Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: I5872d9189ef56d9a40f7183633056745b98dc2ea
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4556
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
We have a bunch of crates in `third_party/rust-crates`; it would be
great if we could check them for existing CVEs.
This tool does that, it takes the rust security advisory database,
parses the applicable CVEs, and cross-checks them against the actual
crate versions we list in our package database.
The dumb parser we wrote is tested against all entries in the
database, so we will notice when upstream breaks their shit.
Checking the semver stuff is easy enough with the semver crate.
If an advisory matches, it prints the whole thing and fails the build.
Change-Id: I9e912c43d37a685d9d7a4424defc467a171ea3c4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2818
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
Change-Id: I3938310cb5d50a2bc85b20bb415af78d1b42c844
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2816
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
In preparation for the solution of b/108, we need to consistently use
`depot.third_party` for packages that are only packed in the TVL depot
and `pkgs` for things that come from nixpkgs.
This commit cleans up a huge chunk of these uses in //third_party
Change-Id: Ic382c0cdea7330a84d5f0b7d109c824ddceb94e7
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2912
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
|
|
We override the default `buildRustCrate` with our default options.
Kinda amazing how many crates still default to the 2015 edition;
probably to be backwards compatible with older compilers?
Change-Id: Ic571f527b1575a03b8b58e6b75bcf12c4b9b7d9c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2842
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
|
|
A bit less noisy in the definitions and the nix parser can already
detect it being misspelled.
Change-Id: I979da11471187e36cde5c015aaf654f925757a8b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2814
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
|
|
I think it is good practice to always get dependencies from the depot
fix point if they are exposed. The reasoning for this is that if we
improve the support for overriding in depot, say by introducing a
depot.extend functions or even full blown overlay support, this will
already work as expected.
Change-Id: Ibb8dffcf32e8f46817a2db2da26139fabdce55bc
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2770
Tested-by: BuildkiteCI
Reviewed-by: Profpatsch <mail@profpatsch.de>
|
|
Profpatsch and me are basically the only users of
depot.users.Profpatsch.writers.rustSimple*. To pull in the odd
dependency we usually use buildRustCrate which is rather convenient.
However we've picked up the bad habit of inlining these in a let
somewhere instead of managing them in a more central location although
there has been an (unsuccesful) attempt at this in
//users/Profpatsch/rust-crates.nix.
This CL moves all buildRustCrate based derivations into
third_party.rust-crates and deletes any duplicate derivations we have
accumulated in the tree.
Change-Id: I8f68b95ebd546708e9af07dca36d72dba9ca8c77
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2769
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: Profpatsch <mail@profpatsch.de>
|