git: d00e32651ac5 - main - Uses/cargo: Add cargo-audit maintainer target
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 23 Apr 2022 07:49:23 UTC
The branch main has been updated by tobik:
URL: https://cgit.FreeBSD.org/ports/commit/?id=d00e32651ac5da85b4653861c138b8a1573684dd
commit d00e32651ac5da85b4653861c138b8a1573684dd
Author: Tobias Kortkamp <tobik@FreeBSD.org>
AuthorDate: 2022-04-15 11:51:18 +0000
Commit: Tobias Kortkamp <tobik@FreeBSD.org>
CommitDate: 2022-04-23 07:39:21 +0000
Uses/cargo: Add cargo-audit maintainer target
It wraps security/cargo-audit and generates a report about
vulnerable crates. Many ports have those. Based on D17448.
---
Mk/Uses/cargo.mk | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/Mk/Uses/cargo.mk b/Mk/Uses/cargo.mk
index f73ab923cff8..0e31eef26778 100644
--- a/Mk/Uses/cargo.mk
+++ b/Mk/Uses/cargo.mk
@@ -354,6 +354,15 @@ do-test:
# Helper targets for port maintainers
#
+# cargo-audit generates a vulnerability report using
+# security/cargo-audit based on the crates in Cargo.lock.
+cargo-audit: configure
+ @if ! type cargo-audit > /dev/null 2>&1; then \
+ ${ECHO_MSG} "===> Please install \"security/cargo-audit\""; exit 1; \
+ fi
+ @${ECHO_MSG} "===> Checking for vulnerable crates"
+ @${CARGO} audit --file ${CARGO_CARGOLOCK}
+
# cargo-crates will output the crates list from Cargo.lock. If there
# is no Cargo.lock for some reason, try and generate it first.
cargo-crates: cargo-crates-generate-lockfile