rust-lang · weihanglo · Mar 19, 2026 · Mar 13, 2026 · Mar 18, 2026 · Mar 15, 2026
diff --git a/crates/cargo-test-support/src/registry.rs b/crates/cargo-test-support/src/registry.rs
@@ -823,7 +823,6 @@ impl HttpServer {
                 url,
                 body,
             };
-            println!("req: {:#?}", req);
             let response = self.route(&req);
             let buf = buf.get_mut();
             write!(buf, "HTTP/1.1 {}\r\n", response.code).unwrap();
@@ -1029,7 +1028,7 @@ impl HttpServer {
         Response {
             code: 401,
             headers: vec![
-                r#"WWW-Authenticate: Cargo login_url="https://test-registry-login/me""#.to_string(),
+                r#"www-authenticate: Cargo login_url="https://test-registry-login/me""#.to_string(),
             ],
             body: b"Unauthorized message from server.".to_vec(),
         }

diff --git a/src/cargo/core/resolver/mod.rs b/src/cargo/core/resolver/mod.rs
@@ -848,8 +848,8 @@ fn generalize_conflicting(
             // to be conflicting, then we can just say that we conflict with the parent.
             if let Some(others) = registry
                 .query(critical_parents_dep, first_version)
-                .expect("an already used dep now error!?")
                 .expect("an already used dep now pending!?")
+                .expect("an already used dep now error!?")
                 .iter()
                 .rev() // the last one to be tried is the least likely to be in the cache, so start with that.
                 .map(|other| {

diff --git a/src/cargo/ops/cargo_install.rs b/src/cargo/ops/cargo_install.rs
@@ -149,7 +149,7 @@ impl<'gctx> InstallablePackage<'gctx> {
                 let mut source = map.load(source_id, &HashSet::new())?;
                 if let Ok(Some(pkg)) = installed_exact_package(
                     dep.clone(),
-                    &mut source,
+                    &mut *source,
                     gctx,
                     original_opts,
                     &root,
@@ -164,7 +164,7 @@ impl<'gctx> InstallablePackage<'gctx> {
                     return Ok(None);
                 }
                 select_dep_pkg(
-                    &mut source,
+                    &mut *source,
                     dep,
                     gctx,
                     needs_update_if_source_is_index,
@@ -821,18 +821,15 @@ fn is_installed(
 /// Checks if vers can only be satisfied by exactly one version of a package in a registry, and it's
 /// already installed. If this is the case, we can skip interacting with a registry to check if
 /// newer versions may be installable, as no newer version can exist.
-fn installed_exact_package<T>(
+fn installed_exact_package(
     dep: Dependency,
-    source: &mut T,
+    source: &mut dyn Source,
     gctx: &GlobalContext,
     opts: &ops::CompileOptions,
     root: &Filesystem,
     dst: &Path,
     force: bool,
-) -> CargoResult<Option<Package>>
-where
-    T: Source,
-{
+) -> CargoResult<Option<Package>> {
     if !dep.version_req().is_exact() {
         // If the version isn't exact, we may need to update the registry and look for a newer
         // version - we can't know if the package is installed without doing so.

diff --git a/src/cargo/ops/common_for_install_and_uninstall.rs b/src/cargo/ops/common_for_install_and_uninstall.rs
@@ -13,13 +13,13 @@ use cargo_util_schemas::core::PartialVersion;
 use ops::FilterRule;
 use serde::{Deserialize, Serialize};
 
-use crate::core::Target;
 use crate::core::compiler::{DirtyReason, Freshness};
 use crate::core::{Dependency, FeatureValue, Package, PackageId, SourceId};
+use crate::core::{PackageSet, Target};
 use crate::ops::{self, CompileFilter, CompileOptions};
 use crate::sources::PathSource;
-use crate::sources::source::QueryKind;
 use crate::sources::source::Source;
+use crate::sources::source::{QueryKind, SourceMap};
 use crate::util::GlobalContext;
 use crate::util::cache_lock::CacheLockMode;
 use crate::util::context::{ConfigRelativePath, Definition};
@@ -594,16 +594,13 @@ pub fn path_source(source_id: SourceId, gctx: &GlobalContext) -> CargoResult<Pat
 }
 
