mirror of https://github.com/briansmith/webpki
CI: Use Ubuntu 22.04 on GitHub Actions & update Clippy config.
Get all GitHub Actions jobs passing again. There are no Ubuntu 18.04 runners in GitHub Actions anymore, so use 22.04. Update mk/* scripts to match what's in *ring*'s main branch; some of these changes are required for Ubuntu 22.04. This also fixes a typo in the invocation of `cargo clippy`. Temporarily allow `clippy::explicit_auto_deref` to avoid source code changes prior to the next 0.22.1 release. Tweak `dns_names_test.rs` so that it doesn't trigger `clippy::octal_escapes` false positives. Update `cargo deny` to the latest release and update deny.toml so that the Unicode license will be accepted, matching *ring*'s configuration.
This commit is contained in:
parent
b481381e91
commit
8330c72930
|
@ -6,7 +6,7 @@ on:
|
||||||
push:
|
push:
|
||||||
jobs:
|
jobs:
|
||||||
rustfmt:
|
rustfmt:
|
||||||
runs-on: ubuntu-18.04
|
runs-on: ubuntu-22.04
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: briansmith/actions-rs-toolchain@v1
|
- uses: briansmith/actions-rs-toolchain@v1
|
||||||
|
@ -20,7 +20,7 @@ jobs:
|
||||||
- run: cargo fmt --all -- --check
|
- run: cargo fmt --all -- --check
|
||||||
|
|
||||||
clippy:
|
clippy:
|
||||||
runs-on: ubuntu-18.04
|
runs-on: ubuntu-22.04
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: briansmith/actions-rs-toolchain@v1
|
- uses: briansmith/actions-rs-toolchain@v1
|
||||||
|
@ -36,7 +36,7 @@ jobs:
|
||||||
- run: mk/clippy.sh
|
- run: mk/clippy.sh
|
||||||
|
|
||||||
audit:
|
audit:
|
||||||
runs-on: ubuntu-18.04
|
runs-on: ubuntu-22.04
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: briansmith/actions-rs-toolchain@v1
|
- uses: briansmith/actions-rs-toolchain@v1
|
||||||
|
@ -63,7 +63,7 @@ jobs:
|
||||||
- run: cargo audit --deny warnings
|
- run: cargo audit --deny warnings
|
||||||
|
|
||||||
deny:
|
deny:
|
||||||
runs-on: ubuntu-18.04
|
runs-on: ubuntu-22.04
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: briansmith/actions-rs-toolchain@v1
|
- uses: briansmith/actions-rs-toolchain@v1
|
||||||
|
@ -89,7 +89,7 @@ jobs:
|
||||||
|
|
||||||
# Verify that documentation builds.
|
# Verify that documentation builds.
|
||||||
rustdoc:
|
rustdoc:
|
||||||
runs-on: ubuntu-18.04
|
runs-on: ubuntu-22.04
|
||||||
|
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
|
@ -116,7 +116,7 @@ jobs:
|
||||||
cargo doc --all-features
|
cargo doc --all-features
|
||||||
|
|
||||||
package:
|
package:
|
||||||
runs-on: ubuntu-18.04
|
runs-on: ubuntu-22.04
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: briansmith/actions-rs-toolchain@v1
|
- uses: briansmith/actions-rs-toolchain@v1
|
||||||
|
@ -172,16 +172,16 @@ jobs:
|
||||||
|
|
||||||
include:
|
include:
|
||||||
- target: arm-unknown-linux-gnueabihf
|
- target: arm-unknown-linux-gnueabihf
|
||||||
host_os: ubuntu-18.04
|
host_os: ubuntu-22.04
|
||||||
|
|
||||||
- target: i686-pc-windows-msvc
|
- target: i686-pc-windows-msvc
|
||||||
host_os: windows-latest
|
host_os: windows-latest
|
||||||
|
|
||||||
- target: x86_64-unknown-linux-musl
|
- target: x86_64-unknown-linux-musl
|
||||||
host_os: ubuntu-18.04
|
host_os: ubuntu-22.04
|
||||||
|
|
||||||
- target: x86_64-unknown-linux-gnu
|
- target: x86_64-unknown-linux-gnu
|
||||||
host_os: ubuntu-18.04
|
host_os: ubuntu-22.04
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- if: ${{ contains(matrix.host_os, 'ubuntu') }}
|
- if: ${{ contains(matrix.host_os, 'ubuntu') }}
|
||||||
|
@ -233,7 +233,7 @@ jobs:
|
||||||
# TODO: targets
|
# TODO: targets
|
||||||
include:
|
include:
|
||||||
- target: x86_64-unknown-linux-musl
|
- target: x86_64-unknown-linux-musl
|
||||||
host_os: ubuntu-18.04
|
host_os: ubuntu-22.04
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- if: ${{ contains(matrix.host_os, 'ubuntu') }}
|
- if: ${{ contains(matrix.host_os, 'ubuntu') }}
|
||||||
|
|
|
@ -10,6 +10,7 @@ allow = [
|
||||||
"LicenseRef-ring",
|
"LicenseRef-ring",
|
||||||
"LicenseRef-webpki",
|
"LicenseRef-webpki",
|
||||||
"MIT",
|
"MIT",
|
||||||
|
"Unicode-DFS-2016",
|
||||||
]
|
]
|
||||||
confidence-threshold = 1.0
|
confidence-threshold = 1.0
|
||||||
|
|
||||||
|
|
28
mk/cargo.sh
28
mk/cargo.sh
|
@ -20,12 +20,18 @@ IFS=$'\n\t'
|
||||||
rustflags_self_contained="-Clink-self-contained=yes -Clinker=rust-lld"
|
rustflags_self_contained="-Clink-self-contained=yes -Clinker=rust-lld"
|
||||||
qemu_aarch64="qemu-aarch64 -L /usr/aarch64-linux-gnu"
|
qemu_aarch64="qemu-aarch64 -L /usr/aarch64-linux-gnu"
|
||||||
qemu_arm="qemu-arm -L /usr/arm-linux-gnueabihf"
|
qemu_arm="qemu-arm -L /usr/arm-linux-gnueabihf"
|
||||||
|
qemu_mipsel="qemu-mipsel -L /usr/mipsel-linux-gnu"
|
||||||
|
|
||||||
# Avoid putting the Android tools in `$PATH` because there are tools in this
|
# Avoid putting the Android tools in `$PATH` because there are tools in this
|
||||||
# directory like `clang` that would conflict with the same-named tools that may
|
# directory like `clang` that would conflict with the same-named tools that may
|
||||||
# be needed to compile the build script, or to compile for other targets.
|
# be needed to compile the build script, or to compile for other targets.
|
||||||
if [ -n "${ANDROID_SDK_ROOT-}" ]; then
|
if [ -n "${ANDROID_HOME-}" ]; then
|
||||||
android_tools=$ANDROID_SDK_ROOT/ndk-bundle/toolchains/llvm/prebuilt/linux-x86_64/bin
