Skip to content
Permalink
Browse files

Add support for Rust's package manager Cargo.

The package manager builds in general from source archives called
crates that are downloaded from crates.io or a custom crates
registry. The only exception are the dependencies specified through a
[path] or through [git] repository. For now, cargo does not support
binary artifacts.

The information about the projects and its dependencies is fully
provided by the `cargo metadata` command. In particular, it resolves
the dependency tree of the project. The information is produced from
the project definition `Cargo.toml` and its lock file `Cargo.lock`.
The latter file is generated by the metadata command if it does not
exist. Note that for workspaces `Cargo.lock` is generated next to the
workspace definition.

The `downloader` is changed to prefer crates instead of downloading
the source code from VCS for Cargo packages.

Resolves #724

[path]: https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html#specifying-path-dependencies
[git]: https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html#specifying-dependencies-from-git-repositories

Signed-off-by: boxdot <d@zerovolt.org>
  • Loading branch information...
boxdot authored and sschuberth committed May 4, 2019
1 parent d3c0f6e commit f81e4829056d8b915242ff2783eade5030f90c5a
Showing with 985 additions and 4 deletions.
  1. +2 −0 .appveyor.yml
  2. +3 −0 .travis.yml
  3. +1 −0 README.md
  4. +7 −0 analyzer/src/funTest/assets/projects/synthetic/all-managers/Cargo.toml
  5. +95 −0 analyzer/src/funTest/assets/projects/synthetic/cargo-expected-output.yml
  6. +62 −0 analyzer/src/funTest/assets/projects/synthetic/cargo-subcrate-client-expected-output.yml
  7. +57 −0 analyzer/src/funTest/assets/projects/synthetic/cargo-subcrate-integration-expected-output.yml
  8. +128 −0 analyzer/src/funTest/assets/projects/synthetic/cargo-subcrate-lib-expected-output.yml
  9. +3 −0 analyzer/src/funTest/assets/projects/synthetic/cargo-subcrate/.gitignore
  10. +37 −0 analyzer/src/funTest/assets/projects/synthetic/cargo-subcrate/Cargo.lock
  11. +14 −0 analyzer/src/funTest/assets/projects/synthetic/cargo-subcrate/Cargo.toml
  12. +23 −0 analyzer/src/funTest/assets/projects/synthetic/cargo-subcrate/client/Cargo.lock
  13. +9 −0 analyzer/src/funTest/assets/projects/synthetic/cargo-subcrate/client/Cargo.toml
  14. +3 −0 analyzer/src/funTest/assets/projects/synthetic/cargo-subcrate/client/src/main.rs
  15. +16 −0 analyzer/src/funTest/assets/projects/synthetic/cargo-subcrate/integration/Cargo.lock
  16. +9 −0 analyzer/src/funTest/assets/projects/synthetic/cargo-subcrate/integration/Cargo.toml
  17. +3 −0 analyzer/src/funTest/assets/projects/synthetic/cargo-subcrate/integration/src/main.rs
  18. +7 −0 analyzer/src/funTest/assets/projects/synthetic/cargo-subcrate/src/lib.rs
  19. +1 −0 analyzer/src/funTest/assets/projects/synthetic/cargo/.gitignore
  20. +23 −0 analyzer/src/funTest/assets/projects/synthetic/cargo/Cargo.lock
  21. +16 −0 analyzer/src/funTest/assets/projects/synthetic/cargo/Cargo.toml
  22. +7 −0 analyzer/src/funTest/assets/projects/synthetic/cargo/src/lib.rs
  23. +105 −0 analyzer/src/funTest/kotlin/CargoSubcrateTest.kt
  24. +67 −0 analyzer/src/funTest/kotlin/CargoTest.kt
  25. +274 −0 analyzer/src/main/kotlin/managers/Cargo.kt
  26. +1 −0 analyzer/src/main/resources/META-INF/services/com.here.ort.analyzer.PackageManagerFactory
  27. +1 −0 analyzer/src/test/kotlin/PackageManagerTest.kt
  28. +1 −1 docs/GettingStarted.md
  29. +9 −2 downloader/src/main/kotlin/Downloader.kt
  30. +1 −1 utils/src/main/kotlin/ArchiveUtils.kt
@@ -9,6 +9,7 @@ environment:
GO_DEP_VERSION: 0.5.0
NPM_VERSION: 6.4.0
PHP_VERSION: 7.2.0
RUST_VERSION: 1.35.0
SBT_VERSION: 1.0.2
STACK_VERSION: 2.1.1
VIRTUAL_ENV_VERSION: 15.1.0
@@ -36,6 +37,7 @@ install:
- npm install -g bower@%BOWER_VERSION% yarn@%YARN_VERSION%
- pip install virtualenv==%VIRTUAL_ENV_VERSION%
- cinst haskell-stack --version %STACK_VERSION% -y
- cinst rust --version %RUST_VERSION% -y
- cinst sbt --version %SBT_VERSION% -y
- cinst php --version %PHP_VERSION% -y
- cinst composer --version %COMPOSER_VERSION% -y # The version refers to the installer, not to Composer.
@@ -31,6 +31,7 @@ env:
- GO_DEP_VERSION="0.5.1"
- NPM_VERSION="6.4.0"
- PHP_VERSION="7.1"
- RUST_VERSION="1.35.0"
- STACK_VERSION="2.1.1"
- YARN_VERSION="1.16.0"

