feat(git): SHA256 repository support#16939
Draft
weihanglo wants to merge 7 commits intorust-lang:masterfrom
Draft
feat(git): SHA256 repository support#16939weihanglo wants to merge 7 commits intorust-lang:masterfrom
weihanglo wants to merge 7 commits intorust-lang:masterfrom
Conversation
rustbot
added
A-documenting-cargo-itself
Member
Author
|
Created for showcasing it works btw. |
weihanglo
force-pushed
the
sha256-git2
branch
2 times, most recently
from
aa393ab to
541130b
Compare
Also Adapt `rev_to_oid()` to the new `Oid::from_str` signature
The flag is accepted but has no effect yet.
weihanglo
force-pushed
the
sha256-git2
branch
2 times, most recently
from
beb11a4 to
0cf0b48
Compare
This wires the unstable libgit2 SHA256 support into Cargo. SHA256 repositories usage are gated behind `-Zgit=sha256`. Before looking at a repo, Cargo now try to guess whether this git dep is SHA1 or SHA256 from these places (in this order): * locked rev in Cargo.lock * local db (with or without `-sha256` suffix) * Create a detached remote and probe its object format What works and doesn't: * Git CLI and libgit2 interop works * SHA1 and SHA256 git db coexist (via `-sha256` dir suffix) * `-Zgit=sha256` gates during early fetch paths, so even have local db cached you cannot use without Z flag * gitoxide hasn't yet supported Some known issues and regressions: * Probing adds a silent extra round-trip on every first fetch, even for SHA1 repos. An alternative is to assume SHA1 and retry on mismatch, though it has cost of a wasted fetch attempt for SHA256 repos.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR try to resolve?
This wires the unstable libgit2 SHA256 support into Cargo.
SHA256 repositories usage are gated behind
-Zgit=sha256.Before looking at a repo,
Cargo now try to guess whether this git dep is SHA1 or SHA256
from these places (in this order):
-sha256suffix)What works and doesn't:
-sha256dir suffix)-Zgit=sha256gates during early fetch paths,so even have local db cached you cannot use without Z flag
Some known issues and regressions:
even for SHA1 repos.
An alternative is to assume SHA1 and retry on mismatch,
though it has cost of a wasted fetch attempt for SHA256 repos.
How to test and review this PR?
Fixes #14942
This is currently blocked on libgit2 and git2-rs to cut a new release that contain all fixes we want listed in #14942.
I haven't tried it end-to-end though
The current model also means that Cargo will always vendor libgit2, which I guess will cause some headache on downstream packagers (Fedora, Debian, NixOS, etc.)