Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cargo-geiger: init at 0.7.3 #72633

Merged
merged 2 commits into from Nov 4, 2019
Merged

cargo-geiger: init at 0.7.3 #72633

merged 2 commits into from Nov 4, 2019

Conversation

evanjs
Copy link
Member

@evanjs evanjs commented Nov 2, 2019

Motivation for this change

cargo-geiger: Detects usage of unsafe Rust in a Rust crate and its dependencies.

I recently discovered safety-dance and figured cargo-geiger would be a nice utility to have on nixpkgs.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nix-review --run "nix-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

Seems to work fine without any tweaks.

Some sample output from the url crate:

    Checking matches v0.1.8
    Checking smallvec v0.6.12
    Checking percent-encoding v2.1.0 (/home/evanjs/src/crates/rust-url/percent_encoding)
    Checking unicode-bidi v0.3.4
    Checking unicode-normalization v0.1.8
    Checking idna v0.2.0 (/home/evanjs/src/crates/rust-url/idna)
    Checking url v2.1.0 (/home/evanjs/src/crates/rust-url)
     Finished dev [unoptimized + debuginfo] target(s) in 4.10s
    Scanning done

Metric output format: x/y
    x = unsafe code used by the build
    y = total unsafe code found in the crate

Symbols: 
    :) = No `unsafe` usage found, declares #![forbid(unsafe_code)]
    ?  = No `unsafe` usage found, missing #![forbid(unsafe_code)]
    !  = `unsafe` usage found

Functions  Expressions  Impls  Traits  Methods  Dependency

0/0        6/6          0/0    0/0     0/0      !  url 2.1.0
0/0        1/1          0/0    0/0     0/0      !  ├── idna 0.2.0
0/0        0/0          0/0    0/0     0/0      ?  │   ├── matches 0.1.8
0/0        0/0          0/0    0/0     0/0      :) │   ├── unicode-bidi 0.3.4
0/0        0/0          0/0    0/0     0/0      ?  │   │   └── matches 0.1.8
0/0        20/20        0/0    0/0     0/0      !  │   └── unicode-normalization 0.1.8
2/2        322/322      4/4    1/1     13/13    !  │       └── smallvec 0.6.12
0/0        0/0          0/0    0/0     0/0      ?  ├── matches 0.1.8
0/0        3/3          0/0    0/0     0/0      !  └── percent-encoding 2.1.0

I had to use rev = "${pname}-${version}"; for rev as there are two programs in the repository (including the releases section): cargo-geiger and geiger.

I'm following the updates for cargo-geiger, so I have to use this rather than e.g. v${version}.
Happy to do whatever is cleanest, though.

Also, I have not tested on a Mac, but would be happy if somebody was able to do so.

Aside from installation, all that needs to be done for testing is running cargo geiger from a "normal" (/singular) Rust project -- e.g. not a virtual workspace, such as the root of the main Rust repo.

Finally, I noticed there are categories for development/tools/rust and tools/package-management.
There seemed to be some overlap between the two categories, so I just settled with development/tools/rust for now.
Happy to modify this if there is a better option.

jonringer
jonringer reviewed Nov 2, 2019
View reviewed changes
pkgs/development/tools/rust/cargo-geiger/default.nix Outdated
sha256 = "1lm8dx19svdpg99zbpfcm1272n18y63sq756hf6k99zi51av17xc";
};

doCheck = false;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why exclude tests?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Network access.

---- test_package::case_3 stdout ----
-------------- TEST START --------------
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Snapshot Differences ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Snapshot file: cargo-geiger/tests/snapshots/mod__test3_package_with_nested_deps.stderr.snap
Snapshot: test3_package_with_nested_deps.stderr
Source: cargo-geiger/tests/mod.rs:44
Old: n.a.
New: Sun,  3 Nov 2019 00:26:17 +0000

+new results
────────────────────────────────────────────────────────────────────────────────
stderr
────────────┬───────────────────────────────────────────────────────────────────
          1 │+error: failed to load source for a dependency on `itertools`
          2 │+
          3 │+Caused by:
          4 │+  Unable to update https://github.com/rust-itertools/itertools.git?rev=8761fbefb3b209
          5 │+
          6 │+Caused by:
          7 │+  failed to clone into: /build/git/db/itertools-eb89fd56766bcf43
          8 │+
          9 │+Caused by:
         10 │+  failed to resolve address for github.com: Name or service not known; class=Net (12)
         11 │+
────────────┴───────────────────────────────────────────────────────────────────

Oddly enough, tests seemed to fail even outside of nix-build for the release I selected here, but passed on master.

Regardless, it looks like they won't work without network connectivity.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is there a way to selectively disable certain tests?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Eh I’d rather not selectively disable tests, but I do want to look at cargo insta which this crate seems to use.

Going to see if there’s anything I can do in preCheck or etc.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the case that doesn't work, then yes, skipping specific tests seems pretty straight-forward to me.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Decided to settle on disabling a few tests for now.
I was able to compile after skipping 3 out of 7 tests.

I also added a note on how we might be able to run these in the future.

@evanjs
cargo-geiger: run tests; skip tests that require network connectivity
f453041 
- Add note on how we might be able to run all tests in the future
@evanjs evanjs requested a review from jonringer November 4, 2019 00:22
jonringer
jonringer approved these changes Nov 4, 2019
View reviewed changes
Copy link
Contributor

@jonringer jonringer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nix-review passes on NiXOS
diff LGTM
executable seems to work

https://github.com/NixOS/nixpkgs/pull/72633
1 package were build:
cargo-geiger

@jonringer jonringer merged commit c6705f5 into NixOS:master Nov 4, 2019
@jonringer
Copy link
Contributor

ty for enabling the tests which work well with sandbox :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonringer jonringer jonringer approved these changes

Assignees
No one assigned
Labels
8.has: package (new) 10.rebuild-darwin: 1-10 10.rebuild-linux: 1-10 11.by: package-maintainer
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@evanjs @jonringer