Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Config-independent way of specifying alternative registry in Cargo.toml #14500

Closed
kornelski opened this issue Sep 5, 2024 · 2 comments
Closed

Config-independent way of specifying alternative registry in Cargo.toml #14500

kornelski opened this issue Sep 5, 2024 · 2 comments
Labels
A-configuration Area: cargo config files and env vars A-interacts-with-crates.io Area: interaction with registries A-manifest Area: Cargo.toml issues C-feature-request Category: proposal for a feature. Before PR, ping rust-lang/cargo if this is not `Feature accepted` Command-package Command-publish S-needs-team-input Status: Needs input from team on whether/how to proceed.

Comments

@kornelski
Copy link
Contributor

Problem

Cargo allows pulling dependencies from alternative registries by specifying registry = "name" in deps' details in Cargo.toml.

However, the registry name itself is not sufficient to identify the registry to use. It is an arbitrary nickname given in .cargo/config.toml (or even its substitute like an env var). The flexibility of this level of indirection is generally very useful during development, but it also means that the Cargo.toml information is not fully self-contained, and its real meaning depends on the environment.

This becomes more of an issue when publishing crates to a registry. The Publish API contains a JSON blob that translates the registry nicknames into proper absolute URL. But the JSON blob in the Publish API is separate from Cargo.toml, and to protect against mischievous clients, a registry server should be verifying data directly from Cargo.toml. Lack of registry URLs in the Cargo.toml is the only reason to keep the otherwise redundant JSON blob.

Proposed Solution

Cargo already rewrites Cargo.toml when publishing. If the manifest registry key was extended to allow full URLs, then Cargo could make the manifest unambiguous and self-contained during publishing.

The registry field in the JSON blob treats null value as "the registry I'm uploading to". This is very useful for the registries, since recognizing registry's own external name can be tricky (if the server is behind a proxy). This would need a special-case value in Cargo.toml too, different from absence of the registry key to avoid ambiguity with crates-io (maybe registry = "self").

Another option would be to add a mapping table to Cargo.toml, such as [registries] name = "url".

Notes

No response
@kornelski kornelski added C-feature-request Category: proposal for a feature. Before PR, ping rust-lang/cargo if this is not `Feature accepted` S-triage Status: This issue is waiting on initial triage. labels Sep 5, 2024
@kornelski kornelski mentioned this issue Sep 5, 2024
Open
@epage epage added Command-publish A-interacts-with-crates.io Area: interaction with registries Command-package A-manifest Area: Cargo.toml issues S-needs-team-input Status: Needs input from team on whether/how to proceed. A-configuration Area: cargo config files and env vars and removed S-triage Status: This issue is waiting on initial triage. labels Sep 5, 2024
@ehuss
Copy link
Contributor

ehuss commented Sep 5, 2024

Sorry, I'm not fully understanding this issue. When published, the URL is resolved as registry-index in Cargo.toml. Can you say more about why that is insufficient for generating the index entry?

@kornelski
Copy link
Contributor Author

My bad! I've overlooked the registry-index field.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-configuration Area: cargo config files and env vars A-interacts-with-crates.io Area: interaction with registries A-manifest Area: Cargo.toml issues C-feature-request Category: proposal for a feature. Before PR, ping rust-lang/cargo if this is not `Feature accepted` Command-package Command-publish S-needs-team-input Status: Needs input from team on whether/how to proceed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ehuss @epage @kornelski