Skip to content

Commit

Permalink
Rejects wildcard dependency constraints in cargo publish
Browse files Browse the repository at this point in the history
  • Loading branch information
joelgallant committed Oct 7, 2018
1 parent eac8f51 commit 37dded4
Show file tree
Hide file tree
Showing 2 changed files with 44 additions and 0 deletions.
10 changes: 10 additions & 0 deletions src/cargo/ops/registry.rs
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ use git2;
use registry::{NewCrate, NewCrateDependency, Registry};

use url::percent_encoding::{percent_encode, QUERY_ENCODE_SET};
use semver::VersionReq;

use core::dependency::Kind;
use core::manifest::ManifestMetadata;
Expand Down Expand Up @@ -136,6 +137,15 @@ fn verify_dependencies(pkg: &Package, registry_src: &SourceId) -> CargoResult<()
dep.source_id()
);
}
} else if *dep.version_req() == VersionReq::parse("*").unwrap() {
// crates.io rejects wildcard (`*`) dependency constraints (issue 5941)
// https://doc.rust-lang.org/cargo/faq.html#can-libraries-use--as-a-version-for-their-dependencies
bail!(
"the dependency `{}` used a wildcard (`*`) as a version, crates.io will not accept \
packages with wildcard dependency constraint\nfor more information, see the FAQ: \
https://doc.rust-lang.org/cargo/faq.html#can-libraries-use--as-a-version-for-their-dependencies",
dep.package_name()
)
}
}
Ok(())
Expand Down
34 changes: 34 additions & 0 deletions tests/testsuite/publish.rs
Original file line number Diff line number Diff line change
Expand Up @@ -617,6 +617,40 @@ See [..]
assert!(!publish::upload_path().join("api/v1/crates/new").exists());
}

#[test]
fn dry_run_crates_io() {
publish::setup();

let p = project()
.file(
"Cargo.toml",
r#"
[project]
name = "foo"
version = "0.0.1"
authors = []
license = "MIT"
description = "foo"
[dependencies]
foo = "*"
"#,
).file("src/main.rs", "fn main() {}")
.build();

p.cargo("publish --dry-run")
.with_status(101)
.with_stderr(
" \
Updating crates.io index
error: the dependency `foo` used a wildcard (`*`) as a version, crates.io will not accept packages with wildcard dependency constraint
for more information, see the FAQ: https://doc.rust-lang.org/cargo/faq.html#can-libraries-use--as-a-version-for-their-dependencies
",
).run();

// Ensure the API request wasn't actually made
assert!(!publish::upload_path().join("api/v1/crates/new").exists());
}

#[test]
fn block_publish_feature_not_enabled() {
publish::setup();
Expand Down

0 comments on commit 37dded4

Please sign in to comment.