Unstable Features
Experimental Cargo features are only available on the nightly channel. You are encouraged to experiment with these features to see if they meet your needs, and if there are any issues or problems. Check the linked tracking issues listed below for more information on the feature, and click the GitHub subscribe button if you want future updates.
After some period of time, if the feature does not have any major concerns, it can be stabilized, which will make it available on stable once the current nightly release reaches the stable channel (anywhere from 6 to 12 weeks).
There are three different ways that unstable features can be enabled based on how the feature works:
-
New syntax in
Cargo.toml
requires acargo-features
key at the top ofCargo.toml
, before any tables. For example:# This specifies which new Cargo.toml features are enabled. cargo-features = ["test-dummy-unstable"] [package] name = "my-package" version = "0.1.0" im-a-teapot = true # This is a new option enabled by test-dummy-unstable.
-
New command-line flags, options, and subcommands require the
-Z unstable-options
CLI option to also be included. For example, the new--out-dir
option is only available on nightly:cargo +nightly build --out-dir=out -Z unstable-options
-
-Z
command-line flags are used to enable new functionality that may not have an interface, or the interface has not yet been designed, or for more complex features that affect multiple parts of Cargo. For example, the mtime-on-use feature can be enabled with:cargo +nightly build -Z mtime-on-use
Run
cargo -Z help
to see a list of flags available.Anything which can be configured with a
-Z
flag can also be set in the cargo config file (.cargo/config.toml
) in theunstable
table. For example:[unstable] mtime-on-use = true build-std = ["core", "alloc"]
Each new feature described below should explain how to use it.
List of unstable features
- Unstable-specific features
- -Z allow-features — Provides a way to restrict which unstable features are used.
- Build scripts and linking
- Metabuild — Provides declarative build scripts.
- Resolver and features
- no-index-update — Prevents cargo from updating the index cache.
- avoid-dev-deps — Prevents the resolver from including dev-dependencies during resolution.
- minimal-versions — Forces the resolver to use the lowest compatible version instead of the highest.
- direct-minimal-versions — Forces the resolver to use the lowest compatible version instead of the highest.
- public-dependency — Allows dependencies to be classified as either public or private.
- Output behavior
- out-dir — Adds a directory where artifacts are copied to.
- Different binary name — Assign a name to the built binary that is separate from the crate name.
- Compile behavior
- mtime-on-use — Updates the last-modified timestamp on every dependency every time it is used, to provide a mechanism to delete unused artifacts.
- doctest-xcompile — Supports running doctests with the
--target
flag. - build-std — Builds the standard library instead of using pre-built binaries.
- build-std-features — Sets features to use with the standard library.
- binary-dep-depinfo — Causes the dep-info file to track binary dependencies.
- panic-abort-tests — Allows running tests with the “abort” panic strategy.
- keep-going — Build as much as possible rather than aborting on the first error.
- check-cfg — Compile-time validation of
cfg
expressions. - host-config — Allows setting
[target]
-like configuration settings for host build targets. - target-applies-to-host — Alters whether certain flags will be passed to host build targets.
- rustdoc
doctest-in-workspace
— Fixes workspace-relative paths when running doctests.- rustdoc-map — Provides mappings for documentation to link to external sites like docs.rs.
- scrape-examples — Shows examples within documentation.
Cargo.toml
extensions- Profile
rustflags
option — Passed directly to rustc. - codegen-backend — Select the codegen backend used by rustc.
- per-package-target — Sets the
--target
to use for each individual package. - artifact dependencies — Allow build artifacts to be included into other build artifacts and build them for different targets.
- Profile
- Information and metadata
- Build-plan — Emits JSON information on which commands will be run.
- unit-graph — Emits JSON for Cargo’s internal graph structure.
cargo rustc --print
— Calls rustc with--print
to display information from rustc.
- Configuration
- config-include — Adds the ability for config files to include other files.
cargo config
— Adds a new subcommand for viewing config files.
- Registries
- credential-process — Adds support for fetching registry tokens from an external authentication program.
- publish-timeout — Controls the timeout between uploading the crate and being available in the index
- registry-auth — Adds support for authenticated registries, and generate registry authentication tokens using asymmetric cryptography.
- Other
- gitoxide — Use
gitoxide
instead ofgit2
for a set of operations.
- gitoxide — Use
allow-features
This permanently-unstable flag makes it so that only a listed set of
unstable features can be used. Specifically, if you pass
-Zallow-features=foo,bar
, you’ll continue to be able to pass -Zfoo
and -Zbar
to cargo
, but you will be unable to pass -Zbaz
. You can
pass an empty string (-Zallow-features=
) to disallow all unstable
features.
-Zallow-features
also restricts which unstable features can be passed
to the cargo-features
entry in Cargo.toml
. If, for example, you want
to allow
cargo-features = ["test-dummy-unstable"]
where test-dummy-unstable
is unstable, that features would also be
disallowed by -Zallow-features=
, and allowed with
-Zallow-features=test-dummy-unstable
.
The list of features passed to cargo’s -Zallow-features
is also passed
to any Rust tools that cargo ends up calling (like rustc
or
rustdoc
). Thus, if you run cargo -Zallow-features=
, no unstable
Cargo or Rust features can be used.
no-index-update
The -Z no-index-update
flag ensures that Cargo does not attempt to update
the registry index. This is intended for tools such as Crater that issue many
Cargo commands, and you want to avoid the network latency for updating the
index each time.
mtime-on-use
The -Z mtime-on-use
flag is an experiment to have Cargo update the mtime of
used files to make it easier for tools like cargo-sweep to detect which files
are stale. For many workflows this needs to be set on all invocations of cargo.