 /// Gets a Package based on command-line requirements.
-pub fn select_dep_pkg<T>(
-    source: &mut T,
+pub fn select_dep_pkg(
+    source: &mut dyn Source,
     dep: Dependency,
     gctx: &GlobalContext,
     needs_update: bool,
     current_rust_version: Option<&PartialVersion>,
-) -> CargoResult<Package>
-where
-    T: Source,
-{
+) -> CargoResult<Package> {
     // This operation may involve updating some sources or making a few queries
     // which may involve frobbing caches, as a result make sure we synchronize
     // with other global Cargos
@@ -673,8 +670,11 @@ cannot install package `{name} {ver}`, it requires rustc {msrv} or newer, while
                     )
                 }
             }
-            let pkg = Box::new(source).download_now(summary.package_id(), gctx)?;
-            Ok(pkg)
+            // Download the package immediately.
+            let mut sources = SourceMap::new();
+            sources.insert(Box::new(source));
+            let pkg_set = PackageSet::new(&[summary.package_id()], sources, gctx)?;
+            Ok(pkg_set.get_one(summary.package_id())?.clone())
         }
         None => {
             let is_yanked: bool = if dep.version_req().is_exact() {

diff --git a/src/cargo/ops/registry/publish.rs b/src/cargo/ops/registry/publish.rs
@@ -412,7 +412,7 @@ fn wait_for_any_publish_confirmation(
             source.invalidate_cache();
             let mut available = BTreeSet::new();
             for pkg in pkgs {
-                if poll_one_package(registry_src, pkg, &mut source)? {
+                if poll_one_package(registry_src, pkg, &mut *source)? {
                     available.insert(*pkg);
                 }
             }

diff --git a/src/cargo/sources/source.rs b/src/cargo/sources/source.rs
@@ -5,10 +5,9 @@ use std::fmt;
 use std::task::Poll;
 
 use crate::core::SourceId;
-use crate::core::package::PackageSet;
 use crate::core::{Dependency, Package, PackageId};
 use crate::sources::IndexSummary;
-use crate::util::{CargoResult, GlobalContext};
+use crate::util::CargoResult;
 
 /// An abstraction of different sources of Cargo packages.
 ///
@@ -89,27 +88,6 @@ pub trait Source {
     /// download has finished.
     fn download(&mut self, package: PackageId) -> CargoResult<MaybePackage>;
 
-    /// Convenience method used to **immediately** fetch a [`Package`] for the
-    /// given [`PackageId`].
-    ///
-    /// This may trigger a download if necessary. This should only be used
-    /// when a single package is needed (as in the case for `cargo install`).
-    /// Otherwise downloads should be batched together via [`PackageSet`].
-    fn download_now(
-        self: Box<Self>,
-        package: PackageId,
-        gctx: &GlobalContext,
-    ) -> CargoResult<Package>
-    where
-        Self: std::marker::Sized,
-    {
-        let mut sources = SourceMap::new();
-        sources.insert(self);
-        let pkg_set = PackageSet::new(&[package], sources, gctx)?;
-        let pkg = pkg_set.get_one(package)?;
-        Ok(Package::clone(pkg))
-    }
-
     /// Gives the source the downloaded `.crate` file.
     ///
     /// When a source has returned [`MaybePackage::Download`] in the
@@ -214,78 +192,6 @@ pub enum MaybePackage {
     },
 }
 
