search

MangoIV / cabal-audit

audit your cabal projects for haskell-specific security-advisories
21 stars 2 forks source link

Provide balanced installation/contribution instructions #21

Open hasufell opened 4 months ago

hasufell commented 4 months ago

Both the installation section and the contribution section tell me to use nix as the first option. In the worst case, this will make an uninformed newcomer install nix and go down a rabbit hole of tooling nightmares (YMMV).

I suggest to be a bit more balanced. Cabal and Stack are by far the most popular options to build haskell projects: https://taylor.fausak.me/2022/11/18/haskell-survey-results/#s3q0

I don't see a stack.yaml in this repo either.

MangoIV commented 4 months ago

Hi! That's a great idea. Providing contribution instructions using cabal should be trivial, it should already “just work”. I will do that.

I probably won’t maintain a stack.yaml though, I never personally use that tool and it is kinda subsumed by what nix does.

telser commented 3 months ago

This would be great. For example, trying just now:

git clone git@github.com:MangoIV/cabal-audit.git 
cd cabal-audit
cabal update
cabal install
cabal run cabal-audit

Apparently does not work, resulting in the following error:

cabal-audit failed:
Listing the advisories in directory /tmp/cabal-audit-f2a93cceff80dacf failed with: 
[AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n"]
MangoIV commented 3 months ago

can you come around? I don’t think the reason has anything to do with the installation, it’s an upstream bug in the security advisories tooling. The PR I have open there will fix it.

MangoIV commented 3 months ago

The issue is how git outputs dates and how the security-advisories tooling parsers them.