Sync from SUSE:SLFO:Main cargo-auditable revision d949aacac6492f6b91d28a510be24640

2024-05-03 11:30:26 +02:00 · 2024-05-03 11:30:26 +02:00 · 80c5abd36e
commit 80c5abd36e
10 changed files with 163 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/27
+++ b/27
@ -0,0 +1,27 @@
+<services>
+  <service mode="disabled" name="obs_scm">
+    <param name="url">https://github.com/rust-secure-code/cargo-auditable.git</param>
+    <param name="versionformat">@PARENT_TAG@~@TAG_OFFSET@</param>
+    <param name="scm">git</param>
+    <param name="revision">v0.6.0</param>
+    <param name="match-tag">*</param>
+    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
+    <param name="versionrewrite-replacement">\1</param>
+    <param name="changesgenerate">enable</param>
+    <param name="changesauthor">william.brown@suse.com</param>
+  </service>
+  <service mode="disabled" name="tar" />
+  <service mode="disabled" name="recompress">
+    <param name="file">*.tar</param>
+    <param name="compression">zst</param>
+  </service>
+  <service mode="disabled" name="set_version"/>
+  <service name="cargo_vendor" mode="disabled">
+     <param name="srcdir">cargo-auditable</param>
+     <param name="compression">zst</param>
+     <param name="update">true</param>
+  </service>
+  <service name="cargo_audit" mode="disabled">
+     <param name="srcdir">cargo-auditable</param>
+  </service>
+</services>
--- a/4
+++ b/4
@ -0,0 +1,4 @@
+<servicedata>
+<service name="tar_scm">
+                <param name="url">https://github.com/rust-secure-code/cargo-auditable.git</param>
+              <param name="changesrevision">e05d2776cff3d4db7b1d60c886563625bc589aba</param></service></servicedata>
--- a/cargo-auditable-0.6.0~0.obscpio
+++ b/cargo-auditable-0.6.0~0.obscpio
--- a/cargo-auditable-0.6.0~0.tar.zst
+++ b/cargo-auditable-0.6.0~0.tar.zst
--- a/cargo-auditable.changes
+++ b/cargo-auditable.changes
@ -0,0 +1,24 @@
+-------------------------------------------------------------------
+Thu Feb 23 14:27:09 UTC 2023 - Andrea Manzini <andrea.manzini@suse.com>
+
+- Update to version 0.6.0~0:
+  * README and documentation improvements 
+  * Read the rustc path passed by Cargo; fixes #90
+  * Read location of Cargo from the environment variable Cargo sets for third-party subcommands
+  * Add a note on sccache version compatibility to CHANGELOG.md
+  * Panic on compilation commands where we fail to parse the arguments instead of silently ignoring the error
+  * Specifying the binary-scanning feature is no longer needed
+  * Pass options such as --offline to `cargo metadata`
+  * Pass on arguments from `cargo auditable` invocation to the rustc wrapper; prep work towards fixing #83
+  * Bump rust-audit-info to 0.5.2
+  * Bump auditable-serde version to 0.5.2
+  * Correctly fill in the source even in dependency entries when converting to cargo-lock data format
+  * Drop the roundtrip through &str in semver::Version; now that semver 1.0 has shipped the versions are API-compatible and this is no longer necessary
+  * Release auditable-info 0.6.1
+  * Bump all the version requirements for things depending on auditable-info
+  * Fix audit_info_from_slice function signature
+
+-------------------------------------------------------------------
+Thu Nov  3 04:31:16 UTC 2022 - William Brown <william.brown@suse.com>
+
+- Initial commit
--- a/cargo-auditable.obsinfo
+++ b/cargo-auditable.obsinfo
@ -0,0 +1,4 @@
+name: cargo-auditable
+version: 0.6.0~0
+mtime: 1670449731
+commit: e05d2776cff3d4db7b1d60c886563625bc589aba
--- a/cargo-auditable.spec
+++ b/cargo-auditable.spec
@ -0,0 +1,67 @@
+#
+# spec file for package cargo-auditable
+#
+# Copyright (c) 2023 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%define __rustflags -Clink-arg=-Wl,-z,relro,-z,now -C debuginfo=2 -C incremental=false
+%define __cargo CARGO_FEATURE_VENDORED=1 RUSTFLAGS="%{__rustflags}" %{_bindir}/cargo
+%define __cargo_common_opts %{?_smp_mflags}
+
+Name:           cargo-auditable
+Version:        0.6.0~0
+Release:        0
+Summary:        A tool to embed auditing information in ELF sections of rust binaries
+#               If you know the license, put it's SPDX string here.
+#               Alternately, you can use cargo lock2rpmprovides to help generate this.
+License:        (Apache-2.0 OR MIT) AND Unicode-DFS-2016 AND (0BSD OR MIT OR Apache-2.0) AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR MIT) AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR MIT OR Zlib) AND (Apache-2.0 OR MIT OR Zlib) AND (MIT OR Unlicense) AND (Apache-2.0 OR Zlib OR MIT) AND MIT
+#               Select a group from this link:
+#               https://en.opensuse.org/openSUSE:Package_group_guidelines
+Group:          Development/Languages/Rust
+URL:            https://github.com/rust-secure-code/cargo-auditable
+Source0:        %{name}-%{version}.tar.zst
+Source1:        vendor.tar.zst
+Source2:        cargo_config
+# We can't dep on cargo-packaging because we would create a dependency loop.
+# BuildRequires:  cargo-packaging
+BuildRequires:  cargo
+BuildRequires:  zstd
+Requires:       cargo
+
+%description
+Know the exact crate versions used to build your Rust executable. Audit binaries for known bugs or
+security vulnerabilities in production, at scale, with zero bookkeeping. This works by embedding
+data about the dependency tree in JSON format into a dedicated linker section of the compiled
+executable.
+
+%prep
+%autosetup -a1
+mkdir .cargo
+cp %{SOURCE2} .cargo/config
+
+%build
+unset LIBSSH2_SYS_USE_PKG_CONFIG
+%{__cargo} build \
+    %{__cargo_common_opts} \
+    --offline --release
+
+%install
+install -D -d -m 0755 %{buildroot}%{_bindir}
+install -m 0755 %{_builddir}/%{name}-%{version}/target/release/cargo-auditable %{buildroot}%{_bindir}/cargo-auditable
+
+%files
+%{_bindir}/cargo-auditable
+
+%changelog
--- a/5
+++ b/5
@ -0,0 +1,5 @@
+[source.crates-io]
+replace-with = "vendored-sources"
+
+[source.vendored-sources]
+directory = "vendor"
--- a/vendor.tar.zst
+++ b/vendor.tar.zst