A build script reaching into your .git/hooks/ and modifying them
nonconsensually was a bit of a horrifying concept, and also made it hard
to build arti with the feature disabled. Remove this crate, and replace
it with manual instructions on how to install the hooks in
CONTRIBUTING.md.
This commitid is the current head of my MR branch
https://github.com/colin-kiegel/rust-derive-builder/pull/253https://github.com/ijackson/rust-derive-builder/tree/field-builder
Using the commitid prevents surprises if that branch is updated.
We will require this newer version of derive_builder. The version
will need to be bumped again later, assuming the upstream MR is merged
and upstream do a release containing the needed changes.
We will need the new version of not only `derive_builder_core` (the
main macro implementation) but also`derive_builder` for a new error
type.
The new version of derive_builder requires a newer darling.
Ooops. Upstream MR here:
https://github.com/colin-kiegel/rust-derive-builder/pull/242
For now, upgrade darling. When there's a new upstream derive_builder,
we can use it and drop this.
Formerly, the "launch a chutney network" code was duplicated in
"setup" and "arti-bench", since "setup" always launched an arti
proxy, while "arti-bench" didn't want that functionality.
Now the "setup" script launches an arti proxy conditionally,
depending on whether the "proxy" argument is given.
The Rust upgrade is necessary since our Cargo.lock file now requires
`ed25519` 1.4.0, which requires edition2021, which requires Rust
1.56 or later.
The Alpine upgrade is opportunistic: we might as well.
I've also added comments to remind us to keep the .gitlab-ci.yml
and docker_reproducible_build files in sync, since my first version
of this commit messed that up.
Closes#376.
The *earlier* versions of these crates pull in *dependencies* that
violate our MSRV policy by requiring a *later* version of Rust.
Empirically, env_logger 0.5.4 would be enough, but practice here seems
to be to just say "cargo update".
As per #309
Update all references. There is one remaining hit for
git-grep '\.sh\b'
namely "build.sh" in maint/reproducible_build, which I think is
the build script for osxcross - ie, an external project.
Shellcheck doesn't like it when you do `rm -r "$A/$B"` : it worries
that the path might accidentally expand to /.
That shouldn't actually be possible in this case, but let's avoid
being the people who accidentally remove somebody's filesystem.
There's some kind of bug in nightly that (for me) keeps grcov from
generating correct results. Instead, it misses some crates entirely.
No trouble, though: I can just use an older nightly until they get
this issue fixed!
This patch makes using a different version of nightly possible with
a new RUST_COVERAGE_TOOLCHAIN environment variable.
`coverage.sh` is now a more elaborate script to before, thanks to
moving from tarpaulin to grcov via `with_coverage.sh`.
This commit also adds support for the minimalistic
chutney+curl-based integration test from our gitlab-ci.yml file.
See the message from "coverage.sh -h" for information about running
these tests.
Closes#248.
Previously this code was in .gitlab-ci.yml, but for the purposes of
testing my fix for #275, it turned out to be much better to have it
in a script of its own.
Also, we now need to update our "quote" second-order dependency,
since otherwise our minimal first-order dependencies won't build
correctly.
This change jettisons the awk and ed dependencies and instead uses a
real HTML parser, via the BeautifulSoup library in python.
Using BeautifulSoup lets us do trickier stuff, like actually
extracting the coverage totals and adding our own table, with
per-crate coverage.
The script only does this post-processing when it finds python3; the
script exits with an error if BeautifulSoup isn't installed.
If the -c flag is provided, we _continue_ with the previous
consensus_meta data (without deleting it).
If the -s flag is provided, we _skip_ generating the final report
(since we're going to be doing more profiling.)
Now the shell is controlled by the presence of an -i flag, and can
be combined with a command.
This commit also adds usage messages and better reports for a couple
of kinds of setup errors.
We need this for clock_gettime_nsec_np().
The source is not canonical, but neither was the one we were using
before. To mitigate this, I've added a digest check on the SDK after
downloading it.
A 100% real canonical reproducible build process will probably
require Apple hardware anyway.
Closes#221
Disclaimer: I have no idea what I'm doing when it comes to shell
scripts.
maint/thanks.sh autogenerates a list of contributors since a revision
(that you pass it on the command line), intended to make the work of
going through the shortlog a bit less manual. It can exclude
contributors' names given in maint/exclude_contributors.txt, in order to
filter out people who work for Tor, or who commit under more than one
name.
Thanks to the chrono update, we no longer include an
obsolete/vulnerable version of the `time` crate. Unfortunately, it
turns out that chrono has the same trouble as `time`: it, too, looks
at the environment via localtime_r, and the environment isn't
threadsafe.
One step forward, one step back. At least the underlying issue is
one that lots of people seem to care about; let's hope they come up
with a solution.
Previously I'd hoped to have it only apply to reproducible builds,
but the work of keeping it up-to-date and checking it for drift
seems to have been tripping us up. Let's try doing it the other way
for now, and we'll see how that goes.
Linux hash : c024778da162cda77869c46d162729d012a7758bee973bc83fa78c964d080903
Windows hash : e97e171740b889b7e3722b79c3763177174baac7fa34a5c3615c999298e1bc48
And convert some `add_or_port` calls to use `SocketAddr` instead of
parse + unwrap on strings.
> Note, this last change is only for IPv4 addresses, for now, and only
> within tests.
> Check `implicit_clone` section of Clippy documentation for details;
>
> https://rust-lang.github.io/rust-clippy/master/index.html#implicit_clone
This adds, and addresses, the following Clippy configuration to crates;
#![deny(clippy::implicit_clone)]
And moves related line within `maint/add_warning.py` file. My intent is to
mitigate extra edits after merging, so please let me know if I need to do this
last bit differently.
We implement this by giving a list of permitted licenses, and then
using cargo-license to dump everything's actual license. Since
packages list their licenses as "x OR y OR z", we permit any package
that is available under at least one license on the allow-list.
This is a somewhat obnoxious change in its scope and requirements,
but it makes it easier to understand what the real public and
private parts of our APIs are.