|
# Keep the next line in sync with the corresponding line in install-build-tools.sh.
|
||||||
|
ndk_version=25.2.9519653
|
||||||
|
ANDROID_NDK_ROOT=${ANDROID_NDK_ROOT:-${ANDROID_HOME}/ndk/$ndk_version}
|
||||||
|
fi
|
||||||
|
if [ -n "${ANDROID_NDK_ROOT-}" ]; then
|
||||||
|
android_tools=${ANDROID_NDK_ROOT}/toolchains/llvm/prebuilt/linux-x86_64/bin
|
||||||
fi
|
fi
|
||||||
|
|
||||||
for arg in $*; do
|
for arg in $*; do
|
||||||
|
@ -39,12 +45,12 @@ for arg in $*; do
|
||||||
done
|
done
|
||||||
|
|
||||||
# See comments in install-build-tools.sh.
|
# See comments in install-build-tools.sh.
|
||||||
llvm_version=12
|
llvm_version=15
|
||||||
|
|
||||||
case $target in
|
case $target in
|
||||||
aarch64-linux-android)
|
aarch64-linux-android)
|
||||||
export CC_aarch64_linux_android=$android_tools/aarch64-linux-android21-clang
|
export CC_aarch64_linux_android=$android_tools/aarch64-linux-android21-clang
|
||||||
export AR_aarch64_linux_android=$android_tools/aarch64-linux-android-ar
|
export AR_aarch64_linux_android=$android_tools/llvm-ar
|
||||||
export CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=$android_tools/aarch64-linux-android21-clang
|
export CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER=$android_tools/aarch64-linux-android21-clang
|
||||||
;;
|
;;
|
||||||
aarch64-unknown-linux-gnu)
|
aarch64-unknown-linux-gnu)
|
||||||
|
@ -67,9 +73,9 @@ case $target in
|
||||||
export CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_RUNNER="$qemu_arm"
|
export CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_RUNNER="$qemu_arm"
|
||||||
;;
|
;;
|
||||||
armv7-linux-androideabi)
|
armv7-linux-androideabi)
|
||||||
export CC_armv7_linux_androideabi=$android_tools/armv7a-linux-androideabi18-clang
|
export CC_armv7_linux_androideabi=$android_tools/armv7a-linux-androideabi19-clang
|
||||||
export AR_armv7_linux_androideabi=$android_tools/arm-linux-androideabi-ar
|
export AR_armv7_linux_androideabi=$android_tools/llvm-ar
|
||||||
export CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=$android_tools/armv7a-linux-androideabi18-clang
|
export CARGO_TARGET_ARMV7_LINUX_ANDROIDEABI_LINKER=$android_tools/armv7a-linux-androideabi19-clang
|
||||||
;;
|
;;
|
||||||
armv7-unknown-linux-musleabihf)
|
armv7-unknown-linux-musleabihf)
|
||||||
export CC_armv7_unknown_linux_musleabihf=clang-$llvm_version
|
export CC_armv7_unknown_linux_musleabihf=clang-$llvm_version
|
||||||
|
@ -87,6 +93,12 @@ case $target in
|
||||||
export AR_i686_unknown_linux_musl=llvm-ar-$llvm_version
|
export AR_i686_unknown_linux_musl=llvm-ar-$llvm_version
|
||||||
export CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_RUSTFLAGS="$rustflags_self_contained"
|
export CARGO_TARGET_I686_UNKNOWN_LINUX_MUSL_RUSTFLAGS="$rustflags_self_contained"
|
||||||
;;
|
;;
|
||||||
|
mipsel-unknown-linux-gnu)
|
||||||
|
export CC_mipsel_unknown_linux_gnu=mipsel-linux-gnu-gcc
|
||||||
|
export AR_mipsel_unknown_linux_gnu=mipsel-linux-gnu-gcc-ar
|
||||||
|
export CARGO_TARGET_MIPSEL_UNKNOWN_LINUX_GNU_LINKER=mipsel-linux-gnu-gcc
|
||||||
|
export CARGO_TARGET_MIPSEL_UNKNOWN_LINUX_GNU_RUNNER="$qemu_mipsel"
|
||||||
|
;;
|
||||||
x86_64-unknown-linux-musl)
|
x86_64-unknown-linux-musl)
|
||||||
export CC_x86_64_unknown_linux_musl=clang-$llvm_version
|
export CC_x86_64_unknown_linux_musl=clang-$llvm_version
|
||||||
export AR_x86_64_unknown_linux_musl=llvm-ar-$llvm_version
|
export AR_x86_64_unknown_linux_musl=llvm-ar-$llvm_version
|
||||||
|
@ -132,7 +144,7 @@ if [ -n "${RING_COVERAGE-}" ]; then
|
||||||
declare -x "${runner_var}=mk/runner ${!runner_var-}"
|
declare -x "${runner_var}=mk/runner ${!runner_var-}"
|
||||||
|
|
||||||
rustflags_var=CARGO_TARGET_${target_upper}_RUSTFLAGS
|
rustflags_var=CARGO_TARGET_${target_upper}_RUSTFLAGS
|
||||||
declare -x "${rustflags_var}=-Zinstrument-coverage ${!rustflags_var-}"
|
declare -x "${rustflags_var}=-Cinstrument-coverage ${!rustflags_var-}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
cargo "$@"
|
cargo "$@"
|
||||||
|
|
|
@ -20,13 +20,14 @@ IFS=$'\n\t'
|
||||||
export NULL=""
|
export NULL=""
|
||||||
cargo clippy \
|
cargo clippy \
|
||||||
--target-dir=target/clippy \
|
--target-dir=target/clippy \
|
||||||
--all-features ---all-targets \
|
--all-features --all-targets \
|
||||||
-- \
|
-- \
|
||||||
--deny missing_docs \
|
--deny missing_docs \
|
||||||
--deny warnings \
|
--deny warnings \
|
||||||
\
|
\
|
||||||
--deny clippy::as_conversions \
|
--deny clippy::as_conversions \
|
||||||
\
|
\
|
||||||
|
--allow clippy::explicit_auto_deref \
|
||||||
--allow clippy::len_without_is_empty \
|
--allow clippy::len_without_is_empty \
|
||||||
--allow clippy::new_without_default \
|
--allow clippy::new_without_default \
|
||||||
--allow clippy::single_match \
|
--allow clippy::single_match \
|
||||||
|
|
|
@ -27,12 +27,32 @@ function install_packages {
|
||||||
use_clang=
|
use_clang=
|
||||||
case $target in
|
case $target in
|
||||||
--target*android*)
|
--target*android*)
|
||||||
mkdir -p "${ANDROID_SDK_ROOT}/licenses"
|
# https://blog.rust-lang.org/2023/01/09/android-ndk-update-r25.html says
|
||||||
android_license_file="${ANDROID_SDK_ROOT}/licenses/android-sdk-license"
|
# "Going forward the Android platform will target the most recent LTS NDK,
|
||||||
|
# allowing Rust developers to access platform features sooner. These updates
|
||||||
|
# should occur yearly and will be announced in release notes." Assume that
|
||||||
|
# means that we should always prefer to be using the latest 25.x.y version of
|
||||||
|
# the NDK until the Rust project announces that we should use a higher major
|
||||||
|
# version number.
|
||||||
|
#
|
||||||
|
# TODO: This should probably be implemented as a map of Rust toolchain version
|
||||||
|
# to NDK version; e.g. our MSRV might (only) support an older NDK than the
|
||||||
|
# latest stable Rust toolchain.
|
||||||
|
#
|
||||||
|
# Keep the following line in sync with the corresponding line in cargo.sh.
|
||||||
|
ndk_version=25.2.9519653
|
||||||
|
|
||||||
|
mkdir -p "${ANDROID_HOME}/licenses"
|
||||||
|
android_license_file="${ANDROID_HOME}/licenses/android-sdk-license"
|
||||||
accept_android_license=24333f8a63b6825ea9c5514f83c2829b004d1fee
|
accept_android_license=24333f8a63b6825ea9c5514f83c2829b004d1fee
|
||||||
grep --quiet --no-messages "$accept_android_license" "$android_license_file" \
|
grep --quiet --no-messages "$accept_android_license" "$android_license_file" \
|
||||||
|| echo $accept_android_license >> "$android_license_file"
|
|| echo $accept_android_license >> "$android_license_file"
|
||||||
"${ANDROID_SDK_ROOT}/cmdline-tools/latest/bin/sdkmanager" ndk-bundle
|
"${ANDROID_HOME}/cmdline-tools/latest/bin/sdkmanager" "ndk;$ndk_version"
