diff options
author | sterni <sternenseemann@systemli.org> | 2022-11-06T18·10+0100 |
---|---|---|
committer | sterni <sternenseemann@systemli.org> | 2022-11-06T18·40+0000 |
commit | 8699370faee2d337951dc920b67240cb3d675ef2 (patch) | |
tree | 812e0322c966bbe56bbf777219e72db14abd313e /tools/rust-crates-advisory/default.nix | |
parent | d92ca1099035590566dbb5790284bc2f3d68a84c (diff) |
chore(tools/rust-crates-advisory): move custom checker to user dir r/5258
Profpatsch originally implemented an advisory checker from scratch in Rust. We now ended up just using cargo-audit for the global checks exposed via CI and the custom implementation is unused. To clean up //tools/rust-crates-advisory a bit, we can move the unused parts to his user directory. Change-Id: Iacbd27c163edd07c804220fd1b3569c23aebd3e7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7171 Tested-by: BuildkiteCI Reviewed-by: Profpatsch <mail@profpatsch.de>
Diffstat (limited to 'tools/rust-crates-advisory/default.nix')
-rw-r--r-- | tools/rust-crates-advisory/default.nix | 61 |
1 files changed, 1 insertions, 60 deletions
diff --git a/tools/rust-crates-advisory/default.nix b/tools/rust-crates-advisory/default.nix index 5285a766d56d..a187963473d6 100644 --- a/tools/rust-crates-advisory/default.nix +++ b/tools/rust-crates-advisory/default.nix @@ -3,16 +3,12 @@ let bins = - depot.nix.getBins pkgs.s6-portable-utils [ "s6-ln" "s6-cat" "s6-echo" "s6-mkdir" "s6-test" "s6-touch" "s6-dirname" ] - // depot.nix.getBins pkgs.lr [ "lr" ] - // depot.nix.getBins pkgs.cargo-audit [ "cargo-audit" ] + depot.nix.getBins pkgs.cargo-audit [ "cargo-audit" ] // depot.nix.getBins pkgs.jq [ "jq" ] // depot.nix.getBins pkgs.findutils [ "find" ] // depot.nix.getBins pkgs.gnused [ "sed" ] ; - crate-advisories = "${depot.third_party.rustsec-advisory-db}/crates"; - our-crates = lib.filter (v: v ? outPath) (builtins.attrValues depot.third_party.rust-crates); @@ -27,59 +23,6 @@ let '') our-crates); - check-security-advisory = depot.nix.writers.rustSimple - { - name = "parse-security-advisory"; - dependencies = [ - depot.third_party.rust-crates.toml - depot.third_party.rust-crates.semver - ]; - } - (builtins.readFile ./check-security-advisory.rs); - - # $1 is the directory with advisories for crate $2 with version $3 - check-crate-advisory = depot.nix.writeExecline "check-crate-advisory" { readNArgs = 3; } [ - "pipeline" - [ bins.lr "-0" "-t" "depth == 1" "$1" ] - "forstdin" - "-0" - "-Eo" - "0" - "advisory" - "if" - [ depot.tools.eprintf "advisory %s\n" "$advisory" ] - check-security-advisory - "$advisory" - "$3" - ]; - - # Run through everything in the `crate-advisories` repository - # and check whether we can parse all the advisories without crashing. - test-parsing-all-security-advisories = depot.nix.runExecline "check-all-our-crates" { } [ - "pipeline" - [ bins.lr "-0" "-t" "depth == 1" crate-advisories ] - "if" - [ - # this will succeed as long as check-crate-advisory doesn’t `panic!()` (status 101) - "forstdin" - "-0" - "-E" - "-x" - "101" - "crate_advisories" - check-crate-advisory - "$crate_advisories" - "foo" - "0.0.0" - ] - "importas" - "out" - "out" - bins.s6-touch - "$out" - ]; - - lock-file-report = pkgs.writers.writeBash "lock-file-report" '' set -u @@ -161,8 +104,6 @@ let in depot.nix.readTree.drvTargets { inherit - test-parsing-all-security-advisories - check-crate-advisory lock-file-report ; |