Auto merge of rust-lang#1589 - jtgeibel:deny-alt-registry-deps, r=jtgeibel

bors · bors · commit 437657d69d17 · 2019-01-21T04:42:04.000Z
Reject publishing of crates that depend on an alternative registry See also rust-lang#1579 and rust-lang/crates-io-cargo-teams#21.
diff --git a/src/models/dependency.rs b/src/models/dependency.rs
@@ -80,6 +80,12 @@ pub fn add_dependencies(
     let git_and_new_dependencies = deps
         .iter()
         .map(|dep| {
+            if let Some(registry) = &dep.registry {
+                if !registry.is_empty() {
+                    return Err(human(&format_args!("Dependency `{}` is hosted on another registry. Cross-registry dependencies are not permitted on crates.io.", &*dep.name)));
+                }
+            }
+
             // Match only identical names to ensure the index always references the original crate name
             let krate = Crate::by_exact_name(&dep.name)
                 .first::<Crate>(&*conn)
diff --git a/src/tests/builders.rs b/src/tests/builders.rs
@@ -522,6 +522,7 @@ impl PublishBuilder {
 /// A builder for constructing a dependency of another crate.
 pub struct DependencyBuilder {
     name: String,
+    registry: Option<String>,
     explicit_name_in_toml: Option<u::EncodableCrateName>,
     version_req: u::EncodableCrateVersionReq,
 }
@@ -531,6 +532,7 @@ impl DependencyBuilder {
     pub fn new(name: &str) -> Self {
         DependencyBuilder {
             name: name.to_string(),
+            registry: None,
             explicit_name_in_toml: None,
             version_req: u::EncodableCrateVersionReq(semver::VersionReq::parse(">= 0").unwrap()),
         }
@@ -542,6 +544,12 @@ impl DependencyBuilder {
         self
     }
 
+    /// Set an alternative registry for this dependency.
+    pub fn registry(mut self, registry: &str) -> Self {
+        self.registry = Some(registry.to_string());
+        self
+    }
+
     /// Set the version requirement for this dependency.
     ///
     /// # Panics
@@ -567,6 +575,7 @@ impl DependencyBuilder {
             target: None,
             kind: None,
             explicit_name_in_toml: self.explicit_name_in_toml,
+            registry: self.registry,
         }
     }
 }
diff --git a/src/tests/http-data/krate_new_crate_allow_empty_alternative_registry_dependency b/src/tests/http-data/krate_new_crate_allow_empty_alternative_registry_dependency
@@ -0,0 +1,36 @@
+[
+  {
+    "request": {
+      "uri": "http://alexcrichton-test.s3.amazonaws.com/crates/foo/foo-1.0.0.crate",
+      "method": "PUT",
+      "headers": [
+        [
+          "accept",
+          "*/*"
+        ],
+        [
+          "content-length",
+          "35"
+        ],
+        [
+          "host",
+          "alexcrichton-test.s3.amazonaws.com"
+        ],
+        [
+          "accept-encoding",
+          "gzip"
+        ],
+        [
+          "content-type",
+          "application/x-tar"
+        ]
+      ],
+      "body": "H4sIAAAAAAAA/+3AAQEAAACCIP+vbkhQwKsBLq+17wAEAAA="
+    },
+    "response": {
+      "status": 200,
+      "headers": [],
+      "body": ""
+    }
+  }
+]
diff --git a/src/tests/krate.rs b/src/tests/krate.rs
@@ -690,6 +690,37 @@ fn reject_new_krate_with_non_exact_dependency() {
     token.publish(crate_to_publish).bad_with_status(200);
 }
 
