Skip to content

cargo publish omits metadata component in version during checking if package is already published #15031

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Closed
cpp11nullptr opened this issue Jan 8, 2025 · 5 comments
Closed

cargo publish omits metadata component in version during checking if package is already published #15031

cpp11nullptr opened this issue Jan 8, 2025 · 5 comments
Labels
C-bug Category: bug Command-publish regression-from-stable-to-stable Regression in stable that worked in a previous stable release. S-triage Status: This issue is waiting on initial triage.

Comments

@cpp11nullptr
Copy link

Problem

Starting from 1.83, cargo publish fails if a registry contains package with the same {MAJOR}.{MINOR}.{PATCH} but different "build metadata" (after a plus sign) component.

Steps

Repro steps:

  1. cargo publish for package with version 0.1.0.
  2. cargo publish for package with version 0.1.0+123.

Actual behavior: error: crate foobar@0.1.0+123 already exists.

Expected behavior: version 0.1.0+123 should be published.

Possible Solution(s)

As temporary workaround, downgrading to 1.82 can be used.

Notes

It may be the same root case as for #15028.

Version

cargo 1.83.0 (5ffbef321 2024-10-29)
release: 1.83.0
commit-hash: 5ffbef3211a8c378857905775a15c5b32a174d3b
commit-date: 2024-10-29
host: x86_64-pc-windows-msvc
libgit2: 1.8.1 (sys:0.19.0 vendored)
libcurl: 8.9.0-DEV (sys:0.4.74+curl-8.9.0 vendored ssl:Schannel)
os: Windows 10.0.26100 (Windows 11 Enterprise) [64-bit]
@cpp11nullptr cpp11nullptr added C-bug Category: bug S-triage Status: This issue is waiting on initial triage. labels Jan 8, 2025
@epage epage added Command-publish regression-from-stable-to-stable Regression in stable that worked in a previous stable release. labels Jan 8, 2025
@epage
Copy link
Contributor

epage commented Jan 8, 2025

Are you using a third-party registry? Differing by build metadata on crates.io has been disallowed since May 2023 (rust-lang/crates.io#6518). This was done because (1) the semver spec says they are the same so there is no predicability with what you get and (2) therefore cargo has odd/bad behavior with this.

What is your use case for doing this? Without any other data, I feel like this is a good thing that we extended this check to all registries (even if its only client-side validation).

Without further context, what I propose we do is

  • Improve the error message for this case
  • Document this as a recommendation or expectation for registries to check

@cpp11nullptr
Copy link
Author

Yes, it gets published to ADO feed. Thanks for sharing more context, it makes sense. I'd say that it'd be less ambiguous if semver specification added a note that "two versions that differ only in the build metadata are the same" in additional to using precedence term there (which kind of conveying message but in confusing way). Using "123" (from example above) as "pre-release" component should work for me, I guess.

@epage
Copy link
Contributor

epage commented Jan 8, 2025

@cpp11nullptr could you expand on your use case for why you were publishing packages that only differed by metadata?

@cpp11nullptr
Copy link
Author

The intention is to publish packages which are produced by CI (so it's incremental versioning). Looking around, {MAJOR}.{MINOR}.{PATCH}-{BUILD} or {MAJOR}.{MINOR}.{PATCH}-build.{BUILD} seems to be common approach there.

@cpp11nullptr
Copy link
Author

Closing this issue as resolved.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
C-bug Category: bug Command-publish regression-from-stable-to-stable Regression in stable that worked in a previous stable release. S-triage Status: This issue is waiting on initial triage.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@epage @cpp11nullptr