search

geiger-rs / cargo-geiger

Detects usage of unsafe Rust in a Rust crate and its dependencies.
https://crates.io/crates/cargo-geiger
1.41k stars 67 forks source link

Panic on `assertion failed: self.pending_ids.insert(id)` #479

Closed Piturnah closed 11 months ago

Piturnah commented 1 year ago

Ran in the root directory for Gex, panicked:

$ cargo geiger
thread 'main' panicked at 'assertion failed: self.pending_ids.insert(id)', /home/pit/.cargo/registry/src/index.crates.io-6f17d22bba15001f/cargo-0.69.1/src/cargo/core/package.rs:708:9
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Backtrace ```console thread 'main' panicked at 'assertion failed: self.pending_ids.insert(id)', /home/pit/.cargo/registry/src/index.crates.io-6f17d22bba15001f/cargo-0.69.1/src/cargo/core/package.rs:708:9 stack backtrace: 0: rust_begin_unwind at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/std/src/panicking.rs:578:5 1: core::panicking::panic_fmt at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/core/src/panicking.rs:67:14 2: core::panicking::panic at /rustc/90c541806f23a127002de5b4038be731ba1458ca/library/core/src/panicking.rs:117:5 3: cargo::core::package::Downloads::start 4: cargo::core::package::PackageSet::get_many 5: cargo::ops::cargo_clean::clean 6: cargo_geiger::scan::rs_file::resolve_rs_file_deps 7: cargo_geiger::scan::default::scan 8: cargo_geiger::scan::default::table::scan_to_table 9: cargo_geiger::scan::default::scan_unsafe 10: cargo_geiger::scan::scan 11: cargo_geiger::main note: Some details are omitted, run with `RUST_BACKTRACE=full` for a verbose backtrace. ```

Environment

$ cargo-geiger --version
cargo-geiger 0.11.6

$ cargo --version
cargo 1.70.0 (ec8a8a0ca 2023-04-25)

OS: NixOS 23.05

A248 commented 1 year ago

I am also encountering the same error while using this tool on a personal/work project.

Nicceboy commented 1 year ago

Happens also on MacOS. Tested versions 0.11.4, 0.11.5 and 0.11.6, not older.

cargo --version --verbose
cargo 1.71.0 (cfd3bbd8f 2023-06-08)
release: 1.71.0
commit-hash: cfd3bbd8fe4fd92074dfad04b7eb9a923646839f
commit-date: 2023-06-08
host: aarch64-apple-darwin
libgit2: 1.6.4 (sys:0.17.1 vendored)
libcurl: 8.1.2 (sys:0.4.61+curl-8.0.1 system ssl:(SecureTransport) LibreSSL/3.3.6)
ssl: OpenSSL 1.1.1t  7 Feb 2023
os: Mac OS 14.0.0 [64-bit]
ventaquil commented 1 year ago

Same on Ubuntu 22.04 WSL2

$ cargo geiger --version
cargo-geiger 0.11.6
$ cargo --version --verbose
cargo 1.73.0-nightly (d78bbf4bd 2023-08-03)
release: 1.73.0-nightly
commit-hash: d78bbf4bde3c6b95caca7512f537c6f9721426ff
commit-date: 2023-08-03
host: x86_64-unknown-linux-gnu
libgit2: 1.6.4 (sys:0.17.2 vendored)
libcurl: 8.2.1-DEV (sys:0.4.65+curl-8.2.1 vendored ssl:OpenSSL/1.1.1u)
ssl: OpenSSL 1.1.1u  30 May 2023
os: Ubuntu 22.04 (jammy) [64-bit]
mattrwalters commented 1 year ago

Looks like the issue is affecting a wide number of users so probably not too much extra info here, but getting the same issue on Win11 so thought it would be good to complete the smorgasbord of targets. 

PS C:\path> cargo geiger --version
cargo-geiger 0.11.6
PS C:\path> cargo --version --verbose
cargo 1.73.0-nightly (45782b6b8 2023-07-05)
release: 1.73.0-nightly
commit-hash: 45782b6b8afd1da042d45c2daeec9c0744f72cc7
commit-date: 2023-07-05
host: x86_64-pc-windows-msvc
libgit2: 1.6.4 (sys:0.17.2 vendored)
libcurl: 8.1.2-DEV (sys:0.4.63+curl-8.1.2 vendored ssl:Schannel)
os: Windows 10.0.22621 (Windows 11 Core) [64-bit]

I am trying to run cargo-geiger on all my private unpublished crates in a workspace, not sure if this helps but alas. Running from the crate paths too not the root workspace path.

CGMossa commented 1 year ago

I'm also experiencing this

klimburg commented 1 year ago

I am also having this issue

$ cargo --version --verbose
cargo 1.72.1 (103a7ff2e 2023-08-15)
release: 1.72.1
commit-hash: 103a7ff2ee7678d34f34d778614c5eb2525ae9de
commit-date: 2023-08-15
host: aarch64-apple-darwin
libgit2: 1.6.4 (sys:0.17.2 vendored)
libcurl: 7.86.0 (sys:0.4.63+curl-8.1.2 system ssl:(SecureTransport) LibreSSL/3.3.6)
ssl: OpenSSL 1.1.1u  30 May 2023
os: Mac OS 13.2.1 [64-bit]

And I tried using @fintelia's branch https://github.com/rust-secure-code/cargo-geiger/pull/480 with no luck.

CGMossa commented 1 year ago

I also tried #480 without it working.

shinmao commented 11 months ago

I also run into the same issue :( Anyone resolves it?

bbigras commented 11 months ago

I also run into the same issue :( Anyone resolves it?

try https://github.com/rust-secure-code/cargo-geiger/pull/480#issuecomment-1763223693 . It worked for me

pinkforest commented 11 months ago

Would be interested to know are people using --locked on the cases considering our Cargo.lock is locked to 0.69.0 and the trouble seems to be with unlocked builds that get 0.69.1 hitting some type of compat thing / red herring that's been there.

Will have to figure out how, where and what caused that assert failure exactly.

Will also need to adjust install doc to say to use --locked + --release and use binary builds which we'll need a pipeline.

fwiw - We are also getting rid of the cargo as library dependency later but we'll just bump the lib in the meantime.

pinkforest commented 11 months ago

OK when not using --locked that gets 0.69.1 where as we lock to 0.69.0

This seems related on which cargo version is encountered in the runtime from $PATH w/ 0.69.1 unlocked dep

Nightly from $PATH - Fails

$ rustup default nightly
info: using existing install for 'nightly-x86_64-unknown-linux-gnu'
info: default toolchain set to 'nightly-x86_64-unknown-linux-gnu'

  nightly-x86_64-unknown-linux-gnu unchanged - rustc 1.73.0-nightly (03a119b0b 2023-08-07)

$ cargo geiger
thread 'main' panicked at /home/foobar/.cargo/registry/src/index.crates.io-6f17d22bba15001f/cargo-0.69.1/src/cargo/core/package.rs:708:9:                                                                            
assertion failed: self.pending_ids.insert(id)

Stable 1.71 - Fails

[foobar@localhost cargo-geiger]$ rustup default stable
info: using existing install for 'stable-x86_64-unknown-linux-gnu'
info: default toolchain set to 'stable-x86_64-unknown-linux-gnu'

  stable-x86_64-unknown-linux-gnu unchanged - rustc 1.71.1 (eb26296b5 2023-08-03)

$ cargo geiger
thread 'main' panicked at /home/foobar/.cargo/registry/src/index.crates.io-6f17d22bba15001f/cargo-0.69.1/src/cargo/core/package.rs:708:9:                                                                            
assertion failed: self.pending_ids.insert(id)
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Stable 1.69.0 - OK

$ rustup default 1.69.0
info: using existing install for '1.69.0-x86_64-unknown-linux-gnu'
info: default toolchain set to '1.69.0-x86_64-unknown-linux-gnu'

  1.69.0-x86_64-unknown-linux-gnu unchanged - rustc 1.69.0 (84c898d65 2023-04-16)

$ cargo geiger
  Downloaded openssl-src v111.25.2+1.1.1t
  Downloaded 1 crate (5.1 MB) in 1.33s

Stable - 1.70 OK

$ rustup default 1.70.0
info: using existing install for '1.70.0-x86_64-unknown-linux-gnu'
info: default toolchain set to '1.70.0-x86_64-unknown-linux-gnu'

