-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cargo fix
may attempt to write to the registry cache
#9857
Comments
Just jot it down: Tested method one and found that cargo 1.52 and later all got this issues. |
IIUC it's hard to determine the package information since cargo-as-rustc does not know about workspace. Also, the emitted suggestions are from primary packages, so we cannot distinguish them by Is there anything I can help investigate from the cargo side? |
I'm not certain the best approach for this, but one idea is to pass in the workspace root directory to cargo-as-rustc as an environment variable (we use I don't recall if I think that should be fairly reliable? It is possible that people will do strange things like Another possibility is to check against |
I feel that going workspace-root way may lead to more problems in the future if we forget to take care of it. OTOH |
@rustbot claim |
Skip all `cargo fix` that tends to write to registry cache. Skip all `cargo fix` that tends to write to registry cache. This is a temporary hack for #9857. The real fix may need to touch rustc.
For anyone else curious #9938 was a quick hack that prevents One area of concern I thought of is vendored dependencies. Those should probably be untouched. |
Another issue that came up is that some suggestions are for the standard library if you have the rust-src component installed. Those should be protected as well. See rust-lang/rust#88514 (comment) |
Since cargo has no access to |
Preferably I would like to get this fixed in rustc instead. I think it should not be too hard. rustc knows if spans are for the local crate. I'm wondering if the part of the code that adds suggestions could just filter out anything that has a non-local span. I have not investigated that, though. |
Just opened #13792 as a temporary fix before rustc fix landed. |
Problem
If
rustc
provides a suggestion to modify code in a dependency,cargo fix
will happily oblige. However, cargo should never apply fixes to non-path dependencies. I might say it shouldn't apply fixes outside of the current package, but I'm not sure about that (or how to detect that reliably).For example, it may attempt to write to
~/.cargo/registry/src/github.com-1ecc6299db9ec823
which really should be read-only.rustc
normally tries to avoid diagnostics that point into dependencies, but sometimes there are bugs where it points to the wrong span, and ends up giving a suggestion into a dependency. See rust-lang/rust#88514 for more detail.Steps
It's hard to give a good example, since it either requires using a real crates.io package, or depending on diagnostics in rustc that are arguably not working correctly.
Method 1 — Use crates.io
With dependency
proconio = "=0.3.8"
This will suggest making a change to the remote package:
Method 2 — Sample macro
Put this macro in a dependency, and notice rustc will suggest modifying the macro.
The key part is that the identifier uses a
tt
instead of anident
.Method 3 — cargo_test
This is a cargo testsuite test. I don't think we can use it since it is dependent on rustc's diagnostic output, but maybe we can simulate it with a rustc wrapper?
Possible Solution(s)
Cargo should detect diagnostic paths outside of the package and skip them.
Notes
Output of
cargo version
:cargo 1.56.0-nightly (f559c109c 2021-08-26)
The text was updated successfully, but these errors were encountered: