-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Some recently built crates fail to unpack #2326
Comments
Running
It appears that there's a timestamp inserted in the path which isn't being added everywhere. |
I discovered this while trying glium. Setting the glutin version to 0.4.5 in Cargo.lock seems to work as a workaround. |
Latest nightly does not show this error, but current beta does. |
I'm seeing this behavior with the 0.7.0 release of cargo when fetching glutin 0.4.6. |
I'm working on a fix, thanks for the report! cc @SimonSapin, this is a bug where a newer Cargo published an archive that is triggering a bug in older Cargos. You may want to republish selectors with an older Cargo to ensure the tarball is compatible with older Cargos. |
The tar::Builder type by default will build GNU archives, but unfortunately we force it here to use UStar archives instead. The UStar format has more limitations on the length of path name that it can encode, so it's not quite as nice to use. Older cargos, however, had a bug where GNU archives were interpreted as UStar archives. This bug means that if we publish a GNU archive which has fully filled out metadata it'll be corrupt when unpacked by older cargos. Hopefully in the future after enough cargos have been running around with the bugfixed tar-rs library we'll be able to switch this over to GNU archives, but for now we'll just say that you can't encode paths in archives that are *too* long. Closes rust-lang#2326
The tar::Builder type by default will build GNU archives, but unfortunately we force it here to use UStar archives instead. The UStar format has more limitations on the length of path name that it can encode, so it's not quite as nice to use. Older cargos, however, had a bug where GNU archives were interpreted as UStar archives. This bug means that if we publish a GNU archive which has fully filled out metadata it'll be corrupt when unpacked by older cargos. Hopefully in the future after enough cargos have been running around with the bugfixed tar-rs library we'll be able to switch this over to GNU archives, but for now we'll just say that you can't encode paths in archives that are *too* long. Closes #2326
Ok, I've posted #2327 which should fix this error in the future. If this crops up, the fix is unfortunately just that the original crate author needs to be contacted to republish with a version of Cargo with the fix or an older Cargo. Sorry for the inconvenience! |
That’s… ugh. This is gonna be annoying, the "bad" tarballs are immutable on crates.io, so maintainers need to pick new version numbers.
|
Yes unfortunately maintainers will need to:
This bug was merged on 44c0d7b which was commited on 1/25 but didn't make it out until the 1/27 nightly. It looks like the fix didn't make it outlast night, sot he affected Cargo versions are the 1/27 nightly to what I presume is today's, 1/29 nightly. Any version of Cargo prior to 1/27 will fail to install tarballs published by the affected Cargo versions. There's not really anyway to tell crates.io whether a package is bad, all the tarballs being upload are indeed valid tarballs. Older cargos just interpreted a valid GNU archive in a buggy manner. |
There should be a test which tries to unpack a package with an older Cargo version. |
Appparently this crate was affected by rust-lang/cargo#2326
Appparently this crate was affected by rust-lang/cargo#2326
Is there any issue tracking remediation here? I agree with @nox that there should be a check, ideally on the server side at upload time. |
I meant that Cargo itself should include tests that unpack newly-created packages with older versions of Cargo, not a safety check at upload-time of third-party crates. |
Ah, that makes sense. I think that there should be a check at upload time given the append only nature of crates.io. I guess this should be an issue against that project instead. |
This downloads 389 crates uploaded between January 25 and Feb 4 16:04:06 2016 +0000 (according to git commit dates in the index) git -C ~/.multirust/toolchains/nightly/cargo/registry/index/github.com-* log --format='%ai %s'|
grep -E '^2016-0(2|1-2[5-9])'|
grep Updating|
cut -d'`' -f2|
tr '#' ' '|
awk '{print "https://crates-io.s3-us-west-1.amazonaws.com/crates/" $1 "/" $1 "-" $2 ".crate"}'|
xargs wget This shows the 27 of them whose tarball is in GNU format: for i in *.crate; (gzcat $i|file -|grep -q GNU) && echo $i
This shows other versions of the same crate for each of them: for i in *.crate; (gzcat $i|file -|grep -q GNU) &&
(echo; echo '## ' $i; ls $(echo $i|rev|cut -d- -f2-|rev)-*|grep -v $i) And with some manual filtering, these are the crates that likely need to be fixed (the crates in GNU format who do not have a later semver-compatible version in non-GNU format)
|
rust-lang/cargo#2326 Signed-off-by: David Henningsson <diwic@ubuntu.com>
rust-lang/cargo#2326 Signed-off-by: David Henningsson <diwic@ubuntu.com>
This is just to republish because of rust-lang/cargo#2326
Error observed so far with
selectors = "0.4.0"
andglutin = "0.4.6"
dependencies.Output of
cargo build --verbose
:The text was updated successfully, but these errors were encountered: