Provide a documented way to use `cargo auditable` as a drop-in replacement for `cargo`

Question

Provide a documented way to use `cargo auditable` as a drop-in replacement for `cargo`

Shnatsel opened this issue 2 years ago · 9 comments

Shnatsel commented 2 years ago

This came up in the pull request about enabling cargo auditable in Nix by defaut.

There are two hurdles here:

cargo auditable calls cargo internally quite a lot. We need to make sure it doesn't recurse.
Some targets are currently not supported, notably WebAssembly, and cargo auditable will error out in this case. This is not an option for a drop-in replacement for cargo - we need to print a warning and keep going.

Answer 1 · 2022-12-06T03:03:56.000Z

Cargo sets only one environment variable when calling subcommands, and that's a path to itself in the CARGO env var.

Just following that convention (and letting people set it to the real cargo when using as a drop-in replacement) sounds good. I'm not going to require that variable to be set because I'm not sure if that would break anything (especially exotic things like sccache).

I think if I add another env var for ignoring unsupported platforms, we should be good. So something like this would work, if placed in $PATH and called cargo:

#!/bin/sh

export CARGO='/path/to/real/cargo'
export CARGO_AUDITABLE_IGNORE_UNSUPPORTED=true
cargo-auditable auditable "$@"

btw cargo-auditable auditable is not a typo, that's how Cargo calls subcommands and we actually take advantage of it.

@figsoda @zowoq would this work for Nix?

I could write this as a Rust executable as well, but I think a shell script is way easier to understand and debug - a compiled Rust binary would just be a black box. Transparency is key when you override default behavior.

Answer 2 · 2022-12-06T03:18:22.000Z

Didn't test anything out, but this should work for nix. I think a shell script in nixpkgs is good enough, no rust needed here.

Answer 3 · 2022-12-06T03:25:07.000Z

Alright, I'll implement support for these two environment variables then!

Answer 4 · 2022-12-06T21:14:54.000Z

As of commit 00030f0 the CARGO variable is implemented, so you can use the above snippet.

The CARGO_AUDITABLE_IGNORE_UNSUPPORTED isn't implemented yet, but shouldn't be a blocker for initial testing.

Answer 5 · 2022-12-06T22:20:46.000Z

Support for CARGO_AUDITABLE_IGNORE_UNSUPPORTED has landed in 74a2d3a

Answer 6 · 2022-12-07T03:35:35.000Z

Actually you can just use alias cargo="cargo auditable" without going through all this trouble. I've documented it in the README.

Answer 7 · 2022-12-07T03:42:45.000Z

I'm open to feedback on whether continuing the build but printing a warning when targeting an unsupported platform should just be the default.

Maybe a configuration option is overkill, since this behavior is basically never desirable.

Answer 8 · 2022-12-07T05:45:07.000Z

I am not sure about the semver aspect of this, but it (warning instead of error) definitely sounds like a saner default to me

Answer 9 · 2022-12-07T13:35:36.000Z

I'll ship it as 0.6 just to be on the safe side