+#[test]
+fn new_crate_allow_empty_alternative_registry_dependency() {
+    let (app, _, user, token) = TestApp::with_proxy().with_token();
+
+    app.db(|conn| {
+        CrateBuilder::new("foo-dep", user.as_model().id).expect_build(conn);
+    });
+
+    let dependency = DependencyBuilder::new("foo-dep").registry("");
+    let crate_to_publish = PublishBuilder::new("foo").dependency(dependency);
+    token.publish(crate_to_publish).good();
+}
+
+#[test]
+fn reject_new_crate_with_alternative_registry_dependency() {
+    let (_, _, _, token) = TestApp::init().with_token();
+
+    let dependency =
+        DependencyBuilder::new("dep").registry("https://server.example/path/to/registry");
+
+    let crate_to_publish = PublishBuilder::new("depends-on-alt-registry").dependency(dependency);
+    let json = token.publish(crate_to_publish).bad_with_status(200);
+    assert!(
+        json.errors[0]
+            .detail
+            .contains("Cross-registry dependencies are not permitted on crates.io."),
+        "{:?}",
+        json.errors
+    );
+}
+
 #[test]
 fn new_krate_with_wildcard_dependency() {
     let (app, _, user, token) = TestApp::init().with_token();
diff --git a/src/views/krate_publish.rs b/src/views/krate_publish.rs
@@ -63,6 +63,7 @@ pub struct EncodableCrateDependency {
     pub target: Option<String>,
     pub kind: Option<DependencyKind>,
     pub explicit_name_in_toml: Option<EncodableCrateName>,
+    pub registry: Option<String>,
 }
 
 impl<'de> Deserialize<'de> for EncodableCrateName {

Original file line number	Diff line number	Diff line change
`@@ -522,6 +522,7 @@ impl PublishBuilder {`
`522`	`522`	`/// A builder for constructing a dependency of another crate.`
`523`	`523`	`pub struct DependencyBuilder {`
`524`	`524`	`name: String,`
	`525`	`+ registry: Option<String>,`
`525`	`526`	`explicit_name_in_toml: Option<u::EncodableCrateName>,`
`526`	`527`	`version_req: u::EncodableCrateVersionReq,`
`527`	`528`	`}`
`@@ -531,6 +532,7 @@ impl DependencyBuilder {`
`531`	`532`	`pub fn new(name: &str) -> Self {`
`532`	`533`	`DependencyBuilder {`
`533`	`534`	`name: name.to_string(),`
	`535`	`+ registry: None,`
`534`	`536`	`explicit_name_in_toml: None,`
`535`	`537`	`version_req: u::EncodableCrateVersionReq(semver::VersionReq::parse(">= 0").unwrap()),`
`536`	`538`	`}`
`@@ -542,6 +544,12 @@ impl DependencyBuilder {`
`542`	`544`	`self`
`543`	`545`	`}`
`544`	`546`
	`547`	`+ /// Set an alternative registry for this dependency.`
	`548`	`+ pub fn registry(mut self, registry: &str) -> Self {`
	`549`	`+ self.registry = Some(registry.to_string());`
	`550`	`+ self`
	`551`	`+ }`
	`552`	`+`
`545`	`553`	`/// Set the version requirement for this dependency.`
`546`	`554`	`///`
`547`	`555`	`/// # Panics`
`@@ -567,6 +575,7 @@ impl DependencyBuilder {`
`567`	`575`	`target: None,`
`568`	`576`	`kind: None,`
`569`	`577`	`explicit_name_in_toml: self.explicit_name_in_toml,`
	`578`	`+ registry: self.registry,`
`570`	`579`	`}`
`571`	`580`	`}`
`572`	`581`	`}`
Original file line number	Diff line number	Diff line change
`@@ -63,6 +63,7 @@ pub struct EncodableCrateDependency {`
`63`	`63`	`pub target: Option<String>,`
`64`	`64`	`pub kind: Option<DependencyKind>,`
`65`	`65`	`pub explicit_name_in_toml: Option<EncodableCrateName>,`
	`66`	`+ pub registry: Option<String>,`
`66`	`67`	`}`
`67`	`68`
`68`	`69`	`impl<'de> Deserialize<'de> for EncodableCrateName {`