From fe316692404192ed452a2413bd05dda43210497c Mon Sep 17 00:00:00 2001 From: Simon Brand Date: Mon, 14 Aug 2023 23:25:52 +0000 Subject: [PATCH] Remove cargo vet --- .github/workflows/test.yml | 2 - .gitlab-ci.yml | 2 - supply-chain/audits.toml | 4 - supply-chain/config.toml | 280 ------------------------------------- supply-chain/imports.lock | 243 -------------------------------- 5 files changed, 531 deletions(-) delete mode 100644 supply-chain/audits.toml delete mode 100644 supply-chain/config.toml delete mode 100644 supply-chain/imports.lock diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3862faa..8cd2755 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,5 +14,3 @@ jobs: usr/lib/initcpio/install/cryptographic-id usr/lib/dracut/modules.d/90cryptographic-id/module-setup.sh - run: cargo test --workspace --verbose --locked - - run: cargo install --locked cargo-vet - - run: cargo vet diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 48f74a8..76855b8 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -8,5 +8,3 @@ test:cargo: usr/lib/initcpio/install/cryptographic-id usr/lib/dracut/modules.d/90cryptographic-id/module-setup.sh - cargo test --workspace --verbose --locked - - cargo install --locked cargo-vet - - cargo vet diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml deleted file mode 100644 index 2772ccb..0000000 --- a/supply-chain/audits.toml +++ /dev/null @@ -1,4 +0,0 @@ - -# cargo-vet audits file - -[audits] diff --git a/supply-chain/config.toml b/supply-chain/config.toml deleted file mode 100644 index 50c9833..0000000 --- a/supply-chain/config.toml +++ /dev/null @@ -1,280 +0,0 @@ - -# cargo-vet config file - -[cargo-vet] -version = "0.6" - -[imports.bytecodealliance] -url = "https://raw.githubusercontent.com/bytecodealliance/wasmtime/main/supply-chain/audits.toml" - -[imports.embark] -url = "https://raw.githubusercontent.com/EmbarkStudios/rust-ecosystem/main/audits.toml" - -[imports.google] -url = "https://raw.githubusercontent.com/google/rust-crate-audits/main/audits.toml" - -[imports.isrg] -url = "https://raw.githubusercontent.com/divviup/libprio-rs/main/supply-chain/audits.toml" - -[imports.mozilla] -url = "https://raw.githubusercontent.com/mozilla/supply-chain/main/audits.toml" - -[[exemptions.aho-corasick]] -version = "1.0.2" -criteria = "safe-to-deploy" - -[[exemptions.anyhow]] -version = "1.0.72" -criteria = "safe-to-deploy" - -[[exemptions.bitflags]] -version = "1.3.2" -criteria = "safe-to-deploy" - -[[exemptions.byteorder]] -version = "1.4.3" -criteria = "safe-to-deploy" - -[[exemptions.bytes]] -version = "1.3.0" -criteria = "safe-to-deploy" - -[[exemptions.cc]] -version = "1.0.81" -criteria = "safe-to-deploy" - -[[exemptions.checked_int_cast]] -version = "1.0.0" -criteria = "safe-to-deploy" - -[[exemptions.cpufeatures]] -version = "0.2.9" -criteria = "safe-to-deploy" - -[[exemptions.curve25519-dalek]] -version = "3.2.1" -criteria = "safe-to-deploy" - -[[exemptions.digest]] -version = "0.9.0" -criteria = "safe-to-deploy" - -[[exemptions.ed25519]] -version = "1.4.1" -criteria = "safe-to-deploy" - -[[exemptions.ed25519-dalek]] -version = "1.0.1" -criteria = "safe-to-deploy" - -[[exemptions.either]] -version = "1.9.0" -criteria = "safe-to-deploy" - -[[exemptions.errno]] -version = "0.3.2" -criteria = "safe-to-deploy" - -[[exemptions.fastrand]] -version = "2.0.0" -criteria = "safe-to-deploy" - -[[exemptions.fixedbitset]] -version = "0.4.2" -criteria = "safe-to-deploy" - -[[exemptions.generic-array]] -version = "0.14.7" -criteria = "safe-to-deploy" - -[[exemptions.getrandom]] -version = "0.1.16" -criteria = "safe-to-deploy" - -[[exemptions.indexmap]] -version = "1.9.3" -criteria = "safe-to-deploy" - -[[exemptions.itertools]] -version = "0.10.5" -criteria = "safe-to-deploy" - -[[exemptions.libc]] -version = "0.2.147" -criteria = "safe-to-deploy" - -[[exemptions.linux-raw-sys]] -version = "0.4.5" -criteria = "safe-to-deploy" - -[[exemptions.log]] -version = "0.4.19" -criteria = "safe-to-deploy" - -[[exemptions.memchr]] -version = "2.5.0" -criteria = "safe-to-deploy" - -[[exemptions.multimap]] -version = "0.8.3" -criteria = "safe-to-deploy" - -[[exemptions.once_cell]] -version = "1.16.0" -criteria = "safe-to-deploy" - -[[exemptions.petgraph]] -version = "0.6.3" -criteria = "safe-to-deploy" - -[[exemptions.ppv-lite86]] -version = "0.2.17" -criteria = "safe-to-deploy" - -[[exemptions.prettyplease]] -version = "0.1.25" -criteria = "safe-to-deploy" - -[[exemptions.prost]] -version = "0.11.9" -criteria = "safe-to-deploy" - -[[exemptions.prost-build]] -version = "0.11.9" -criteria = "safe-to-deploy" - -[[exemptions.prost-derive]] -version = "0.11.9" -criteria = "safe-to-deploy" - -[[exemptions.prost-types]] -version = "0.11.9" -criteria = "safe-to-deploy" - -[[exemptions.qrcode]] -version = "0.12.0" -criteria = "safe-to-deploy" - -[[exemptions.quote]] -version = "1.0.32" -criteria = "safe-to-deploy" - -[[exemptions.rand]] -version = "0.7.3" -criteria = "safe-to-deploy" - -[[exemptions.rand_chacha]] -version = "0.2.2" -criteria = "safe-to-deploy" - -[[exemptions.rand_core]] -version = "0.5.1" -criteria = "safe-to-deploy" - -[[exemptions.rand_hc]] -version = "0.2.0" -criteria = "safe-to-deploy" - -[[exemptions.redox_syscall]] -version = "0.3.5" -criteria = "safe-to-deploy" - -[[exemptions.regex]] -version = "1.9.1" -criteria = "safe-to-deploy" - -[[exemptions.regex-automata]] -version = "0.3.4" -criteria = "safe-to-deploy" - -[[exemptions.regex-syntax]] -version = "0.7.4" -criteria = "safe-to-deploy" - -[[exemptions.rustix]] -version = "0.38.6" -criteria = "safe-to-deploy" - -[[exemptions.serde]] -version = "1.0.181" -criteria = "safe-to-deploy" - -[[exemptions.sha2]] -version = "0.9.9" -criteria = "safe-to-deploy" - -[[exemptions.signature]] -version = "1.6.4" -criteria = "safe-to-deploy" - -[[exemptions.syn]] -version = "1.0.109" -criteria = "safe-to-deploy" - -[[exemptions.syn]] -version = "2.0.28" -criteria = "safe-to-deploy" - -[[exemptions.tempfile]] -version = "3.7.0" -criteria = "safe-to-deploy" - -[[exemptions.typenum]] -version = "1.15.0" -criteria = "safe-to-deploy" - -[[exemptions.unicode-ident]] -version = "1.0.11" -criteria = "safe-to-deploy" - -[[exemptions.wasi]] -version = "0.9.0+wasi-snapshot-preview1" -criteria = "safe-to-deploy" - -[[exemptions.which]] -version = "4.4.0" -criteria = "safe-to-deploy" - -[[exemptions.windows-sys]] -version = "0.48.0" -criteria = "safe-to-deploy" - -[[exemptions.windows-targets]] -version = "0.48.1" -criteria = "safe-to-deploy" - -[[exemptions.windows_aarch64_gnullvm]] -version = "0.48.0" -criteria = "safe-to-deploy" - -[[exemptions.windows_aarch64_msvc]] -version = "0.48.0" -criteria = "safe-to-deploy" - -[[exemptions.windows_i686_gnu]] -version = "0.48.0" -criteria = "safe-to-deploy" - -[[exemptions.windows_i686_msvc]] -version = "0.48.0" -criteria = "safe-to-deploy" - -[[exemptions.windows_x86_64_gnu]] -version = "0.48.0" -criteria = "safe-to-deploy" - -[[exemptions.windows_x86_64_gnullvm]] -version = "0.48.0" -criteria = "safe-to-deploy" - -[[exemptions.windows_x86_64_msvc]] -version = "0.48.0" -criteria = "safe-to-deploy" - -[[exemptions.zeroize]] -version = "1.3.0" -criteria = "safe-to-deploy" - -[[exemptions.zeroize_derive]] -version = "1.4.2" -criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock deleted file mode 100644 index 9f7794a..0000000 --- a/supply-chain/imports.lock +++ /dev/null @@ -1,243 +0,0 @@ - -# cargo-vet imports lock - -[[audits.bytecodealliance.audits.base64]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -version = "0.21.0" -notes = "This crate has no dependencies, no build.rs, and contains no unsafe code." - -[[audits.bytecodealliance.audits.bitflags]] -who = "Jamey Sharp " -criteria = "safe-to-deploy" -delta = "2.1.0 -> 2.2.1" -notes = """ -This version adds unsafe impls of traits from the bytemuck crate when built -with that library enabled, but I believe the impls satisfy the documented -safety requirements for bytemuck. The other changes are minor. -""" - -[[audits.bytecodealliance.audits.bitflags]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "2.3.2 -> 2.3.3" -notes = """ -Nothing outside the realm of what one would expect from a bitflags generator, -all as expected. -""" - -[[audits.bytecodealliance.audits.cfg-if]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -version = "1.0.0" -notes = "I am the author of this crate." - -[[audits.bytecodealliance.audits.ed25519]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "1.4.1 -> 1.5.3" -notes = """ -This diff brings in a number of minor updates of which none are related to -`unsafe` code or anything system-related like filesystems. -""" - -[[audits.bytecodealliance.audits.errno-dragonfly]] -who = "Jamey Sharp " -criteria = "safe-to-deploy" -version = "0.1.2" -notes = "This should be portable to any POSIX system and seems like it should be part of the libc crate, but at any rate it's safe as is." - -[[audits.bytecodealliance.audits.heck]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -version = "0.4.0" -notes = "Contains `forbid_unsafe` and only uses `std::fmt` from the standard library. Otherwise only contains string manipulation." - -[[audits.bytecodealliance.audits.proc-macro2]] -who = "Pat Hickey " -criteria = "safe-to-deploy" -delta = "1.0.51 -> 1.0.57" - -[[audits.bytecodealliance.audits.proc-macro2]] -who = "Alex Crichton " -criteria = "safe-to-deploy" -delta = "1.0.59 -> 1.0.63" -notes = """ -This is a routine update for new nightly features and new syntax popping up on -nightly, nothing out of the ordinary. -""" - -[[audits.embark.audits.epaint]] -who = "Johan Andersson " -criteria = "safe-to-deploy" -violation = "<0.20.0" -notes = "Specified crate license does not include licenses of embedded fonts if using default features or the `default_fonts` feature. Tracked in: https://github.com/emilk/egui/issues/2321" - -[[audits.google.audits.version_check]] -who = "George Burgess IV " -criteria = "safe-to-deploy" -version = "0.9.4" -aggregated-from = "https://chromium.googlesource.com/chromiumos/third_party/rust_crates/+/refs/heads/main/cargo-vet/audits.toml?format=TEXT" - -[[audits.isrg.audits.base64]] -who = "Tim Geoghegan " -criteria = "safe-to-deploy" -delta = "0.21.0 -> 0.21.1" - -[[audits.isrg.audits.base64]] -who = "Brandon Pitman " -criteria = "safe-to-deploy" -delta = "0.21.1 -> 0.21.2" - -[[audits.isrg.audits.block-buffer]] -who = "David Cook " -criteria = "safe-to-deploy" -version = "0.9.0" - -[[audits.isrg.audits.once_cell]] -who = "Brandon Pitman " -criteria = "safe-to-deploy" -delta = "1.17.1 -> 1.17.2" - -[[audits.isrg.audits.once_cell]] -who = "David Cook " -criteria = "safe-to-deploy" -delta = "1.17.2 -> 1.18.0" - -[[audits.isrg.audits.opaque-debug]] -who = "David Cook " -criteria = "safe-to-deploy" -version = "0.3.0" - -[[audits.mozilla.audits.autocfg]] -who = "Josh Stone " -criteria = "safe-to-deploy" -version = "1.1.0" -notes = "All code written or reviewed by Josh Stone." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.bitflags]] -who = "Alex Franchuk " -criteria = "safe-to-deploy" -delta = "1.3.2 -> 2.0.2" -notes = "Removal of some unsafe code/methods. No changes to externals, just some refactoring (mostly internal)." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.bitflags]] -who = "Nicolas Silva " -criteria = "safe-to-deploy" -delta = "2.0.2 -> 2.1.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.bitflags]] -who = "Teodor Tanasoaia " -criteria = "safe-to-deploy" -delta = "2.2.1 -> 2.3.2" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.bytes]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.3.0 -> 1.4.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.hashbrown]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -version = "0.12.3" -notes = "This version is used in rust's libstd, so effectively we're already trusting it" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.heck]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.4.0 -> 0.4.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.lazy_static]] -who = "Nika Layzell " -criteria = "safe-to-deploy" -version = "1.4.0" -notes = "I have read over the macros, and audited the unsafe code." -aggregated-from = "https://raw.githubusercontent.com/mozilla/cargo-vet/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.once_cell]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.16.0 -> 1.17.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.proc-macro2]] -who = "Nika Layzell " -criteria = "safe-to-deploy" -version = "1.0.39" -notes = """ -`proc-macro2` acts as either a thin(-ish) wrapper around the std-provided -`proc_macro` crate, or as a fallback implementation of the crate, depending on -where it is used. - -If using this crate on older versions of rustc (1.56 and earlier), it will -temporarily replace the panic handler while initializing in order to detect if -it is running within a `proc_macro`, which could lead to surprising behaviour. -This should not be an issue for more recent compiler versions, which support -`proc_macro::is_available()`. - -The `proc-macro2` crate's fallback behaviour is not identical to the complex -behaviour of the rustc compiler (e.g. it does not perform unicode normalization -for identifiers), however it behaves well enough for its intended use-case -(tests and scripts processing rust code). - -`proc-macro2` does not use unsafe code, however exposes one `unsafe` API to -allow bypassing checks in the fallback implementation when constructing -`Literal` using `from_str_unchecked`. This was intended to only be used by the -`quote!` macro, however it has been removed -(https://github.com/dtolnay/quote/commit/f621fe64a8a501cae8e95ebd6848e637bbc79078), -and is likely completely unused. Even when used, this API shouldn't be able to -cause unsoundness. -""" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.proc-macro2]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.39 -> 1.0.43" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.proc-macro2]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.43 -> 1.0.49" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.proc-macro2]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.0.49 -> 1.0.51" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.proc-macro2]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.57 -> 1.0.59" -notes = "Enabled on Wasm" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.proc-macro2]] -who = "Jan-Erik Rediger " -criteria = "safe-to-deploy" -delta = "1.0.63 -> 1.0.66" -notes = "Removed special support for some really old Rust versions" -aggregated-from = "https://raw.githubusercontent.com/mozilla/glean/main/supply-chain/audits.toml" - -[[audits.mozilla.audits.subtle]] -who = "Simon Friedberger " -criteria = "safe-to-deploy" -version = "2.5.0" -notes = "The goal is to provide some constant-time correctness for cryptographic implementations. The approach is reasonable, it is known to be insufficient but this is pointed out in the documentation." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.typenum]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "1.15.0 -> 1.16.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml"