The environment where the test runner does its thing seems to want
to run as root with umask 000, which naturally makes the fs
permissions checks freak out.
For at least one job, run the first cargo run with --locked. This
will fail if the lockfile needs updating.
I have verified that this correctly detects this situation:
https://gitlab.torproject.org/Diziet/arti/-/pipelines/37692
failed. Now I have rebased this branch onto main to get the fix to
Cargo.lock.
Our support policy says that we can update to any Rust released at
least 6 months ago; 1.56 came out on 21 October 2021.
This doesn't yet change any code: it just increases the version
we say we need in our README, and the version we test against in
CI.
Our main justification for this change is to be able to upgrade to
newer versions of our dependencies, including `async_executors` >=
0.5, `aes` >= 0.8, and `cipher` >= 0.4.
Formerly, the "launch a chutney network" code was duplicated in
"setup" and "arti-bench", since "setup" always launched an arti
proxy, while "arti-bench" didn't want that functionality.
Now the "setup" script launches an arti proxy conditionally,
depending on whether the "proxy" argument is given.
The Rust upgrade is necessary since our Cargo.lock file now requires
`ed25519` 1.4.0, which requires edition2021, which requires Rust
1.56 or later.
The Alpine upgrade is opportunistic: we might as well.
I've also added comments to remind us to keep the .gitlab-ci.yml
and docker_reproducible_build files in sync, since my first version
of this commit messed that up.
Closes#376.
Move rust-nightly to stage test so it runs in parallel with coverage,
which are the two longest jobs, and currently run in sequence.
Don't document dependancies, should make the step about 50% faster
Use about 12M of cache to not recompile grcov each time
Don't compile grcov with coverage, we don't need it, it's probably
slower both to compile and execute
As per #309
Update all references. There is one remaining hit for
git-grep '\.sh\b'
namely "build.sh" in maint/reproducible_build, which I think is
the build script for osxcross - ie, an external project.
Previously it didn't enable any TLS provider, since we made
native-tls optional a few commits ago. Now it enables rustls,
so that rustls also gets a quick check along with async-std.
I've also switched this test to use "cargo clippy" in place of
"cargo test" because it's a strict superset.
Previously this code was in .gitlab-ci.yml, but for the purposes of
testing my fix for #275, it turned out to be much better to have it
in a script of its own.
Also, we now need to update our "quote" second-order dependency,
since otherwise our minimal first-order dependencies won't build
correctly.
Because of arti#257, compatibility with earlier versions of rust are
broken: we hope this is temporary, but fixing it will probably
require a new version of rusqlite.
testing was done on a different target than building, so everything was
compiled twice (actually, it's the same target, but rust doesn't realize
that)
makes build+test about 20% faster
This patch makes the rust-nightly CI task fail if it detects any
dbg!(), println!(), or eprintln!() calls in production code.
Because of clippy limitations, it may also gripe about calls to
these macros in our tests. The preferred workarounds are to either
instead. Both are acceptable.
We're doing this check in CI rather than unconditionally with clippy
directives, since we often want to have these calls in our code
temporarily while we're developing. Some day we might want this
test to go into a pre-push hook.
This patch also adds #![allow()] directives for println!() and
eprintln!() in the arti crate. Since that one isn't a library, it's
okay for it to speak to stdout/stderr.
Closes#218.
This switches out `arti`'s argument-parsing library with `clap`, which
is a lot more featureful (and very widely used within the Rust
ecosystem). We also now use a lot of `clap`'s features to improve the
CLI experience:
- The CLI now expects a subcommand (currently, either "help", or "proxy"
for the existing SOCKS proxy behaviour). This should let us add
additional non-SOCKS-proxy features to arti in future.
- `clap` supports default values determined at runtime, so the way the
default config file is loaded was changed: now, we determine the
OS-specific path for said file before invoking `clap`, so the help
command can show it properly.
- The behaviour of `tor_config` was also changed; now, one simply
specifies a list of configuration files to load, together with
whether they're required.
- That function also way overused generics; this has been fixed.
- Instead of using the ARTI_LOG environment variable to configure
logging, one now uses the `-l, --log-level` CLI option.
(The intent is for this option to be more discoverable by users.)
- The `proxy` subcommand allows the user to override the SOCKS port used
on the CLI without editing the config file.
The affected API (getgrouplist) isn't one that we use, directly or
transitively. We can't just upgrade immediately, since the ctrlc
crate is currently stuck on the older version of nix.
Previously I'd hoped to have it only apply to reproducible builds,
but the work of keeping it up-to-date and checking it for drift
seems to have been tripping us up. Let's try doing it the other way
for now, and we'll see how that goes.
Currently adding new deps can cause builds to not be reproducibles
because that new dependancies don't have their versions frozen in
misc/Cargo.lock.
This make so CI reject commits in that situation, with a message telling
what to do to fix the issue.
Linux hash : c024778da162cda77869c46d162729d012a7758bee973bc83fa78c964d080903
Windows hash : e97e171740b889b7e3722b79c3763177174baac7fa34a5c3615c999298e1bc48
The "--all" flag is deprecated in favor of "--workspace", which
isn't actually needed here.
"--all-features" catches a few things that we want to make sure
we're catching.
Let's try out cargo doc and make sure that passes too.