To make this more practical setting the unstable.mtime_on_use
flag in .cargo/config.toml
or the corresponding ENV variable will apply the -Z mtime-on-use
to all
invocations of nightly cargo. (the config flag is ignored by stable)
avoid-dev-deps
When running commands such as cargo install
or cargo build
, Cargo
currently requires dev-dependencies to be downloaded, even if they are not
used. The -Z avoid-dev-deps
flag allows Cargo to avoid downloading
dev-dependencies if they are not needed. The Cargo.lock
file will not be
generated if dev-dependencies are skipped.
minimal-versions
Note: It is not recommended to use this feature. Because it enforces minimal versions for all transitive dependencies, its usefulness is limited since not all external dependencies declare proper lower version bounds. It is intended that it will be changed in the future to only enforce minimal versions for direct dependencies.
When a Cargo.lock
file is generated, the -Z minimal-versions
flag will
resolve the dependencies to the minimum SemVer version that will satisfy the
requirements (instead of the greatest version).
The intended use-case of this flag is to check, during continuous integration,
that the versions specified in Cargo.toml are a correct reflection of the
minimum versions that you are actually using. That is, if Cargo.toml says
foo = "1.0.0"
that you don’t accidentally depend on features added only in
foo 1.5.0
.
direct-minimal-versions
When a Cargo.lock
file is generated, the -Z direct-minimal-versions
flag will
resolve the dependencies to the minimum SemVer version that will satisfy the
requirements (instead of the greatest version) for direct dependencies only.
The intended use-case of this flag is to check, during continuous integration,
that the versions specified in Cargo.toml are a correct reflection of the
minimum versions that you are actually using. That is, if Cargo.toml says
foo = "1.0.0"
that you don’t accidentally depend on features added only in
foo 1.5.0
.
Indirect dependencies are resolved as normal so as not to be blocked on their minimal version validation.
out-dir
This feature allows you to specify the directory where artifacts will be
copied to after they are built. Typically artifacts are only written to the
target/release
or target/debug
directories. However, determining the
exact filename can be tricky since you need to parse JSON output. The
--out-dir
flag makes it easier to predictably access the artifacts. Note
that the artifacts are copied, so the originals are still in the target
directory. Example:
cargo +nightly build --out-dir=out -Z unstable-options
This can also be specified in .cargo/config.toml
files.
[build]
out-dir = "out"
doctest-xcompile
This flag changes cargo test
’s behavior when handling doctests when
a target is passed. Currently, if a target is passed that is different
from the host cargo will simply skip testing doctests. If this flag is
present, cargo will continue as normal, passing the tests to doctest,
while also passing it a --target
option, as well as enabling
-Zunstable-features --enable-per-target-ignores
and passing along
information from .cargo/config.toml
. See the rustc issue for more information.
cargo test --target foo -Zdoctest-xcompile
Build-plan
- Tracking Issue: #5579
The --build-plan
argument for the build
command will output JSON with
information about which commands would be run without actually executing
anything. This can be useful when integrating with another build tool.
Example:
cargo +nightly build --build-plan -Z unstable-options
Metabuild
- Tracking Issue: rust-lang/rust#49803
- RFC: #2196
Metabuild is a feature to have declarative build scripts. Instead of writing
a build.rs
script, you specify a list of build dependencies in the
metabuild
key in Cargo.toml
. A build script is automatically generated
that runs each build dependency in order. Metabuild packages can then read
metadata from Cargo.toml
to specify their behavior.
Include cargo-features
at the top of Cargo.toml
, a metabuild
key in the
package
, list the dependencies in build-dependencies
, and add any metadata
that the metabuild packages require under package.metadata
. Example:
cargo-features = ["metabuild"]
[package]
name = "mypackage"
version = "0.0.1"
metabuild = ["foo", "bar"]
[build-dependencies]
foo = "1.0"
bar = "1.0"
[package.metadata.foo]
extra-info = "qwerty"
Metabuild packages should have a public function called metabuild
that
performs the same actions as a regular build.rs
script would perform.
public-dependency
- Tracking Issue: #44663
The ‘public-dependency’ feature allows marking dependencies as ‘public’ or ‘private’. When this feature is enabled, additional information is passed to rustc to allow the ‘exported_private_dependencies’ lint to function properly.
This requires the appropriate key to be set in cargo-features
:
cargo-features = ["public-dependency"]
[dependencies]
my_dep = { version = "1.2.3", public = true }
private_dep = "2.0.0" # Will be 'private' by default
build-std
- Tracking Repository: https://github.com/rust-lang/wg-cargo-std-aware
The build-std
feature enables Cargo to compile the standard library itself as
part of a crate graph compilation. This feature has also historically been known
as “std-aware Cargo”. This feature is still in very early stages of development,
and is also a possible massive feature addition to Cargo. This is a very large
feature to document, even in the minimal form that it exists in today, so if
you’re curious to stay up to date you’ll want to follow the tracking
repository and its set of
issues.
The functionality implemented today is behind a flag called -Z build-std
. This
flag indicates that Cargo should compile the standard library from source code
using the same profile as the main build itself. Note that for this to work you
need to have the source code for the standard library available, and at this
time the only supported method of doing so is to add the rust-src
rust rustup
component:
$ rustup component add rust-src --toolchain nightly
It is also required today that the -Z build-std
flag is combined with the
--target
flag. Note that you’re not forced to do a cross compilation, you’re
just forced to pass --target
in one form or another.
