chore(3p/rustsec-advisory-db): track using niv

This will make sure that the db is updated regularly (on every channel bump). This is fine, because an advisory no longer implies a build failure. Change-Id: I1dc0b335e0881b5c58015da63c3c47f1ab1e645f Reviewed-on: https://cl.tvl.fyi/c/depot/+/4554 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su>
2021-12-24 12:24:04 +01:00 · 2021-12-24 12:24:04 +01:00 · e855d140bd
commit e855d140bd
parent 6c4e447587
3 changed files with 20 additions and 27 deletions
--- a/third_party/rustsec-advisory-db/default.nix
+++ b/third_party/rustsec-advisory-db/default.nix
@ -1,27 +1,19 @@
 # RustSec's advisory db for crates
-#
-# Update using:
-#
-#   nix-prefetch-git --quiet --url https://github.com/RustSec/advisory-db.git > third_party/rustsec-advisory-db/pin.json
-#
-# TODO(Profpatsch): automatically update in regular intervals
-{ pkgs, ... }:
+{ pkgs, depot, ... }:

 let
-  pin = builtins.fromJSON (builtins.readFile ./pin.json);
-
-  date = builtins.head (builtins.split "T" pin.date);
+  inherit (depot.third_party.sources) rustsec-advisory-db;
 in

 pkgs.fetchFromGitHub {
-  name = "advisory-db-${date}";
-  owner = "RustSec";
-  repo = "advisory-db";
-  inherit (pin)
-    rev
+  inherit (rustsec-advisory-db)
+    owner
+    repo
    sha256
+    rev
    ;
+
  passthru = {
-    inherit (pin) rev;
+    inherit (rustsec-advisory-db) rev;
  };
 }
--- a/third_party/rustsec-advisory-db/pin.json
+++ b/third_party/rustsec-advisory-db/pin.json
@ -1,11 +0,0 @@
-{
-  "url": "https://github.com/RustSec/advisory-db.git",
-  "rev": "d29205a680bb8b3a22eaba6e9b2a5a6580274af0",
-  "date": "2021-10-08T18:17:22+02:00",
-  "path": "/nix/store/nm8nwgdyrs6mi9dydf6vylc833i3alnn-advisory-db",
-  "sha256": "0h08kfn2878k5l0qdsxikakrjbqbn6fb8f95zxpqfh5hqzn7mb6b",
-  "fetchLFS": false,
-  "fetchSubmodules": false,
-  "deepClone": false,
-  "leaveDotGit": false
-}