From 14282370e9519bb916da650c311f8f90ce73ce82 Mon Sep 17 00:00:00 2001
From: sterni <sternenseemann@systemli.org>
Date: Sun, 10 Oct 2021 14:53:56 +0200
Subject: feat(rustsec-advisory-db): update to 2021-10-08 via nix-prefetch-git

This makes it much easier to update the db manually and also lays the
foundation for future automation bumping the advisory db.

Change-Id: I1244020c8bb1af43bf4e207c55f6420eb3f57bcf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3713
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: Profpatsch <mail@profpatsch.de>
---
 third_party/rustsec-advisory-db/default.nix | 21 ++++++++++++++++++---
 third_party/rustsec-advisory-db/pin.json    | 11 +++++++++++
 2 files changed, 29 insertions(+), 3 deletions(-)
 create mode 100644 third_party/rustsec-advisory-db/pin.json

(limited to 'third_party/rustsec-advisory-db')

diff --git a/third_party/rustsec-advisory-db/default.nix b/third_party/rustsec-advisory-db/default.nix
index 2e280345ab..3d3b387be8 100644
--- a/third_party/rustsec-advisory-db/default.nix
+++ b/third_party/rustsec-advisory-db/default.nix
@@ -1,9 +1,24 @@
+# RustSec's advisory db for crates
+#
+# Update using:
+#
+#   nix-prefetch-git --quiet --url https://github.com/RustSec/advisory-db.git > third_party/rustsec-advisory-db/pin.json
+#
+# TODO(Profpatsch): automatically update in regular intervals
 { pkgs, ... }:
 
+let
+  pin = builtins.fromJSON (builtins.readFile ./pin.json);
+
+  date = builtins.head (builtins.split "T" pin.date);
+in
+
 pkgs.fetchFromGitHub {
+  name = "advisory-db-${date}";
   owner = "RustSec";
   repo = "advisory-db";
-  # TODO(Profpatsch): this will have to be updated regularly, how?
-  rev = "113188c62380753f01ff0df5edb7d67a300b143a";
-  sha256 = "0v086ybwr71zgs5nv8yr4w2w2d4daxx6in2s1sjb4m41q1r9p0wj";
+  inherit (pin)
+    rev
+    sha256
+  ;
 }
diff --git a/third_party/rustsec-advisory-db/pin.json b/third_party/rustsec-advisory-db/pin.json
new file mode 100644
index 0000000000..1155625cff
--- /dev/null
+++ b/third_party/rustsec-advisory-db/pin.json
@@ -0,0 +1,11 @@
+{
+  "url": "https://github.com/RustSec/advisory-db.git",
+  "rev": "d29205a680bb8b3a22eaba6e9b2a5a6580274af0",
+  "date": "2021-10-08T18:17:22+02:00",
+  "path": "/nix/store/nm8nwgdyrs6mi9dydf6vylc833i3alnn-advisory-db",
+  "sha256": "0h08kfn2878k5l0qdsxikakrjbqbn6fb8f95zxpqfh5hqzn7mb6b",
+  "fetchLFS": false,
+  "fetchSubmodules": false,
+  "deepClone": false,
+  "leaveDotGit": false
+}
-- 
cgit 1.4.1