Open
Description
Problem
It seems mirror-registry source URL is not preserved for subdependencies when using replace-with with a local sources.
Steps
Part 1. Prepare project with alternative registry
- Create hello world project:
cargo new --bin my-app && cd ./my-app- Define alternative registry:
mkdir .cargo
cat << EOF > ./.cargo/config.toml
[registries.devpeek]
index = "sparse+http://crates.devpeek.io/api/v1/cratesio/"
EOF- Include some basic dependency from mirror registry:
cargo add --registry devpeek [email protected]- Make sure that app can be compiled without issues:
cargo build --lockedAt this point Cargo.lock will be like this:
# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
version = 4
[[package]]
name = "my-app"
version = "0.1.0"
dependencies = [
"proc-macro2",
]
[[package]]
name = "proc-macro2"
version = "1.0.94"
source = "sparse+http://crates.devpeek.io/api/v1/cratesio/"
checksum = "a31971752e70b8b2686d7e46ec17fb38dad4051d94024c88df49b667caea9c84"
dependencies = [
"unicode-ident",
]
[[package]]
name = "unicode-ident"
version = "1.0.18"
source = "sparse+http://crates.devpeek.io/api/v1/cratesio/"
checksum = "5a5f39404a5da50712a4c1eecf25e90dd62b613502b7e925fd4e4d19b5c96512"
ℹ Notice that sparse+http://crates.devpeek.io/api/v1/cratesio/ was used as source for both proc-macro2 and its subdependency unicode-ident. So far so good.
Part 2. Use local directory as a replacement for registry
- Get local copy of packages, the easiest way is running
cargo vendor --frozen:
Vendoring proc-macro2 v1.0.94 (registry `devpeek`) (/home/andrew/.cargo/registry/src/crates.devpeek.io-6824091174475719/proc-macro2-1.0.94) to vendor/proc-macro2
Vendoring unicode-ident v1.0.18 (registry `devpeek`) (/home/andrew/.cargo/registry/src/crates.devpeek.io-6824091174475719/unicode-ident-1.0.18) to vendor/unicode-ident
To use vendored sources, add this to your .cargo/config.toml for this project:
[source."sparse+http://crates.devpeek.io/api/v1/cratesio/"]
registry = "sparse+http://crates.devpeek.io/api/v1/cratesio/"
replace-with = "vendored-sources"
[source.vendored-sources]
directory = "vendor"
- Use local directory as a replacement:
cat << EOF >> ./.cargo/config.toml
[source."sparse+http://crates.devpeek.io/api/v1/cratesio/"]
registry = "sparse+http://crates.devpeek.io/api/v1/cratesio/"
replace-with = "vendored-sources"
[source.vendored-sources]
directory = "vendor"
EOF❗ At this point you are not longer able to cargo build --locked, as it fails with:
error: the lock file /tmp/my-app/Cargo.lock needs to be updated but --locked was passed to prevent this
If you want to try to generate the lock file without accessing the network, remove the --locked flag and use --offline instead.
By running cargo build we can see that Cargo.lock was modified - subdependency source is incorrectly referring to crates.io:
diff --git a/Cargo.lock b/Cargo.lock
index 6d5f89f..4f02712 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -21,5 +21,5 @@ dependencies = [
[[package]]
name = "unicode-ident"
version = "1.0.18"
-source = "sparse+http://crates.devpeek.io/api/v1/cratesio/"
+source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5a5f39404a5da50712a4c1eecf25e90dd62b613502b7e925fd4e4d19b5c96512"Notice that first level dependency proc-macro2 was not touched.
Possible Solution(s)
No response
Notes
No response
Version
cargo 1.84.1 (66221abde 2024-11-19)
release: 1.84.1
commit-hash: 66221abdeca2002d318fde6efff516aab091df0e
commit-date: 2024-11-19
host: x86_64-unknown-linux-gnu
libgit2: 1.8.1 (sys:0.19.0 vendored)
libcurl: 8.9.0-DEV (sys:0.4.74+curl-8.9.0 vendored ssl:OpenSSL/1.1.1w)
ssl: OpenSSL 1.1.1w 11 Sep 2023
os: NixOS 25.5.0 [64-bit]