Comments (5)
@polarathene Thanks for your in-depth investigation! I believe this is covered by #3483 as you've already found out, and no, that design is not intentional; I even believe my #3492 has fixed it.
Unfortunately, the inclusion of that patch hasn't been moving forward for a very specific reason: hierarchical config will introduce new attack vectors if one or serveral rust-toolchain.toml
files can't be trusted. Due to the limited bandwidth of the Rustup team, all relevant work is suspended until we come up with a solution to that issue before pushing the hierarchical config proposal forward again. At this point I'm as sad as you are, sorry 🙇
from rustup.
If the contribution doesn't sound too troublesome and would get approval, I can give it a shot?
@polarathene Wait, you reminded me of something. Maybe my #3492 can be carefully cherry-picked into two parts. I do remember some commits are related to rust-toolchain.toml
while others aren't.
So in theory you can use (or get inspired from) half of my PR (so without the rust-toolchain.toml
filesystem walk hierarchy part), make sure that the default
toolchain (incl. profile, channel, etc.) is working as you'd expect, add a bunch of smoke tests, adjust the docs accordingly (mentioning the limitations) and call it a day. The rest of that PR will be merged later...
As long as @rbtcollins agrees with that plan.
Anyway, that PR is on our v1.28 milestone (meaning we have to at least react to it in some way), so I'm not going anywhere.
from rustup.
The rustup docs imply that it should be using the configured minimal
profile as fallback:
Note that if not specified, the
default
profile is not necessarily used, as a different default profile might have been set withrustup set profile
.
from rustup.
@polarathene OTOH I'm open to doc improvements, although I'm not sure if we're documenting a bug. Maybe calling it a limitation would be better.
If you can come up with a PR, I'll be glad to review it 🙏
from rustup.
TL;DR: I could adjust the docs.. however fixing the regression introduced (specifically to profile
support) instead may be fairly simple AFAIK? If that'd be acceptable, I don't mind contributing that instead?
Unfortunately, the inclusion of that patch hasn't been moving forward for a very specific reason: hierarchical config will introduce new attack vectors if one or serveral
rust-toolchain.toml
files can't be trusted
So to clarify:
- bug: Despite the current documentation for
rust-toolchain.toml
support with rustup, the settingprofile
configured for rustup is ignored when this file is present and a toolchain is installed? - This
rust-toolchain.toml
feature appears to have broken the global behaviour (as described in the original feature request), so this is technically a regression. - Fixing this bug requires a more complicated PR with wider impact to be approved and merged, but is blocked due to security concerns that imposes, and the limited bandwidth available from maintainers for the foreseeable future to tackle that PR?
Is it not possible to fix the regression introduced specifically with profile
?
- If my rustup has a profile configured globally as
minimal
, it should respect that when it's not present inrust-toolchain.toml
, as it previously did. - Since the referenced PR with it's improvements that could fix this concern introduces too much friction, perhaps this specific use-case can be resolved separately?
I'd rather address that than correct the docs with the existing gotcha. If the contribution doesn't sound too troublesome and would get approval, I can give it a shot?
- Presumably when
profile
isNone
after parsingrust-toolchain.toml
, it just needs to additionally check for aprofile
key in~/.rustup/settings.toml
as a fallback? - This would prevent the mishap of excessive disk usage (and network bandwidth wasted for both parties involved) which sounds like a win. I don't see any security concerns with allowing to fallback to the expected
profile
configured for rustup?
from rustup.
Related Issues (20)
- rustup fails to open non-existing windows registry path HOT 3
- `rustup component (add|remove)` should not rely on hardcoded target triples HOT 9
- Decide on a better strategy for release notes/changelogs HOT 3
- Simplify download and/or TLS backends HOT 1
- Rustup fails with os error 10054 on a new Windows 11 machine HOT 13
- `sh.rustup.rs` should only resolve to ipv4 HOT 7
- rust-analyzer is not being automatically proxied after installing HOT 4
- Rust installing script incompatible with older macOS HOT 1
- CfT: Test out Rustup's `reqwest` backend with `rustls` HOT 5
- error: toolchain 'stable-x86_64-pc-windows-msvc' is not installable with rustup 1.27.0 on wine HOT 4
- Failures while downloading https://static.rust-lang.org/rustup/dist/x86_64-unknown-linux-gnu/rustup-init HOT 1
- `rustup update self` should suggest `rustup self update` HOT 8
- Windows: Explorer 'Quick Access' polluted with deleted folders inside `.rustup`
- Lack of support for p521 signatures with the `ring`-based `reqwest/rustls` backend HOT 15
- New env `RUSTUP_AUTO_SELF_UPDATE` to configure `rustup self update` HOT 12
- (🐞) rustup didn't install Visual Studio HOT 7
- Disable Rustup's self update by default if the `CI` environment variable is detected HOT 3
- Effects of `RUSTUP_WINDOWS_PATH_ADD_BIN` change HOT 14
- #3827 has broken the ETA format when downloading/installing components HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rustup.