-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't run cargo-audit in Cirrus CI with FreeBSD 13.3 #1137
Comments
Run various cargo-audit versions on various OS versions in CI. rustsec/rustsec#1137
Run various cargo-audit versions on various OS versions in CI. rustsec/rustsec#1137
Run various cargo-audit versions on various OS versions in CI. rustsec/rustsec#1137
Run various cargo-audit versions on various OS versions in CI. rustsec/rustsec#1137
Here's an expanded compatibility matrix:
As you can see, cargo-audit 0.17.6 works everywhere. And all versions of cargo-audit work on FreeBSD 13.2. But versions 0.18.3 and later (which use gix instead of libgit2) fail on FreeBSD 13.3 and later. That's curious, because there aren't very many changes in FreeBSD 13.3. OpenSSL received only a few minor changes, mostly related documentation and performance. So it seems that there's a 3-way incompatibility between gix, FreeBSD 13.3, and something in Cirrus's environment.
https://www.freebsd.org/releases/13.3R/relnotes/ |
cargo-audit does not work in Cirrus's environment on FreeBSD 13.3 and later. Probably something to do with gitoxide. So run cargo-audit on 13.2 instead. rustsec/rustsec#1137
Thank you for the in-depth testing! 0.18.x and later should not be using OpenSSL at all, so the OpenSSL version is a non-factor. I think we'll need to enable debug logging in |
I don't see any way to enable tracing via an environment variable or something like that. But if you prepare a patch with the required level of tracing, then I can test it. |
I'm seeing a similar error in gitlab-cargo-audit calling rustsec::database::Database.fetch on Ubuntu 22.04.4 when
Here are the respective dependencies:
I'm guessing likely related to either |
I've made progress: TLDR;FreeBSD users must install the ca_root_nss package in order to use cargo-audit. DetailsI was able to reproduce the failure locally (i.e. not in Cirrus-CI) on one FreeBSD 15.0 machine but not another. Running cargo-audit with ktrace showed that it tried to open may ssl-related files, including BUT, this problem only occurs if I install cargo-audit either from FreeBSD's package manager or from "cargo install". If instead I checkout the rustsec/rustec repo and checkout the cargo-audit/v0.19.0 tag, then run "cargo run --bin cargo-audit", it works. It works even if ca_root_nss is not present. ktrace shows that it's still trying to open the same file, but it doesn't care that it isn't there. Using the --release switch makes no difference. What's different about building the tool with "cargo install" vs "cargo run"? "cargo install" will ignore the Cargo.lock file. Instead, it uses the latest versions of all dependencies. That suggests that maybe some dependency has had a regression. But I cannot reproduce the failure by doing a "cargo update" prior to "cargo run". Nor can I fix it by doing "cargo install --locked". So I can't explain the difference. |
And workaround rustsec bug rustsec/rustsec#1137
https://github.com/rustsec/rustsec/blob/main/cargo-audit/CHANGELOG.md#0200-2024-02-16 Also, make ca_root_nss a RUN_DEPENDS to workaround rustsec/rustsec#1137 PR: 279260 Approved by: mikael (maintainer)
This sounds like an issue with feature unification in the workspace. It's likely that |
In what looks like a repeat of #1058 ,
cargo-audit
no longer works in Cirrus CI. It reports an error like this:I've tested the following program versions:
This was all with various rustc nightly versions from within the last week. I don't know what's different about FreeBSD 13.3, nor do I understand the root cause of #1058 . But I will gladly help debug, if you can tell me what do look for.
The text was updated successfully, but these errors were encountered: