crates-io mirror support #515
Assignees
Labels
enhancement
New feature or request
Comments
|
I'm in need of this as well. |
Merged
Jake-Shadle
added a commit
that referenced
this issue
Jul 25, 2023
This is a massive refactor that should be split up into multiple PRs, but I am lazy, so that won't happen. ## `crates-index` -> `tame-index` The `crates-index` crate had a problematic API that lead to duplicating functionality present in the crate because it wasn't exposed publicly, and was actually causing massive slowdowns when running cargo-deny in eg. CI since `krates` was downloading the entire git index because of how the default functionality in `crates-index` worked, thus I made [`tame-index`](https://github.com/EmbarkStudios/tame-index) to better suit the needs of this crate, as well as [`cargo-fetcher`](https://github.com/EmbarkStudios/cargo-fetcher). Also, it is now unfortunately [unmaintained](frewsxcv/rust-crates-index#132). This also means that scenarios such as #515 are _much_ easier to both implement and support due to better testing since `tame-index` supports [local registry](https://doc.rust-lang.org/cargo/reference/source-replacement.html#local-registry-sources) source replacement. ## `git2` -> `gix` `tame-index` uses `gix` for its git implementation because git2/openssl/openssh are...let's just say I'm not a fan. This PR now replaces the usage of `git2`, for syncing advisory databases, with `gix` removing (and adding) a lot of dependencies. Resolves: #361 Resolves: #515 Resolves: #522 Resolves: #446 (I think this was already resolved in a previous version, but the issue was still open) Resolves: #435 (I have no idea if this is actually fixed, but I have no repro, and we aren't using git2 any longer, so maybe?) Resolves: #439 (I was never able to repro, but this is no longer applicable as we never fetch a specific branch for a git remote for either advisory databases nor git registry indices, but rather just use the remote `FETCH_HEAD`) Closes: #295 (This PR removes cargo support altogether, as it is currently tied to openssl/curl/etc and not currently worth pursuing)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We have a mirror for crates-io, which we have configured in our
.cargo/configlike this:The cargo.lock still references crates-io, for example:
I would expect that cargo deny could figure out that crates-io was replaced with a mirror and use the mirror registry instead. But on an air gapped network, it still tries to fetch the crates from crates-io.
It does this to resolve if a yanked version of a crate is used, all other functions seem to work as expected.
Would it be possible to add support mirrors as configured in the local .cargo/config files?
The text was updated successfully, but these errors were encountered: