Skip to content

treewide: use new cargo fetcher #357257

New issue
New issue
Open
Open
treewide: use new cargo fetcher#357257
Labels
3.skill: sprintableA larger issue which is split into distinct actionable tasks5. scope: trackingLong-lived issue tracking long-term fixes or multiple sub-problems6.topic: rust
@Bot-wxt1221

Description

@Bot-wxt1221
Bot-wxt1221
opened on Nov 19, 2024

TODO: @emilazy suggest my script should be reviewd independently and all output should be reduced.

She has mentioned that FOD hash attack is possible.

This is a tracking issue to replace #356862.

These are from old PR:

Already done. We should run nixpkgs-review to check if some package have different Cargo.lock when building and in nixpkgs, like veloren.

I have writen a script to update it automatically.

Now It can solve:

cargoLock = {
  lockFile = xxx;
  outputhahes = {xxx};
};
cargoLock.lockFile = xxx;
cargoLock.outputHashes = {xxx};

Script: https://github.com/Bot-wxt1221/cargo-rename

Usage:

Compile with gcc. Make sure fetch-cargo can be exec. Exec with a xx/pkgs/by-name/xx/xx/package.nix

cc #327063

#349360

Step to reduce:

  1. Generate a file list with cargoLock:
rg "cargoLock" --files-with-matches > filewithcargoLock

cat filewithcargoLock | rev | cut -d / -f 2|rev > packagename
  1. run update-all

useFetchCargoVendor

Metadata

Assignees

No one assigned

    Labels

    3.skill: sprintableA larger issue which is split into distinct actionable tasks5. scope: trackingLong-lived issue tracking long-term fixes or multiple sub-problems6.topic: rust

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions