Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use cargo-auditable to build the final release artifacts #627

Closed
NobodyXu opened this issue Dec 24, 2022 · 16 comments · Fixed by #1182
Closed

Use cargo-auditable to build the final release artifacts #627

NobodyXu opened this issue Dec 24, 2022 · 16 comments · Fixed by #1182

Comments

@NobodyXu
Copy link
Member

Use cargo-auditable to build the final release artifacts so that it contains all the dependencies used and is auditable.

Related:

cross-rs/cross#1172
rust-secure-code/cargo-auditable#95
@Ktoks

This comment was marked as off-topic.

Sign in to view
@NobodyXu NobodyXu mentioned this issue Jan 3, 2023
Open
@NobodyXu

This comment was marked as off-topic.

Sign in to view
@Ktoks

This comment was marked as off-topic.

Sign in to view
@passcod
Copy link
Member

passcod commented Feb 3, 2023

Should also consider using https://github.com/kinnison/git-testament

@NobodyXu
Copy link
Member Author

@passcod Maybe we can introduce a --verbose/-v flag that when specified with -V, caused the commit and more information to be printed?

@passcod
Copy link
Member

passcod commented May 25, 2023
edited
Loading

Yeah I've made bosion for this for watchexec, but it's currently a little dependency heavy...

@NobodyXu
Copy link
Member Author

Yeah I've made bosion for this for watchexec, but it's currently a little dependency heavy...

Oh well, having to pull in gix is indeed way too heavy.
Can we make gix an optional feature and fallback to running external cmd git if gix is not enabled?

@passcod
Copy link
Member

passcod commented May 31, 2023

I'd rather figure out a different way to read the git info in pure rust, if possible, though a fallback wouldn't go amiss.

@NobodyXu
Copy link
Member Author

This is currently blocked on watchexec/watchexec#615 since bosion currently uses old gix version while cargo-binstall uses gix 0.47

@NobodyXu
Copy link
Member Author

I've submit watchexec/watchexec#619 for updating gix to v0.47

@NobodyXu
Copy link
Member Author

I just realized that if we run cargo-install, then bosion will fail to find a git repository.

@NobodyXu
Copy link
Member Author

vergen supports several features to select git impl from git cli, git2 and gix and can disable git.

We can check .git in our build script and run git --version to decide whether to disable git .

@NobodyXu
Copy link
Member Author

While binstall already uses gitoxide, we still can't reuse that in build-dep due to different profiles used.
In profile.release, we set abort-on-panic, which cannot be enabled in build-dep.

NobodyXu added a commit that referenced this issue Jun 27, 2023
@NobodyXu
feat: Support --verbose --version/-vV
699919d 
that provides more information:

```
build-date: 2023-06-27
build-target: aarch64-apple-darwin
features: default,fancy_no_backtrace,git,rustls,static,trust_dns,zstd_thin
commit-hash: 86731fcb8663f98e22a0ca7985f5bf407cc410f0
commit-date: 2023-06-28
rustc-version: 1.70.0
rustc-commit-hash: 90c541806f23a127002de5b4038be731ba1458ca
rustc-llvm-version: 16.0
```

Fixed #627

Signed-off-by: Jiahao XU <[email protected]>
@NobodyXu NobodyXu mentioned this issue Jun 27, 2023
Merged
NobodyXu added a commit that referenced this issue Jun 28, 2023
@NobodyXu
feat: Support --verbose --version/-vV
2137afa 
that provides more information:

```
build-date: 2023-06-27
build-target: aarch64-apple-darwin
features: default,fancy_no_backtrace,git,rustls,static,trust_dns,zstd_thin
commit-hash: 86731fcb8663f98e22a0ca7985f5bf407cc410f0
commit-date: 2023-06-28
rustc-version: 1.70.0
rustc-commit-hash: 90c541806f23a127002de5b4038be731ba1458ca
rustc-llvm-version: 16.0
```

Fixed #627

Signed-off-by: Jiahao XU <[email protected]>
NobodyXu added a commit that referenced this issue Jul 6, 2023
@NobodyXu
feat: Support --verbose --version/-vV
f073af4 
that provides more information:

```
build-date: 2023-06-27
build-target: aarch64-apple-darwin
features: default,fancy_no_backtrace,git,rustls,static,trust_dns,zstd_thin
commit-hash: 86731fcb8663f98e22a0ca7985f5bf407cc410f0
commit-date: 2023-06-28
rustc-version: 1.70.0
rustc-commit-hash: 90c541806f23a127002de5b4038be731ba1458ca
rustc-llvm-version: 16.0
```

Fixed #627

Signed-off-by: Jiahao XU <[email protected]>
NobodyXu added a commit that referenced this issue Jul 17, 2023
@NobodyXu
feat: Support --verbose --version/-vV
2b92c06 
that provides more information:

```
build-date: 2023-06-27
build-target: aarch64-apple-darwin
features: default,fancy_no_backtrace,git,rustls,static,trust_dns,zstd_thin
commit-hash: 86731fcb8663f98e22a0ca7985f5bf407cc410f0
commit-date: 2023-06-28
rustc-version: 1.70.0
rustc-commit-hash: 90c541806f23a127002de5b4038be731ba1458ca
rustc-llvm-version: 16.0
```

Fixed #627

Signed-off-by: Jiahao XU <[email protected]>
NobodyXu added a commit that referenced this issue Jul 17, 2023
@NobodyXu
feat: Support --verbose --version/-vV
4a261ee 
that provides more information:

```
build-date: 2023-06-27
build-target: aarch64-apple-darwin
features: default,fancy_no_backtrace,git,rustls,static,trust_dns,zstd_thin
commit-hash: 86731fcb8663f98e22a0ca7985f5bf407cc410f0
commit-date: 2023-06-28
rustc-version: 1.70.0
rustc-commit-hash: 90c541806f23a127002de5b4038be731ba1458ca
rustc-llvm-version: 16.0
```

Fixed #627

Signed-off-by: Jiahao XU <[email protected]>
NobodyXu added a commit that referenced this issue Jul 18, 2023
@NobodyXu
feat: Support --verbose --version/-vV
39d8cfc 
that provides more information:

```
build-date: 2023-06-27
build-target: aarch64-apple-darwin
features: default,fancy_no_backtrace,git,rustls,static,trust_dns,zstd_thin
commit-hash: 86731fcb8663f98e22a0ca7985f5bf407cc410f0
commit-date: 2023-06-28
rustc-version: 1.70.0
rustc-commit-hash: 90c541806f23a127002de5b4038be731ba1458ca
rustc-llvm-version: 16.0
```

Fixed #627

Signed-off-by: Jiahao XU <[email protected]>
NobodyXu added a commit that referenced this issue Jul 18, 2023
@NobodyXu
feat: Support --verbose --version/-vV
26064c2 
that provides more information:

```
cargo-binstall: 1.0.0
build-date: 2023-07-18
build-target: aarch64-apple-darwin
build-features: default,fancy_no_backtrace,git,rustls,static,trust_dns,zstd_thin
build-commit-hash: 39d8cfc
build-commit-date: 2023-07-18
rustc-version: 1.71.0
rustc-commit-hash: 8ede3aae28fe6e4d52b38157d7bfe0d3bceef225
rustc-llvm-version: 16.0
```

Fixed #627

Signed-off-by: Jiahao XU <[email protected]>
github-merge-queue bot pushed a commit that referenced this issue Jul 18, 2023
@NobodyXu
feat: Support --verbose --version/-vV (#1182)
0c5b7f1 
that provides more information:

```
cargo-binstall: 1.0.0
build-date: 2023-07-18
build-target: aarch64-apple-darwin
build-features: default,fancy_no_backtrace,git,rustls,static,trust_dns,zstd_thin
build-commit-hash: 39d8cfc
build-commit-date: 2023-07-18
rustc-version: 1.71.0
rustc-commit-hash: 8ede3aae28fe6e4d52b38157d7bfe0d3bceef225
rustc-llvm-version: 16.0
```

Fixed #627

Signed-off-by: Jiahao XU <[email protected]>
@repi
Copy link

repi commented Jul 18, 2023

#1182 did not implemented cargo-auditable support right? looks like that PR closed the wrong issue?

@NobodyXu
Copy link
Member Author

#1182 did not implemented cargo-auditable support right? looks like that PR closed the wrong issue?

Well it's actually implemented much earlier than that (before v1.0.0) and this issue is now used to track for verbose version.

@repi
Copy link

repi commented Jul 18, 2023

ah! cool thx

@NobodyXu NobodyXu mentioned this issue Jul 18, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Support --verbose --version/-vV cargo-bins/cargo-binstall
4 participants
@passcod @repi @NobodyXu @Ktoks