Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vendoring a git dependency with + in branch name is broken #14584

Closed
thecaralice opened this issue Sep 23, 2024 · 2 comments
Closed

Vendoring a git dependency with + in branch name is broken #14584

thecaralice opened this issue Sep 23, 2024 · 2 comments
Labels
A-git Area: anything dealing with git A-lockfile Area: Cargo.lock issues C-bug Category: bug S-needs-info Status: Needs more info, such as a reproduction or more background for a feature request.

Comments

@thecaralice
Copy link

Problem

In the example given below, this is what cargo check says:

error: failed to get `tokio-listener` as a dependency of package `givc v0.0.1 (/private/tmp/ghaf-givc)`

Caused by:
  failed to load source for dependency `tokio-listener`

Caused by:
  Unable to update https://github.com/avnik/tokio-listener?branch=avnik/vsock+tonic

Caused by:
  the source git+https://github.com/avnik/tokio-listener?branch=avnik/vsock+tonic requires a lock file to be present first before it can be
  used against vendored source code

  remove the source replacement configuration, generate a lock file, and then
  restore the source replacement configuration to continue the build

Expected behavior: no issue with vendoring this dependency.
This was also reported in ipetkov/crane#549 but seems to actually be a bug in cargo.

Steps

git clone https://github.com/avnik/ghaf-givc.git -b avnik/listeners+vsock+tonic
cd ghaf-givc
mkdir .cargo/
cargo vendor > .cargo/config.toml
cargo check # observe the error
rm -rf .cargo/
cargo update # observe the suspicious message
cargo update # -//-

Possible Solution(s)

Percent-encode URLs more strictly (see notes)

Notes

This is what cargo update says in the example given:

    Updating git repository `https://github.com/rust-vsock/tokio-vsock`
    Updating crates.io index
    Updating git repository `https://github.com/avnik/tokio-listener`
     Locking 1 package to latest compatible version
    Removing tokio-listener v0.4.3 (https://github.com/avnik/tokio-listener?branch=avnik/vsock tonic#eba7a9a0)
      Adding tokio-listener v0.4.3 (https://github.com/avnik/tokio-listener?branch=avnik/vsock+tonic#eba7a9a0)
note: pass `--verbose` to see 31 unchanged dependencies behind latest

Looks like cargo treats + in the URL as a space symbol encoded following RFC 1866, notices that the actual branch name has a plus and not a space, but does not encode the + symbol as recommended by RFC 3986.

Version

cargo 1.82.0-nightly (257b72b 2024-07-30)
release: 1.82.0-nightly
commit-hash: 257b72b
commit-date: 2024-07-30
host: aarch64-apple-darwin
libgit2: 1.8.1 (sys:0.19.0 vendored)
libcurl: 8.9.1 (sys:0.4.73+curl-8.8.0 system ssl:OpenSSL/3.0.14)
ssl: OpenSSL 3.3.1 4 Jun 2024
os: Mac OS 14.4.1 [64-bit]

@thecaralice thecaralice added C-bug Category: bug S-triage Status: This issue is waiting on initial triage. labels Sep 23, 2024
@weihanglo
Copy link
Member

Looks like the same bug in #11085, and is already fixed via #12280 and now is part of lockfile v4 #12852. Could you try changing version = 3 to version = 4 in Cargo.lock, and run cargo vendor` again and see if it works?

@weihanglo weihanglo added S-needs-info Status: Needs more info, such as a reproduction or more background for a feature request. A-lockfile Area: Cargo.lock issues A-git Area: anything dealing with git and removed S-triage Status: This issue is waiting on initial triage. labels Sep 23, 2024
@thecaralice
Copy link
Author

Yep, changing the version to 4 and running cargo update changed ?branch=avnik/vsock+tonic fragment in the lockfile to ?branch=avnik%2Fvsock%2Btonic and this fixes everything. Closing as already fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-git Area: anything dealing with git A-lockfile Area: Cargo.lock issues C-bug Category: bug S-needs-info Status: Needs more info, such as a reproduction or more background for a feature request.
Projects
None yet
Development

No branches or pull requests

2 participants