cargo package --list includes Cargo.toml.orig since #7905, which isn't an existing file

[konstin]

maturin uses cargo package --list to create source distributions for python packages with rust backend that can e.g. be uploaded to pypi. #7905 includes Cargo.toml.orig in the output cargo package --list, even though that file doesn't exist on the local file system, thereby breaking maturin (PyO3/maturin#271).

Possible Solution(s)

Don't include cargo package --list in the output of cargo package --list. (At least not by default, this could e.g. be hidden behind a flag)

Notes

Output of cargo version: cargo 1.43.0-nightly (e57bd02 2020-02-21)

CC @ehuss

[est31]

The documentation for cargo package --list is "Print files included in a package without making one". Cargo.toml.orig is definitely included in any package made by cargo package, even though it's not present in the source checkout but created during packaging. Same goes for .cargo_vcs_info.json. The proper way to get the artifacts for packaging is to run cargo package and then inspect the contents of target/package, ideally the .crate package is located there.

[ehuss]

Cargo has been including generated files for some time (.cargo_vcs_info.json and Cargo.lock), so I think it is best just to filter those out when consuming the output.

[konstin]

So if cargo package is supposed to list generated files, is there a way to either get only files that exist or to get generated files such as .cargo_vcs_info.json and Cargo.lock without unpacking an archive that cargo just packed?

[est31]

@konstin the .crate file is not created out of thin air but from a directory on the hard disk directly next to the .crate file. So no need for extracting anything.

[konstin]

Sorry, but I can't find that folder next to the .crate file:

$ cargo new --lib foo
     Created library `foo` package
$ cd foo
$ cargo package --no-verify --allow-dirty
warning: manifest has no description, license, license-file, documentation, homepage or repository.
See https://doc.rust-lang.org/cargo/reference/manifest.html#package-metadata for more info.
   Packaging foo v0.1.0 (/home/konsti/foo)
$ ls target/
package
$ ls target/package/
foo-0.1.0.crate

[est31]

You need to remove the --no-verify flag. It seems cargo creates the .crate file from memory after all and only extracts it retroactively so that it can run rustc on it. Anyways, it is pretty easy to extract stuff using the great flate2 and tar crates. You don't even have to put stuff onto the disk :).

[ehuss]

I think for now it will be best to just check if the file exists, and skip it if it does not. Considering this has been the behavior for long time, I'm going to close. I recognize that it is frustrating when things break, but hopefully this isn't too difficult to work around.