Usage looks like:
$ cargo new foo
$ cd foo
$ cargo +nightly run -Z build-std --target x86_64-unknown-linux-gnu
Compiling core v0.0.0 (...)
...
Compiling foo v0.1.0 (...)
Finished dev [unoptimized + debuginfo] target(s) in 21.00s
Running `target/x86_64-unknown-linux-gnu/debug/foo`
Hello, world!
Here we recompiled the standard library in debug mode with debug assertions
(like src/main.rs
is compiled) and everything was linked together at the end.
Using -Z build-std
will implicitly compile the stable crates core
, std
,
alloc
, and proc_macro
. If you’re using cargo test
it will also compile the
test
crate. If you’re working with an environment which does not support some
of these crates, then you can pass an argument to -Zbuild-std
as well:
$ cargo +nightly build -Z build-std=core,alloc
The value here is a comma-separated list of standard library crates to build.
Requirements
As a summary, a list of requirements today to use -Z build-std
are:
- You must install libstd’s source code through
rustup component add rust-src
- You must pass
--target
- You must use both a nightly Cargo and a nightly rustc
- The
-Z build-std
flag must be passed to allcargo
invocations.
Reporting bugs and helping out
The -Z build-std
feature is in the very early stages of development! This
feature for Cargo has an extremely long history and is very large in scope, and
this is just the beginning. If you’d like to report bugs please either report
them to:
- Cargo — https://github.com/rust-lang/cargo/issues/new — for implementation bugs
- The tracking repository — https://github.com/rust-lang/wg-cargo-std-aware/issues/new — for larger design questions.
Also if you’d like to see a feature that’s not yet implemented and/or if something doesn’t quite work the way you’d like it to, feel free to check out the issue tracker of the tracking repository, and if it’s not there please file a new issue!
build-std-features
- Tracking Repository: https://github.com/rust-lang/wg-cargo-std-aware
This flag is a sibling to the -Zbuild-std
feature flag. This will configure
the features enabled for the standard library itself when building the standard
library. The default enabled features, at this time, are backtrace
and
panic_unwind
. This flag expects a comma-separated list and, if provided, will
override the default list of features enabled.
binary-dep-depinfo
- Tracking rustc issue: #63012
The -Z binary-dep-depinfo
flag causes Cargo to forward the same flag to
rustc
which will then cause rustc
to include the paths of all binary
dependencies in the “dep info” file (with the .d
extension). Cargo then uses
that information for change-detection (if any binary dependency changes, then
the crate will be rebuilt). The primary use case is for building the compiler
itself, which has implicit dependencies on the standard library that would
otherwise be untracked for change-detection.
panic-abort-tests
The -Z panic-abort-tests
flag will enable nightly support to compile test
harness crates with -Cpanic=abort
. Without this flag Cargo will compile tests,
and everything they depend on, with -Cpanic=unwind
because it’s the only way
test
-the-crate knows how to operate. As of rust-lang/rust#64158, however,
the test
crate supports -C panic=abort
with a test-per-process, and can help
avoid compiling crate graphs multiple times.
It’s currently unclear how this feature will be stabilized in Cargo, but we’d like to stabilize it somehow!
keep-going
- Tracking Issue: #10496
cargo build --keep-going
(and similarly for check
, test
etc) will build as
many crates in the dependency graph as possible, rather than aborting the build
at the first one that fails to build.
For example if the current package depends on dependencies fails
and works
,
one of which fails to build, cargo check -j1
may or may not build the one that
succeeds (depending on which one of the two builds Cargo picked to run first),
whereas cargo check -j1 --keep-going
would definitely run both builds, even if
the one run first fails.
The -Z unstable-options
command-line option must be used in order to use
--keep-going
while it is not yet stable:
cargo check --keep-going -Z unstable-options
config-include
- Tracking Issue: #7723
The include
key in a config file can be used to load another config file. It
takes a string for a path to another file relative to the config file, or a
list of strings. It requires the -Zconfig-include
command-line option.
# .cargo/config
include = '../../some-common-config.toml'
The config values are first loaded from the include path, and then the config file’s own values are merged on top of it.
This can be paired with config-cli to specify a file to load
from the command-line. Pass a path to a config file as the argument to
--config
:
cargo +nightly -Zunstable-options -Zconfig-include --config somefile.toml build
CLI paths are relative to the current working directory.
target-applies-to-host
Historically, Cargo’s behavior for whether the linker
and rustflags
configuration options from environment variables and
[target]
are respected for build scripts, plugins,
and other artifacts that are always built for the host platform has
been somewhat inconsistent.
When --target
is not passed, Cargo respects the same linker
and
rustflags
for build scripts as for all other compile artifacts. When
--target
is passed, however, Cargo respects linker
from
[target.<host triple>]
, and does not
pick up any rustflags
configuration.
This dual behavior is confusing, but also makes it difficult to correctly
configure builds where the host triple and the target triple happen to
be the same, but artifacts intended to run on the build host should still
be configured differently.
-Ztarget-applies-to-host
enables the top-level
target-applies-to-host
setting in Cargo configuration files which
allows users to opt into different (and more consistent) behavior for
these properties. When target-applies-to-host
is unset, or set to
true
, in the configuration file, the existing Cargo behavior is
preserved (though see -Zhost-config
, which changes that default). When
it is set to false
, no options from [target.<host triple>]
,
RUSTFLAGS
, or [build]
are respected for host artifacts regardless of
whether --target
is passed to Cargo. To customize artifacts intended
to be run on the host, use [host]
(host-config
).
