Cargo: Using alternative registries names in text output
Now, that alternative registries have been stabilized, they are referenced by the index URL, which is definitely unique. However, it is not necessarily a human-friendly and may be quite long at times.
crates.io, on the other hand, is called just that - "crates.io".
Here is how it shows when running cargo update
$ cargo update
Updating crates.io index
Updating `https://gitlab.com/xxx/cargo/crates-index` index
The index URL is listed only in the .cargo/config and not in Cargo.toml, so it may be not readily recognizable by the user and/or linked to the alternative registry in use (especially if a number of different alt registries are in use simultaneously)
I suggest to use the name of the registry instead and fallback to the URL only when the name is None (it is defined as Option<String>)
imp
All 5 comments
Similarly, it'd be great if you could use the registry name in patch blocks:
[dependencies]
my-crate = { version = "0.1", registry = "my-index" }
# Currently required
[patch."https://gitlab.com/xxx/cargo/crates-index"]
my-crate = { git = "..." }
# Way less annoying
[patch.my-index]
my-crate = { git = "..." }
sfackler
on 22 Feb 2019
Similarly, it'd be great if you could use the registry name in patch blocks:
I think [patch] should work as of #6456? Although it looks like I forgot to document it. EDIT: The use of a name is briefly mentioned at https://github.com/rust-lang/cargo/blob/716b02cb4c7b75ce435eb06defa25bc2d725909c/src/doc/src/reference/manifest.md#the-patch-section.
ehuss
on 22 Feb 2019
Oh yay, I forgot about that :D
sfackler
on 22 Feb 2019
This would indeed be a nice change to have!
Not just because it looks nicer and cleaner in the log output but also because now when it logs out the full URL to the alternative registry it can "leak" out private details. For example we use a cloudsmith.io private registry and that has a secret token in the URL that without this Cargo logs out on every use which is unecessary and increases the chance of it being leaked out.
Example:
Downloaded embark-test v0.2.0 (registry `https://dl.cloudsmith.io/<SECRET_TOKEN>/org/test/cargo/index.git`)
Checking nalgebra-glm v0.4.0
Checking embark-test v0.2.0 (registry `https://dl.cloudsmith.io/<SECRET_TOKEN>/org/test/cargo/index.git`)
repi
on 17 Aug 2019
Did a quick investigation of this in the Cargo code, looks a bit tricky because the dependencies in the Cargo.toml have their registry key resolved and replaced with registry-index. So for example registry = embark becomes registry-index = https://dl.cloudsmith.io/<SECRET_TOKEN>/org/test/cargo/index.git.
So then when constructing a SourceId for the registry it no longer has the original name of the registry so it can display that instead in SourceId::display_registry_name and it displays the URL for the registry instead, which in this case contains a secret.
repi
on 8 Jul 2020
Related issues
tensorchen
路
3Comments
ckaran
路
3Comments
rask
路
3Comments
SimonSapin
路
3Comments
dotnetspec
路
3Comments
Most helpful comment
This would indeed be a nice change to have!
Not just because it looks nicer and cleaner in the log output but also because now when it logs out the full URL to the alternative registry it can "leak" out private details. For example we use a cloudsmith.io private registry and that has a secret token in the URL that without this Cargo logs out on every use which is unecessary and increases the chance of it being leaked out.
Example: