NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3587c27c8e
kumquat-buildroot/package/rust-bin/rust-bin.mk
James Hilliard 0da2742abb package/{rust, rust-bin}: security bump to version 1.66.1 
Fixes CVE-2022-46176: Cargo did not perform SSH host key verification when
cloning indexes and dependencies via SSH

https://blog.rust-lang.org/2023/01/10/cve-2022-46176.html

Link to Rust 1.66.1 announcement: https://blog.rust-lang.org/2023/01/10/Rust-1.66.1.html

Newest version of the source archives have been retrieved with their hash values,
and the signature of the .asc files have been verified as follows:
$ curl -fsSL https://static.rust-lang.org/rust-key.gpg.ascii | gpg --import
$ gpg --verify <filename.asc> <filename>

There is no typographical error in the packages according to the check-pakage utility:
$ ./utils/check-package package/rust-bin/*
$ ./utils/check-package package/rust/*

The testsuite tool were successfully run for rust and rust-bin packages to test
the Rust toolchain under 1.66.1:
$ ./support/testing/run-tests -k -d dl/ -o testsuite tests.package.test_rust.TestRustBin
$ ./support/testing/run-tests -k -d dl/ -o testsuite tests.package.test_rust.TestRust

In order to verify the compatibility of packages depending on Rust 1.66.1,
tests using `./utils/test-pkg` were run.
You may want to execute the test-pkg command after creating a `.config` file
enabling the corresponding BR2_PACKAGE, for example:
Create a file `buildroot/ripgrep.config` containing "BR2_PACKAGE_RIPGREP=y"
Then execute:
$ ./utils/test-pkg -d test-pkg -c ripgrep.config -p ripgrep

Results:
librsvg OK
ripgrep OK
suricata OK
bat OK

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[Peter: mark as security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-01-13 16:10:52 +01:00

65 lines
2.0 KiB
Makefile
Raw Blame History

################################################################################
#
# rust-bin
#
################################################################################
# When updating this version, check whether support/download/cargo-post-process
# still generates the same archives.
RUST_BIN_VERSION = 1.66.1
RUST_BIN_SITE = https://static.rust-lang.org/dist
RUST_BIN_LICENSE = Apache-2.0 or MIT
RUST_BIN_LICENSE_FILES = LICENSE-APACHE LICENSE-MIT
HOST_RUST_BIN_PROVIDES = host-rustc
HOST_RUST_BIN_SOURCE = rust-$(RUST_BIN_VERSION)-$(RUSTC_HOST_NAME).tar.xz
ifeq ($(BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS),y)
HOST_RUST_BIN_EXTRA_DOWNLOADS += rust-std-$(RUST_BIN_VERSION)-$(RUSTC_TARGET_NAME).tar.xz
endif
HOST_RUST_BIN_LIBSTD_HOST_PREFIX = rust-std-$(RUSTC_HOST_NAME)
define HOST_RUST_BIN_LIBSTD_EXTRACT
mkdir -p $(@D)/std
$(foreach f,$(HOST_RUST_BIN_EXTRA_DOWNLOADS), \
$(call suitable-extractor,$(f)) $(HOST_RUST_BIN_DL_DIR)/$(f) | \
$(TAR) -C $(@D)/std $(TAR_OPTIONS) -
)
mkdir -p $(@D)/rustc/lib/rustlib/$(RUSTC_HOST_NAME)/lib
cd $(@D)/rustc/lib/rustlib/$(RUSTC_HOST_NAME)/lib; \
ln -sf ../../../../../$(HOST_RUST_BIN_LIBSTD_HOST_PREFIX)/lib/rustlib/$(RUSTC_HOST_NAME)/lib/* .
endef
HOST_RUST_BIN_POST_EXTRACT_HOOKS += HOST_RUST_BIN_LIBSTD_EXTRACT
HOST_RUST_BIN_INSTALL_COMMON_OPTS = \
--prefix=$(HOST_DIR) \
--disable-ldconfig
HOST_RUST_BIN_INSTALL_OPTS = \
$(HOST_RUST_BIN_INSTALL_COMMON_OPTS) \
--components=rustc,cargo,rust-std-$(RUSTC_HOST_NAME)
define HOST_RUST_BIN_INSTALL_RUSTC
(cd $(@D); \
./install.sh $(HOST_RUST_BIN_INSTALL_OPTS))
endef
ifeq ($(BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS),y)
define HOST_RUST_BIN_INSTALL_LIBSTD_TARGET
(cd $(@D)/std/rust-std-$(RUST_BIN_VERSION)-$(RUSTC_TARGET_NAME); \
./install.sh $(HOST_RUST_BIN_INSTALL_COMMON_OPTS))
endef
endif
define HOST_RUST_BIN_INSTALL_CMDS
$(HOST_RUST_BIN_INSTALL_RUSTC)
$(HOST_RUST_BIN_INSTALL_LIBSTD_TARGET)
endef
HOST_RUST_BIN_POST_INSTALL_HOOKS += HOST_RUST_INSTALL_CARGO_CONFIG
$(eval $(host-generic-package))
Reference in New Issue View Git Blame Copy Permalink