In the future, target-applies-to-host
may end up defaulting to false
to provide more sane and consistent default behavior.
# config.toml
target-applies-to-host = false
cargo +nightly -Ztarget-applies-to-host build --target x86_64-unknown-linux-gnu
host-config
The host
key in a config file can be used pass flags to host build targets
such as build scripts that must run on the host system instead of the target
system when cross compiling. It supports both generic and host arch specific
tables. Matching host arch tables take precedence over generic host tables.
It requires the -Zhost-config
and -Ztarget-applies-to-host
command-line options to be set, and that target-applies-to-host = false
is set in the Cargo configuration file.
# config.toml
[host]
linker = "/path/to/host/linker"
[host.x86_64-unknown-linux-gnu]
linker = "/path/to/host/arch/linker"
rustflags = ["-Clink-arg=--verbose"]
[target.x86_64-unknown-linux-gnu]
linker = "/path/to/target/linker"
The generic host
table above will be entirely ignored when building on a
x86_64-unknown-linux-gnu
host as the host.x86_64-unknown-linux-gnu
table
takes precedence.
Setting -Zhost-config
changes the default for target-applies-to-host
to
false
from true
.
cargo +nightly -Ztarget-applies-to-host -Zhost-config build --target x86_64-unknown-linux-gnu
unit-graph
- Tracking Issue: #8002
The --unit-graph
flag can be passed to any build command (build
, check
,
run
, test
, bench
, doc
, etc.) to emit a JSON object to stdout which
represents Cargo’s internal unit graph. Nothing is actually built, and the
command returns immediately after printing. Each “unit” corresponds to an
execution of the compiler. These objects also include which unit each unit
depends on.
cargo +nightly build --unit-graph -Z unstable-options
This structure provides a more complete view of the dependency relationship as
Cargo sees it. In particular, the “features” field supports the new feature
resolver where a dependency can be built multiple times with different
features. cargo metadata
fundamentally cannot represent the relationship of
features between different dependency kinds, and features now depend on which
command is run and which packages and targets are selected. Additionally it
can provide details about intra-package dependencies like build scripts or
tests.
The following is a description of the JSON structure:
{
/* Version of the JSON output structure. If any backwards incompatible
changes are made, this value will be increased.
*/
"version": 1,
/* Array of all build units. */
"units": [
{
/* An opaque string which indicates the package.
Information about the package can be obtained from `cargo metadata`.
*/
"pkg_id": "my-package 0.1.0 (path+file:///path/to/my-package)",
/* The Cargo target. See the `cargo metadata` documentation for more
information about these fields.
https://doc.rust-lang.org/cargo/commands/cargo-metadata.html
*/
"target": {
"kind": ["lib"],
"crate_types": ["lib"],
"name": "my-package",
"src_path": "/path/to/my-package/src/lib.rs",
"edition": "2018",
"test": true,
"doctest": true
},
/* The profile settings for this unit.
These values may not match the profile defined in the manifest.
Units can use modified profile settings. For example, the "panic"
setting can be overridden for tests to force it to "unwind".
*/
"profile": {
/* The profile name these settings are derived from. */
"name": "dev",
/* The optimization level as a string. */
"opt_level": "0",
/* The LTO setting as a string. */
"lto": "false",
/* The codegen units as an integer.
`null` if it should use the compiler's default.
*/
"codegen_units": null,
/* The debug information level as an integer.
`null` if it should use the compiler's default (0).
*/
"debuginfo": 2,
/* Whether or not debug-assertions are enabled. */
"debug_assertions": true,
/* Whether or not overflow-checks are enabled. */
"overflow_checks": true,
/* Whether or not rpath is enabled. */
"rpath": false,
/* Whether or not incremental is enabled. */
"incremental": true,
/* The panic strategy, "unwind" or "abort". */
"panic": "unwind"
},
/* Which platform this target is being built for.
A value of `null` indicates it is for the host.
Otherwise it is a string of the target triple (such as
"x86_64-unknown-linux-gnu").
*/
"platform": null,
/* The "mode" for this unit. Valid values:
* "test" --- Build using `rustc` as a test.
* "build" --- Build using `rustc`.
* "check" --- Build using `rustc` in "check" mode.
* "doc" --- Build using `rustdoc`.
* "doctest" --- Test using `rustdoc`.
* "run-custom-build" --- Represents the execution of a build script.
*/
"mode": "build",
/* Array of features enabled on this unit as strings. */
"features": ["somefeat"],
/* Whether or not this is a standard-library unit,
part of the unstable build-std feature.
If not set, treat as `false`.
*/
"is_std": false,
/* Array of dependencies of this unit. */
"dependencies": [
{
/* Index in the "units" array for the dependency. */
"index": 1,
/* The name that this dependency will be referred as. */
"extern_crate_name": "unicode_xid",
/* Whether or not this dependency is "public",
part of the unstable public-dependency feature.
If not set, the public-dependency feature is not enabled.
*/
"public": false,
/* Whether or not this dependency is injected into the prelude,
currently used by the build-std feature.
If not set, treat as `false`.
*/
"noprelude": false
}
]
},
// ...
],
/* Array of indices in the "units" array that are the "roots" of the
dependency graph.
*/
"roots": [0],
}
Profile rustflags
option
- Original Issue: rust-lang/cargo#7878
- Tracking Issue: rust-lang/cargo#10271
This feature provides a new option in the [profile]
section to specify flags
that are passed directly to rustc.
