2022-08-02 01:55:52 +03:00
|
|
|
{ cargo-audit
|
|
|
|
, lib
|
2022-10-09 21:53:55 +03:00
|
|
|
, mkCargoDerivation
|
2022-08-02 01:55:52 +03:00
|
|
|
}:
|
|
|
|
|
|
|
|
{ advisory-db
|
|
|
|
, cargoAuditExtraArgs ? ""
|
|
|
|
, cargoExtraArgs ? ""
|
|
|
|
, src
|
|
|
|
, ...
|
|
|
|
}@origArgs:
|
2022-07-30 18:52:07 +03:00
|
|
|
let
|
2022-10-09 21:53:55 +03:00
|
|
|
args = builtins.removeAttrs origArgs [
|
|
|
|
"cargoAuditExtraArgs"
|
|
|
|
"cargoExtraArgs"
|
|
|
|
];
|
2022-07-30 18:52:07 +03:00
|
|
|
in
|
2022-10-09 21:53:55 +03:00
|
|
|
mkCargoDerivation (args // {
|
|
|
|
buildPhaseCargoCommand = "cargo audit ${cargoExtraArgs} -n -d ${advisory-db} ${cargoAuditExtraArgs}";
|
2022-07-30 18:52:07 +03:00
|
|
|
|
2022-08-02 01:55:52 +03:00
|
|
|
src = lib.cleanSourceWith {
|
|
|
|
inherit src;
|
2022-09-15 03:44:40 +03:00
|
|
|
# Keep all Cargo.lock and audit.toml files in the source in case the caller wants to
|
2022-08-02 01:55:52 +03:00
|
|
|
# pass a flag to audit a specific one.
|
2022-09-15 03:44:40 +03:00
|
|
|
filter = path: type: type == "directory"
|
|
|
|
|| lib.hasSuffix "Cargo.lock" path
|
|
|
|
|| lib.hasSuffix "audit.toml" path;
|
2022-08-02 01:55:52 +03:00
|
|
|
};
|
|
|
|
|
|
|
|
cargoArtifacts = null; # Don't need artifacts, just Cargo.lock
|
|
|
|
cargoVendorDir = null; # Don't need dependencies either
|
2022-07-30 18:52:07 +03:00
|
|
|
doInstallCargoArtifacts = false; # We don't expect to/need to install artifacts
|
|
|
|
pnameSuffix = "-audit";
|
|
|
|
|
2022-08-02 01:55:52 +03:00
|
|
|
# Avoid trying to introspect the Cargo.toml file as it won't exist in the
|
|
|
|
# filtered source (it also might not exist in the original source either).
|
|
|
|
# So just use some placeholders here in case the caller did not set them.
|
|
|
|
pname = args.pname or "crate";
|
|
|
|
version = args.version or "0.0.0";
|
|
|
|
|
2022-07-30 18:52:07 +03:00
|
|
|
nativeBuildInputs = (args.nativeBuildInputs or [ ]) ++ [ cargo-audit ];
|
|
|
|
})
|