  1.70.0-x86_64-unknown-linux-gnu unchanged - rustc 1.70.0 (90c541806 2023-05-31)

$ cargo geiger
   Compiling libc v0.2.140
   Compiling proc-macro2 v1.0.54

This seems to be some kind of tricky side effect somewhere and hits the assert at download phase.

pinkforest commented 11 months ago

When using --locked and we get cargo 0.69.0 as lib dependency (through Cargo.lock) it all works OK as suspected

$ rustup default nightly
info: using existing install for 'nightly-x86_64-unknown-linux-gnu'
info: default toolchain set to 'nightly-x86_64-unknown-linux-gnu'

  nightly-x86_64-unknown-linux-gnu unchanged - rustc 1.73.0-nightly (03a119b0b 2023-08-07)

$ cargo geiger
^C  Cleaning [=================>       ] 211/287: ct-codecs, 226 files/folders cleaned

Now need to hunt that side effect but will flick a quick instruction for people to use --locked when installing the bin.

thief-sty commented 11 months ago

Still getting the same issue even though I installed using --locked.

$ RUST_BACKTRACE=full cargo geiger
thread 'main' panicked at /home/sty/.cargo/registry/src/index.crates.io-6f17d22bba15001f/cargo-0.69.0/src/cargo/core/package.rs:708:9:                                 
assertion failed: self.pending_ids.insert(id)
stack backtrace:
   0:     0x55b0feefb4ac - std::backtrace_rs::backtrace::libunwind::trace::ha69d38c49f1bf263
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/std/src/../../backtrace/src/backtrace/libunwind.rs:93:5
   1:     0x55b0feefb4ac - std::backtrace_rs::backtrace::trace_unsynchronized::h93125d0b85fd543c
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
   2:     0x55b0feefb4ac - std::sys_common::backtrace::_print_fmt::h8d65f438e8343444
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/std/src/sys_common/backtrace.rs:67:5
   3:     0x55b0feefb4ac - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::h41751d2af6c8033a
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/std/src/sys_common/backtrace.rs:44:22
   4:     0x55b0fef2befc - core::fmt::rt::Argument::fmt::h5db2f552d8a28f63
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/core/src/fmt/rt.rs:138:9
   5:     0x55b0fef2befc - core::fmt::write::h99465148a27e4883
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/core/src/fmt/mod.rs:1114:21
   6:     0x55b0feef70ae - std::io::Write::write_fmt::hee8dfd57bd179ab2
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/std/src/io/mod.rs:1763:15
   7:     0x55b0feefb294 - std::sys_common::backtrace::_print::h019a3cee3e814da4
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/std/src/sys_common/backtrace.rs:47:5
   8:     0x55b0feefb294 - std::sys_common::backtrace::print::h55694121c2ddf918
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/std/src/sys_common/backtrace.rs:34:9
   9:     0x55b0feefd3d3 - std::panicking::default_hook::{{closure}}::h29cbe3da3891b0b0
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/std/src/panicking.rs:272:22
  10:     0x55b0feefd0f4 - std::panicking::default_hook::h881e76b2b8c74280
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/std/src/panicking.rs:292:9
  11:     0x55b0feefd955 - std::panicking::rust_panic_with_hook::hcc36e25b6e33969c
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/std/src/panicking.rs:731:13
  12:     0x55b0feefd806 - std::panicking::begin_panic_handler::{{closure}}::ha415efb0f69f41f9
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/std/src/panicking.rs:601:13
  13:     0x55b0feefb9d6 - std::sys_common::backtrace::__rust_end_short_backtrace::h395fe90f99451e4e
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/std/src/sys_common/backtrace.rs:170:18
  14:     0x55b0feefd5a2 - rust_begin_unwind
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/std/src/panicking.rs:597:5
  15:     0x55b0fe6becc5 - core::panicking::panic_fmt::h452a83e54ecd764e
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/core/src/panicking.rs:72:14
  16:     0x55b0fe6bed63 - core::panicking::panic::h440670b29ba8362f
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/core/src/panicking.rs:127:5
  17:     0x55b0fe9b5f35 - cargo::core::package::Downloads::start::h1ec8de08cf572a3d
  18:     0x55b0fe9b3d7b - cargo::core::package::PackageSet::get_many::hf19b0114330903ce
  19:     0x55b0feb32261 - cargo::ops::cargo_clean::clean::h1c300acee69bd40b
  20:     0x55b0fe6ea5f3 - cargo_geiger::scan::rs_file::resolve_rs_file_deps::h16442dc6c481f807
  21:     0x55b0fe73825f - cargo_geiger::scan::default::scan::h6ca2f9b8772d972d
  22:     0x55b0fe6e736c - cargo_geiger::scan::default::table::scan_to_table::hc7c08649c925b4d9
  23:     0x55b0fe736833 - cargo_geiger::scan::default::scan_unsafe::h0bc164eae5cbe05a
  24:     0x55b0fe70e4a3 - cargo_geiger::scan::scan::h00da78eca270efa2
  25:     0x55b0fe6c8eb5 - cargo_geiger::main::h58112a9123b50bca
  26:     0x55b0fe6c9953 - std::sys_common::backtrace::__rust_begin_short_backtrace::h66fc7834998de3cf
  27:     0x55b0fe6c9969 - std::rt::lang_start::{{closure}}::had9432c4f4a3fc6c
  28:     0x55b0feeee25b - core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once::h14c5f6d1cd70a60f
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/core/src/ops/function.rs:284:13
  29:     0x55b0feeee25b - std::panicking::try::do_call::h2d02374ca451446a
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/std/src/panicking.rs:504:40
  30:     0x55b0feeee25b - std::panicking::try::h9f7922394bf57392
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/std/src/panicking.rs:468:19
  31:     0x55b0feeee25b - std::panic::catch_unwind::ha1600f9dd4ee7270
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/std/src/panic.rs:142:14
  32:     0x55b0feeee25b - std::rt::lang_start_internal::{{closure}}::hfbd80e7d681b21a1
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/std/src/rt.rs:148:48
  33:     0x55b0feeee25b - std::panicking::try::do_call::heacaa33dbdaa16e0
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/std/src/panicking.rs:504:40
  34:     0x55b0feeee25b - std::panicking::try::h637875f7c9db85ea
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/std/src/panicking.rs:468:19
  35:     0x55b0feeee25b - std::panic::catch_unwind::h4caa9c0c78cb4c19
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/std/src/panic.rs:142:14
  36:     0x55b0feeee25b - std::rt::lang_start_internal::h2d6a60ec944b523d
                               at /rustc/a28077b28a02b92985b3a3faecf92813155f1ea1/library/std/src/rt.rs:148:20
  37:     0x55b0fe6c9945 - main
  38:     0x7f7848445cd0 - <unknown>
  39:     0x7f7848445d8a - __libc_start_main
  40:     0x55b0fe6bf4b5 - _start
  41:                0x0 - <unknown>
pinkforest commented 11 months ago

