From 7965a5e0c31050b7016556712e4a2bd687f1ac80 Mon Sep 17 00:00:00 2001 From: Jake Shadle Date: Fri, 29 Sep 2023 15:37:58 +0200 Subject: [PATCH] Update tame-index/gix (#566) This updates tame-index, which includes https://github.com/EmbarkStudios/tame-index/pull/33, which allows cargo-deny to use OS file locking for safer interactions with cargo, as well as improved safety and robustness for read/fetching advisory databases. This doesn't add new tests as I'm _pretty_ confident the OS file locking code works correctly, which means #537 is basically covered since it's more robust now. Resolves: #537 --- .gitignore | 1 + Cargo.lock | 186 ++++++++++++++++++-------------- Cargo.toml | 8 +- deny.toml | 2 + src/advisories/helpers/db.rs | 23 ++-- src/advisories/helpers/index.rs | 26 ++++- src/lib.rs | 9 +- tests/advisories.rs | 4 +- 8 files changed, 155 insertions(+), 104 deletions(-) diff --git a/.gitignore b/.gitignore index 70a1a6f4b..42d1adb3d 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ /tests/test_data/**/target scripts/check *.snap.new +/tests/advisory-db/db.lock diff --git a/Cargo.lock b/Cargo.lock index 9c0cc98a3..46b879d10 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -216,6 +216,12 @@ version = "1.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a2bd12c1caf447e69cd4528f47f94d203fd2582878ecb9e9465484c4148a8223" +[[package]] +name = "byteyarn" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7534301c0ea17abb4db06d75efc7b4b0fa360fce8e175a4330d721c71c942ff" + [[package]] name = "camino" version = "1.1.6" @@ -261,7 +267,7 @@ dependencies = [ "tame-index", "tempfile", "time", - "toml", + "toml 0.8.1", "twox-hash", "url", "walkdir", @@ -275,7 +281,7 @@ checksum = "e11c675378efb449ed3ce8de78d75d0d80542fc98487c26aba28eb3b82feac72" dependencies = [ "semver", "serde", - "toml", + "toml 0.7.8", "url", ] @@ -764,9 +770,9 @@ checksum = "6fb8d784f27acf97159b40fc4db5ecd8aa23b9ad5ef69cdd136d3bc80665f0c0" [[package]] name = "gix" -version = "0.53.1" +version = "0.54.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "06a8c9f9452078f474fecd2880de84819b8c77224ab62273275b646bf785f906" +checksum = "ad6d32e74454459690d57d18ea4ebec1629936e6b130b51d12cb4a81630ac953" dependencies = [ "gix-actor", "gix-attributes", @@ -820,9 +826,9 @@ dependencies = [ [[package]] name = "gix-actor" -version = "0.26.0" +version = "0.27.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8e8c6778cc03bca978b2575a03e04e5ba6f430a9dd9b0f1259f0a8a9a5e5cc66" +checksum = "08c60e982c5290897122d4e2622447f014a2dadd5a18cb73d50bb91b31645e27" dependencies = [ "bstr", "btoi", @@ -834,16 +840,16 @@ dependencies = [ [[package]] name = "gix-attributes" -version = "0.18.0" +version = "0.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d3548b76829d33a7160a4685134df16de0cc3b77418302e8a9969f0b662e698f" +checksum = "2451665e70709ba4753b623ef97511ee98c4a73816b2c5b5df25678d607ed820" dependencies = [ "bstr", + "byteyarn", "gix-glob", "gix-path", "gix-quote", "gix-trace", - "kstring", "smallvec", "thiserror", "unicode-bom", @@ -878,9 +884,9 @@ dependencies = [ [[package]] name = "gix-commitgraph" -version = "0.20.0" +version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4676ede3a7d37e7028e2889830349a6aca22efc1d2f2dd9fa3351c1a8ddb0c6a" +checksum = "e75a975ee22cf0a002bfe9b5d5cb3d2a88e263a8a178cd7509133cff10f4df8a" dependencies = [ "bstr", "gix-chunk", @@ -892,9 +898,9 @@ dependencies = [ [[package]] name = "gix-config" -version = "0.29.0" +version = "0.30.