This can be enabled like so:
cargo-features = ["profile-rustflags"]
[package]
# ...
[profile.release]
rustflags = [ "-C", "..." ]
To set this in a profile in Cargo configuration, you need to use either
-Z profile-rustflags
or [unstable]
table to enable it. For example,
# .cargo/config.toml
[unstable]
profile-rustflags = true
[profile.release]
rustflags = [ "-C", "..." ]
rustdoc-map
- Tracking Issue: #8296
This feature adds configuration settings that are passed to rustdoc
so that
it can generate links to dependencies whose documentation is hosted elsewhere
when the dependency is not documented. First, add this to .cargo/config
:
[doc.extern-map.registries]
crates-io = "https://docs.rs/"
Then, when building documentation, use the following flags to cause links to dependencies to link to docs.rs:
cargo +nightly doc --no-deps -Zrustdoc-map
The registries
table contains a mapping of registry name to the URL to link
to. The URL may have the markers {pkg_name}
and {version}
which will get
replaced with the corresponding values. If neither are specified, then Cargo
defaults to appending {pkg_name}/{version}/
to the end of the URL.
Another config setting is available to redirect standard library links. By
default, rustdoc creates links to https://doc.rust-lang.org/nightly/. To
change this behavior, use the doc.extern-map.std
setting:
[doc.extern-map]
std = "local"
A value of "local"
means to link to the documentation found in the rustc
sysroot. If you are using rustup, this documentation can be installed with
rustup component add rust-docs
.
The default value is "remote"
.
The value may also take a URL for a custom location.
per-package-target
The per-package-target
feature adds two keys to the manifest:
package.default-target
and package.forced-target
. The first makes
the package be compiled by default (ie. when no --target
argument is
passed) for some target. The second one makes the package always be
compiled for the target.
Example:
[package]
forced-target = "wasm32-unknown-unknown"
In this example, the crate is always built for
wasm32-unknown-unknown
, for instance because it is going to be used
as a plugin for a main program that runs on the host (or provided on
the command line) target.
artifact-dependencies
Allow Cargo packages to depend on bin
, cdylib
, and staticlib
crates,
and use the artifacts built by those crates at compile time.
Run cargo
with -Z bindeps
to enable this functionality.
Example: use cdylib artifact in build script
The Cargo.toml
in the consuming package, building the bar
library as cdylib
for a specific build target…
[build-dependencies]
bar = { artifact = "cdylib", version = "1.0", target = "wasm32-unknown-unknown" }
…along with the build script in build.rs
.
fn main() { wasm::run_file(std::env::var("CARGO_CDYLIB_FILE_BAR").unwrap()); }
Example: use binary artifact and its library in a binary
The Cargo.toml
in the consuming package, building the bar
binary for inclusion
as artifact while making it available as library as well…
[dependencies]
bar = { artifact = "bin", version = "1.0", lib = true }
…along with the executable using main.rs
.
fn main() { bar::init(); command::run(env!("CARGO_BIN_FILE_BAR")); }
publish-timeout
- Tracking Issue: 11222
The publish.timeout
key in a config file can be used to control how long
cargo publish
waits between posting a package to the registry and it being
available in the local index.
A timeout of 0
prevents any checks from occurring. The current default is
60
seconds.
It requires the -Zpublish-timeout
command-line options to be set.
# config.toml
[publish]
timeout = 300 # in seconds
registry-auth
Enables Cargo to include the authorization token for API requests, crate downloads and sparse index updates by adding a configuration option to config.json in the registry index.
To use this feature, the registry server must include "auth-required": true
in
config.json
, and you must pass the -Z registry-auth
flag on the Cargo command line.
When using the sparse protocol, Cargo will attempt to fetch the config.json
file before
fetching any other files. If the server responds with an HTTP 401, then Cargo will assume
that the registry requires authentication and re-attempt the request for config.json
with the authentication token included.
On authentication failure (or missing authentication token) the server MAY include a
WWW-Authenticate
header with a Cargo login_url
challenge to indicate where the user
can go to get a token.
WWW-Authenticate: Cargo login_url="https://test-registry-login/me
This same flag is also used to enable asymmetric authentication tokens.
Add support for Cargo to authenticate the user to registries without sending secrets over the network.
In config.toml
and credentials.toml
files there is a field called private-key
, which is a private key formatted in the secret subset of PASERK
and is used to sign asymmetric tokens
A keypair can be generated with cargo login --generate-keypair
which will:
- generate a public/private keypair in the currently recommended fashion.
- save the private key in
credentials.toml
. - print the public key in PASERK public format.
It is recommended that the private-key
be saved in credentials.toml
. It is also supported in config.toml
, primarily so that it can be set using the associated environment variable, which is the recommended way to provide it in CI contexts. This setup is what we have for the token
field for setting a secret token.
There is also an optional field called private-key-subject
which is a string chosen by the registry.
This string will be included as part of an asymmetric token and should not be secret.
It is intended for the rare use cases like “cryptographic proof that the central CA server authorized this action”. Cargo requires it to be non-whitespace printable ASCII. Registries that need non-ASCII data should base64 encode it.
Both fields can be set with cargo login --registry=name --private-key --private-key-subject="subject"
which will prompt you to put in the key value.
A registry can have at most one of private-key
, token
, or credential-process
set.
