Why does cargo build ignore the lock file when lock changed by git?

Question

I'm confused about the behavior of cargo build when the lock file changes between builds:

1. Run cargo clean
2. Run cargo build
3. Change the lock file to a previous version using git
4. Now rerun cargo build

In my case, despite the Cargo.lock having changed between the two builds, cargo doesn't rebuild. It immediately returns successfully. Why is that? What am I doing wrong or is this a bug?

The changes are only in the dependencies, not in the main binaries that are output.

I searched the Rust forum and issues and couldn't find this case.

Answer 1

You have to run with --locked flag, from the docs:

--frozen --locked

Either of these flags requires that the Cargo.lock file is up-to-date. If the lock file is missing, or it needs to be updated, Cargo will exit with an error. The --frozen flag also prevents Cargo from attempting to access the network to determine if it is out-of-date. These may be used in environments where you want to assert that the Cargo.lock file is up-to-date (such as a CI build) or want to avoid network access.

Answer 2

This might happen if you use separate Cargo.lock files with Cargo's workspace feature. So if your project looks like this:

.
├── Cargo.toml
├── cli
│   ├── Cargo.toml
│   └── src
│       └── main.rs
├── core
│   ├── Cargo.toml
│   └── src
│       └── lib.rs
├── gui
│   ├── Cargo.toml
│   └── src
│       └── main.rs

There will be only one Cargo.lock file within the root directory. And lock files in the sub directories will be ignored. From the docs:

A workspace is a set of packages that share the same Cargo.lock and output directory.

The resolution is simple. Remove the Cargo.lock files from the crates and place one in the root directory of your project.