Add missing truncate when writing .crate files#16688
Merged
weihanglo merged 4 commits intorust-lang:masterfrom Mar 6, 2026
Merged
Add missing truncate when writing .crate files#16688weihanglo merged 4 commits intorust-lang:masterfrom
weihanglo merged 4 commits intorust-lang:masterfrom
Conversation
rustbot
added
Command-package
S-waiting-on-review
Collaborator
|
r? @epage rustbot has assigned @epage. Use Why was this reviewer chosen?The reviewer was selected based on:
|
weihanglo
reviewed
Mar 1, 2026
Member
There was a problem hiding this comment.
Thanks for the fix. Would you mind adding a test for it?
For bugfixes, we usually follow a variant of atomic commit pattern:
- Commit a test that asserts the current buggy behavior (passes).
- In the next commit, fix the bug and update the test/snapshot.
Every commit passes, and the test/snapshot diff shows the behavior change.
Contributor
|
Should we consider backporting this to beta (now 1.95)? Looks like this was introduced in 1.93. |
Member
Agreed. Thanks for pointing this out. @rustbot label +beta-nominated |
Embers-of-the-Fire
force-pushed
the
fix-16683
branch
from
8181b1e to
ff45d84
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
0xPoe
previously requested changes
Mar 4, 2026
Member
There was a problem hiding this comment.
Thanks!
I believe the temp registry has the same issue. Could you please fix it as well?
This case cloud help us catch the bug:
#[cargo_test]
fn repackage_smaller_local_dep_tmp_registry_checksum_match() {
let reg = registry::init();
let big_file_contents = "x".repeat(100_000);
let p = project()
.file(
"Cargo.toml",
r#"
[workspace]
members = ["foo", "bar"]
resolver = "2"
"#,
)
.file(
"foo/Cargo.toml",
r#"
[package]
name = "foo"
version = "0.0.1"
edition = "2021"
[dependencies]
bar = { path = "../bar", version = "0.0.1" }
"#,
)
.file("foo/src/lib.rs", "pub fn foo() { bar::bar(); }")
.file(
"bar/Cargo.toml",
r#"
[package]
name = "bar"
version = "0.0.1"
edition = "2021"
include = ["src/**", "Cargo.toml", "big.txt"]
"#,
)
.file("bar/src/lib.rs", "pub fn bar() {}")
.file("bar/big.txt", &big_file_contents)
.build();
p.cargo("package --workspace --no-verify")
.replace_crates_io(reg.index_url())
.run();
fs::remove_file(p.root().join("bar/big.txt")).unwrap();
p.change_file(
"bar/Cargo.toml",
r#"
[package]
name = "bar"
version = "0.0.1"
edition = "2021"
include = ["src/**", "Cargo.toml"]
"#,
);
p.cargo("package --workspace --no-verify")
.replace_crates_io(reg.index_url())
.run();
let index_line = read_to_string(p.root().join("target/package/tmp-registry/index/3/b/bar"))
.unwrap()
.lines()
.last()
.unwrap()
.to_owned();
let expected_cksum = serde_json::from_str::<serde_json::Value>(&index_line)
.unwrap()
.get("cksum")
.and_then(|value| value.as_str())
.unwrap()
.to_owned();
let crate_contents = fs::read(p.root().join("target/package/tmp-registry/bar-0.0.1.crate"))
.unwrap();
let actual_cksum = registry::cksum(&crate_contents);
assert_eq!(
expected_cksum, actual_cksum,
"tmp-registry crate checksum should match index entry"
);
p.cargo("package --workspace")
.replace_crates_io(reg.index_url())
.run();
}I would suggest that when adding the test, the Conventional Commit Message should start with test: instead of add: .
rustbot
added
S-waiting-on-author
Collaborator
|
Reminder, once the PR becomes ready for a review, use |
Embers-of-the-Fire
force-pushed
the
fix-16683
branch
from
ff45d84 to
76d432f
Compare
Contributor
Author
|
Well, seems irrelavent with my code. @rustbot ready |
rustbot
added
S-waiting-on-review
weihanglo
approved these changes
Mar 6, 2026
weihanglo
dismissed
0xPoe’s stale review
PR author has made the test and change.