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1108c4ac88248dd25cc8ab0d0dae796e619fb72d92f88e30e00b29d61bb93cc4" +checksum = "c171514b40487d3f677ae37efc0f45ac980e3169f23c27eb30a70b47fdf88ab5" dependencies = [ "bstr", "gix-config-value", @@ -926,9 +932,9 @@ dependencies = [ [[package]] name = "gix-credentials" -version = "0.19.0" +version = "0.20.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "363e16428096b7311c380afe972831ea8b58fc1a1d1621dbdd865caf34921a54" +checksum = "46900b884cc5af6a6c141ee741607c0c651a4e1d33614b8d888a1ba81cc0bc8a" dependencies = [ "bstr", "gix-command", @@ -954,9 +960,9 @@ dependencies = [ [[package]] name = "gix-diff" -version = "0.35.0" +version = "0.36.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b45e342d148373bd9070d557e6fb1280aeae29a3e05e32506682d027278501eb" +checksum = "788ddb152c388206e81f36bcbb574e7ed7827c27d8fa62227b34edc333d8928c" dependencies = [ "gix-hash", "gix-object", @@ -965,9 +971,9 @@ dependencies = [ [[package]] name = "gix-discover" -version = "0.24.0" +version = "0.25.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da4cacda5ee9dd1b38b0e2506834e40e66c08cf050ef55c344334c76745f277b" +checksum = "69507643d75a0ea9a402fcf73ced517d2b95cc95385904ac09d03e0b952fde33" dependencies = [ "bstr", "dunce", @@ -980,9 +986,9 @@ dependencies = [ [[package]] name = "gix-features" -version = "0.34.0" +version = "0.35.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f414c99e1a7abc69b21f3225a6539d203b0513f1d1d448607c4ea81cdcf9ee59" +checksum = "9b9ff423ae4983f762659040d13dd7a5defbd54b6a04ac3cc7347741cec828cd" dependencies = [ "bytes", "crc32fast", @@ -999,9 +1005,9 @@ dependencies = [ [[package]] name = "gix-filter" -version = "0.4.0" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "afbdb2ffae9e595d70f8c7b40953a82706d536bb8107874c258fe6368389832b" +checksum = "1be40d28cd41445bb6cd52c4d847d915900e5466f7433eaee6a9e0a3d1d88b08" dependencies = [ "bstr", "encoding_rs", @@ -1019,18 +1025,18 @@ dependencies = [ [[package]] name = "gix-fs" -version = "0.6.0" +version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "404795da3d4c660c9ab6c3b2ad76d459636d1e1e4b37b0c7ff68eee898c298d4" +checksum = "09815faba62fe9b32d918b75a554686c98e43f7d48c43a80df58eb718e5c6635" dependencies = [ "gix-features", ] [[package]] name = "gix-glob" -version = "0.12.0" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e3ac79c444193b0660fe0c0925d338bd338bd643e32138784dccfb12c628b892" +checksum = "a9d76e85f11251dcf751d2c5e918a14f562db5be6f727fd24775245653e9b19d" dependencies = [ "bitflags 2.4.0", "bstr", @@ -1061,9 +1067,9 @@ dependencies = [ [[package]] name = "gix-ignore" -version = "0.7.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "04ff3ec0fd9fb5bb0ae36b252976b0bc94b45ba969b1639f7402425d9d6baf67" +checksum = "b048f443a1f6b02da4205c34d2e287e3fd45d75e8e2f06cfb216630ea9bff5e3" dependencies = [ "bstr", "gix-glob", @@ -1073,9 +1079,9 @@ dependencies = [ [[package]] name = "gix-index" -version = "0.24.0" +version = "0.25.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0e9599fc30b3d6aad231687a403f85dfa36ae37ccf1b68ee1f621ad5b7fc7a0d" +checksum = "f54d63a9d13c13088f41f5a3accbec284e492ac8f4f707fcc307c139622e17b7" dependencies = [ "bitflags 2.4.0", "bstr", @@ -1096,9 +1102,9 @@ dependencies = [ [[package]] name = "gix-lock" -version = "9.0.0" +version = "10.