Fixes #17308: Use cargo-deny to replace cargo-audit

relay/sources/Makefile

@@ -159,7 +159,7 @@ lint:
 
 check: lint
 	cd relayd && cargo test
-	cd relayd && cargo audit
+	cd relayd && cargo deny check
 
 # Clean
 

relay/sources/relayd/Cargo.toml

@@ -7,7 +7,7 @@ description = "Rudder relay component"
 readme = "README.md"
 homepage = "https://www.rudder.io"
 repository = "https://github.com/Normation/rudder"
-license = "GPL3"
+license = "GPL-3.0-or-later"
 
 [[bin]]
 name = "rudder-relayd"

relay/sources/relayd/Makefile

@@ -28,7 +28,7 @@ build-env:
 	curl https://sh.rustup.rs -sSf | sh
 	rustup component add clippy
 	cargo install cargo-update
-	cargo install cargo-audit
+	cargo install cargo-deny
 
 build-env-update:
 	rustup self update

relay/sources/relayd/deny.toml

@@ -0,0 +1,31 @@
+[licenses]
+# List of explictly allowed licenses
+# See https://spdx.org/licenses/ for list of possible licenses
+# [possible values: any SPDX 3.7 short identifier (+ optional exception)].
+allow = [
+    "MIT",
+    "Apache-2.0",
+    "ISC",
+    "Zlib",
+    "BSD-2-Clause",
+    "BSD-3-Clause",
+    "GPL-3.0",
+]
+#copyleft = "allow"
+# Blanket approval or denial for OSI-approved or FSF Free/Libre licenses
+# * both - The license will be approved if it is both OSI-approved *AND* FSF
+# * either - The license will be approved if it is either OSI-approved *OR* FSF
+# * osi-only - The license will be approved if is OSI-approved *AND NOT* FSF
+# * fsf-only - The license will be approved if is FSF *AND NOT* OSI-approved
+# * neither - This predicate is ignored and the default lint level is used
+allow-osi-fsf-free = "neither"
+# Lint level used when no other predicates are matched
+# 1. License isn't in the allow or deny lists
+# 2. License isn't copyleft
+# 3. License isn't OSI/FSF, or allow-osi-fsf-free = "neither"
+default = "deny"
+
+[bans]
+# Lint level for when multiple versions of the same crate are detected
+multiple-versions = "allow"
+