rustbot
removed
the
S-waiting-on-review
weihanglo
added a commit
to weihanglo/cargo
that referenced
this pull request
Mar 6, 2026
<!-- _Thanks for the pull request 🎉!_ _Please read the contribution guide: <https://doc.crates.io/contrib/>._ --> ### What does this PR try to resolve? Fixes rust-lang#16683 by adding manuall truncate. <!-- _Explain the motivation behind this change._ _A clear overview along with an in-depth explanation are helpful._ --> ### How to test and review this PR? See the original issue for mCVE. <!-- _Demonstrate how you test this change and guide reviewers through your PR._ _With a smooth review process, a pull request usually gets reviewed quicker._ -->
weihanglo
added a commit
to weihanglo/cargo
that referenced
this pull request
Mar 6, 2026
<!-- _Thanks for the pull request 🎉!_ _Please read the contribution guide: <https://doc.crates.io/contrib/>._ --> ### What does this PR try to resolve? Fixes rust-lang#16683 by adding manuall truncate. <!-- _Explain the motivation behind this change._ _A clear overview along with an in-depth explanation are helpful._ --> ### How to test and review this PR? See the original issue for mCVE. <!-- _Demonstrate how you test this change and guide reviewers through your PR._ _With a smooth review process, a pull request usually gets reviewed quicker._ -->
epage
added a commit
that referenced
this pull request
Mar 6, 2026
Beta backports - #16688 In order to make CI pass, the following PRs are also cherry-picked: -
rust-bors bot
pushed a commit
to rust-lang/rust
that referenced
this pull request
Mar 13, 2026
Update cargo submodule 21 commits in 90ed291a50efc459e0c380d7b455777ed41c6799..cbb9bb8bd0fb272b1be0d63a010701ecb3d1d6d3 2026-03-05 15:11:25 +0000 to 2026-03-13 14:34:16 +0000 - fix(git): preserve SCP-like submodule URLs for fetch (rust-lang/cargo#16744) - Fix 16732 (rust-lang/cargo#16746) - fix(rustdoc): switch to new `--emit` options (rust-lang/cargo#16739) - fix(git): convert SCP-like submodule URLs to ssh:// format (rust-lang/cargo#16727) - fix(core): typo (rust-lang/cargo#16738) - CARGO_TARGET_DIR doesn't have to be relative (rust-lang/cargo#16735) - chore(ci): Detect user changes to src/etc/man (rust-lang/cargo#16736) - util: Exclude from iCloud Drive sync on macOS (rust-lang/cargo#16728) - fix(compile): Stop on denying warnings without --keep-going (rust-lang/cargo#16725) - feat(shell): Support OSC 9;4 progress on ptyxis (rust-lang/cargo#16730) - Let git decide when to run gc (rust-lang/cargo#16459) - chore(deps): update cargo-semver-checks to v0.47.0 (rust-lang/cargo#16723) - fix(compile): Turn warning summaries into errors also (rust-lang/cargo#16721) - fix(fix): Switch from ad-hoc to structured warnings (rust-lang/cargo#16711) - fix: ignore implicit std dependencies in `unused-crate-dependencies` lint (rust-lang/cargo#16677) - chore(deps): update msrv (3 versions) to v1.92 (rust-lang/cargo#16716) - chore(deps): update msrv (1 version) to v1.94 (rust-lang/cargo#16710) - fix(script): surpress `unused_features` lint for embedded (rust-lang/cargo#16714) - Split `build-dir` lock into dedicated lock (rust-lang/cargo#16708) - Add missing truncate when writing .crate files (rust-lang/cargo#16688) - refactor(fix): Prep for annotate-snippets (rust-lang/cargo#16702)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR try to resolve?
Fixes #16683 by adding manuall truncate.
How to test and review this PR?
See the original issue for mCVE.