Detect and warn against changes in ~/.cargo/registry

[HKalbasi]

Problem

It is easy to accidentally change files in the ~/.cargo/registry, for example by going to definition of a library and changing its code. Also, newcomers might intentionally change those files and expect them to take effect.

Proposed Solution

1. Detect if some file is changed in that directory, e.g. by comparing mtime.
2. Warn user against changes in this directory, help them to use path dependency or patch.crates-io if they really want to change their dependencies.
3. Remove and redownload the modified files.

Notes

It might also be a good idea to make the directory read only and only user cargo can change it, but it is harder to do it in a cross platform way I guess.

[weihanglo]

While its title is “make cache read-only”, the major thread of preventing user edits of registry dependencies is #9455.

Detect if some file is changed in that directory, e.g. by comparing mtime.

If we are going to add a new mechanism, I would avoid mtime. It has problems like imprecise on some filesystem and docker, but agree its performance is quite nice. Computing checksums might also be a possible solution, see #9455 (comment) and this internal forum thread.

In the meanwhile, it seems possible to do it via IDE-specific configurations like rust-lang/rust-analyzer#5847.

[weihanglo]

Unsure whether this should be keep open separately or not. Seems like a duplicate of #9455 but with a specific solution in mind.

[epage]

As its one conversation, let's close this so that conversation happens in one place.

[weihanglo]

Fair enough. Close in favour of #9455