All PASETOs will include iat
, the current time in ISO 8601 format. Cargo will include the following where appropriate:
sub
an optional, non-secret string chosen by the registry that is expected to be claimed with every request. The value will be theprivate-key-subject
from theconfig.toml
file.mutation
if present, indicates that this request is a mutating operation (or a read-only operation if not present), must be one of the stringspublish
,yank
, orunyank
.name
name of the crate related to this request.vers
version string of the crate related to this request.cksum
the SHA256 hash of the crate contents, as a string of 64 lowercase hexadecimal digits, must be present only whenmutation
is equal topublish
challenge
the challenge string received from a 401/403 from this server this session. Registries that issue challenges must track which challenges have been issued/used and never accept a given challenge more than once within the same validity period (avoiding the need to track every challenge ever issued).
The “footer” (which is part of the signature) will be a JSON string in UTF-8 and include:
url
the RFC 3986 compliant URL where cargo got the config.json file,- If this is a registry with an HTTP index, then this is the base URL that all index queries are relative to.
- If this is a registry with a GIT index, it is the URL Cargo used to clone the index.
kid
the identifier of the private key used to sign the request, using the PASERK IDs standard.
PASETO includes the message that was signed, so the server does not have to reconstruct the exact string from the request in order to check the signature. The server does need to check that the signature is valid for the string in the PASETO and that the contents of that string matches the request. If a claim should be expected for the request but is missing in the PASETO then the request must be rejected.
credential-process
The credential-process
feature adds a config setting to fetch registry
authentication tokens by calling an external process.
Token authentication is used by the cargo login
, cargo publish
,
cargo owner
, cargo yank
, and cargo logout
commands.
To use this feature, you must pass the -Z credential-process
flag on the
command-line. Additionally, you must remove any current tokens currently saved
in the credentials.toml
file (which can be done with the cargo logout
command).
credential-process
Configuration
To configure which process to run to fetch the token, specify the process in
the registry
table in a config file:
[registry]
credential-process = "/usr/bin/cargo-creds"
If you want to use a different process for a specific registry, it can be
specified in the registries
table:
[registries.my-registry]
credential-process = "/usr/bin/cargo-creds"
The value can be a string with spaces separating arguments or it can be a TOML array of strings.
Command-line arguments allow special placeholders which will be replaced with the corresponding value:
{name}
— The name of the registry.{api_url}
— The base URL of the registry API endpoints.{action}
— The authentication action (described below).
Process names with the prefix cargo:
are loaded from the libexec
directory
next to cargo. Several experimental credential wrappers are included with
Cargo, and this provides convenient access to them:
[registry]
credential-process = "cargo:macos-keychain"
The current wrappers are:
cargo:macos-keychain
: Uses the macOS Keychain to store the token.cargo:wincred
: Uses the Windows Credential Manager to store the token.cargo:1password
: Uses the 1passwordop
CLI to store the token. You must install theop
CLI from the 1password website. You must runop signin
at least once with the appropriate arguments (such asop signin my.1password.com user@example.com
), unless you provide the sign-in-address and email arguments. The master password will be required on each request unless the appropriateOP_SESSION
environment variable is set. It supports the following command-line arguments:--account
: The account shorthand name to use.--vault
: The vault name to use.--sign-in-address
: The sign-in-address, which is a web address such asmy.1password.com
.--email
: The email address to sign in with.
A wrapper is available for GNOME
libsecret to store tokens on
Linux systems. Due to build limitations, this wrapper is not available as a
pre-compiled binary. This can be built and installed manually. First, install
libsecret using your system package manager (for example, sudo apt install libsecret-1-dev
). Then build and install the wrapper with cargo install cargo-credential-gnome-secret
.
In the config, use a path to the binary like this:
[registry]
credential-process = "cargo-credential-gnome-secret {action}"
credential-process
Interface
There are two different kinds of token processes that Cargo supports. The
simple “basic” kind will only be called by Cargo when it needs a token. This
is intended for simple and easy integration with password managers, that can
often use pre-existing tooling. The more advanced “Cargo” kind supports
different actions passed as a command-line argument. This is intended for more
pleasant integration experience, at the expense of requiring a Cargo-specific
process to glue to the password manager. Cargo will determine which kind is
supported by the credential-process
definition. If it contains the
{action}
argument, then it uses the advanced style, otherwise it assumes it
only supports the “basic” kind.
Basic authenticator
A basic authenticator is a process that returns a token on stdout. Newlines will be trimmed. The process inherits the user’s stdin and stderr. It should exit 0 on success, and nonzero on error.
With this form, cargo login
and cargo logout
are not supported and
return an error if used.
Cargo authenticator
The protocol between the Cargo and the process is very basic, intended to
ensure the credential process is kept as simple as possible. Cargo will
execute the process with the {action}
argument indicating which action to
perform:
store
— Store the given token in secure storage.get
— Get a token from storage.erase
— Remove a token from storage.
The cargo login
command uses store
to save a token. Commands that require
authentication, like cargo publish
, uses get
to retrieve a token. cargo logout
uses the erase
command to remove a token.
The process inherits the user’s stderr, so the process can display messages. Some values are passed in via environment variables (see below). The expected interactions are:
-
store
— The token is sent to the process’s stdin, terminated by a newline. The process should store the token keyed off the registry name. If the process fails, it should exit with a nonzero exit status. -
get
— The process should send the token to its stdout (trailing newline will be trimmed). The process inherits the user’s stdin, should it need to receive input.If the process is unable to fulfill the request, it should exit with a nonzero exit code.
-
erase
— The process should remove the token associated with the registry name. If the token is not found, the process should exit with a 0 exit status.