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1568c3d90594c60d52670f325f5db88c2d572e85c8dd45fabc23d91cadb0fd52" +checksum = "47fc96fa8b6b6d33555021907c81eb3b27635daecf6e630630bdad44f8feaa95" dependencies = [ "gix-tempfile", "gix-utils", @@ -1118,9 +1124,9 @@ dependencies = [ [[package]] name = "gix-negotiate" -version = "0.7.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "208b25af0e59d04e7313479fc949bd68e11a065b51718995139cefac498e24df" +checksum = "6f1697bf9911c6d1b8d709b9e6ef718cb5ea5821a1b7991520125a8134448004" dependencies = [ "bitflags 2.4.0", "gix-commitgraph", @@ -1134,9 +1140,9 @@ dependencies = [ [[package]] name = "gix-object" -version = "0.36.0" +version = "0.37.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3e5528d5b2c984044d547e696e44a8c45fa122e83cd8c2ac1da69bd474336be8" +checksum = "1e7e19616c67967374137bae83e950e9b518a9ea8a605069bd6716ada357fd6f" dependencies = [ "bstr", "btoi", @@ -1153,9 +1159,9 @@ dependencies = [ [[package]] name = "gix-odb" -version = "0.52.0" +version = "0.53.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d0446eca295459deb3d6dd6ed7d44a631479f1b7381d8087166605c7a9f717c6" +checksum = "8d6a392c6ba3a2f133cdc63120e9bc7aec81eef763db372c817de31febfe64bf" dependencies = [ "arc-swap", "gix-date", @@ -1172,9 +1178,9 @@ dependencies = [ [[package]] name = "gix-pack" -version = "0.42.0" +version = "0.43.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "be19ee650300d7cbac5829b637685ec44a8d921a7c2eaff8a245d8f2f008870c" +checksum = "7536203a45b31e1bc5694bbf90ba8da1b736c77040dd6a520db369f371eb1ab3" dependencies = [ "clru", "gix-chunk", @@ -1227,9 +1233,9 @@ dependencies = [ [[package]] name = "gix-pathspec" -version = "0.2.0" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90a7885b4ccdc8c80740e465747bf961a8110043fdc1fda3ee80bc81885f42df" +checksum = "c3e26c9b47c51be73f98d38c84494bd5fb99334c5d6fda14ef5d036d50a9e5fd" dependencies = [ "bitflags 2.4.0", "bstr", @@ -1255,9 +1261,9 @@ dependencies = [ [[package]] name = "gix-protocol" -version = "0.39.0" +version = "0.40.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5d6ee7fc3f80140ea0651d483ecb9e680403be244849c16237fce45ac80163df" +checksum = "cc7b700dc20cc9be8a5130a1fd7e10c34117ffa7068431c8c24d963f0a2e0c9b" dependencies = [ "bstr", "btoi", @@ -1284,9 +1290,9 @@ dependencies = [ [[package]] name = "gix-ref" -version = "0.36.0" +version = "0.37.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3cccbfa8d5cd9b86465f27a521e0c017de54b92d9fd37c143e49c658a2f04f3a" +checksum = "22e6b749660b613641769edc1954132eb8071a13c32224891686091bef078de4" dependencies = [ "gix-actor", "gix-date", @@ -1305,9 +1311,9 @@ dependencies = [ [[package]] name = "gix-refspec" -version = "0.17.0" +version = "0.18.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "678ba30d95baa5462df9875628ed40655d5f5b8aba7028de86ed57f36e762c6c" +checksum = "0895cb7b1e70f3c3bd4550c329e9f5caf2975f97fcd4238e05754e72208ef61e" dependencies = [ "bstr", "gix-hash", @@ -1319,9 +1325,9 @@ dependencies = [ [[package]] name = "gix-revision" -version = "0.21.0" +version = "0.22.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b3e80a5992ae446fe1745dd26523b86084e3f1b6b3e35377fe09b4f35ac8f151" +checksum = "c8c4b15cf2ab7a35f5bcb3ef146187c8d36df0177e171ca061913cbaaa890e89" dependencies = [ "bstr", "gix-date", @@ -1335,9 +1341,9 @@ dependencies = [ [[package]] name = "gix-revwalk" -version = "0.7.0" +version = "0.