I'm working on making some contributions to a Bazel x Cargo project, and basically, there is a need to have a sha256 identifier for crates. Digging around, I noticed that taking the sha256 of a ".crate" file seems to be the standard -- it's mentioned here: https://doc.rust-lang.org/cargo/reference/registries.html -- but I'm having trouble finding more detail on this file format.
Are there other docs / tools I should read up on to see where this value is being generated? Or perhaps how I can dervice this value given a Cargo.toml + Cargo.lock file?
From what I can gather, the ".crate" file exists in my filesystem under $HOME/.cargo/registry/cache/..., supposedly it is a tarball of the package, and the checksum used in registries is a sha256 checksum of that tarball
but I can't find any reference to that value (either the path to the cache, nor the checksum itself) under commands like cargo metadata
Follow-up for anyone else who has seen this: This is the same checksum that's available in the Cargo.lock file. Parsing it from a lock file (via the cargo-lock crate) seems way easier than trying to access the ".crate" file.
~/.cargo is just a cached file downloaded from
crates.io. You can download those directly from crates.io