-/// A blanket implementation forwards all methods to [`Source`].
-impl<'a, T: Source + ?Sized + 'a> Source for Box<T> {
-    fn source_id(&self) -> SourceId {
-        (**self).source_id()
-    }
-
-    fn replaced_source_id(&self) -> SourceId {
-        (**self).replaced_source_id()
-    }
-
-    fn supports_checksums(&self) -> bool {
-        (**self).supports_checksums()
-    }
-
-    fn requires_precise(&self) -> bool {
-        (**self).requires_precise()
-    }
-
-    fn query(
-        &mut self,
-        dep: &Dependency,
-        kind: QueryKind,
-        f: &mut dyn FnMut(IndexSummary),
-    ) -> Poll<CargoResult<()>> {
-        (**self).query(dep, kind, f)
-    }
-
-    fn invalidate_cache(&mut self) {
-        (**self).invalidate_cache()
-    }
-
-    fn set_quiet(&mut self, quiet: bool) {
-        (**self).set_quiet(quiet)
-    }
-
-    fn download(&mut self, id: PackageId) -> CargoResult<MaybePackage> {
-        (**self).download(id)
-    }
-
-    fn finish_download(&mut self, id: PackageId, data: Vec<u8>) -> CargoResult<Package> {
-        (**self).finish_download(id, data)
-    }
-
-    fn fingerprint(&self, pkg: &Package) -> CargoResult<String> {
-        (**self).fingerprint(pkg)
-    }
-
-    fn verify(&self, pkg: PackageId) -> CargoResult<()> {
-        (**self).verify(pkg)
-    }
-
-    fn describe(&self) -> String {
-        (**self).describe()
-    }
-
-    fn is_replaced(&self) -> bool {
-        (**self).is_replaced()
-    }
-
-    fn add_to_yanked_whitelist(&mut self, pkgs: &[PackageId]) {
-        (**self).add_to_yanked_whitelist(pkgs);
-    }
-
-    fn is_yanked(&mut self, pkg: PackageId) -> Poll<CargoResult<bool>> {
-        (**self).is_yanked(pkg)
-    }
-
-    fn block_until_ready(&mut self) -> CargoResult<()> {
-        (**self).block_until_ready()
-    }
-}
-
 /// A blanket implementation forwards all methods to [`Source`].
 impl<'a, T: Source + ?Sized + 'a> Source for &'a mut T {
     fn source_id(&self) -> SourceId {

diff --git a/src/cargo/util/network/http.rs b/src/cargo/util/network/http.rs
@@ -133,58 +133,60 @@ pub fn configure_http_handle(gctx: &GlobalContext, handle: &mut Easy) -> CargoRe
     if let Some(true) = http.debug {
         handle.verbose(true)?;
         tracing::debug!(target: "network", "{:#?}", curl::Version::get());
-        handle.debug_function(|kind, data| {
-            enum LogLevel {
-                Debug,
-                Trace,
+        handle.debug_function(debug)?;
+    }
+
+    HttpTimeout::new(gctx)
+}
+
+pub fn debug(kind: InfoType, data: &[u8]) {
+    enum LogLevel {
+        Debug,
+        Trace,
+    }
+    use LogLevel::*;
+    let (prefix, level) = match kind {
+        InfoType::Text => ("*", Debug),
+        InfoType::HeaderIn => ("<", Debug),
+        InfoType::HeaderOut => (">", Debug),
+        InfoType::DataIn => ("{", Trace),
+        InfoType::DataOut => ("}", Trace),
+        InfoType::SslDataIn | InfoType::SslDataOut => return,
+        _ => return,
+    };
+    let starts_with_ignore_case = |line: &str, text: &str| -> bool {
+        let line = line.as_bytes();
+        let text = text.as_bytes();
+        line[..line.len().min(text.len())].eq_ignore_ascii_case(text)
+    };
+    match str::from_utf8(data) {
+        Ok(s) => {
+            for mut line in s.lines() {
+                if starts_with_ignore_case(line, "authorization:") {
+                    line = "Authorization: [REDACTED]";
+                } else if starts_with_ignore_case(line, "h2h3 [authorization:") {
+                    line = "h2h3 [Authorization: [REDACTED]]";
+                } else if starts_with_ignore_case(line, "set-cookie") {
+                    line = "set-cookie: [REDACTED]";
+                }
+                match level {
+                    Debug => debug!(target: "network", "http-debug: {prefix} {line}"),
+                    Trace => trace!(target: "network", "http-debug: {prefix} {line}"),
+                }
             }
-            use LogLevel::*;
-            let (prefix, level) = match kind {
-                InfoType::Text => ("*", Debug),
-                InfoType::HeaderIn => ("<", Debug),
-                InfoType::HeaderOut => (">", Debug),
-                InfoType::DataIn => ("{", Trace),
-                InfoType::DataOut => ("}", Trace),
-                InfoType::SslDataIn | InfoType::SslDataOut => return,
-                _ => return,
-            };
-            let starts_with_ignore_case = |line: &str, text: &str| -> bool {
-                let line = line.as_bytes();
-                let text = text.as_bytes();
-                line[..line.len().min(text.len())].eq_ignore_ascii_case(text)
-            };
-            match str::from_utf8(data) {
-                Ok(s) => {
-                    for mut line in s.lines() {
-                        if starts_with_ignore_case(line, "authorization:") {
-                            line = "Authorization: [REDACTED]";
-                        } else if starts_with_ignore_case(line, "h2h3 [authorization:") {
-                            line = "h2h3 [Authorization: [REDACTED]]";
-                        } else if starts_with_ignore_case(line, "set-cookie") {
-                            line = "set-cookie: [REDACTED]";
-                        }
-                        match level {
-                            Debug => debug!(target: "network", "http-debug: {prefix} {line}"),
-                            Trace => trace!(target: "network", "http-debug: {prefix} {line}"),
-                        }
-                    }
+        }
+        Err(_) => {
+            let len = data.len();
+            match level {
+                Debug => {
+                    debug!(target: "network", "http-debug: {prefix} ({len} bytes of data)")
                 }
-                Err(_) => {
-                    let len = data.len();
-                    match level {
-                        Debug => {
-                            debug!(target: "network", "http-debug: {prefix} ({len} bytes of data)")
-                        }
-                        Trace => {
-                            trace!(target: "network", "http-debug: {prefix} ({len} bytes of data)")
-                        }
-                    }
+                Trace => {
+                    trace!(target: "network", "http-debug: {prefix} ({len} bytes of data)")
                 }
             }
-        })?;
+        }
     }
-
-    HttpTimeout::new(gctx)
 }
 