@@ -47,6 +48,8 @@ install:
- curl -Ls https://git.io/sbt > ~/bin/sbt
- chmod a+x ~/bin/sbt
- curl -sSL https://github.com/commercialhaskell/stack/raw/v$STACK_VERSION/etc/scripts/get-stack.sh | sh
- curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain $RUST_VERSION
- export PATH=$PATH:$HOME/.cargo/bin
- curl https://storage.googleapis.com/git-repo-downloads/repo > ~/bin/repo
- chmod a+x ~/bin/repo
- curl -Os https://dl.google.com/android/repository/sdk-tools-linux-$ANDROID_SDK_VERSION.zip
@@ -226,6 +226,7 @@ Currently, the following package managers / build systems can be detected and qu

* [Bower](http://bower.io/) (JavaScript)
* [Bundler](http://bundler.io/) (Ruby)
* [Cargo](https://doc.rust-lang.org/cargo/) (Rust)
* [dep](https://golang.github.io/dep/) (Go)
* [DotNet](https://docs.microsoft.com/en-us/dotnet/core/tools/) (.NET, with currently some [limitations](https://github.com/heremaps/oss-review-toolkit/pull/1303#issue-253860146))
* [Glide](https://glide.sh/) (Go)
@@ -0,0 +1,7 @@
[package]
name = "hello"
version = "0.1.0"
authors = ["anon <anon@example.com>"]
edition = "2018"

