Package lock files in published crates #5093
Conversation
Currently Cargo doesn't publish lock files in crates.io crates but we'll eventually be doing so, so this changes Cargo to recognize `Cargo.lock` when it's published to crates.io as use it as the basis for resolution during `cargo install`. cc rust-lang#2263
|
r? @matklad (rust_highfive has picked a reviewer for you, use r? to override) |
alexcrichton
force-pushed
the
include-cargo-lock
branch
from
9f6bd50
to
3e63f93
Compare
|
The changes look good to me, however I am not sure that literally pushing the lock file would do what we want here... Specifically, I believe this fails for workspaces, which have the lockfile only for the root, which may be virtual and not published at all. |
|
Hm do you think we should always copy in the workspace's lock file unconditionally? That should cover that issue I think? |
I am not sure... Will workspace lockfile work at all for a subpackage? Perhaps we should use the lockfle that we get when we build a package during a validation step of I am also a little bit unsure about the "unconditionally" fact: perhaps the user should be explicitly aware that the lockfile matters for |
|
Inclusion is currently based on gitignore so if you've got a library crate then I'm not really sure? If we don't know how to do this I'll just close it... |
Yeah, I am not really sure, for the following reasons:
On the other hand, this literally just removes ignoring "Cargo.lock", and can't possible do any harm, and will be compatible with any fancier solution we can invent. Yeah, I guess it's fine to r+ it as is (module a failing on windows), because it does solve the problem in 80% of the cases! Hm, wait... Is it correct that publishing a lockfile won't break a binary? What if a binary is a workspace root, and it has path dependencies? We rewrite Cargo.toml, but we don't rewrite Cargo.lock. Would installing a binary in this situation fail with some kind of lockfile mismatch, or will we just generate a new lockfile? If the letter, let's r+, if the former, let's think about how to solve the workspace problem in a more principle way :) |
alexcrichton
force-pushed
the
include-cargo-lock
branch
2 times, most recently
from
5840a76
to
6c7ddaf
Compare
Previously we had logic to explicitly skip lock files but there's actually a good case to read these from crates.io (rust-lang#2263) so let's do so! Closes rust-lang#2263
alexcrichton
force-pushed
the
include-cargo-lock
branch
from
6c7ddaf
to
a4a3302
Compare
|
Ok I've updated with a few heuristics:
That means that |
|
@bors r+ |
|
📌 Commit a4a3302 has been approved by |
|
☀️ Test successful - status-appveyor, status-travis |
|
How do I use this functionality? With the default settings, there is no What am I missing? |
|
@phil-opp heh I think you've discovered a bug! The tests here only test packaging, not actual publication, which is why that hasn't been exercised before. |
|
@alexcrichton Should I open an issue for this? What would be the best way to resolve this? |
|
@phil-opp yes, please do! |
Previously we had logic to explicitly skip lock files but there's actually a
good case to read these from crates.io (#2263) so let's do so!
Closes #2263