feat(rustsec-advisory-db): update to 2021-10-08 via nix-prefetch-git
This makes it much easier to update the db manually and also lays the foundation for future automation bumping the advisory db. Change-Id: I1244020c8bb1af43bf4e207c55f6420eb3f57bcf Reviewed-on: https://cl.tvl.fyi/c/depot/+/3713 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: Profpatsch <mail@profpatsch.de>
This commit is contained in:
sterni
parent
a3f8d2b84b
commit
14282370e9
2 changed files with 29 additions and 3 deletions
21
third_party/rustsec-advisory-db/default.nix
vendored
21
third_party/rustsec-advisory-db/default.nix
vendored
|
|
@ -1,9 +1,24 @@
|
|||
# RustSec's advisory db for crates
|
||||
#
|
||||
# Update using:
|
||||
#
|
||||
# nix-prefetch-git --quiet --url https://github.com/RustSec/advisory-db.git > third_party/rustsec-advisory-db/pin.json
|
||||
#
|
||||
# TODO(Profpatsch): automatically update in regular intervals
|
||||
{ pkgs, ... }:
|
||||
|
||||
let
|
||||
pin = builtins.fromJSON (builtins.readFile ./pin.json);
|
||||
|
||||
date = builtins.head (builtins.split "T" pin.date);
|
||||
in
|
||||
|
||||
pkgs.fetchFromGitHub {
|
||||
name = "advisory-db-${date}";
|
||||
owner = "RustSec";
|
||||
repo = "advisory-db";
|
||||
# TODO(Profpatsch): this will have to be updated regularly, how?
|
||||
rev = "113188c62380753f01ff0df5edb7d67a300b143a";
|
||||
sha256 = "0v086ybwr71zgs5nv8yr4w2w2d4daxx6in2s1sjb4m41q1r9p0wj";
|
||||
inherit (pin)
|
||||
rev
|
||||
sha256
|
||||
;
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue