mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
15641 commits 5 branches 0 tags 172 MiB
Commit graph

7 commits

Author SHA1 Message Date
sterni
5d06425655 chore: move format-audit-result.jq out of //users/sterni 
In the spirit of the readTree filter we should also not include files in
user directories from the outside.

Change-Id: I1abe36a721048900d2758b5986063b68b8d1af93
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5200
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <tazjin@tvl.su>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2022-02-04 11:20:41 +00:00
sterni
c3684740ad feat(tools/rust-crates-advisory): also check all our Cargo.locks 
check-all-our-lock-files works very similarly to
//users/sterni/nixpkgs-crate-holes, even reusing some parts of it, but
is much simpler since we don't need to extract the lock files — they are
already in tree.

It is implemented as a very simple script which just traverses the
subtree of the current directory, collecting all warnings. When
executing this script in buildkite via extraSteps, it never fails,
instead annotating the pipeline run with a warning.

Change-Id: I0a0bc26deffe7b20b99f5aa7238fb3c3bb9deb92
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3721
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
 2022-02-04 11:20:41 +00:00
Vincent Ambo
aa122cbae7 style: format entire depot with nixpkgs-fmt 
This CL can be used to compare the style of nixpkgs-fmt against other
formatters (nixpkgs, alejandra).

Change-Id: I87c6abff6bcb546b02ead15ad0405f81e01b6d9e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4397
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: lukegb <lukegb@tvl.fyi>
Reviewed-by: wpcarro <wpcarro@gmail.com>
Reviewed-by: Profpatsch <mail@profpatsch.de>
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: tazjin <tazjin@tvl.su>
Reviewed-by: cynthia <cynthia@tvl.fyi>
Reviewed-by: edef <edef@edef.eu>
Reviewed-by: eta <tvl@eta.st>
Reviewed-by: grfn <grfn@gws.fyi>
 2022-01-31 16:11:53 +00:00
Vincent Ambo
4f1249e46f refactor(readTree): Move 'drvTargets' into readTree 
This function is also generally useful for readTree consumers that
have the concept of subtargets.

Change-Id: Ic7fc03380dec6953fb288763a28e50ab3624d233
 2021-11-23 14:42:08 +00:00
sterni
a3f8d2b84b refactor(tools/rust-crates-advisory): move advisory-db to 3p 
Change-Id: Iaaed35de078292c0c99a7c83de9ca5fdf27b8135
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3711
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
 2021-10-12 13:35:14 +00:00
sterni
d904724adf refactor(rust-crates-advisory): check type instead of blacklisting 
`our-crates` can just check if the attributes in question are
derivation (i. e. have an `outPath`) instead of blacklisting the
`__readTree` attribute specifically.

Change-Id: I472692e89c0e9eff551372c72a73ab765b0b6599
 2021-09-15 22:35:23 +00:00
Profpatsch
952afb7da9 feat(tools): add rust-crates-advisory 
We have a bunch of crates in `third_party/rust-crates`; it would be
great if we could check them for existing CVEs.

This tool does that, it takes the rust security advisory database,
parses the applicable CVEs, and cross-checks them against the actual
crate versions we list in our package database.

The dumb parser we wrote is tested against all entries in the
database, so we will notice when upstream breaks their shit.
Checking the semver stuff is easy enough with the semver crate.

If an advisory matches, it prints the whole thing and fails the build.

Change-Id: I9e912c43d37a685d9d7a4424defc467a171ea3c4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2818
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: sterni <sternenseemann@systemli.org>
 2021-05-17 23:00:57 +00:00