chore(3p/rustsec-advisory-db): track using niv

This will make sure that the db is updated regularly (on every channel
bump). This is fine, because an advisory no longer implies a build
failure.

Change-Id: I1dc0b335e0881b5c58015da63c3c47f1ab1e645f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4554
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
This commit is contained in:
sterni 2021-12-24 12:24:04 +01:00
parent 6c4e447587
commit e855d140bd
3 changed files with 20 additions and 27 deletions

View file

@ -1,27 +1,19 @@
# RustSec's advisory db for crates
#
# Update using:
#
# nix-prefetch-git --quiet --url https://github.com/RustSec/advisory-db.git > third_party/rustsec-advisory-db/pin.json
#
# TODO(Profpatsch): automatically update in regular intervals
{ pkgs, ... }:
{ pkgs, depot, ... }:
let
pin = builtins.fromJSON (builtins.readFile ./pin.json);
date = builtins.head (builtins.split "T" pin.date);
inherit (depot.third_party.sources) rustsec-advisory-db;
in
pkgs.fetchFromGitHub {
name = "advisory-db-${date}";
owner = "RustSec";
repo = "advisory-db";
inherit (pin)
rev
inherit (rustsec-advisory-db)
owner
repo
sha256
rev
;
passthru = {
inherit (pin) rev;
inherit (rustsec-advisory-db) rev;
};
}

View file

@ -1,11 +0,0 @@
{
"url": "https://github.com/RustSec/advisory-db.git",
"rev": "d29205a680bb8b3a22eaba6e9b2a5a6580274af0",
"date": "2021-10-08T18:17:22+02:00",
"path": "/nix/store/nm8nwgdyrs6mi9dydf6vylc833i3alnn-advisory-db",
"sha256": "0h08kfn2878k5l0qdsxikakrjbqbn6fb8f95zxpqfh5hqzn7mb6b",
"fetchLFS": false,
"fetchSubmodules": false,
"deepClone": false,
"leaveDotGit": false
}

View file

@ -34,5 +34,17 @@
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/7adc9c14ec74b27358a8df9b973087e351425a79.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
"rustsec-advisory-db": {
"branch": "main",
"description": "Security advisory database for Rust crates published through crates.io",
"homepage": "https://rustsec.org",
"owner": "RustSec",
"repo": "advisory-db",
"rev": "c9a98f3b3681699f59d84b4f10f14eb07ea6783b",
"sha256": "1lb6im1j2nkjp4nza8lj0wyqv6f1wjab21w8lh702pdwd1nfn3zh",
"type": "tarball",
"url": "https://github.com/RustSec/advisory-db/archive/c9a98f3b3681699f59d84b4f10f14eb07ea6783b.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
}
}