kumquat-buildroot/package/rust/rust.mk
James Hilliard 0da2742abb package/{rust, rust-bin}: security bump to version 1.66.1
Fixes CVE-2022-46176: Cargo did not perform SSH host key verification when
cloning indexes and dependencies via SSH

https://blog.rust-lang.org/2023/01/10/cve-2022-46176.html

Link to Rust 1.66.1 announcement: https://blog.rust-lang.org/2023/01/10/Rust-1.66.1.html

Newest version of the source archives have been retrieved with their hash values,
and the signature of the .asc files have been verified as follows:
$ curl -fsSL https://static.rust-lang.org/rust-key.gpg.ascii | gpg --import
$ gpg --verify <filename.asc> <filename>

There is no typographical error in the packages according to the check-pakage utility:
$ ./utils/check-package package/rust-bin/*
$ ./utils/check-package package/rust/*

The testsuite tool were successfully run for rust and rust-bin packages to test
the Rust toolchain under 1.66.1:
$ ./support/testing/run-tests -k -d dl/ -o testsuite tests.package.test_rust.TestRustBin
$ ./support/testing/run-tests -k -d dl/ -o testsuite tests.package.test_rust.TestRust

In order to verify the compatibility of packages depending on Rust 1.66.1,
tests using `./utils/test-pkg` were run.
You may want to execute the test-pkg command after creating a `.config` file
enabling the corresponding BR2_PACKAGE, for example:
Create a file `buildroot/ripgrep.config` containing "BR2_PACKAGE_RIPGREP=y"
Then execute:
$ ./utils/test-pkg -d test-pkg -c ripgrep.config -p ripgrep

Results:
librsvg OK
ripgrep OK
suricata OK
bat OK

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
[Peter: mark as security bump]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2023-01-13 16:10:52 +01:00

97 lines
3.1 KiB
Makefile

################################################################################
#
# rust
#
################################################################################
# When updating this version, check whether support/download/cargo-post-process
# still generates the same archives.
RUST_VERSION = 1.66.1
RUST_SOURCE = rustc-$(RUST_VERSION)-src.tar.xz
RUST_SITE = https://static.rust-lang.org/dist
RUST_LICENSE = Apache-2.0 or MIT
RUST_LICENSE_FILES = LICENSE-APACHE LICENSE-MIT
HOST_RUST_PROVIDES = host-rustc
HOST_RUST_DEPENDENCIES = \
toolchain \
host-pkgconf \
host-python3 \
host-rust-bin \
host-openssl \
$(BR2_CMAKE_HOST_DEPENDENCY)
HOST_RUST_VERBOSITY = $(if $(VERBOSE),2,0)
# Some vendor crates contain Cargo.toml.orig files. The associated
# .cargo-checksum.json file will contain a checksum for Cargo.toml.orig but
# support/scripts/apply-patches.sh will delete them. This will cause the build
# to fail, as Cargo will not be able to find the file and verify the checksum.
# So, remove all Cargo.toml.orig entries from the affected .cargo-checksum.json
# files
define HOST_RUST_EXCLUDE_ORIG_FILES
for file in $$(find $(@D) -name '*.orig'); do \
crate=$$(dirname $${file}); \
fn=$${crate}/.cargo-checksum.json; \
sed -i -e 's/"Cargo.toml.orig":"[a-z0-9]\+",//g' $${fn}; \
done
endef
HOST_RUST_POST_EXTRACT_HOOKS += HOST_RUST_EXCLUDE_ORIG_FILES
define HOST_RUST_CONFIGURE_CMDS
( \
echo '[build]'; \
echo 'target = ["$(RUSTC_TARGET_NAME)"]'; \
echo 'cargo = "$(HOST_RUST_BIN_DIR)/cargo/bin/cargo"'; \
echo 'rustc = "$(HOST_RUST_BIN_DIR)/rustc/bin/rustc"'; \
echo 'python = "$(HOST_DIR)/bin/python$(PYTHON3_VERSION_MAJOR)"'; \
echo 'submodules = false'; \
echo 'vendor = true'; \
echo 'extended = true'; \
echo 'tools = ["cargo"]'; \
echo 'compiler-docs = false'; \
echo 'docs = false'; \
echo 'verbose = $(HOST_RUST_VERBOSITY)'; \
echo '[install]'; \
echo 'prefix = "$(HOST_DIR)"'; \
echo 'sysconfdir = "$(HOST_DIR)/etc"'; \
echo '[rust]'; \
echo 'channel = "stable"'; \
echo 'musl-root = "$(STAGING_DIR)"' ; \
echo '[target.$(RUSTC_TARGET_NAME)]'; \
echo 'cc = "$(TARGET_CROSS)gcc"'; \
echo '[llvm]'; \
echo 'ninja = false'; \
) > $(@D)/config.toml
endef
define HOST_RUST_BUILD_CMDS
cd $(@D); $(HOST_MAKE_ENV) $(HOST_DIR)/bin/python$(PYTHON3_VERSION_MAJOR) x.py build
endef
HOST_RUST_INSTALL_OPTS = \
--prefix=$(HOST_DIR) \
--disable-ldconfig
define HOST_RUST_INSTALL_RUSTC
cd $(@D)/build/tmp/tarball/rust/$(RUSTC_HOST_NAME)/rust-$(RUST_VERSION)-$(RUSTC_HOST_NAME); \
./install.sh $(HOST_RUST_INSTALL_OPTS) --components=rustc,cargo,rust-std-$(RUSTC_HOST_NAME)
endef
ifeq ($(BR2_PACKAGE_HOST_RUSTC_TARGET_ARCH_SUPPORTS),y)
define HOST_RUST_INSTALL_LIBSTD_TARGET
cd $(@D)/build/tmp/tarball/rust-std/$(RUSTC_TARGET_NAME)/rust-std-$(RUST_VERSION)-$(RUSTC_TARGET_NAME); \
./install.sh $(HOST_RUST_INSTALL_OPTS)
endef
endif
define HOST_RUST_INSTALL_CMDS
cd $(@D); $(HOST_MAKE_ENV) $(HOST_DIR)/bin/python$(PYTHON3_VERSION_MAJOR) x.py dist
$(HOST_RUST_INSTALL_RUSTC)
$(HOST_RUST_INSTALL_LIBSTD_TARGET)
endef
$(eval $(host-generic-package))