Please provide more details 1) re: environment: rustup show

And what 2) exact command was used to build & install.

It would help if 2) is the full command and it's output - provided by the build & install as that is the cause of these failures where as the runtime error is separate effect but not the root cause.

Thanks.

Expurple commented 10 months ago

I've also encountered this error today. Maybe this is because 0.11.7 is not on crates.io and cargo install --locked cargo-geiger installs 0.11.6? Details:

Environment ```text $ rustup show Default host: x86_64-unknown-linux-gnu rustup home: /home/dima/.rustup installed toolchains -------------------- stable-x86_64-unknown-linux-gnu (default) nightly-x86_64-unknown-linux-gnu active toolchain ---------------- stable-x86_64-unknown-linux-gnu (default) rustc 1.75.0 (82e1608df 2023-12-21) ```
Installation command and output ```text $ cargo install --locked cargo-geiger Updating crates.io index Downloaded cargo-geiger v0.11.6 Downloaded 1 crate (74.2 KB) in 2.47s Installing cargo-geiger v0.11.6 Updating crates.io index warning: package `crossbeam-channel v0.5.7` in Cargo.lock is yanked in registry `crates-io`, consider running without --locked warning: package `hermit-abi v0.3.1` in Cargo.lock is yanked in registry `crates-io`, consider running without --locked Updating crates.io index Downloaded openssl-macros v0.1.0 Downloaded home v0.5.4 Downloaded signature v2.0.0 Downloaded camino v1.1.4 Downloaded opener v0.5.2 Downloaded toml_datetime v0.5.1 Downloaded memoffset v0.8.0 Downloaded strip-ansi-escapes v0.1.1 Downloaded globset v0.4.10 Downloaded filetime v0.2.20 Downloaded anstyle-parse v0.1.1 Downloaded cargo-platform v0.1.2 Downloaded ordered-float v2.10.0 Downloaded clap_lex v0.4.1 Downloaded termcolor v1.2.0 Downloaded env_logger v0.10.0 Downloaded serde_derive v1.0.159 Downloaded colored v2.0.0 Downloaded anstyle v0.3.5 Downloaded arrayvec v0.5.2 Downloaded vte v0.10.1 Downloaded semver v1.0.17 Downloaded anyhow v1.0.70 Downloaded const-oid v0.9.2 Downloaded rayon-core v1.11.0 Downloaded flate2 v1.0.25 Downloaded serde v1.0.159 Downloaded crossbeam-channel v0.5.7 Downloaded aho-corasick v0.7.20 Downloaded combine v4.6.6 Downloaded rayon v1.7.0 Downloaded serde_json v1.0.95 Downloaded krates v0.11.0 Downloaded libc v0.2.140 Downloaded linux-raw-sys v0.3.1 Downloaded concolor-query v0.3.3 Downloaded is-terminal v0.4.6 Downloaded rustc-workspace-hack v1.0.0 Downloaded crypto-hash v0.3.4 Downloaded concolor-override v1.0.0 Downloaded pico-args v0.5.0 Downloaded cpufeatures v0.2.6 Downloaded vte_generate_state_changes v0.1.1 Downloaded bytesize v1.2.0 Downloaded git2-curl v0.17.0 Downloaded cargo-geiger-serde v0.2.5 Downloaded serde_ignored v0.1.7 Downloaded anstream v0.2.6 Downloaded sec1 v0.7.1 Downloaded hex v0.3.2 Downloaded crates-io v0.35.1 Downloaded cargo_metadata v0.15.3 Downloaded geiger v0.4.12 Downloaded spki v0.7.0 Downloaded primeorder v0.13.0 Downloaded pkcs8 v0.10.1 Downloaded walkdir v2.3.3 Downloaded tar v0.4.38 Downloaded ecdsa v0.16.2 Downloaded cargo-util v0.2.3 Downloaded console v0.15.5 Downloaded io-lifetimes v1.0.9 Downloaded cfg-expr v0.10.3 Downloaded jobserver v0.1.26 Downloaded proc-macro2 v1.0.54 Downloaded crossbeam-epoch v0.9.14 Downloaded clap v4.2.1 Downloaded openssl-sys v0.9.83 Downloaded elliptic-curve v0.13.2 Downloaded crypto-bigint v0.5.1 Downloaded der v0.7.1 Downloaded toml_edit v0.15.0 Downloaded pasetors v0.6.6 Downloaded git2 v0.16.0 Downloaded clap_builder v4.2.1 