aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTobias Kortkamp <tobik@FreeBSD.org>2022-04-15 11:51:18 +0000
committerTobias Kortkamp <tobik@FreeBSD.org>2022-04-23 07:39:21 +0000
commitd00e32651ac5da85b4653861c138b8a1573684dd (patch)
treec1de8902fda2fd59f4ae6718abe71113692716fc
parent388404eaa4d5a984d3fcd97ac60519fe96e5fee2 (diff)
downloadports-d00e32651ac5da85b4653861c138b8a1573684dd.tar.gz
ports-d00e32651ac5da85b4653861c138b8a1573684dd.zip
Uses/cargo: Add cargo-audit maintainer target
It wraps security/cargo-audit and generates a report about vulnerable crates. Many ports have those. Based on D17448.
-rw-r--r--Mk/Uses/cargo.mk9
1 files changed, 9 insertions, 0 deletions
diff --git a/Mk/Uses/cargo.mk b/Mk/Uses/cargo.mk
index f73ab923cff8..0e31eef26778 100644
--- a/Mk/Uses/cargo.mk
+++ b/Mk/Uses/cargo.mk
@@ -354,6 +354,15 @@ do-test:
# Helper targets for port maintainers
#
+# cargo-audit generates a vulnerability report using
+# security/cargo-audit based on the crates in Cargo.lock.
+cargo-audit: configure
+ @if ! type cargo-audit > /dev/null 2>&1; then \
+ ${ECHO_MSG} "===> Please install \"security/cargo-audit\""; exit 1; \
+ fi
+ @${ECHO_MSG} "===> Checking for vulnerable crates"
+ @${CARGO} audit --file ${CARGO_CARGOLOCK}
+
# cargo-crates will output the crates list from Cargo.lock. If there
# is no Cargo.lock for some reason, try and generate it first.
cargo-crates: cargo-crates-generate-lockfile