Description
Problem
The output of cargo vendor is not determinist for git dependencies. Depending on the machine where the command is executed, the Cargo.toml of the vendored dependencies can be different. All tests were done on various versions of Ubuntu but with the same version of cargo. The difference is only about order of arrays of tables in the Cargo.toml.
I made a minimal reproduction example in this repo for which I ran the vendor command on my computer. You can see in this CI run that running cargo vendor results in a diff with master. Also, the diff is not the same between the 3 jobs, so it doesn't seems like a mistake on my part.
Steps
No response
Possible Solution(s)
I'm not very familiar with the cargo codebase, but after digging a bit, it seems to only happen with git dependencies because they are treated differently. Those dependencies are not published on crates.io so their Cargo.toml is not normalised. Due to this, the Cargo.toml is normalised before the copy to the vendor directory. This normalisation yields different results depending on the machine.
Notes
No response
Version
cargo 1.80.0-nightly (431db31d0 2024-05-28)
release: 1.80.0-nightly
commit-hash: 431db31d0dbeda320caf8ef8535ea48eb3093407
commit-date: 2024-05-28
host: x86_64-unknown-linux-gnu
libgit2: 1.7.2 (sys:0.18.3 vendored)
libcurl: 8.6.0-DEV (sys:0.4.72+curl-8.6.0 vendored ssl:OpenSSL/1.1.1w)
ssl: OpenSSL 1.1.1w 11 Sep 2023
os: Ubuntu 22.4.0 (jammy) [64-bit]