commit 80c5abd36edd8c6f1e5dbe80457a28c3e57d73bc5bf5d7f9af0af7adad4571d1 Author: Adrian Schröter Date: Fri May 3 11:30:26 2024 +0200 Sync from SUSE:SLFO:Main cargo-auditable revision d949aacac6492f6b91d28a510be24640 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/_service b/_service new file mode 100644 index 0000000..d774c33 --- /dev/null +++ b/_service @@ -0,0 +1,27 @@ + + + https://github.com/rust-secure-code/cargo-auditable.git + @PARENT_TAG@~@TAG_OFFSET@ + git + v0.6.0 + * + v(\d+\.\d+\.\d+) + \1 + enable + william.brown@suse.com + + + + *.tar + zst + + + + cargo-auditable + zst + true + + + cargo-auditable + + diff --git a/_servicedata b/_servicedata new file mode 100644 index 0000000..1dae6c6 --- /dev/null +++ b/_servicedata @@ -0,0 +1,4 @@ + + + https://github.com/rust-secure-code/cargo-auditable.git + e05d2776cff3d4db7b1d60c886563625bc589aba \ No newline at end of file diff --git a/cargo-auditable-0.6.0~0.obscpio b/cargo-auditable-0.6.0~0.obscpio new file mode 100644 index 0000000..2246a82 --- /dev/null +++ b/cargo-auditable-0.6.0~0.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b185c2a7e51d138c50c88668e54d29927549f2327a1732c618f9e58610739450 +size 184331 diff --git a/cargo-auditable-0.6.0~0.tar.zst b/cargo-auditable-0.6.0~0.tar.zst new file mode 100644 index 0000000..0095b61 --- /dev/null +++ b/cargo-auditable-0.6.0~0.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:189770e901af4dd1ab49bc67c1063d1bf1eab33e08a7b1ddf3b8b0fd2a3d1b2e +size 42519 diff --git a/cargo-auditable.changes b/cargo-auditable.changes new file mode 100644 index 0000000..5a17f2b --- /dev/null +++ b/cargo-auditable.changes @@ -0,0 +1,24 @@ +------------------------------------------------------------------- +Thu Feb 23 14:27:09 UTC 2023 - Andrea Manzini + +- Update to version 0.6.0~0: + * README and documentation improvements + * Read the rustc path passed by Cargo; fixes #90 + * Read location of Cargo from the environment variable Cargo sets for third-party subcommands + * Add a note on sccache version compatibility to CHANGELOG.md + * Panic on compilation commands where we fail to parse the arguments instead of silently ignoring the error + * Specifying the binary-scanning feature is no longer needed + * Pass options such as --offline to `cargo metadata` + * Pass on arguments from `cargo auditable` invocation to the rustc wrapper; prep work towards fixing #83 + * Bump rust-audit-info to 0.5.2 + * Bump auditable-serde version to 0.5.2 + * Correctly fill in the source even in dependency entries when converting to cargo-lock data format + * Drop the roundtrip through &str in semver::Version; now that semver 1.0 has shipped the versions are API-compatible and this is no longer necessary + * Release auditable-info 0.6.1 + * Bump all the version requirements for things depending on auditable-info + * Fix audit_info_from_slice function signature + +------------------------------------------------------------------- +Thu Nov 3 04:31:16 UTC 2022 - William Brown + +- Initial commit diff --git a/cargo-auditable.obsinfo b/cargo-auditable.obsinfo new file mode 100644 index 0000000..ec304e3 --- /dev/null +++ b/cargo-auditable.obsinfo @@ -0,0 +1,4 @@ +name: cargo-auditable +version: 0.6.0~0 +mtime: 1670449731 +commit: e05d2776cff3d4db7b1d60c886563625bc589aba diff --git a/cargo-auditable.spec b/cargo-auditable.spec new file mode 100644 index 0000000..bbb9299 --- /dev/null +++ b/cargo-auditable.spec @@ -0,0 +1,67 @@ +# +# spec file for package cargo-auditable +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define __rustflags -Clink-arg=-Wl,-z,relro,-z,now -C debuginfo=2 -C incremental=false +%define __cargo CARGO_FEATURE_VENDORED=1 RUSTFLAGS="%{__rustflags}" %{_bindir}/cargo +%define __cargo_common_opts %{?_smp_mflags} + +Name: cargo-auditable +Version: 0.6.0~0 +Release: 0 +Summary: A tool to embed auditing information in ELF sections of rust binaries +# If you know the license, put it's SPDX string here. +# Alternately, you can use cargo lock2rpmprovides to help generate this. +License: (Apache-2.0 OR MIT) AND Unicode-DFS-2016 AND (0BSD OR MIT OR Apache-2.0) AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR MIT) AND (Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT) AND (Apache-2.0 OR MIT OR Zlib) AND (Apache-2.0 OR MIT OR Zlib) AND (MIT OR Unlicense) AND (Apache-2.0 OR Zlib OR MIT) AND MIT +# Select a group from this link: +# https://en.opensuse.org/openSUSE:Package_group_guidelines +Group: Development/Languages/Rust +URL: https://github.com/rust-secure-code/cargo-auditable +Source0: %{name}-%{version}.tar.zst +Source1: vendor.tar.zst +Source2: cargo_config +# We can't dep on cargo-packaging because we would create a dependency loop. +# BuildRequires: cargo-packaging +BuildRequires: cargo +BuildRequires: zstd +Requires: cargo + +%description +Know the exact crate versions used to build your Rust executable. Audit binaries for known bugs or +security vulnerabilities in production, at scale, with zero bookkeeping. This works by embedding +data about the dependency tree in JSON format into a dedicated linker section of the compiled +executable. + +%prep +%autosetup -a1 +mkdir .cargo +cp %{SOURCE2} .cargo/config + +%build +unset LIBSSH2_SYS_USE_PKG_CONFIG +%{__cargo} build \ + %{__cargo_common_opts} \ + --offline --release + +%install +install -D -d -m 0755 %{buildroot}%{_bindir} +install -m 0755 %{_builddir}/%{name}-%{version}/target/release/cargo-auditable %{buildroot}%{_bindir}/cargo-auditable + +%files +%{_bindir}/cargo-auditable + +%changelog diff --git a/cargo_config b/cargo_config new file mode 100644 index 0000000..6fb4ff4 --- /dev/null +++ b/cargo_config @@ -0,0 +1,5 @@ +[source.crates-io] +replace-with = "vendored-sources" + +[source.vendored-sources] +directory = "vendor" \ No newline at end of file diff --git a/vendor.tar.zst b/vendor.tar.zst new file mode 100644 index 0000000..97cd970 --- /dev/null +++ b/vendor.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8275e11ff15da2be091e4b6643dafa13a9b8c7e7514125e036572baa5db3fff9 +size 2451471