Environment
The following environment variables will be provided to the executed command:
CARGO
— Path to thecargo
binary executing the command.CARGO_REGISTRY_INDEX_URL
— The URL of the registry index.CARGO_REGISTRY_NAME_OPT
— Optional name of the registry. Should not be used as a storage key. Not always available.
cargo config
The cargo config
subcommand provides a way to display the configuration
files that cargo loads. It currently includes the get
subcommand which
can take an optional config value to display.
cargo +nightly -Zunstable-options config get build.rustflags
If no config value is included, it will display all config values. See the
--help
output for more options available.
doctest-in-workspace
- Tracking Issue: #9427
The -Z doctest-in-workspace
flag changes the behavior of the current working
directory used when running doctests. Historically, Cargo has run rustdoc --test
relative to the root of the package, with paths relative from that
root. However, this is inconsistent with how rustc
and rustdoc
are
normally run in a workspace, where they are run relative to the workspace
root. This inconsistency causes problems in various ways, such as when passing
RUSTDOCFLAGS with relative paths, or dealing with diagnostic output.
The -Z doctest-in-workspace
flag causes cargo to switch to running rustdoc
from the root of the workspace. It also passes the --test-run-directory
to
rustdoc
so that when running the tests, they are run from the root of the
package. This preserves backwards compatibility and is consistent with how
normal unittests are run.
rustc --print
- Tracking Issue: #9357
cargo rustc --print=VAL
forwards the --print
flag to rustc
in order to
extract information from rustc
. This runs rustc
with the corresponding
--print
flag, and then immediately exits without compiling. Exposing this as a cargo
flag allows cargo to inject the correct target and RUSTFLAGS based on the
current configuration.
The primary use case is to run cargo rustc --print=cfg
to get config values
for the appropriate target and influenced by any other RUSTFLAGS.
Different binary name
The different-binary-name
feature allows setting the filename of the binary without having to obey the
restrictions placed on crate names. For example, the crate name must use only alphanumeric
characters
or -
or _
, and cannot be empty.
The filename
parameter should not include the binary extension, cargo
will figure out the appropriate
extension and use that for the binary on its own.
The filename
parameter is only available in the [[bin]]
section of the manifest.
cargo-features = ["different-binary-name"]
[package]
name = "foo"
version = "0.0.1"
[[bin]]
name = "foo"
filename = "007bar"
path = "src/main.rs"
scrape-examples
The -Z rustdoc-scrape-examples
flag tells Rustdoc to search crates in the current workspace
for calls to functions. Those call-sites are then included as documentation. You can use the flag
like this:
cargo doc -Z unstable-options -Z rustdoc-scrape-examples
By default, Cargo will scrape examples from the example targets of packages being documented.
You can individually enable or disable targets from being scraped with the doc-scrape-examples
flag, such as:
# Enable scraping examples from a library
[lib]
doc-scrape-examples = true
# Disable scraping examples from an example target
[[example]]
name = "my-example"
doc-scrape-examples = false
Note on tests: enabling doc-scrape-examples
on test targets will not currently have any effect. Scraping
examples from tests is a work-in-progress.
Note on dev-dependencies: documenting a library does not normally require the crate’s dev-dependencies. However,
example targets require dev-deps. For backwards compatibility, -Z rustdoc-scrape-examples
will not introduce a
dev-deps requirement for cargo doc
. Therefore examples will not be scraped from example targets under the
following conditions:
- No target being documented requires dev-deps, AND
- At least one crate with targets being documented has dev-deps, AND
- The
doc-scrape-examples
parameter is unset or false for all[[example]]
targets.
If you want examples to be scraped from example targets, then you must not satisfy one of the above conditions.
For example, you can set doc-scrape-examples
to true for one example target, and that signals to Cargo that
you are ok with dev-deps being build for cargo doc
.
check-cfg
-Z check-cfg
command line enables compile time checking of name and values in #[cfg]
, cfg!
,
#[link]
and #[cfg_attr]
with the rustc
and rustdoc
unstable --check-cfg
command line.
It’s values are:
features
: enables features checking via--check-cfg=values(feature, ...)
. Note than this command line options will probably become the default when stabilizing.names
: enables well known names checking via--check-cfg=names()
.values
: enables well known values checking via--check-cfg=values()
.output
: enable the use ofrustc-check-cfg
in build script.
For instance:
cargo check -Z unstable-options -Z check-cfg=features
cargo check -Z unstable-options -Z check-cfg=names
cargo check -Z unstable-options -Z check-cfg=values
cargo check -Z unstable-options -Z check-cfg=features,names,values
Or for output
:
#![allow(unused)] fn main() { // build.rs println!("cargo:rustc-check-cfg=names(foo, bar)"); }
cargo check -Z unstable-options -Z check-cfg=output
cargo:rustc-check-cfg=CHECK_CFG
The rustc-check-cfg
instruction tells Cargo to pass the given value to the
--check-cfg
flag to the compiler. This may be used for compile-time
detection of unexpected conditional compilation name and/or values.
This can only be used in combination with -Zcheck-cfg=output
otherwise it is ignored
with a warning.
If you want to integrate with Cargo features, use -Zcheck-cfg=features
instead of
trying to do it manually with this option.
codegen-backend
The codegen-backend
feature makes it possible to select the codegen backend used by rustc using a profile.
Example:
[package]
name = "foo"
[dependencies]
serde = "1.0.117"
[profile.dev.package.foo]
codegen-backend = "cranelift"
To set this in a profile in Cargo configuration, you need to use either
-Z codegen-backend
or [unstable]
table to enable it. For example,
# .cargo/config.toml
[unstable]
codegen-backend = true
[profile.dev.package.foo]
codegen-backend = "cranelift"
gitoxide
- Tracking Issue: #11813
With the ‘gitoxide’ unstable feature, all or the the specified git operations will be performed by
the gitoxide
crate instead of git2
.
