Sync from SUSE:SLFO:Main cargo-auditable revision d949aacac6492f6b91d28a510be24640

This commit is contained in:
Adrian Schröter 2024-05-03 11:30:26 +02:00
commit 80c5abd36e
10 changed files with 163 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

27
_service Normal file
View File

@ -0,0 +1,27 @@
<services>
<service mode="disabled" name="obs_scm">
<param name="url">https://github.com/rust-secure-code/cargo-auditable.git</param>
<param name="versionformat">@PARENT_TAG@~@TAG_OFFSET@</param>
<param name="scm">git</param>
<param name="revision">v0.6.0</param>
<param name="match-tag">*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="versionrewrite-replacement">\1</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">william.brown@suse.com</param>
</service>
<service mode="disabled" name="tar" />
<service mode="disabled" name="recompress">
<param name="file">*.tar</param>
<param name="compression">zst</param>
</service>
<service mode="disabled" name="set_version"/>
<service name="cargo_vendor" mode="disabled">
<param name="srcdir">cargo-auditable</param>
<param name="compression">zst</param>
<param name="update">true</param>
</service>
<service name="cargo_audit" mode="disabled">
<param name="srcdir">cargo-auditable</param>
</service>
</services>

4
_servicedata Normal file
View File

@ -0,0 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/rust-secure-code/cargo-auditable.git</param>
<param name="changesrevision">e05d2776cff3d4db7b1d60c886563625bc589aba</param></service></servicedata>

BIN
cargo-auditable-0.6.0~0.obscpio (Stored with Git LFS) Normal file

Binary file not shown.

BIN
cargo-auditable-0.6.0~0.tar.zst (Stored with Git LFS) Normal file

Binary file not shown.

24
cargo-auditable.changes Normal file
View File

@ -0,0 +1,24 @@
-------------------------------------------------------------------
Thu Feb 23 14:27:09 UTC 2023 - Andrea Manzini <andrea.manzini@suse.com>
- Update to version 0.6.0~0:
* README and documentation improvements
* Read the rustc path passed by Cargo; fixes #90
* Read location of Cargo from the environment variable Cargo sets for third-party subcommands
* Add a note on sccache version compatibility to CHANGELOG.md
* Panic on compilation commands where we fail to parse the arguments instead of silently ignoring the error
* Specifying the binary-scanning feature is no longer needed
* Pass options such as --offline to `cargo metadata`
* Pass on arguments from `cargo auditable` invocation to the rustc wrapper; prep work towards fixing #83
* Bump rust-audit-info to 0.5.2
* Bump auditable-serde version to 0.5.2
* Correctly fill in the source even in dependency entries when converting to cargo-lock data format
* Drop the roundtrip through &str in semver::Version; now that semver 1.0 has shipped the versions are API-compatible and this is no longer necessary
* Release auditable-info 0.6.1
* Bump all the version requirements for things depending on auditable-info
* Fix audit_info_from_slice function signature
-------------------------------------------------------------------
Thu Nov 3 04:31:16 UTC 2022 - William Brown <william.brown@suse.com>
- Initial commit

4
cargo-auditable.obsinfo Normal file
View File

@ -0,0 +1,4 @@
name: cargo-auditable
version: 0.6.0~0
mtime: 1670449731
commit: e05d2776cff3d4db7b1d60c886563625bc589aba

67
cargo-auditable.spec Normal file
View File

@ -0,0 +1,67 @@
#
# spec file for package cargo-auditable
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define __rustflags -Clink-arg=-Wl,-z,relro,-z,now -C debuginfo=2 -C incremental=false
%define __cargo CARGO_FEATURE_VENDORED=1 RUSTFLAGS="%{__rustflags}" %{_bindir}/cargo
%define __cargo_common_opts %{?_smp_mflags}
Name: cargo-auditable
Version: 0.6.0~0
Release: 0
Summary: A tool to embed auditing information in ELF sections of rust binaries
# If you know the license, put it's SPDX string here.
# Alternately, you can use cargo lock2rpmprovides to help generate this.
License: (Apache-2.0 OR MIT) AND Unicode-DFS-2016 AND (0BSD OR MIT OR Apache-2.0) AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR MIT) AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR MIT OR Zlib) AND (Apache-2.0 OR MIT OR Zlib) AND (MIT OR Unlicense) AND (Apache-2.0 OR Zlib OR MIT) AND MIT
# Select a group from this link:
# https://en.opensuse.org/openSUSE:Package_group_guidelines
Group: Development/Languages/Rust
URL: https://github.com/rust-secure-code/cargo-auditable
Source0: %{name}-%{version}.tar.zst
Source1: vendor.tar.zst
Source2: cargo_config
# We can't dep on cargo-packaging because we would create a dependency loop.
# BuildRequires: cargo-packaging
BuildRequires: cargo
BuildRequires: zstd
Requires: cargo
%description
Know the exact crate versions used to build your Rust executable. Audit binaries for known bugs or
security vulnerabilities in production, at scale, with zero bookkeeping. This works by embedding
data about the dependency tree in JSON format into a dedicated linker section of the compiled
executable.
%prep
%autosetup -a1
mkdir .cargo
cp %{SOURCE2} .cargo/config
%build
unset LIBSSH2_SYS_USE_PKG_CONFIG
%{__cargo} build \
%{__cargo_common_opts} \
--offline --release
%install
install -D -d -m 0755 %{buildroot}%{_bindir}
install -m 0755 %{_builddir}/%{name}-%{version}/target/release/cargo-auditable %{buildroot}%{_bindir}/cargo-auditable
%files
%{_bindir}/cargo-auditable
%changelog

5
cargo_config Normal file
View File

@ -0,0 +1,5 @@
[source.crates-io]
replace-with = "vendored-sources"
[source.vendored-sources]
directory = "vendor"

BIN
vendor.tar.zst (Stored with Git LFS) Normal file

Binary file not shown.