cargo-audit has been failing in Cirrus CI ever since 14.0 and 13.3 were released (it works in 13.2). The symptom is similar to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=276557 , but the root cause is different. A workaround is to install the ca_root_nss package (which is installed by default on the 13.2 release image in GCP; that's why cargo-audit works there). Until upstream fixes the root cause, can we please add ca_root_nss as a RUN_DEPENDS? https://github.com/rustsec/rustsec/issues/1137
Yup, if you have a patch ready (run_depends + bump portrevision): Approved by: mikael Otherwise I'll try to find some time next week to fix it.
Ok, I'll do it. Shall I update to 0.20.0 at the same time? https://github.com/rustsec/rustsec/blob/main/cargo-audit/CHANGELOG.md#0200-2024-02-16
(In reply to Alan Somers from comment #2) It's tricky to update cargo-audit due to the multiple crates. If it builds fine with poudriere testport, go for it.
Created attachment 250924 [details] Update port to 0.20.0 Here's the patch. I found that I had to add the CARGO_CARGOLOCK line in order to make "make cargo-crates" work. How did you do it before?
(In reply to Alan Somers from comment #4) I was searching all the Cargo.toml, generated the corresponding Cargo.lock file and used the various Cargo scripts in /usr/ports/Mk/Scripts to create CARGO_CRATES. Your solution seems easier. You can take maintainership of this port if you want.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=a2441a424dbb04fbd70cdee0367ad9f57b0f86ce commit a2441a424dbb04fbd70cdee0367ad9f57b0f86ce Author: Alan Somers <asomers@FreeBSD.org> AuthorDate: 2024-05-24 17:25:58 +0000 Commit: Alan Somers <asomers@FreeBSD.org> CommitDate: 2024-05-28 17:14:01 +0000 security/cargo-audit: version 0.20.0 https://github.com/rustsec/rustsec/blob/main/cargo-audit/CHANGELOG.md#0200-2024-02-16 Also, make ca_root_nss a RUN_DEPENDS to workaround https://github.com/rustsec/rustsec/issues/1137 PR: 279260 Approved by: mikael (maintainer) security/cargo-audit/Makefile | 8 +- security/cargo-audit/Makefile.crates | 177 ++++++----------- security/cargo-audit/distinfo | 356 +++++++++++------------------------ 3 files changed, 166 insertions(+), 375 deletions(-)
I just committed it. Though, on second thought, a better strategy than setting CARGO_CARGOLOCK and WRKSRC_SUBDIR might just be to set CARGO_CARGOTOML. That's what sysutils/gstat-rs does.