While -Zgitoxide
enables all currently implemented features, one can individually select git operations
to run with gitoxide
with the -Zgitoxide=operation[,operationN]
syntax.
Valid operations are the following:
fetch
- All fetches are done withgitoxide
, which includes git dependencies as well as the crates index.shallow-index
(planned) - perform a shallow clone of the index.shallow-deps
(planned) - perform a shallow clone of git dependencies.checkout
(planned) - checkout the worktree, with support for filters and submodules.
Stabilized and removed features
Compile progress
The compile-progress feature has been stabilized in the 1.30 release.
Progress bars are now enabled by default.
See term.progress
for more information about
controlling this feature.
Edition
Specifying the edition
in Cargo.toml
has been stabilized in the 1.31 release.
See the edition field for more information
about specifying this field.
rename-dependency
Specifying renamed dependencies in Cargo.toml
has been stabilized in the 1.31 release.
See renaming dependencies
for more information about renaming dependencies.
Alternate Registries
Support for alternate registries has been stabilized in the 1.34 release. See the Registries chapter for more information about alternate registries.
Offline Mode
The offline feature has been stabilized in the 1.36 release.
See the --offline
flag for
more information on using the offline mode.
publish-lockfile
The publish-lockfile
feature has been removed in the 1.37 release.
The Cargo.lock
file is always included when a package is published if the
package contains a binary target. cargo install
requires the --locked
flag
to use the Cargo.lock
file.
See cargo package
and
cargo install
for more information.
default-run
The default-run
feature has been stabilized in the 1.37 release.
See the default-run
field for more
information about specifying the default target to run.
cache-messages
Compiler message caching has been stabilized in the 1.40 release. Compiler warnings are now cached by default and will be replayed automatically when re-running Cargo.
install-upgrade
The install-upgrade
feature has been stabilized in the 1.41 release.
cargo install
will now automatically upgrade packages if they appear to be
out-of-date. See the cargo install
documentation for more information.
Profile Overrides
Profile overrides have been stabilized in the 1.41 release. See Profile Overrides for more information on using overrides.
Config Profiles
Specifying profiles in Cargo config files and environment variables has been
stabilized in the 1.43 release.
See the config [profile]
table for more information
about specifying profiles in config files.
crate-versions
The -Z crate-versions
flag has been stabilized in the 1.47 release.
The crate version is now automatically included in the
cargo doc
documentation sidebar.
Features
The -Z features
flag has been stabilized in the 1.51 release.
See feature resolver version 2
for more information on using the new feature resolver.
package-features
The -Z package-features
flag has been stabilized in the 1.51 release.
See the resolver version 2 command-line flags
for more information on using the features CLI options.
Resolver
The resolver
feature in Cargo.toml
has been stabilized in the 1.51 release.
See the resolver versions for more
information about specifying resolvers.
extra-link-arg
The extra-link-arg
feature to specify additional linker arguments in build
scripts has been stabilized in the 1.56 release. See the build script
documentation for more
information on specifying extra linker arguments.
configurable-env
The configurable-env
feature to specify environment variables in Cargo
configuration has been stabilized in the 1.56 release. See the config
documentation for more information about configuring
environment variables.
rust-version
The rust-version
field in Cargo.toml
has been stabilized in the 1.56 release.
See the rust-version field for more
information on using the rust-version
field and the --ignore-rust-version
option.
patch-in-config
The -Z patch-in-config
flag, and the corresponding support for
[patch]
section in Cargo configuration files has been stabilized in
the 1.56 release. See the patch field for more
information.
edition 2021
The 2021 edition has been stabilized in the 1.56 release.
See the edition
field for more information on setting the edition.
See cargo fix --edition
and The Edition Guide for more information on migrating existing projects.
Custom named profiles
Custom named profiles have been stabilized in the 1.57 release. See the profiles chapter for more information.
Profile strip
option
The profile strip
option has been stabilized in the 1.59 release. See the
profiles chapter for more information.
Future incompat report
Support for generating a future-incompat report has been stabilized in the 1.59 release. See the future incompat report chapter for more information.
Namespaced features
Namespaced features has been stabilized in the 1.60 release. See the Features chapter for more information.
Weak dependency features
Weak dependency features has been stabilized in the 1.60 release. See the Features chapter for more information.
timings
The -Ztimings
option has been stabilized as --timings
in the 1.60 release.
(--timings=html
and the machine-readable --timings=json
output remain
unstable and require -Zunstable-options
.)
config-cli
The --config
CLI option has been stabilized in the 1.63 release. See
the config documentation for more
information.
multitarget
The -Z multitarget
option has been stabilized in the 1.64 release.
See build.target
for more information about
setting the default target platform triples.
crate-type
The --crate-type
flag for cargo rustc
has been stabilized in the 1.64
release. See the cargo rustc
documentation
for more information.
Workspace Inheritance
Workspace Inheritance has been stabilized in the 1.64 release. See workspace.package, workspace.dependencies, and inheriting-a-dependency-from-a-workspace for more information.
terminal-width
The -Z terminal-width
option has been stabilized in the 1.68 release.
The terminal width is always passed to the compiler when running from a
terminal where Cargo can automatically detect the width.
sparse-registry
Sparse registry support has been stabilized in the 1.68 release. See Registry Protocols for more information.
cargo logout
The cargo logout
command has been stabilized in the 1.70 release.