Downloaded orion v0.17.4 Downloaded libz-sys v1.1.8 Downloaded syn v2.0.12 Downloaded regex v1.7.3 Downloaded openssl v0.10.48 Downloaded rustix v0.37.5 Downloaded bstr v1.4.0 Downloaded fiat-crypto v0.1.19 Downloaded libssh2-sys v0.2.23 Downloaded libgit2-sys v0.14.1+1.5.0 Downloaded cargo v0.69.0 Downloaded libnghttp2-sys v0.1.7+1.45.0 Downloaded curl-sys v0.4.61+curl-8.0.1 Downloaded 88 crates (21.3 MB) in 9.29s (largest was `libnghttp2-sys` at 4.5 MB) Compiling libc v0.2.140 Compiling proc-macro2 v1.0.54 Compiling autocfg v1.1.0 Compiling cfg-if v1.0.0 Compiling quote v1.0.26 Compiling unicode-ident v1.0.8 Compiling pkg-config v0.3.26 Compiling version_check v0.9.4 Compiling serde_derive v1.0.159 Compiling typenum v1.16.0 Compiling serde v1.0.159 Compiling zeroize v1.6.0 Compiling generic-array v0.14.7 Compiling subtle v2.4.1 Compiling memchr v2.5.0 Compiling bitflags v1.3.2 Compiling log v0.4.17 Compiling syn v1.0.109 Compiling base64ct v1.6.0 Compiling io-lifetimes v1.0.9 Compiling pem-rfc7468 v0.7.0 Compiling syn v2.0.12 Compiling tinyvec_macros v0.1.1 Compiling rustix v0.37.5 Compiling const-oid v0.9.2 Compiling der v0.7.1 Compiling tinyvec v1.6.0 Compiling jobserver v0.1.26 Compiling getrandom v0.2.8 Compiling cc v1.0.79 Compiling crypto-common v0.1.6 Compiling block-buffer v0.10.4 Compiling rand_core v0.6.4 Compiling digest v0.10.6 Compiling linux-raw-sys v0.3.1 Compiling crc32fast v1.3.2 Compiling once_cell v1.17.1 Compiling hmac v0.12.1 Compiling unicode-normalization v0.1.22 Compiling percent-encoding v2.2.0 Compiling unicode-bidi v0.3.13 Compiling serde_json v1.0.95 Compiling itoa v1.0.6 Compiling spki v0.7.0 Compiling form_urlencoded v1.1.0 Compiling idna v0.3.0 Compiling pkcs8 v0.10.1 Compiling ff v0.13.0 Compiling libz-sys v1.1.8 Compiling openssl-sys v0.9.83 Compiling libnghttp2-sys v0.1.7+1.45.0 Compiling curl-sys v0.4.61+curl-8.0.1 Compiling libssh2-sys v0.2.23 Compiling semver v1.0.17 Compiling ryu v1.0.13 Compiling utf8parse v0.2.1 Compiling base16ct v0.2.0 Compiling crossbeam-utils v0.8.15 Compiling sec1 v0.7.1 Compiling group v0.13.0 Compiling libgit2-sys v0.14.1+1.5.0 Compiling hkdf v0.12.3 Compiling crypto-bigint v0.5.1 Compiling aho-corasick v0.7.20 Compiling memoffset v0.8.0 Compiling indexmap v1.9.3 Compiling anyhow v1.0.70 Compiling regex-syntax v0.6.29 Compiling is-terminal v0.4.6 Compiling num-traits v0.2.15 Compiling crossbeam-epoch v0.9.14 Compiling cpufeatures v0.2.6 Compiling regex-automata v0.1.10 Compiling curl v0.4.44 Compiling elliptic-curve v0.13.2 Compiling openssl-probe v0.1.5 Compiling openssl v0.10.48 Compiling foreign-types-shared v0.1.1 Compiling hashbrown v0.12.3 Compiling foreign-types v0.3.2 Compiling bstr v1.4.0 Compiling anstyle-parse v0.1.1 Compiling filetime v0.2.20 Compiling rfc6979 v0.4.0 Compiling regex v1.7.3 Compiling signature v2.0.0 Compiling socket2 v0.4.9 Compiling concolor-override v1.0.0 Compiling either v1.8.1 Compiling same-file v1.0.6 Compiling scopeguard v1.1.0 Compiling concolor-query v0.3.3 Compiling thiserror v1.0.40 Compiling lazy_static v1.4.0 Compiling camino v1.1.4 Compiling anstyle v0.3.5 Compiling walkdir v2.3.3 Compiling anstream v0.2.6 Compiling ecdsa v0.16.2 Compiling tar v0.4.38 Compiling primeorder v0.13.0 Compiling sha2 v0.10.6 Compiling thiserror-impl v1.0.40 Compiling bitmaps v2.1.0 Compiling vte_generate_state_changes v0.1.1 Compiling im-rc v15.1.0 Compiling fiat-crypto v0.1.19 Compiling hex v0.3.2 Compiling time-core v0.1.0 Compiling openssl-macros v0.1.0 Compiling url