Double-check our crates against our git
For no particular reason, it would be nice to make sure that our files in git really match the crates that we upload. (For extra points, we could try to do this with our dependencies.)
This is actually something that you should be able to automate for an arbitrary crate:
- In the crate's tarball, look at the
repository
field inCargo.toml
. - In the crate's tarball, look at the
sha1
andpath_in_vcs
fields in.cargo_vcs_info.json
. - Use the two of them to check out the right repository.
- In that repository, in that directory, run
cargo package --no-verify
. - Compare the resulting package against the original crate, to make sure it matches.
I wonder if there is already a tool that does this...