|
||||||
|
|
||||||
|
# XXX: Older Rust toolchain versions link with `-lgcc` instead of `-lunwind`;
|
||||||
|
# see https://github.com/rust-lang/rust/pull/85806.
|
||||||
|
find -L ${ANDROID_NDK_ROOT:-${ANDROID_HOME}/ndk/$ndk_version} -name libunwind.a \
|
||||||
|
-execdir sh -c 'echo "INPUT(-lunwind)" > libgcc.a' \;
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
@ -65,28 +85,31 @@ case $target in
|
||||||
--target=i686-unknown-linux-musl|--target=x86_64-unknown-linux-musl)
|
--target=i686-unknown-linux-musl|--target=x86_64-unknown-linux-musl)
|
||||||
use_clang=1
|
use_clang=1
|
||||||
;;
|
;;
|
||||||
|
--target=mipsel-unknown-linux-gnu)
|
||||||
|
install_packages \
|
||||||
|
gcc-mipsel-linux-gnu \
|
||||||
|
libc6-dev-mipsel-cross \
|
||||||
|
qemu-user
|
||||||
|
;;
|
||||||
--target=wasm32-unknown-unknown)
|
--target=wasm32-unknown-unknown)
|
||||||
# The version of wasm-bindgen-cli must match the wasm-bindgen version.
|
cargo install wasm-bindgen-cli --bin wasm-bindgen-test-runner
|
||||||
wasm_bindgen_version=$(cargo metadata --format-version 1 | jq -r '.packages | map(select( .name == "wasm-bindgen")) | map(.version) | .[0]')
|
use_clang=1
|
||||||
cargo install wasm-bindgen-cli --vers "$wasm_bindgen_version" --bin wasm-bindgen-test-runner
|
|
||||||
case ${features-} in
|
|
||||||
*wasm32_c*)
|
|
||||||
use_clang=1
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
;;
|
;;
|
||||||
--target=*)
|
--target=*)
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
if [ -n "$use_clang" ]; then
|
case "$OSTYPE" in
|
||||||
# https://github.com/rust-lang/rust/pull/79365 upgraded the coverage file
|
linux*)
|
||||||
# format to one that only LLVM 11+ can use
|
ubuntu_codename=$(lsb_release --codename --short)
|
||||||
llvm_version=12
|
llvm_version=15
|
||||||
sudo apt-key add mk/llvm-snapshot.gpg.key
|
sudo apt-key add mk/llvm-snapshot.gpg.key
|
||||||
sudo add-apt-repository "deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-$llvm_version main"
|
sudo add-apt-repository "deb http://apt.llvm.org/$ubuntu_codename/ llvm-toolchain-$ubuntu_codename-$llvm_version main"
|
||||||
sudo apt-get update
|
sudo apt-get update
|
||||||
install_packages clang-$llvm_version llvm-$llvm_version
|
# We need to use `llvm-nm` in `mk/check-symbol-prefixes.sh`.
|
||||||
fi
|
install_packages llvm-$llvm_version
|
||||||
|
if [ -n "$use_clang" ]; then
|
||||||
|
install_packages clang-$llvm_version
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
|
@ -250,7 +250,7 @@ static IP_ADDRESS_DNS_VALIDITY: &[(&[u8], bool)] = &[
|
||||||
(b"1.2.3.4\n", false),
|
(b"1.2.3.4\n", false),
|
||||||
// Nulls not allowed
|
// Nulls not allowed
|
||||||
(b"\0", false),
|
(b"\0", false),
|
||||||
(b"\01.2.3.4", false),
|
(b"\x001.2.3.4", false),
|
||||||
(b"1.2.3.4\0", false),
|
(b"1.2.3.4\0", false),
|
||||||
(b"1.2.3.4\0.5", false),
|
(b"1.2.3.4\0.5", false),
|
||||||
// Range
|
// Range
|
||||||
|
@ -389,7 +389,7 @@ static IP_ADDRESS_DNS_VALIDITY: &[(&[u8], bool)] = &[
|
||||||
(b"::1\0:2", false),
|
(b"::1\0:2", false),
|
||||||
(b"::1\0", false),
|
(b"::1\0", false),
|
||||||
(b"::1.2.3.4\0", false),
|
(b"::1.2.3.4\0", false),
|
||||||
(b"::1.2\02.3.4", false),
|
(b"::1.2\x002.3.4", false),
|
||||||
];
|
];
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
|
|
Loading…
Reference in New Issue