Merge branch 'ring_out_the_old' into 'main'
Enforce no-ring-in-arti/full (and make it true) See merge request tpo/core/arti!592
This commit is contained in:
commit
a3d8a425c4
|
@ -48,6 +48,7 @@ rust-checks:
|
|||
- ./maint/check_licenses
|
||||
- ./maint/cargo_audit
|
||||
- ./maint/cargo_sort
|
||||
- ./maint/check_tree
|
||||
cache:
|
||||
paths:
|
||||
- cargo-audit
|
||||
|
|
|
@ -14,7 +14,7 @@ repository = "https://gitlab.torproject.org/tpo/core/arti.git/"
|
|||
[features]
|
||||
|
||||
default = []
|
||||
full = ["async-std", "tokio", "native-tls", "rustls"]
|
||||
full = ["async-std", "tokio", "native-tls"]
|
||||
|
||||
async-std = ["async-std-crate", "async-io", "async_executors/async_std"]
|
||||
tokio = ["tokio-crate", "tokio-util", "async_executors/tokio_tp"]
|
||||
|
|
|
@ -96,7 +96,9 @@
|
|||
//! crate for TLS support
|
||||
//! * `static` -- link the native TLS library statically (enables the `vendored` feature of the
|
||||
//! `native-tls` crate).
|
||||
//! * `rustls` -- build with the [rustls](https://github.com/rustls/rustls) crate for TLS support
|
||||
//! * `rustls` -- build with the [rustls](https://github.com/rustls/rustls) crate for TLS support. Note that `rustls` uses the `ring` crate, which uses
|
||||
//! the old (3BSD/SSLEay) OpenSSL license, which may introduce licensing
|
||||
//! compatibility issues.
|
||||
//!
|
||||
//! By default, *this* crate doesn't enable any features. However, you're almost certainly
|
||||
//! using this as part of the `arti-client` crate, which will enable `tokio` and `native-tls` in
|
||||
|
|
|
@ -0,0 +1,48 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# Use cargo-tree to check our dependencies for crates which we must
|
||||
# not depend on unconditionally.
|
||||
|
||||
set -eu
|
||||
|
||||
forbid () {
|
||||
local our_crate="$1"
|
||||
local feature="$2"
|
||||
local forbidden="$3"
|
||||
|
||||
set +e
|
||||
cargo tree --prefix=none -p "$our_crate" --features "$feature" \
|
||||
--format=" {p}" | grep "^ $forbidden "
|
||||
# Note that the space in the grep pattern above is necessary to
|
||||
# make sure we don't match prefixes. (The cargo tree output will be
|
||||
# something like " cratename v1.2.3".)
|
||||
|
||||
local result="${PIPESTATUS[*]}"
|
||||
set -e
|
||||
|
||||
case "$result" in
|
||||
"0 0")
|
||||
# cargo-tree succeeded, and so did grep: we found the
|
||||
# forbidden package.
|
||||
echo "Uh-oh: $forbidden has shown up in $our_crate/$feature."
|
||||
exit 1
|
||||
;;
|
||||
"0 1")
|
||||
# cargo-tree succeeded, and grep failed: we didn't find the
|
||||
# forbidden package.
|
||||
echo "Didn't find $forbidden in $our_crate/$feature. Good."
|
||||
;;
|
||||
*)
|
||||
# cargo-tree failed (or maybe grep is gruesomely nonstandard)
|
||||
echo "cargo tree failed unexpectedly when checking for $forbidden in $our_crate/$feature" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
# We can't use these crates in arti/full, since they expose us to the old
|
||||
# OpenSSL (3BSD + SSLeay) license.
|
||||
forbid arti full ring
|
||||
forbid arti full webpki
|
||||
|
||||
echo "Everything looks fine."
|
Loading…
Reference in New Issue