Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Have cargo vet prune remove old redundant policy fields #490

Open
repi opened this issue Jun 8, 2023 · 5 comments
Open

Have cargo vet prune remove old redundant policy fields #490

repi opened this issue Jun 8, 2023 · 5 comments

Comments

@repi
Copy link

repi commented Jun 8, 2023

If you have removed a dependency that you had a [policy.crate-name] for in your config.toml you get the following nice and clear warning:

ERROR   × There are some issues with your third-party policy entries

Error:   × some versioned policy entries don't correspond to crates being used
  │   crate-name
  help: Remove the `policy` entries

though instead of having to remove that manually in your config file, is this something cargo prune could do for you to streamline things?
@repi repi mentioned this issue Jun 8, 2023
Open
@bholley
Copy link
Collaborator

bholley commented Jun 8, 2023

I'm not sure how easy it would be to implement in practice, because this surfaces as an error, whereas cargo vet prune expects to be run in a passing state.

We could of course just make the tool automatically remove the irrelevant entries, but we went with an explicit error so that (1) it would be less mysterious why a policy entry was disappearing, and (2) users would be less likely to inadvertently drop an important policy when a crate was renamed or something.

@mystor
Copy link
Collaborator

mystor commented Jun 12, 2023

The audit-as checking is actually handled independently from the rest of the resolver, so I don't think it would technically interfere with cargo vet prune. We'd effectively need to make cargo vet prune start by running a pared-down version of cargo vet regenerate audit-as-crates-io which is only allowed to fix a subset of the issues before carrying on as-before (e.g. we wouldn't want it to add new audit-as entries like the regenerate command does IIRC).

On that note, if you weren't aware of that subcommand, I believe you should be able to run it rather than removing the entries manually as well.

@repi
Copy link
Author

repi commented Jun 14, 2023

does cargo vet regenerate audit-as-crates-io remove [policy] elements for unused crates, regardless if they contained the audit-as-crates-io field or not?

@bholley
Copy link
Collaborator

bholley commented Jun 23, 2023

I'm not sure. @mystor ?

@mystor
Copy link
Collaborator

mystor commented Jun 23, 2023

Apparently it does not, though there is a comment in the logic considering that behaviour dating back to #368 though.

cargo-vet/src/main.rs

Lines 1918 to 1919 in 3c3f1e0

// XXX: consider removing the policy completely if
// there's nothing left in it anymore?

At one point I think I had considered pruning completely empty [policy] entries as part of formatting or similar, though the requirements around versioned policy entries does make that a bit more complex nowadays.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bholley @mystor @repi