From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 95CF01581F3 for ; Mon, 25 Nov 2024 03:36:05 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id DD5CAE08B1; Mon, 25 Nov 2024 03:35:59 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 66BF4E0844 for ; Mon, 25 Nov 2024 03:35:59 +0000 (UTC) From: kangie@gentoo.org To: gentoo-dev@lists.gentoo.org Cc: Matt Jolly Subject: [gentoo-dev] [PATCH 0/3] cargo.eclass: Trivial crate replacements Date: Mon, 25 Nov 2024 13:35:27 +1000 Message-ID: <20241125033530.115757-1-kangie@gentoo.org> X-Mailer: git-send-email 2.47.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Archives-Salt: 1e42f09a-1c07-425a-a89f-00cfbf023045 X-Archives-Hash: dbf8ccb4c14eee1a8ceaf4b71ccbeed9 From: Matt Jolly Updating vulnerable or outdated crates in Rust ebuilds is not easy. This patchset aims to reduce the developer effort and knowledge required to substitute crates into a Rust build process. We do this by: - Enabling `paths = ['/foo/bar/baz']` style global replacements. This useful for ebuilds that vendor their crates but has some substantial limitations. This is required to (e.g.) build an older dev-lang/rust against a modern system with OpenSSL 3. - Providing a helper function that takes advantage of the eclass replacing crates.io with an offline repository to run `cargo update --offline` and update the Lockfile and crate metadata to include provided crate updates. There is some room for additional work to arbitrarily patch dependency crates (including checksum updates) and ensure that they are suitable for dependency resolution, however where a vulnerable (or otherwise broken) crate needs to be replaced with an updated version from crates.io this should prove suitable for most use cases. The following GitHub Pull Request has been opened for review feedback: https://github.com/gentoo/gentoo/pull/39464 Matt Jolly (3): cargo.eclass: add trivial crate overrides dev-lang/rust{,-bin}: Add 1.54.0 app-antivirus/clamav: example of trivial crate replacement app-antivirus/clamav/Manifest | 2 +- ...1.0.7-r1.ebuild => clamav-1.0.7-r2.ebuild} | 8 +- dev-lang/rust-bin/Manifest | 34 ++ dev-lang/rust-bin/rust-bin-1.54.0.ebuild | 188 ++++++ dev-lang/rust/Manifest | 4 + ...nore-broken-and-non-applicable-tests.patch | 75 +++ .../1.49.0-gentoo-musl-target-specs.patch | 164 +++++ .../rust/files/1.53.0-rustversion-1.0.5.patch | 234 ++++++++ .../rust/files/1.54.0-parallel-miri.patch | 43 ++ .../files/llvm/12/cstdint-signals-h.patch | 24 + dev-lang/rust/rust-1.54.0.ebuild | 560 ++++++++++++++++++ eclass/cargo.eclass | 115 +++- eclass/rust.eclass | 2 + 13 files changed, 1445 insertions(+), 8 deletions(-) rename app-antivirus/clamav/{clamav-1.0.7-r1.ebuild => clamav-1.0.7-r2.ebuild} (99%) create mode 100644 dev-lang/rust-bin/rust-bin-1.54.0.ebuild create mode 100644 dev-lang/rust/files/1.47.0-ignore-broken-and-non-applicable-tests.patch create mode 100644 dev-lang/rust/files/1.49.0-gentoo-musl-target-specs.patch create mode 100644 dev-lang/rust/files/1.53.0-rustversion-1.0.5.patch create mode 100644 dev-lang/rust/files/1.54.0-parallel-miri.patch create mode 100644 dev-lang/rust/files/llvm/12/cstdint-signals-h.patch create mode 100644 dev-lang/rust/rust-1.54.0.ebuild -- 2.47.0