search

rust-lang / cargo

The Rust package manager
https://doc.rust-lang.org/cargo
Apache License 2.0
12.66k stars 2.41k forks source link

Adding a `registry` and `version` to a local dependency causes dependents over Git to attempt to pull the registry by name #12272

Open w4 opened 1 year ago

w4 commented 1 year ago

Problem

When moving crates to registries that were previously depended on via Git, adding a registry definition to a local dependency causes dependents to attempt to pull the registry, rather than ignoring it and using the local path.

Steps

  1. crate-a containing:

    $ cat Cargo.toml
[package]
name = "crate-a"
version = "0.1.0"
edition = "2021"

[dependencies]
some-crate = { path = "../some-crate", registry = "x", version = "0.1" }

  2. crate-b containing:

    $ cat Cargo.toml
[package]
name = "crate-b"
version = "0.1.0"
edition = "2021"

[dependencies]
crate-a = { git = "https://git.x.com/path/to/crate-a" }
  3. Attempting to compile crate-b attempts to pull the x registry rather than ignoring it since it is overridden by the relative path.

When combined with #12271, this prevents any sort of slow migration to registries -- requiring a big bang update to all crates which is untenable for any mid to large sized organisation.

Possible Solution(s)

When depending on a crate using { git = "https://git.x.com/path/to/repo" }, the local dependency should be preferred over the one in the registry.

Notes

No response

Version

No response

weihanglo commented 1 year ago

Wrong thread. Just deleted the comment. Sorry for the noise.

weihanglo commented 11 months ago

Copied from https://github.com/rust-lang/cargo/issues/12271#issuecomment-1759935393, since this is the right place for the comment.

Note that currently if you have both path and registry declared in your direct dependency and the registry config is missing, Cargo will error out and stop the build.

There are several scenario of them, and we may only need to change the behavior for git and path dependencies if we really want it.

weihanglo commented 11 months ago

The cargo team discussed the issue today. Please see https://github.com/rust-lang/cargo/issues/12271#issuecomment-1777640307.

I'd like to add one alternative: Cargo allow the [patch] configuration in .cargo/config.toml. That means people can have a ~/.cargo/config.toml at user-level. It should help the migration to some extent.

Close it now. If there is something not resovled, let us know.

weihanglo commented 11 months ago

From https://github.com/rust-lang/cargo/issues/12271#issuecomment-1777928960 by @w4

It's a bit risky if a dependency has control over the registry configuration

This is strange to me, dependencies do have control over the registry configuration and can depend on arbitrary registries - if, and only if, they're also depended on via a registry. If you depend on the same crate over Git the experience is completely broken. Can we at least add a environment flag to use sane behaviour (ignore a registry in Cargo.toml if it isn't going to be used anyway...) if we don't want to make it the default?

What will the error message say as a result of #6211? "Please locally define the registry that your dependency is using, but note that it isn't going to be used so this is superfluous, just deal with it"?

I've re-read the issue and the pull request. People was confused during the meeting, as the PR #12807 was for fixing #12272 but somehow I asked for opinions on #12271. And I misunderstood the conclusion. That was my fault. Sorry about that.

Just had a talk with people again. This issue is re-open now. I'll have some more comments later on the PR #12807 and thank you!

w4 commented 11 months ago

Sorry, that's my fault! Thanks :)

epage commented 11 months ago

Something I was thinking about since we discussed this in the team meeting is that we don't validate version when using the git or path dependency. From that perspective, it seems reasonable to not validate other aspects of the registry dependency.