Closed zjp-CN closed 1 week ago
在检测仓库时,遇到不支持识别 Cargo.lock version 4。CI
我无法在本地重现这个错误,因为 rustc 1.83.0-nightly (0ee7cb5e3 2024-09-10)
上依然对 kern-crates/elf_parser
生成 version3 Cargo.lock。(version4 应该在 nightly 上有一段时间了,不确定为什么会这样)
Error:
0: error: not found: Couldn't load Cargo.lock
Caused by:
-> I/O operation failed: parse error: parse error: invalid Cargo.lock format version: `4`
0:
Location:
src/utils/mod.rs:98
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ SPANTRACE ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
0: os_checker::utils::cmd_run with bin="cargo" args=["audit", "--json"]
at src/utils/mod.rs:87
1: os_checker::layout::audit::cargo_audit with lock_file=Ok("/home/runner/check/batch_7/kern-crates/elf_parser/Cargo.lock")
at src/layout/audit.rs:109
2: os_checker::run_checker::try_new with user="kern-crates" repo="elf_parser"
at src/run_checker/mod.rs:183
不过恰好几天前 cargo-lock 合并了支持 version4 的 PR,目前暂时应该源码编译 cargo audit 来解决这个问题。
P.S. 我还没安装 cargo audit,为什么 CI 可以直接跑... 更新:github action 自带一个 Rust 版本,并且预装了 cargo-audit 和 cargo-outdated。
在这个仓库上又出现另外的错误:
Error:
0: Fail to parse json as a rustsec::Report:
{"database":{"advisory-count":663,"last-commit":"acb7ce45817b13dd34cb32540ff18be4e1f3ba09","last-updated":"2024-10-09T00:13:59+01:00"},"lockfile":{"dependency-count":15},"settings":{"target_arch":[],"target_os":[],"severity":null,"ignore":[],"informational_warnings":["unmaintained","unsound","notice"]},"vulnerabilities":{"found":false,"count":0,"list":[]},"warnings":{}}
1: invalid type: sequence, expected a string at line 1 column 196
Location:
src/layout/audit.rs:121
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ SPANTRACE ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
0: os_checker::layout::audit::cargo_audit with lock_file=Ok("/home/runner/check/batch_7/kern-crates/elf_parser/Cargo.lock")
at src/layout/audit.rs:113
1: os_checker::run_checker::try_new with user="kern-crates" repo="elf_parser"
at src/run_checker/mod.rs:183
Report 的 Settings 字段不兼容,比如 pub target_arch: Option<Arch>
变成了 pub target_arch: Option<Arch>
,因此需要更新 rustsec 库版本。
Error:
0: raw_err=
Location:
src/utils/mod.rs:98
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ SPANTRACE ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
0: os_checker::utils::cmd_run with bin="cargo" args=["audit", "--json"]
at src/utils/mod.rs:87
1: os_checker::layout::audit::cargo_audit with lock_file=Ok("/home/runner/check/batch_1/Byte-OS/lose-net-stack/example/Cargo.lock")
at src/layout/audit.rs:114
2: os_checker::run_checker::try_new with user="Byte-OS" repo="lose-net-stack"
at src/run_checker/mod.rs:183
在 Byte-OS/lose-net-stack
上失败,但未报告任何具体原因。
https://github.com/RustSec/rustsec/tree/main/cargo-audit
集成示例: