From 6bde8519c1df7302dbed4d538558174027c09c87 Mon Sep 17 00:00:00 2001 From: Louis Pilfold Date: Thu, 17 Dec 2020 11:09:10 +0000 Subject: [PATCH 1/3] cargo deny config --- crates/fuzzing/Cargo.toml | 1 + crates/test-programs/Cargo.toml | 1 + deny.toml | 48 +++++++++++++++++++++++++++++++++ 3 files changed, 50 insertions(+) create mode 100644 deny.toml diff --git a/crates/fuzzing/Cargo.toml b/crates/fuzzing/Cargo.toml index 7120601b2e..c4b13a2589 100644 --- a/crates/fuzzing/Cargo.toml +++ b/crates/fuzzing/Cargo.toml @@ -5,6 +5,7 @@ edition = "2018" name = "wasmtime-fuzzing" publish = false version = "0.19.0" +license = "Apache-2.0 WITH LLVM-exception" [dependencies] anyhow = "1.0.22" diff --git a/crates/test-programs/Cargo.toml b/crates/test-programs/Cargo.toml index 0ba9925014..a2fe35e3f4 100644 --- a/crates/test-programs/Cargo.toml +++ b/crates/test-programs/Cargo.toml @@ -5,6 +5,7 @@ authors = ["The Wasmtime Project Developers"] readme = "README.md" edition = "2018" publish = false +license = "Apache-2.0 WITH LLVM-exception" [build-dependencies] cfg-if = "1.0" diff --git a/deny.toml b/deny.toml new file mode 100644 index 0000000000..d564bf307e --- /dev/null +++ b/deny.toml @@ -0,0 +1,48 @@ +# Documentation for this configuration file can be found here +# https://embarkstudios.github.io/cargo-deny/checks/cfg.html + +targets = [ + { triple = "x86_64-unknown-linux-gnu" }, + { triple = "x86_64-apple-darwin" }, + { triple = "x86_64-pc-windows-msvc" }, + { triple = "aarch64-linux-android" }, +] + +# https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html +[advisories] +vulnerability = "deny" +unmaintained = "deny" +yanked = "deny" +ignore = [ + "RUSTSEC-2020-0053", # dirs is unmaintained +] + +# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html +[licenses] +allow = [ + "Apache-2.0 WITH LLVM-exception", + "Apache-2.0", + "BSD-2-Clause", + "CC0-1.0", + "MIT", + "MPL-2.0", + "Zlib", +] + +# https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html +[bans] +multiple-versions = "deny" +wildcards = "allow" +deny = [] + +# Skip some multiple-versions checks, until they can be fixed. +skip = [ + { name = "ansi_term" }, + { name = "cfg-if" }, + { name = "env_logger" }, + { name = "getrandom" }, + { name = "humantime" }, + { name = "memoffset" }, + { name = "wasmparser" }, + { name = "wast" }, +] From b4283c514fd849ebdb1452d904138e81c688f9e7 Mon Sep 17 00:00:00 2001 From: Louis Pilfold Date: Thu, 17 Dec 2020 11:24:10 +0000 Subject: [PATCH 2/3] cargo deny runs on CI --- .github/workflows/main.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 5e80781daf..881f629610 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -22,6 +22,19 @@ jobs: - run: rustup component add rustfmt - run: cargo fmt --all -- --check + # Lint dependency graph for security advisories, duplicate versions, and + # incompatible licences + cargo_deny: + name: Cargo deny + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + submodules: true + - uses: ./.github/actions/install-rust + - run: cargo install cargo-deny + - run: cargo deny check + # Build `mdBook` documentation for `wasmtime`, and upload it as a temporary # build artifact doc_book: From 26b60744201598806bd07ac2d30d0429e13426c9 Mon Sep 17 00:00:00 2001 From: Louis Pilfold Date: Thu, 17 Dec 2020 13:48:25 +0000 Subject: [PATCH 3/3] Download precompiled cargo deny --- .github/workflows/main.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 881f629610..8b42f8a9db 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -32,7 +32,11 @@ jobs: with: submodules: true - uses: ./.github/actions/install-rust - - run: cargo install cargo-deny + - run: | + set -e + curl -L https://github.com/EmbarkStudios/cargo-deny/releases/download/0.8.5/cargo-deny-0.8.5-x86_64-unknown-linux-musl.tar.gz | tar xzf - + mv cargo-deny-*-x86_64-unknown-linux-musl/cargo-deny cargo-deny + echo `pwd` >> $GITHUB_PATH - run: cargo deny check # Build `mdBook` documentation for `wasmtime`, and upload it as a temporary