add option for cargo vendor to (machine-readably) print out information about its operation

[froydnj]

Mozilla would like to perform various checks on crates that get vendored into the mozilla-central tree: licensing checks (MPL-compatible code, making sure the license text is included in appropriate places) and ensuring some minimal vetting for code that won't format your hard drive would be two examples of the sorts of things we'd like to do.

cargo vendor doesn't print out any information about the packages being vendored currently (not even with -v in my admittedly limited experimentation). One could iterate over all the crates in your vendored/ directory after every cargo vendor invocation, but this is kind of a crude solution and doesn't capture nuances like "this crate was only upgraded", which might involve fewer (or no) checks.

Strawman design suggestion:

$ cargo vendor --machine-readable [...]
A crate1 ${crate1_VERSION} # added
U crate2 ${crate2_VERSION} # upgraded
N crate3 ${crate3_VERSION) # no change (maybe don't even print these?)
...
$

Bikeshedding on the particular syntax and/or option name welcome. The proposed flag would also suppress the usage information about what to add to .cargo/config, since if you're using said flag, you probably already know how to deal with the resulting vendor directory. Mixing --machine-readable and -v would be disallowed.

/cc @luser

[alexcrichton]

I'd be totally down for this. The cargo update command does something very similar printing "Adding", "Updating", and "Deleting". That seems pretty much the same as what you're thinking here? We could probably just vendor that implementation and change the default output to boot.

[alexcrichton]

This crate is now included natively in Cargo as of rust-lang/cargo#6869 and today's nightly Rust. I'm closing all issues in this repository before I archive the repository, but if you're still interested in seeing this issue fixed then please feel free to file an issue with Cargo itself!