rust-secure-code / cargo-auditable

Make production Rust binaries auditable
Apache License 2.0
646 stars 28 forks source link

upgrade dependency miniz_oxide to 0.6.0 #125

Closed alexanderkjall closed 1 year ago

alexanderkjall commented 1 year ago

As 0.6 is packaged in Debian: https://packages.debian.org/trixie/librust-miniz-oxide-dev

cargo-auditable is finally on it way into testing: https://qa.debian.org/excuses.php?package=rust-cargo-auditable

With two patches:

https://sources.debian.org/src/rust-cargo-auditable/0.6.1-1/debian/patches/disable-unsupported-arch.patch/ <-- The Aarch64_Ilp32 didn't exist for some reason that I haven't dug into yet.

https://sources.debian.org/src/rust-cargo-auditable/0.6.1-1/debian/patches/relax-deps.patch/ <-- I packaged the latest versions of auditable-serde and auditable-info, I hope this won't present a problem.

Shnatsel commented 1 year ago

The latest git of cargo auditable contains some breaking changes compared to the latest release, and I am not ready to ship them yet. So bumping it in git master doesn't really help you, although I'm happy to accept the patch.

The Aarch64_Ilp32 didn't exist for some reason that I haven't dug into yet.

This should be due to the object crate being too old. It is likely that cargo-auditable is not declaring the minimum version requirement correctly, i.e. it's not set to the first release where Aarch64_Ilp32 appeared.

I packaged the latest versions of auditable-serde and auditable-info, I hope this won't present a problem.

Yep, that should work fine.

cargo-auditable is finally on it way into testing: https://qa.debian.org/excuses.php?package=rust-cargo-auditable

:tada: