feat(rustsec-advisory-db): update to 2021-10-08 via nix-prefetch-git

This makes it much easier to update the db manually and also lays the
foundation for future automation bumping the advisory db.

Change-Id: I1244020c8bb1af43bf4e207c55f6420eb3f57bcf
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3713
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: Profpatsch <mail@profpatsch.de>
This commit is contained in:
sterni 2021-10-10 14:53:56 +02:00
parent a3f8d2b84b
commit 14282370e9
2 changed files with 29 additions and 3 deletions

View file

@ -1,9 +1,24 @@
# RustSec's advisory db for crates
#
# Update using:
#
# nix-prefetch-git --quiet --url https://github.com/RustSec/advisory-db.git > third_party/rustsec-advisory-db/pin.json
#
# TODO(Profpatsch): automatically update in regular intervals
{ pkgs, ... }: { pkgs, ... }:
let
pin = builtins.fromJSON (builtins.readFile ./pin.json);
date = builtins.head (builtins.split "T" pin.date);
in
pkgs.fetchFromGitHub { pkgs.fetchFromGitHub {
name = "advisory-db-${date}";
owner = "RustSec"; owner = "RustSec";
repo = "advisory-db"; repo = "advisory-db";
# TODO(Profpatsch): this will have to be updated regularly, how? inherit (pin)
rev = "113188c62380753f01ff0df5edb7d67a300b143a"; rev
sha256 = "0v086ybwr71zgs5nv8yr4w2w2d4daxx6in2s1sjb4m41q1r9p0wj"; sha256
;
} }

View file

@ -0,0 +1,11 @@
{
"url": "https://github.com/RustSec/advisory-db.git",
"rev": "d29205a680bb8b3a22eaba6e9b2a5a6580274af0",
"date": "2021-10-08T18:17:22+02:00",
"path": "/nix/store/nm8nwgdyrs6mi9dydf6vylc833i3alnn-advisory-db",
"sha256": "0h08kfn2878k5l0qdsxikakrjbqbn6fb8f95zxpqfh5hqzn7mb6b",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
}