The license there is `(MIT OR Apache-2.0) AND Unicode-DFS-2016`,
which fine, but the existing shell script doesn't actually handle
"AND" correctly. This commit adds a workaround for licenses that
are "AND", and some comments about weaknesses in our (lack of)
boolean expression parsing.
This should fix CI.
- arti#448 and arti!607 highlight an issue with upgrading `rsa`: namely,
the `x25519-dalek` version previously used has a hard dependency on
`zeroize` 1.3, which creates a dependency conflict.
- However, `x25519-dalek` version `2.0.0-pre.1` relaxes this dependency.
Reviewing the changelogs, it doesn't look like that version is
substantially different from the current one at all, so it should be
safe to use despite the "prerelease" tag.
- The new `x25519-dalek` version also bumps `rand_core`, which means we
don't have to use the RNG compat wrapper in `tor-llcrypto` as much.
closes arti#448
Found these by disabling the nightly dbg macro special case. Now, we
have a mechanism for globally adding suppressions to tests, we can use
that instead.
This will allow us to have add_warning manage test lint blocks.
We have to stop printing all the filenames because there are too
many. Filenames still come out on error of course.
Closes#462.
Note that the license on `ring` is slightly problematic for some
users, including as it does old the openssl license[^1], with
advertising clause and all. That's not a blocker for us now, since
`ring` is not a required dependency. But we wouldn't want `ring` to
become a mandatory dependency because of this.
[^1]: To make the situation even more complicated, modern openssl
has relicensed under apache-2.0, but that doesn't necessarily
help us, since ring took its code from boringssll, which
forked from an older version of openssl.
We don't process the in-script lint block, just paste it in, now.
This is less complicated.
This reverts/replaces
"maint/add_warnings: Make it add the markers for its future self"
A build script reaching into your .git/hooks/ and modifying them
nonconsensually was a bit of a horrifying concept, and also made it hard
to build arti with the feature disabled. Remove this crate, and replace
it with manual instructions on how to install the hooks in
CONTRIBUTING.md.
This commitid is the current head of my MR branch
https://github.com/colin-kiegel/rust-derive-builder/pull/253https://github.com/ijackson/rust-derive-builder/tree/field-builder
Using the commitid prevents surprises if that branch is updated.
We will require this newer version of derive_builder. The version
will need to be bumped again later, assuming the upstream MR is merged
and upstream do a release containing the needed changes.
We will need the new version of not only `derive_builder_core` (the
main macro implementation) but also`derive_builder` for a new error
type.
The new version of derive_builder requires a newer darling.
Ooops. Upstream MR here:
https://github.com/colin-kiegel/rust-derive-builder/pull/242
For now, upgrade darling. When there's a new upstream derive_builder,
we can use it and drop this.
Formerly, the "launch a chutney network" code was duplicated in
"setup" and "arti-bench", since "setup" always launched an arti
proxy, while "arti-bench" didn't want that functionality.
Now the "setup" script launches an arti proxy conditionally,
depending on whether the "proxy" argument is given.
The Rust upgrade is necessary since our Cargo.lock file now requires
`ed25519` 1.4.0, which requires edition2021, which requires Rust
1.56 or later.
The Alpine upgrade is opportunistic: we might as well.
I've also added comments to remind us to keep the .gitlab-ci.yml
and docker_reproducible_build files in sync, since my first version
of this commit messed that up.
Closes#376.
The *earlier* versions of these crates pull in *dependencies* that
violate our MSRV policy by requiring a *later* version of Rust.
Empirically, env_logger 0.5.4 would be enough, but practice here seems
to be to just say "cargo update".
As per #309
Update all references. There is one remaining hit for
git-grep '\.sh\b'
namely "build.sh" in maint/reproducible_build, which I think is
the build script for osxcross - ie, an external project.
Shellcheck doesn't like it when you do `rm -r "$A/$B"` : it worries
that the path might accidentally expand to /.
That shouldn't actually be possible in this case, but let's avoid
being the people who accidentally remove somebody's filesystem.
There's some kind of bug in nightly that (for me) keeps grcov from
generating correct results. Instead, it misses some crates entirely.
No trouble, though: I can just use an older nightly until they get
this issue fixed!
This patch makes using a different version of nightly possible with
a new RUST_COVERAGE_TOOLCHAIN environment variable.
`coverage.sh` is now a more elaborate script to before, thanks to
moving from tarpaulin to grcov via `with_coverage.sh`.
This commit also adds support for the minimalistic
chutney+curl-based integration test from our gitlab-ci.yml file.
See the message from "coverage.sh -h" for information about running
these tests.
Closes#248.
Previously this code was in .gitlab-ci.yml, but for the purposes of
testing my fix for #275, it turned out to be much better to have it
in a script of its own.
Also, we now need to update our "quote" second-order dependency,
since otherwise our minimal first-order dependencies won't build
correctly.
This change jettisons the awk and ed dependencies and instead uses a
real HTML parser, via the BeautifulSoup library in python.
Using BeautifulSoup lets us do trickier stuff, like actually
extracting the coverage totals and adding our own table, with
per-crate coverage.
The script only does this post-processing when it finds python3; the
script exits with an error if BeautifulSoup isn't installed.
If the -c flag is provided, we _continue_ with the previous
consensus_meta data (without deleting it).
If the -s flag is provided, we _skip_ generating the final report
(since we're going to be doing more profiling.)
Now the shell is controlled by the presence of an -i flag, and can
be combined with a command.
This commit also adds usage messages and better reports for a couple
of kinds of setup errors.
We need this for clock_gettime_nsec_np().
The source is not canonical, but neither was the one we were using
before. To mitigate this, I've added a digest check on the SDK after
downloading it.
A 100% real canonical reproducible build process will probably
require Apple hardware anyway.
Closes#221
Disclaimer: I have no idea what I'm doing when it comes to shell
scripts.
maint/thanks.sh autogenerates a list of contributors since a revision
(that you pass it on the command line), intended to make the work of
going through the shortlog a bit less manual. It can exclude
contributors' names given in maint/exclude_contributors.txt, in order to
filter out people who work for Tor, or who commit under more than one
name.
Thanks to the chrono update, we no longer include an
obsolete/vulnerable version of the `time` crate. Unfortunately, it
turns out that chrono has the same trouble as `time`: it, too, looks
at the environment via localtime_r, and the environment isn't
threadsafe.
One step forward, one step back. At least the underlying issue is
one that lots of people seem to care about; let's hope they come up
with a solution.
Nick Mathewson
trinity-1686a
Ian Jackson
Ian Jackson
FAMASoon
eta
Orhun Parmaksız
Steven Murdoch
Dimitris Apostolou
Daniel Schischkin
Arturo Marquez
Daniel Eades
Trinity Pointard