cargo-auditable icon indicating copy to clipboard operation
cargo-auditable copied to clipboard

Published 20 hours ago verified publisher icon rust-secure-code

bug: cargo +channel command won't work with "cargo auditable" alias

Open andreacfromtheapp opened this issue 11 months ago • 8 comments

Hi,

If I set an alias as suggested here https://github.com/rust-secure-code/cargo-auditable?tab=readme-ov-file#can-i-make-cargo-always-build-with-cargo-auditable and try to run cargo +nighly test (or any +channel command) it fails:

╰─❯ source ~/.config/fish/config.fish
╰─❯ cargo +nightly check
error: no such command: `+nightly`

	Cargo does not handle `+toolchain` directives.
	Did you mean to invoke `cargo` through `rustup` instead?

if I remove the alias, everything is back to normal.

andreacfromtheapp avatar Dec 19 '24 16:12 andreacfromtheapp

Right. cargo +nightly auditable still works but since the alias expands into cargo auditable +nightly, things break.

I don't know if there's a way to do this with an alias that's portable between shells. A bash script that checks if the next argument starts with a + and moves it earlier would work for Linux and Mac at least.

Shnatsel avatar Dec 19 '24 18:12 Shnatsel

Hi @Shnatsel , perhaps using something like RUSTC_WRAPPER would work? I don't know. I am a noob, just learned about RUSTC_WRAPPER. However, logically auditable would be necessary on builds only. It could make sense?

andreacfromtheapp avatar Dec 20 '24 09:12 andreacfromtheapp

No, unfortunately RUSTC_WRAPPER does not work. We need to wrap Cargo, not rustc.

Shnatsel avatar Dec 20 '24 09:12 Shnatsel

On systems where bash is available, you can use this bash script:

#!/bin/bash

if [[ "$1" == +* ]]; then
    # special handling for +nightly: it needs to become 'cargo +nightly auditable'
    # but without this branch it would turn into 'cargo auditable +nightly' and break
    toolchain="$1"
    shift 1 # remove $1 from the list of arguments
    cargo "$toolchain" auditable "$@"
else
    cargo auditable "$@"
fi

Save it as cargo-wrapper.sh and then alias cargo='/path/to/cargo-wrapper.sh' and that should take care of the toolchain argument issue.

Shnatsel avatar Dec 20 '24 09:12 Shnatsel

Thanks @Shnatsel , I appreciate. I use fish however. At least it will be useful for bash users :)

I guess I'll have to remember to run cargo auditable manually or use it with CI/CD

andreacfromtheapp avatar Dec 20 '24 09:12 andreacfromtheapp

This script always uses bash in a standalone process, and will work regardless of what your interactive shell is.

Shnatsel avatar Dec 20 '24 10:12 Shnatsel

No, unfortunately RUSTC_WRAPPER does not work. We need to wrap Cargo, not rustc.

I was thinking about operning an issue with Cargo to add something similar. There are so many tools for cargo, it may be beneficial to have a CARGO_WRAPPER in cargo/config.toml. Or is this nah?

andreacfromtheapp avatar Dec 20 '24 13:12 andreacfromtheapp

I don't think that is worth the trouble, and the Cargo team is spread thin as it is.

Shnatsel avatar Dec 20 '24 13:12 Shnatsel