Auto merge of #11674 - weihanglo:rust-1.68.0, r=ehuss

 [beta-1.68] Backport fixes

Beta backports:

* #11661 — Do not error for `auth-required: true` without `-Z sparse-registry`
* #11672 — Verify source before recompile

Author: bors

src/cargo/core/compiler/fingerprint.rs

@@ -379,17 +379,21 @@ pub fn prepare_target(cx: &mut Context<'_, '_>, unit: &Unit, force: bool) -> Car
     let compare = compare_old_fingerprint(&loc, &*fingerprint, mtime_on_use);
     log_compare(unit, &compare);
 
-    // If our comparison failed (e.g., we're going to trigger a rebuild of this
-    // crate), then we also ensure the source of the crate passes all
-    // verification checks before we build it.
+    // If our comparison failed or reported dirty (e.g., we're going to trigger
+    // a rebuild of this crate), then we also ensure the source of the crate
+    // passes all verification checks before we build it.
     //
     // The `Source::verify` method is intended to allow sources to execute
     // pre-build checks to ensure that the relevant source code is all
     // up-to-date and as expected. This is currently used primarily for
     // directory sources which will use this hook to perform an integrity check
     // on all files in the source to ensure they haven't changed. If they have
     // changed then an error is issued.
-    if compare.is_err() {
+    if compare
+        .as_ref()
+        .map(|dirty| dirty.is_some())
+        .unwrap_or(true)
+    {
         let source_id = unit.pkg.package_id().source_id();
         let sources = bcx.packages.sources();
         let source = sources

src/cargo/sources/registry/http_remote.rs

@@ -334,13 +334,6 @@ impl<'cfg> HttpRegistry<'cfg> {
         }
     }
 
-    fn check_registry_auth_unstable(&self) -> CargoResult<()> {
-        if self.auth_required && !self.config.cli_unstable().registry_auth {
-            anyhow::bail!("authenticated registries require `-Z registry-auth`");
-        }
-        Ok(())
-    }
-
     /// Get the cached registry configuration, if it exists.
     fn config_cached(&mut self) -> CargoResult<Option<&RegistryConfig>> {
         if self.registry_config.is_some() {
@@ -486,7 +479,9 @@ impl<'cfg> RegistryData for HttpRegistry<'cfg> {
                     return Poll::Ready(Ok(LoadResponse::NotFound));
                 }
                 StatusCode::Unauthorized
-                    if !self.auth_required && path == Path::new("config.json") =>
+                    if !self.auth_required
+                        && path == Path::new("config.json")
+                        && self.config.cli_unstable().registry_auth =>
                 {
                     debug!("re-attempting request for config.json with authorization included.");
                     self.fresh.remove(path);
@@ -542,6 +537,10 @@ impl<'cfg> RegistryData for HttpRegistry<'cfg> {
             }
         }
 
+        if !self.config.cli_unstable().registry_auth {
+            self.auth_required = false;
+        }
+
         // Looks like we're going to have to do a network request.
         self.start_fetch()?;
 
@@ -587,7 +586,6 @@ impl<'cfg> RegistryData for HttpRegistry<'cfg> {
             }
         }
         if self.auth_required {
-            self.check_registry_auth_unstable()?;
             let authorization =
                 auth::auth_token(self.config, &self.source_id, self.login_url.as_ref(), None)?;
             headers.append(&format!("Authorization: {}", authorization))?;
@@ -660,8 +658,10 @@ impl<'cfg> RegistryData for HttpRegistry<'cfg> {
     }
 
     fn config(&mut self) -> Poll<CargoResult<Option<RegistryConfig>>> {
-        let cfg = ready!(self.config()?).clone();
-        self.check_registry_auth_unstable()?;
+        let mut cfg = ready!(self.config()?).clone();
+        if !self.config.cli_unstable().registry_auth {
+            cfg.auth_required = false;
+        }
         Poll::Ready(Ok(Some(cfg)))
     }
 

