Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to generate Cargo.lock based on last month's crates.io?

Tags:

rust

rust-cargo

I want to create a Cargo.lock file in a Rust project from Cargo.toml based on what was available on 22 Feb 2017. I need to make version selection compatible to what would happen on that specific day. (No, don't have a version controlled Cargo.lock around somewhere.)

I tried this to no avail:

  1. Clone the crates.io index into a local directory and check out an older commit that matches the desired date.

  2. Use the following lines in .cargo/config:

    [source.mycrates]
registry = "file:///path/to/crates.io-index"  # contains old checkout

[source.crates-io]
replace-with = "mycrates"

Nevertheless, cargo resolves dependencies in Cargo.toml to the newest ones available, not to the newest ones in the specified checkout.

How could I warp Cargo's version selection back in time?

like image 682
Christian Kauhaus Avatar asked Mar 23 '17 14:03

Christian Kauhaus

People also ask

Should cargo lock be committed?

This property is most desirable from applications and packages which are at the very end of the dependency chain (binaries). As a result, it is recommended that all binaries check in their Cargo. lock .

What is Cargo watch?

Cargo Watch watches over your project's source for changes, and runs Cargo commands when they occur. If you've used nodemon, guard, or entr, it will probably feel familiar. In the public domain / licensed with CC0. Uses Caretaker Maintainership.

1 Answers

Since you say you've already tried cloning the index, I'll assume you still have it lying around. For the benefit of other readers, the repository appears to be maintained in Git and is available at https://github.com/rust-lang/crates.io-index.

You'll need to tell cargo to run with --frozen so that it doesn't touch the network, q.v. the Cargo FAQ, and it will blow up if it thinks it needs to. If it has already downloaded stuff, you'll need to cargo clean too, or otherwise nuke the cache.

If you don't already all of the packages you need in the checkout, you'll also need to download the specific versions you're interested in. Dissecting Crates.io: Bare Minimum Mirror has an explanation, which I'll summarize here in case the link blows up.

config.json in the root of the Crates repo has the URLs for downloading packages, which are officially considered unstable, but works right now.

The example from the libc crate used by the "gmjosack" shows a path of /api/v1/crates/libc/0.1.10/download to download it, based upon the dl key of https://crates.io/api/v1/crates in config.json and the version available at the time of the post.

You'll probably need to script the downloads in order to build up your mirror. See also: Downloading Rust crates using a web browser on stackoverflow.

like image 109
Ben Stern Avatar answered Sep 28 '22 00:09

Ben Stern
Sign in to Comment

Related questions

Is repeat(x).take(n) performant?
Does Rust have a way to convert several bytes to a number? [duplicate]
Warning function should have a snake case identifier on by default
How do I convert two u8 primitives into a u16 primitive?
Is there a program that would generate Rust structures from a XML schema file? [closed]
How to you get verbose output from ld when using Cargo?
Cannot get Diesel to infer a nullable Timestamp column in a SQLite table [duplicate]
Unable to use types between multiple Rust libraries via Python bindings created with PyO3
Is it possible to create a `HashMap` keyed by something of type `*const Any`?
How does one get the error message as provided by the system without the "os error n" suffix?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!