[dependencies]
@@ -0,0 +1,95 @@
---
project:
id: "Cargo::lib:0.1.0"
purl: "pkg://Cargo//lib@0.1.0"
definition_file_path: "<REPLACE_DEFINITION_FILE_PATH>"
declared_licenses:
- "Apache-2.0"
- "MIT"
declared_licenses_processed:
spdx_expression: "Apache-2.0 AND MIT"
vcs:
type: ""
url: ""
revision: ""
path: ""
vcs_processed:
type: "Git"
url: "<REPLACE_URL>"
revision: "<REPLACE_REVISION>"
path: "<REPLACE_PATH>"
homepage_url: "https://example.org"
scopes:
- name: "dependencies"
dependencies:
- id: "Cargo::cfg-if:0.1.9"
linkage: "STATIC"
- name: "devDependencies"
dependencies:
- id: "Cargo::spin:0.5.0"
linkage: "STATIC"
packages:
- package:
id: "Cargo::cfg-if:0.1.9"
purl: "pkg://Cargo//cfg-if@0.1.9"
declared_licenses:
- "Apache-2.0"
- "MIT"
declared_licenses_processed:
spdx_expression: "Apache-2.0 AND MIT"
description: "A macro to ergonomically define an item depending on a large number\
\ of #[cfg]\nparameters. Structured like an if-else chain, the first matching\
\ branch is the\nitem that gets emitted.\n"
homepage_url: ""
binary_artifact:
url: ""
hash:
value: ""
algorithm: ""
source_artifact:
url: "https://crates.io/api/v1/crates/cfg-if/0.1.9/download"
hash:
value: "b486ce3ccf7ffd79fdeb678eac06a9e6c09fc88d33836340becb8fffe87c5e33"
algorithm: "SHA-256"
vcs:
type: "Git"
url: "https://github.com/alexcrichton/cfg-if.git"
revision: ""
path: ""
vcs_processed:
type: "Git"
url: "https://github.com/alexcrichton/cfg-if.git"
revision: ""
path: ""
curations: []
- package:
id: "Cargo::spin:0.5.0"
purl: "pkg://Cargo//spin@0.5.0"
declared_licenses:
- "MIT"
declared_licenses_processed:
spdx_expression: "MIT"
description: "Synchronization primitives based on spinning.\nThey may contain\
\ data, are usable without `std`,\nand static initializers are available.\n"
homepage_url: ""
binary_artifact:
url: ""
hash:
value: ""
algorithm: ""
source_artifact:
url: "https://crates.io/api/v1/crates/spin/0.5.0/download"
hash:
value: "44363f6f51401c34e7be73db0db371c04705d35efbe9f7d6082e03a921a32c55"
algorithm: "SHA-256"
vcs:
type: "Git"
url: "https://github.com/mvdnes/spin-rs.git"
revision: ""
path: ""
vcs_processed:
type: "Git"
url: "https://github.com/mvdnes/spin-rs.git"
revision: ""
path: ""
curations: []
@@ -0,0 +1,62 @@
---
project:
id: "Cargo::client:0.1.0"
purl: "pkg://Cargo//client@0.1.0"
definition_file_path: "<REPLACE_DEFINITION_FILE_PATH>"
declared_licenses: []
declared_licenses_processed: {}
vcs:
type: ""
url: ""
revision: ""
path: ""
vcs_processed:
type: "Git"
url: "<REPLACE_URL>"
revision: "<REPLACE_REVISION>"
path: "<REPLACE_PATH>"
homepage_url: ""
scopes:
- name: "dependencies"
dependencies:
- id: "Cargo::lib:0.1.0"
linkage: "PROJECT_STATIC"
dependencies:
- id: "Cargo::cfg-if:0.1.9"
linkage: "STATIC"
- name: "devDependencies"
dependencies: []
packages:
- package:
id: "Cargo::cfg-if:0.1.9"
purl: "pkg://Cargo//cfg-if@0.1.9"
declared_licenses:
- "Apache-2.0"
- "MIT"
declared_licenses_processed:
spdx_expression: "Apache-2.0 AND MIT"
description: "A macro to ergonomically define an item depending on a large number\
\ of #[cfg]\nparameters. Structured like an if-else chain, the first matching\
\ branch is the\nitem that gets emitted.\n"
homepage_url: ""
binary_artifact:
url: ""
hash:
value: ""
algorithm: ""
source_artifact:
url: "https://crates.io/api/v1/crates/cfg-if/0.1.9/download"
hash:
value: "b486ce3ccf7ffd79fdeb678eac06a9e6c09fc88d33836340becb8fffe87c5e33"
algorithm: "SHA-256"
vcs:
type: "Git"
url: "https://github.com/alexcrichton/cfg-if.git"
revision: ""
path: ""
vcs_processed:
type: "Git"
url: "https://github.com/alexcrichton/cfg-if.git"
revision: ""
path: ""
curations: []
@@ -0,0 +1,57 @@
---
project:
id: "Cargo::integration:0.1.0"
purl: "pkg://Cargo//integration@0.1.0"
definition_file_path: "<REPLACE_DEFINITION_FILE_PATH>"
declared_licenses: []
declared_licenses_processed: {}
vcs:
type: ""
url: ""
revision: ""
path: ""
vcs_processed:
type: "Git"
url: "<REPLACE_URL>"
revision: "<REPLACE_REVISION>"
path: "<REPLACE_PATH>"
homepage_url: ""
scopes:
- name: "dependencies"
