mirror of
https://github.com/ipetkov/crane.git
synced 2024-11-26 17:13:16 +03:00
ce0a13f8ba
* Checking for yanked crates requires network access (to ping the crates.io index) which won't work from inside the sandbox
43 lines
1.3 KiB
Nix
43 lines
1.3 KiB
Nix
{ cargo-audit
|
|
, lib
|
|
, mkCargoDerivation
|
|
}:
|
|
|
|
{ advisory-db
|
|
, cargoAuditExtraArgs ? "--ignore yanked"
|
|
, cargoExtraArgs ? ""
|
|
, src
|
|
, ...
|
|
}@origArgs:
|
|
let
|
|
args = builtins.removeAttrs origArgs [
|
|
"cargoAuditExtraArgs"
|
|
"cargoExtraArgs"
|
|
];
|
|
in
|
|
mkCargoDerivation (args // {
|
|
buildPhaseCargoCommand = "cargo audit ${cargoExtraArgs} -n -d ${advisory-db} ${cargoAuditExtraArgs}";
|
|
|
|
src = lib.cleanSourceWith {
|
|
inherit src;
|
|
# Keep all Cargo.lock and audit.toml files in the source in case the caller wants to
|
|
# pass a flag to audit a specific one.
|
|
filter = path: type: type == "directory"
|
|
|| lib.hasSuffix "Cargo.lock" path
|
|
|| lib.hasSuffix "audit.toml" path;
|
|
};
|
|
|
|
cargoArtifacts = null; # Don't need artifacts, just Cargo.lock
|
|
cargoVendorDir = null; # Don't need dependencies either
|
|
doInstallCargoArtifacts = false; # We don't expect to/need to install artifacts
|
|
pnameSuffix = "-audit";
|
|
|
|
# Avoid trying to introspect the Cargo.toml file as it won't exist in the
|
|
# filtered source (it also might not exist in the original source either).
|
|
# So just use some placeholders here in case the caller did not set them.
|
|
pname = args.pname or "crate";
|
|
version = args.version or "0.0.0";
|
|
|
|
nativeBuildInputs = (args.nativeBuildInputs or [ ]) ++ [ cargo-audit ];
|
|
})
|