed via nix-env

OS: NixOS 23.11.4315.c68a9fc85c2c (Tapir) x86_64 Kernel: 6.7.4

lolbinarycat commented 6 months ago

workaround is to run cargo build beforehand