 #[must_use]

diff --git a/tests/testsuite/credential_process.rs b/tests/testsuite/credential_process.rs
@@ -337,7 +337,7 @@ fn all_not_found() {
         .with_stderr_data(str![[r#"
 [UPDATING] crates.io index
 [CREDENTIAL] [..]not_found[..] get crates-io
-{"v":1,"registry":{"index-url":"[..]","name":"crates-io","headers":[[..]"WWW-Authenticate: Cargo login_url=/"https://test-registry-login/me/""[..]]},"kind":"get","operation":"read"}
+{"v":1,"registry":{"index-url":"[..]","name":"crates-io","headers":[[..]"www-authenticate: Cargo login_url=/"https://test-registry-login/me/""[..]]},"kind":"get","operation":"read"}
 [ERROR] no token found, please run `cargo login`
 
 "#]])
@@ -373,7 +373,7 @@ fn all_not_supported() {
         .with_stderr_data(str![[r#"
 [UPDATING] crates.io index
 [CREDENTIAL] [..]not_supported[..] get crates-io
-{"v":1,"registry":{"index-url":"[..]","name":"crates-io","headers":[[..]"WWW-Authenticate: Cargo login_url=/"https://test-registry-login/me/""[..]]},"kind":"get","operation":"read"}
+{"v":1,"registry":{"index-url":"[..]","name":"crates-io","headers":[[..]"www-authenticate: Cargo login_url=/"https://test-registry-login/me/""[..]]},"kind":"get","operation":"read"}
 [ERROR] no credential providers could handle the request
 
 "#]])

diff --git a/tests/testsuite/patch.rs b/tests/testsuite/patch.rs
@@ -386,8 +386,8 @@ fn patch_to_git_pull_request() {
 
     p.cargo("check -v")
         .with_status(101)
-        .with_stderr_data(format!(
-            r#"[UPDATING] git repository `https://github.com/rust-lang/does-not-exist/pull/123`
+        .with_stderr_data(str![[r#"
+[UPDATING] git repository `https://github.com/rust-lang/does-not-exist/pull/123`
 ...
 [ERROR] failed to load source for dependency `bar`
 
@@ -409,8 +409,8 @@ Caused by:
 
 Caused by:
 ...
-"#
-        ))
+
+"#]])
         .run();
 }