As I mentioned in a previous post. I'm tasked with setting up rust in an airgapped company environment. I got rust up and running but I can't download any crates from the cli (The cli uses some dns that blocks everything not on the company network)
Until a local crates.io mirror/proxy or something similar is set up, is there any way to download crates(and their dependencies) with my browser? I still need to run some tests and need crates for those.
Can you run cargo vendor for your project on a machine with crates.io access and move the files to the airgapped environment?
3 Likes
Sorry, should have mentioned that in my original post:
I don't have any non airgapped work devices and my only window out to the internet is my browser. the only thing i could do is use cargo vendor on a private device and send myself a tarball to my work email but I'd rather not (besides I don't have any network at work for my private devices)
what are those links? I assume the first one is just to show me the static.crates.io address?
Though the second one... does a .crate file include the dependencies of the crate as well?
No, it's just a tarball with the source code of the crate. You need to get a .crate file for each dependency in your dependency graph.
If that's the case I'd need to go in and edit the Cargo.toml of each of the crates so it points to the dependencies by path, right?
Check the Cargo.lock for which crates may be used by the project (it includes all crates for all platforms)
But cargo vendor is the proper built-in way of getting all dependencies locally.
1 Like
Putting the .crate files into ~/.cargo/registry/cache/index.crates.io-<some-hash-I-don't-know-what-for>/ should enable Cargo to find them and treat them as if downloaded from crates.io directly I believe.
Now i just need to find what hash to use and I'm ready to try this out 
1 Like
It's a hash of the full registry URL. It's deterministic and always the same for crates.io.
However, the location of Cargo's cache directory could change. There are many many many requests for Cargo to start using dedicated system-specific cache directories.
3 Likes
Is there anything else needed for cargo to use the cache directory? I created it, placed the rand crate file in it and get this
cargo build --offline
Blocking waiting for file lock on package cache
error: no matching package named `rand` found
location searched: registry `crates-io`
required by package `testing v0.1.0 (C:\Users\VoreLuka\Documents\testing)`
As a reminder, you're using offline mode (--offline) which can sometimes cause surprising resolution failures, if this error is too confusing you may wish to retry without the offline flag.
Actually, you should probably create a mirror registry on the other side of the gap, so that when your next coworker wants to do anything, it'll just work.
Put the policy approval barriers on putting new stuff into the mirror registry and you should have a smooth dev workflow
that is actually the plan. But i still want to run some tests before my higher ups come back from vacation instead of sitting around and doing nothing cause I dob't have permissions to set it up myself
Is Margo — a simple Cargo registry using static files enough to get a simple registry on your workstation going?
Seems like Margo doesn't have any windows binaries (yes, the workstation is windows) and compiling it from source I run into the problem of needing dependencies again
Ah, that's a silly oversight of mine. Since a large point of Margo is for corporate environments, of course I should have been building Windows binaries.
11 Likes
Thank you! I'll get to trying it out tomorrow!
1 Like
Since moving files from outside to inside is hard, I'd probably do something like this (commands for macOS, hopefully you can translate them to PowerShell)...
# Outside the airgap, create a new project to work in
cargo new outside
cd outside
# We will store the downloaded crates in our own directory
export CARGO_HOME=$PWD/registry
# Add whichever crates you want to make available
cargo add serde_json
# Have cargo download all the crates into our temporary registry
cargo fetch
# Find all of the crates Cargo downloaded
find registry -name '*.crate'|
# Get just the file name
xargs basename |
# Build the download URLs
sed 's@\(.*\)-.*@https://static.crates.io/crates/\1/&@'
I'd then copy that list of URLs to myself (email, GitHub gist, etc.) inside the airgap and download the files. You should then be able to populate a registry like Margo and then set up source replacement to use your registry instead of crates.io.
1 Like
So, i managed to set up margo, to set up my windows hostfile so example.com points to my margo registry. I can ping example.com (For example I can't ping google due to the airgap) but cargo gives me this
> cargo add rand
Updating `margo` index
warning: spurious network error (3 tries remaining): request failed with status code: 404; class=Http (34)
warning: spurious network error (2 tries remaining): request failed with status code: 404; class=Http (34)
warning: spurious network error (1 tries remaining): request failed with status code: 404; class=Http (34)
error: failed to load source for dependency `rand`
Caused by:
Unable to update registry `crates-io`
Caused by:
failed to update replaced source registry `crates-io`
Caused by:
failed to fetch `http://example.com/`
Caused by:
network failure seems to have happened
if a proxy or similar is necessary `net.git-fetch-with-cli` may help here
https://doc.rust-lang.org/cargo/reference/config.html#netgit-fetch-with-cli
Caused by:
request failed with status code: 404; class=Http (34)