src/cargo/sources/registry/remote.rs

@@ -245,11 +245,9 @@ impl<'cfg> RegistryData for RemoteRegistry<'cfg> {
         match ready!(self.load(Path::new(""), Path::new("config.json"), None)?) {
             LoadResponse::Data { raw_data, .. } => {
                 trace!("config loaded");
-                let cfg: RegistryConfig = serde_json::from_slice(&raw_data)?;
-                if cfg.auth_required && !self.config.cli_unstable().registry_auth {
-                    return Poll::Ready(Err(anyhow::anyhow!(
-                        "authenticated registries require `-Z registry-auth`"
-                    )));
+                let mut cfg: RegistryConfig = serde_json::from_slice(&raw_data)?;
+                if !self.config.cli_unstable().registry_auth {
+                    cfg.auth_required = false;
                 }
                 Poll::Ready(Ok(Some(cfg)))
             }

tests/testsuite/freshness.rs

@@ -2744,3 +2744,73 @@ fn changing_linker() {
         )
         .run();
 }
+
+#[cargo_test]
+fn verify_source_before_recompile() {
+    Package::new("bar", "0.1.0")
+        .file("src/lib.rs", "")
+        .publish();
+    let p = project()
+        .file(
+            "Cargo.toml",
+            r#"
+                [package]
+                name = "foo"
+                version = "0.1.0"
+
+                [dependencies]
+                bar = "0.1.0"
+            "#,
+        )
+        .file("src/lib.rs", "")
+        .build();
+
+    p.cargo("vendor --respect-source-config").run();
+    p.change_file(
+        ".cargo/config.toml",
+        r#"
+            [source.crates-io]
+            replace-with = 'vendor'
+
+            [source.vendor]
+            directory = 'vendor'
+        "#,
+    );
+    // Sanity check: vendoring works correctly.
+    p.cargo("check --verbose")
+        .with_stderr_contains("[RUNNING] `rustc --crate-name bar [CWD]/vendor/bar/src/lib.rs[..]")
+        .run();
+    // Now modify vendored crate.
+    p.change_file(
+        "vendor/bar/src/lib.rs",
+        r#"compile_error!("You shall not pass!");"#,
+    );
+    // Should ignore modifed sources without any recompile.
+    p.cargo("check --verbose")
+        .with_stderr(
+            "\
+[FRESH] bar v0.1.0
+[FRESH] foo v0.1.0 ([CWD])
+[FINISHED] dev [..]
+",
+        )
+        .run();
+
+    // Add a `RUSTFLAGS` to trigger a recompile.
+    //
+    // Cargo should refuse to build because of checksum verfication failure.
+    // Cargo shouldn't recompile dependency `bar`.
+    p.cargo("check --verbose")
+        .env("RUSTFLAGS", "-W warnings")
+        .with_status(101)
+        .with_stderr(
+            "\
+error: the listed checksum of `[CWD]/vendor/bar/src/lib.rs` has changed:
+expected: [..]
+actual:   [..]
+
+directory sources are not [..]
+",
+        )
+        .run();
+}

tests/testsuite/registry_auth.rs

@@ -42,12 +42,26 @@ static SUCCESS_OUTPUT: &'static str = "\
 
 #[cargo_test]
 fn requires_nightly() {
-    let _registry = RegistryBuilder::new().alternative().auth_required().build();
+    let _registry = RegistryBuilder::new()
+        .alternative()
+        .auth_required()
+        .http_api()
+        .build();
 
     let p = make_project();
     p.cargo("build")
         .with_status(101)
-        .with_stderr_contains("  authenticated registries require `-Z registry-auth`")
+        .with_stderr(
+            r#"[UPDATING] `alternative` index
+[DOWNLOADING] crates ...
+error: failed to download from `[..]/dl/bar/0.0.1/download`
+
+Caused by:
+  failed to get successful HTTP response from `[..]`, got 401
+  body:
+  Unauthorized message from server.
+"#,
+        )
         .run();
 }