dependencies:
- id: "Cargo::spin:0.4.10"
linkage: "STATIC"
- name: "devDependencies"
dependencies: []
packages:
- package:
id: "Cargo::spin:0.4.10"
purl: "pkg://Cargo//spin@0.4.10"
declared_licenses:
- "MIT"
declared_licenses_processed:
spdx_expression: "MIT"
description: "Synchronization primitives based on spinning.\nThey may contain\
\ data,\nThey are usable without `std`\nand static initializers are available.\n"
homepage_url: ""
binary_artifact:
url: ""
hash:
value: ""
algorithm: ""
source_artifact:
url: "https://crates.io/api/v1/crates/spin/0.4.10/download"
hash:
value: "ceac490aa12c567115b40b7b7fceca03a6c9d53d5defea066123debc83c5dc1f"
algorithm: "SHA-256"
vcs:
type: "Git"
url: "https://github.com/mvdnes/spin-rs.git"
revision: ""
path: ""
vcs_processed:
type: "Git"
url: "https://github.com/mvdnes/spin-rs.git"
revision: ""
path: ""
curations: []
@@ -0,0 +1,128 @@
---
project:
id: "Cargo::lib:0.1.0"
purl: "pkg://Cargo//lib@0.1.0"
definition_file_path: "<REPLACE_DEFINITION_FILE_PATH>"
declared_licenses:
- "Apache-2.0"
- "MIT"
declared_licenses_processed:
spdx_expression: "Apache-2.0 AND MIT"
vcs:
type: ""
url: ""
revision: ""
path: ""
vcs_processed:
type: "Git"
url: "<REPLACE_URL>"
revision: "<REPLACE_REVISION>"
path: "<REPLACE_PATH>"
homepage_url: "https://example.org"
scopes:
- name: "dependencies"
dependencies:
- id: "Cargo::cfg-if:0.1.9"
linkage: "STATIC"
- name: "devDependencies"
dependencies:
- id: "Cargo::integration:0.1.0"
linkage: "PROJECT_STATIC"
- id: "Cargo::spin:0.5.0"
linkage: "STATIC"
packages:
- package:
id: "Cargo::cfg-if:0.1.9"
purl: "pkg://Cargo//cfg-if@0.1.9"
declared_licenses:
- "Apache-2.0"
- "MIT"
declared_licenses_processed:
spdx_expression: "Apache-2.0 AND MIT"
description: "A macro to ergonomically define an item depending on a large number\
\ of #[cfg]\nparameters. Structured like an if-else chain, the first matching\
\ branch is the\nitem that gets emitted.\n"
homepage_url: ""
binary_artifact:
url: ""
hash:
value: ""
algorithm: ""
source_artifact:
url: "https://crates.io/api/v1/crates/cfg-if/0.1.9/download"
hash:
value: "b486ce3ccf7ffd79fdeb678eac06a9e6c09fc88d33836340becb8fffe87c5e33"
algorithm: "SHA-256"
vcs:
type: "Git"
url: "https://github.com/alexcrichton/cfg-if.git"
revision: ""
path: ""
vcs_processed:
type: "Git"
url: "https://github.com/alexcrichton/cfg-if.git"
revision: ""
path: ""
curations: []
- package:
id: "Cargo::spin:0.4.10"
purl: "pkg://Cargo//spin@0.4.10"
declared_licenses:
- "MIT"
declared_licenses_processed:
spdx_expression: "MIT"
description: "Synchronization primitives based on spinning.\nThey may contain\
\ data,\nThey are usable without `std`\nand static initializers are available.\n"
homepage_url: ""
binary_artifact:
url: ""
hash:
value: ""
algorithm: ""
source_artifact:
url: "https://crates.io/api/v1/crates/spin/0.4.10/download"
hash:
value: "ceac490aa12c567115b40b7b7fceca03a6c9d53d5defea066123debc83c5dc1f"
algorithm: "SHA-256"
vcs:
type: "Git"
url: "https://github.com/mvdnes/spin-rs.git"
revision: ""
path: ""
vcs_processed:
type: "Git"
url: "https://github.com/mvdnes/spin-rs.git"
revision: ""
path: ""
curations: []
- package:
id: "Cargo::spin:0.5.0"
purl: "pkg://Cargo//spin@0.5.0"
declared_licenses:
- "MIT"
declared_licenses_processed:
spdx_expression: "MIT"
description: "Synchronization primitives based on spinning.\nThey may contain\
\ data, are usable without `std`,\nand static initializers are available.\n"
homepage_url: ""
binary_artifact:
url: ""
hash:
value: ""
algorithm: ""
source_artifact:
url: "https://crates.io/api/v1/crates/spin/0.5.0/download"
hash:
value: "44363f6f51401c34e7be73db0db371c04705d35efbe9f7d6082e03a921a32c55"
algorithm: "SHA-256"
vcs:
type: "Git"
url: "https://github.com/mvdnes/spin-rs.git"
revision: ""
path: ""
vcs_processed:
type: "Git"
url: "https://github.com/mvdnes/spin-rs.git"
revision: ""
path: ""
curations: []
@@ -0,0 +1,3 @@
target
integration/target
client/target

0 comments on commit f81e482

Please sign in to comment.
You can’t perform that action at this time.