Skip to content

Cargo allows using a pinned git hash that doesn't match the specified branch #10282

New issue
New issue
Open
Open
Cargo allows using a pinned git hash that doesn't match the specified branch#10282
Labels
A-gitArea: anything dealing with gitC-bugCategory: bugS-triageStatus: This issue is waiting on initial triage.
@jyn514

Description

@jyn514
jyn514
opened on Jan 11, 2022

Problem

If Cargo.toml has a { git = "...", branch = "master" } hash and Cargo.lock points to a specific commit, Cargo should enforce that the commit is somewhere in the history of master. Instead it will silently use the commit.

Steps

  1. cargo init
  2. echo 'mime = { git = "https://github.com/hyperium/mime", branch = "0.3.x" }' > Cargo.toml
  3. cargo update -p mime --precise 938484de95445a2af931515d2b7252612c575da7
  4. cargo check

Note that hyperium/mime@938484d is only on the master branch.

Possible Solution(s)

Give an error if git merge-base --is-ancestor 938484de95445a2af931515d2b7252612c575da7 origin/0.3.x has a non-zero exit code.

Notes

No response

Version

cargo 1.59.0-nightly (fcef61230 2021-12-17)
release: 1.59.0-nightly
commit-hash: fcef61230c3b6213b6b0d233a36ba4ebd1649ec3
commit-date: 2021-12-17
host: x86_64-unknown-linux-gnu
libgit2: 1.3.0 (sys:0.13.23 vendored)
libcurl: 7.80.0-DEV (sys:0.4.51+curl-7.80.0 vendored ssl:OpenSSL/1.1.1l)
os: Pop!_OS 20.04 (focal) [64-bit]

Metadata

Assignees

No one assigned

    Labels

    A-gitArea: anything dealing with gitC-bugCategory: bugS-triageStatus: This issue is waiting on initial triage.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions