Accepting request 877853 from home:firstyear

Add cargo-audit to devel:languages:rust. This allows scanning of
packaged rust projects for security issues.

OBS-URL: https://build.opensuse.org/request/show/877853
OBS-URL: https://build.opensuse.org/package/show/devel:languages:rust/cargo-audit?expand=0&rev=1

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

_service

@@ -0,0 +1,24 @@
+<services>
+  <service mode="disabled" name="obs_scm">
+    <param name="url">https://github.com/RustSec/cargo-audit.git</param>
+    <param name="versionformat">@PARENT_TAG@~git@TAG_OFFSET@.%h</param>
+    <param name="scm">git</param>
+    <!-- <param name="revision">v0.13.1</param> -->
+    <param name="revision">7797fd5cc108645d0b236dac9067c008f7fae61b</param>
+    <param name="match-tag">*</param>
+    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
+    <param name="versionrewrite-replacement">\1</param>
+    <param name="changesgenerate">enable</param>
+    <param name="changesauthor">wbrown@suse.de</param>
+  </service>
+  <service mode="disabled" name="set_version"/>
+  <service mode="disabled" name="tar" />
+  <service mode="disabled" name="recompress">
+    <param name="file">*.tar</param>
+    <param name="compression">xz</param>
+  </service>
+  <service name="cargo_vendor" mode="disabled">
+     <param name="srcdir">cargo-audit</param>
+     <param name="compression">xz</param>
+  </service>
+</services>

cargo-audit-0.13.1~git5.7797fd5.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9c1a50628f7803e7db9e7e81af6881520e846111824d1dc33e9190083e2dd42c
+size 116068

cargo-audit.changes

@@ -0,0 +1,14 @@
+-------------------------------------------------------------------
+Tue Mar 02 23:41:56 UTC 2021 - wbrown@suse.de
+
+- Update to version 0.13.1~git5.7797fd5:
+  * When running in no-fetch mode, allow accessing a non-git repo. (#315)
+  * Update README.md (#298)
+  * Cargo.lock: bump deps (#283)
+  * Bump once_cell from 1.4.1 to 1.5.0 (#282)
+  * CHANGELOG.md: add note about #206 as part of the v0.13.0 release
+
+-------------------------------------------------------------------
+Tue Feb 23 03:11:36 UTC 2021 - William Brown <william.brown@suse.com>
+
+- Initial submission of v0.13.1

cargo-audit.spec

@@ -0,0 +1,58 @@
+#
+# spec file for package cargo-audit-advisory-db
+#
+# Copyright (c) 2021 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+%global rustflags -Clink-arg=-Wl,-z,relro,-z,now -C debuginfo=2
+
+Name:           cargo-audit
+Version:        0.13.1~git5.7797fd5
+Release:        0
+Summary:        Audit rust sources for known security vulnerabilities
+License:        License: ( 0BSD OR MIT OR Apache-2.0 ) AND ( Apache-2.0 OR BSL-1.0 ) AND ( Apache-2.0 OR MIT ) AND ( Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT ) AND ( MIT OR Zlib OR Apache-2.0 ) AND ( Unlicense OR MIT ) AND ( Zlib OR Apache-2.0 OR MIT ) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND MIT AND MPL-2.0 AND MPL-2.0+
+Group:          Development/Languages/Rust
+Url:            https://github.com/RustSec/cargo-audit
+Source0:        %{name}-%{version}.tar.xz
+Source1:        vendor.tar.xz
+Source2:        cargo_config
+
+BuildRequires:  rust-packaging
+BuildRequires:  pkgconfig(openssl)
+ExcludeArch:    s390 s390x ppc ppc64 ppc64le %ix86
+
+%description
+Audit Cargo.lock files for crates with security vulnerabilities reported to the RustSec Advisory Database.
+
+%prep
+%setup -q
+%setup -qa1
+mkdir .cargo
+cp %{SOURCE2} .cargo/config
+# Remove exec bits to prevent an issue in fedora shebang checking
+find vendor -type f -name \*.rs -exec chmod -x '{}' \;
+
+%build
+export RUSTFLAGS="%{rustflags}"
+cargo build --offline --release
+
+%install
+install -D -d -m 0755 %{buildroot}%{_bindir}
+
+install -m 0755 %{_builddir}/%{name}-%{version}/target/release/cargo-audit %{buildroot}%{_bindir}/cargo-audit
+
+%files
+%{_bindir}/cargo-audit
+
+%changelog

cargo_config

@@ -0,0 +1,5 @@
+[source.crates-io]
+replace-with = "vendored-sources"
+
+[source.vendored-sources]
+directory = "vendor"

vendor.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bfa32d165291c4862044e647f458d2353d33abc7884d421c310758041c258446
+size 18194368