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b806349bc1f668e09035800e07ac8045da4e39a8925a245d93142c4802224ec1" +checksum = "e9870c6b1032f2084567710c3b2106ac603377f8d25766b8a6b7c33e6e3ca279" dependencies = [ "gix-commitgraph", "gix-date", @@ -1362,9 +1368,9 @@ dependencies = [ [[package]] name = "gix-submodule" -version = "0.3.0" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5ff6b99d735842a3a7fb162b660fa97acec39d576c0ca1700d9eff9344f8625d" +checksum = "dd0150e82e9282d3f2ab2dd57a22f9f6c3447b9d9856e5321ac92d38e3e0e2b7" dependencies = [ "bstr", "gix-config", @@ -1377,9 +1383,9 @@ dependencies = [ [[package]] name = "gix-tempfile" -version = "9.0.0" +version = "10.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2762b91ff95e27ff3ea95758c0d4efacd7435a1be3629622928b8276de0f72a8" +checksum = "5ae0978f3e11dc57290ee75ac2477c815bca1ce2fa7ed5dc5f16db067410ac4d" dependencies = [ "gix-fs", "libc", @@ -1398,9 +1404,9 @@ checksum = "96b6d623a1152c3facb79067d6e2ecdae48130030cf27d6eb21109f13bd7b836" [[package]] name = "gix-transport" -version = "0.36.0" +version = "0.37.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9a8d976844844f8b42e70a2c2e60d68407f7055ff7e37553d1e7f2718acc3547" +checksum = "b9ec726e6a245e68ace59a34126a1d679de60360676612985e70b0d3b102fb4e" dependencies = [ "base64", "bstr", @@ -1417,9 +1423,9 @@ dependencies = [ [[package]] name = "gix-traverse" -version = "0.32.0" +version = "0.33.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3ec6358f8373fb018af8fc96c9d2ec6a5b66999e2377dc40b7801351fec409ed" +checksum = "22ef04ab3643acba289b5cedd25d6f53c0430770b1d689d1d654511e6fb81ba0" dependencies = [ "gix-commitgraph", "gix-date", @@ -1433,9 +1439,9 @@ dependencies = [ [[package]] name = "gix-url" -version = "0.23.0" +version = "0.24.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c79d595b99a6c7ab274f3c991735a0c0f5a816a3da460f513c48edf1c7bf2cc" +checksum = "6125ecf46e8c68bf7202da6cad239831daebf0247ffbab30210d72f3856e420f" dependencies = [ "bstr", "gix-features", @@ -1466,9 +1472,9 @@ dependencies = [ [[package]] name = "gix-worktree" -version = "0.25.0" +version = "0.26.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "addabd470ca4ce3ab893e32a5743971a530b8fc0eee5c23844849abf3c9ea6d6" +checksum = "9f5e32972801bd82d56609e6fc84efc358fa1f11f25c5e83b7807ee2280f14fe" dependencies = [ "bstr", "gix-attributes", @@ -1484,9 +1490,9 @@ dependencies = [ [[package]] name = "gix-worktree-state" -version = "0.2.0" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "02daf5a1d381280e3c5803a3745ee2abf09d2873118136aaadc0ed96ed438aeb" +checksum = "c3aeb06960f2c5ac9e4cdb6b38eb3c2b99d5e525e68285fef21ed17dfbd597ad" dependencies = [ "bstr", "gix-features", @@ -1746,15 +1752,6 @@ dependencies = [ "semver", ] -[[package]] -name = "kstring" -version = "2.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec3066350882a1cd6d950d055997f379ac37fd39f81cd4d8ed186032eb3c5747" -dependencies = [ - "static_assertions", -] - [[package]] name = "lazy_static" version = "1.4.0" @@ -2236,7 +2233,7 @@ dependencies = [ "semver", "serde", "thiserror", - "toml", + "toml 0.7.8", "url", ] @@ -2549,9 +2546,9 @@ dependencies = [ [[package]] name = "tame-index" -version = "0.6.0" +version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e6b3fea0e225ef36939de3613334dbbc02da041c1830e4a84260b0137b3bc0c7" +checksum = "d75ff46a667346d9db1705c17d7bab0e73c9b8a4b7ea60ad3a7cddc74d665c6f" dependencies = [ "bytes", "camino", @@ -2559,6 +2556,7 @@ dependencies = [ "gix", "home", "http", + "libc", "memchr", "rayon", "reqwest", @@ -2569,8 +2567,9 @@ dependencies = [ "smol_str", "thiserror", "tokio", - "toml", + "toml 0.8.1", "twox-hash", + "windows-targets 0.48.5", ] [[package]] @@ -2721,7 +2720,19 @@ dependencies = [ "serde", "serde_spanned", "toml_datetime", - "toml_edit", + "toml_edit 0.19.15", +] + +[[package]] +name = "toml" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bc1433177506450fe920e46a4f9812d0c211f5dd556da10e731a0a3dfa151f0" +dependencies = [ + "serde", + "serde_spanned", + "toml_datetime", + "toml_edit 0.20.1", ] [[package]] @@ -2746,6 +2757,19 @@ dependencies = [ "winnow", ] +[[package]] +name = "toml_edit" +version = "0.20.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ca676d9ba1a322c1b64eb8045a5ec5c0cfb0c9d08e15e9ff622589ad5221c8fe" +dependencies = [ + "indexmap 2.0.0", + "serde", + "serde_spanned", + "toml_datetime", + "winnow", +] + [[package]] name = "tower-service" version = "0.3.2" diff --git a/Cargo.toml b/Cargo.toml index b9242943c..4aa2a2721 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -101,7 +101,7 @@ spdx = "0.10" # Lazy strum = { version = "0.25", features = ["derive"] } # Index retrieval and querying -tame-index = { version = "0.6", default-features = false, features = [ +tame-index = { version = "0.7", default-features = false, features = [ "git", "sparse", ] } @@ -111,7 +111,7 @@ time = { version = "0.3", default-features = false, features = [ "macros", ] } # Deserialization of configuration files and crate manifests -toml = "0.7" +toml = "0.8" # Small fast hash crate twox-hash = { version = "1.5", default-features = false } # Url parsing/manipulation @@ -121,7 +121,7 @@ walkdir = "2.3" # We clone/fetch advisory databases [dependencies.gix] -version = "0.53" +version = "0.54" default-features = false features = [ "blocking-http-transport-reqwest", @@ -136,7 +136,7 @@ features = [ fs_extra = "1.3" # Snapshot testing insta = { version = "1.21", features = ["json"] } -tame-index = { version = "0.6", features = ["local-builder"] } +tame-index = { version = "0.7", features = ["local-builder"] } # We use this for creating fake crate directories for crawling license files on disk tempfile = "3.1.0" diff --git a/deny.toml b/deny.toml index c18420d7c..dc3e9ea17 100644 --- a/deny.toml +++ b/deny.toml @@ -44,6 +44,8 @@ skip = [ skip-tree = [ # Sigh { name = "windows-sys", version = "<=0.45" }, + # cargo-lock uses an old version + { name = "toml", version = "=0.7.8" }, ] [sources] diff --git a/src/advisories/helpers/db.rs b/src/advisories/helpers/db.rs index e1e0404e7..06572bb73 100644 --- a/src/advisories/helpers/db.rs +++ b/src/advisories/helpers/db.rs @@ -87,6 +87,17 @@ impl DbSet { urls.push(Url::parse(DEFAULT_URL).unwrap()); } + // Acquire an exclusive lock, even if we aren't fetching, to prevent + // other cargo-deny processes from performing mutations + let lock_path = root_db_path.join("db.lock"); + let _lock = tame_index::utils::flock::LockOptions::new(&lock_path) + .exclusive(false) + .lock(|path| { + log::info!