v2.3.1 Compiling cargo-platform v0.1.2 Compiling strsim v0.10.0 Compiling fastrand v1.9.0 Compiling bytes v1.4.0 Compiling arrayvec v0.5.2 Compiling rayon-core v1.11.0 Compiling static_assertions v1.1.0 Compiling fnv v1.0.7 Compiling clap_lex v0.4.1 Compiling rustversion v1.0.12 Compiling clap_builder v4.2.1 Compiling globset v0.4.10 Compiling kstring v2.0.0 Compiling vte v0.10.1 Compiling combine v4.6.6 Compiling crypto-hash v0.3.4 Compiling tempfile v3.5.0 Compiling toml_datetime v0.5.1 Compiling time v0.3.20 Compiling sized-chunks v0.6.5 Compiling orion v0.17.4 Compiling ordered-float v2.10.0 Compiling p384 v0.13.0 Compiling crossbeam-deque v0.8.3 Compiling itertools v0.10.5 Compiling crossbeam-channel v0.5.7 Compiling thread_local v1.1.7 Compiling rand_xoshiro v0.6.0 Compiling ed25519-compact v2.0.4 Compiling num_cpus v1.15.0 Compiling unicode-width v0.1.10 Compiling fixedbitset v0.4.2 Compiling ct-codecs v1.1.1 Compiling shell-escape v0.1.5 Compiling hex v0.4.3 Compiling termcolor v1.2.0 Compiling humantime v2.1.0 Compiling smallvec v1.10.0 Compiling cargo-util v0.2.3 Compiling cfg-expr v0.10.3 Compiling env_logger v0.10.0 Compiling pasetors v0.6.6 Compiling petgraph v0.6.3 Compiling toml_edit v0.15.0 Compiling ignore v0.4.20 Compiling serde-value v0.7.0 Compiling cargo_metadata v0.15.3 Compiling clap v4.2.1 Compiling strip-ansi-escapes v0.1.1 Compiling rustfix v0.6.1 Compiling cargo-geiger-serde v0.2.5 Compiling os_info v3.7.0 Compiling serde_ignored v0.1.7 Compiling opener v0.5.2 Compiling sha1 v0.10.5 Compiling atty v0.2.14 Compiling http-auth v0.1.8 Compiling bytesize v1.2.0 Compiling rustc-workspace-hack v1.0.0 Compiling lazycell v1.3.0 Compiling unicode-xid v0.2.4 Compiling home v0.5.4 Compiling glob v0.3.1 Compiling pathdiff v0.2.1 Compiling heck v0.4.1 Compiling base64 v0.13.1 Compiling strum_macros v0.24.3 Compiling colored v2.0.0 Compiling geiger v0.4.12 Compiling krates v0.11.0 Compiling rayon v1.7.0 Compiling console v0.15.5 Compiling pico-args v0.5.0 Compiling strum v0.24.1 Compiling flate2 v1.0.25 Compiling cargo v0.69.0 Compiling crates-io v0.35.1 Compiling git2 v0.16.0 Compiling git2-curl v0.17.0 Compiling cargo-geiger v0.11.6 Finished release [optimized] target(s) in 2m 56s Installing /home/dima/.cargo/bin/cargo-geiger Installed package `cargo-geiger v0.11.6` (executable `cargo-geiger`) ```
Command and output in my proprietary codebase (I interrupted the download the first time) ```text $ cargo geiger Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Updating crates.io index ^C Fetch [===> ] 17.94%, 2.97MiB/s ```
Command and output in my proprietary codebase (the second time) ```text $ cargo geiger Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Failed to match (ignoring source) package: anstyle 1.0.4 (registry+https://github.com/rust-lang/crates.io-index) Updating crates.io index thread 'main' panicked at /home/dima/.cargo/registry/src/index.crates.io-6f17d22bba15001f/cargo-0.69.0/src/cargo/core/package.rs:708:9: assertion failed: self.pending_ids.insert(id) note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace ```
mleonhard commented 9 months ago

This fixed the problem for me on macOS 13.6.3: cargo install --locked --features vendored-openssl --force --git https://github.com/geiger-rs/cargo-geiger cargo-geiger My macOS machine was installing 0.11.6. It seems that 0.11.7 is not on crates.io. The command above installs it from git. Now cargo-geiger is working great again!

pinkforest, Thanks so much for maintaining this tool.