Merge branch 'ring_out_the_old' into 'main'
Enforce no-ring-in-arti/full (and make it true) See merge request tpo/core/arti!592
This commit is contained in:
commit
a3d8a425c4
|
@ -48,6 +48,7 @@ rust-checks:
|
||||||
- ./maint/check_licenses
|
- ./maint/check_licenses
|
||||||
- ./maint/cargo_audit
|
- ./maint/cargo_audit
|
||||||
- ./maint/cargo_sort
|
- ./maint/cargo_sort
|
||||||
|
- ./maint/check_tree
|
||||||
cache:
|
cache:
|
||||||
paths:
|
paths:
|
||||||
- cargo-audit
|
- cargo-audit
|
||||||
|
|
|
@ -14,7 +14,7 @@ repository = "https://gitlab.torproject.org/tpo/core/arti.git/"
|
||||||
[features]
|
[features]
|
||||||
|
|
||||||
default = []
|
default = []
|
||||||
full = ["async-std", "tokio", "native-tls", "rustls"]
|
full = ["async-std", "tokio", "native-tls"]
|
||||||
|
|
||||||
async-std = ["async-std-crate", "async-io", "async_executors/async_std"]
|
async-std = ["async-std-crate", "async-io", "async_executors/async_std"]
|
||||||
tokio = ["tokio-crate", "tokio-util", "async_executors/tokio_tp"]
|
tokio = ["tokio-crate", "tokio-util", "async_executors/tokio_tp"]
|
||||||
|
|
|
@ -96,7 +96,9 @@
|
||||||
//! crate for TLS support
|
//! crate for TLS support
|
||||||
//! * `static` -- link the native TLS library statically (enables the `vendored` feature of the
|
//! * `static` -- link the native TLS library statically (enables the `vendored` feature of the
|
||||||
//! `native-tls` crate).
|
//! `native-tls` crate).
|
||||||
//! * `rustls` -- build with the [rustls](https://github.com/rustls/rustls) crate for TLS support
|
//! * `rustls` -- build with the [rustls](https://github.com/rustls/rustls) crate for TLS support. Note that `rustls` uses the `ring` crate, which uses
|
||||||
|
//! the old (3BSD/SSLEay) OpenSSL license, which may introduce licensing
|
||||||
|
//! compatibility issues.
|
||||||
//!
|
//!
|
||||||
//! By default, *this* crate doesn't enable any features. However, you're almost certainly
|
//! By default, *this* crate doesn't enable any features. However, you're almost certainly
|
||||||
//! using this as part of the `arti-client` crate, which will enable `tokio` and `native-tls` in
|
//! using this as part of the `arti-client` crate, which will enable `tokio` and `native-tls` in
|
||||||
|
|
|
@ -0,0 +1,48 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# Use cargo-tree to check our dependencies for crates which we must
|
||||||
|
# not depend on unconditionally.
|
||||||
|
|
||||||
|
set -eu
|
||||||
|
|
||||||
|
forbid () {
|
||||||
|
local our_crate="$1"
|
||||||
|
local feature="$2"
|
||||||
|
local forbidden="$3"
|
||||||
|
|
||||||
|
set +e
|
||||||
|
cargo tree --prefix=none -p "$our_crate" --features "$feature" \
|
||||||
|
--format=" {p}" | grep "^ $forbidden "
|
||||||
|
# Note that the space in the grep pattern above is necessary to
|
||||||
|
# make sure we don't match prefixes. (The cargo tree output will be
|
||||||
|
# something like " cratename v1.2.3".)
|
||||||
|
|
||||||
|
local result="${PIPESTATUS[*]}"
|
||||||
|
set -e
|
||||||
|
|
||||||
|
case "$result" in
|
||||||
|
"0 0")
|
||||||
|
# cargo-tree succeeded, and so did grep: we found the
|
||||||
|
# forbidden package.
|
||||||
|
echo "Uh-oh: $forbidden has shown up in $our_crate/$feature."
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
"0 1")
|
||||||
|
# cargo-tree succeeded, and grep failed: we didn't find the
|
||||||
|
# forbidden package.
|
||||||
|
echo "Didn't find $forbidden in $our_crate/$feature. Good."
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
# cargo-tree failed (or maybe grep is gruesomely nonstandard)
|
||||||
|
echo "cargo tree failed unexpectedly when checking for $forbidden in $our_crate/$feature" >&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
# We can't use these crates in arti/full, since they expose us to the old
|
||||||
|
# OpenSSL (3BSD + SSLeay) license.
|
||||||
|
forbid arti full ring
|
||||||
|
forbid arti full webpki
|
||||||
|
|
||||||
|
echo "Everything looks fine."
|
Loading…
Reference in New Issue