("waiting on advisory db lock '{path}'"); + Some(std::time::Duration::from_secs(60)) + }) + .context("failed to acquire advisory database lock")?; + use rayon::prelude::*; let mut dbs = Vec::with_capacity(urls.len()); urls.into_par_iter() @@ -405,18 +416,6 @@ fn fetch_via_gix(url: &Url, db_path: &Path) -> anyhow::Result<()> { std::fs::remove_dir(db_path)?; } - let _lock = gix::lock::Marker::acquire_to_hold_resource( - db_path.with_extension("cargo-deny"), - gix::lock::acquire::Fail::AfterDurationWithBackoff(std::time::Duration::from_secs( - 60 * 10, /* 10 minutes */ - )), - #[allow(clippy::disallowed_types)] - Some(std::path::PathBuf::from_iter(Some( - std::path::Component::RootDir, - ))), - ) - .context("failed to acquire lock")?; - let open_or_clone_repo = || -> anyhow::Result<_> { let mut mapping = gix::sec::trust::Mapping::default(); let open_with_complete_config = diff --git a/src/advisories/helpers/index.rs b/src/advisories/helpers/index.rs index 48734f071..732ad8e39 100644 --- a/src/advisories/helpers/index.rs +++ b/src/advisories/helpers/index.rs @@ -39,6 +39,21 @@ impl<'k> Indices<'k> { indices.push((source, index)); } + let cargo_package_lock = + match tame_index::utils::flock::LockOptions::cargo_package_lock(Some(cargo_home)) + .expect("unreachable") + .shared() + .lock(|path| { + log::info!("waiting for {path}..."); + Some(std::time::Duration::from_secs(60)) + }) { + Ok(fl) => fl, + Err(err) => { + log::error!("unable to acquire cargo global package lock: {err:#}"); + tame_index::utils::flock::FileLock::unlocked() + } + }; + // Load the current entries into an in-memory cache so we can hopefully // remove any I/O in the rest of the check let set: std::collections::BTreeSet<_> = krates @@ -58,10 +73,13 @@ impl<'k> Indices<'k> { .iter() .find_map(|(url, index)| index.as_ref().ok().filter(|_i| src == *url))?; - index.cached_krate(name.try_into().ok()?).ok()?.map(|ik| { - let yank_map = Self::load_index_krate(ik); - ((name, src), yank_map) - }) + index + .cached_krate(name.try_into().ok()?, &cargo_package_lock) + .ok()? + .map(|ik| { + let yank_map = Self::load_index_krate(ik); + ((name, src), yank_map) + }) }) .collect(); diff --git a/src/lib.rs b/src/lib.rs index 29cc2b972..89cde80f0 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -505,16 +505,21 @@ pub fn krates_with_index( .context("unable to determine crates.io url")?; let index = tame_index::index::ComboIndexCache::new( - tame_index::IndexLocation::new(crates_io).with_root(cargo_home), + tame_index::IndexLocation::new(crates_io).with_root(cargo_home.clone()), ) .context("unable to open local crates.io index")?; + // Note we don't take a lock here ourselves, since we are calling cargo + // it will take the lock and only give us results if it gets access, if we + // took a look we would deadlock here + let lock = tame_index::utils::flock::FileLock::unlocked(); + let index_cache_build = move |krates: std::collections::BTreeSet| { let mut cache = std::collections::BTreeMap::new(); for name in krates { let read = || -> Option { let name = name.as_str().try_into().ok()?; - let krate = index.cached_krate(name).ok()??; + let krate = index.cached_krate(name, &lock).ok()??; let versions = krate .versions .into_iter() diff --git a/tests/advisories.rs b/tests/advisories.rs index 40151e257..e15d0b5c1 100644 --- a/tests/advisories.rs +++ b/tests/advisories.rs @@ -496,6 +496,8 @@ fn crates_io_source_replacement() { version: semver::Version, } + let lock = &tame_index::utils::flock::FileLock::unlocked(); + let index_krates: Vec<_> = krates .krates() .filter_map(|k| { @@ -504,7 +506,7 @@ fn crates_io_source_replacement() { } Some(IndexPkg { ik: sparse - .cached_krate(k.name.as_str().try_into().unwrap()) + .cached_krate(k.name.as_str().try_into().unwrap(), lock) .unwrap() .unwrap(), version: k.version.clone(),