Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(ci): check dependencies licenses with cargo-deny #1692

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

chore(ci): check dependencies licenses with cargo-deny #1692

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
05e474a
chore(ci): check dependencies licenses with cargo-deny
soonum Oct 17, 2024
71ef7d1
chore(ci): audit dependencies with cargo-vet
soonum Oct 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 22 additions & 2 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,18 @@ install_tarpaulin: install_rs_build_toolchain
cargo $(CARGO_RS_BUILD_TOOLCHAIN) install cargo-tarpaulin --locked || \
( echo "Unable to install cargo tarpaulin, unknown error." && exit 1 )

.PHONY: install_cargo_deny # Install cargo-deny to check licenses
install_cargo_deny: install_rs_build_toolchain
@cargo deny --version > /dev/null 2>&1 || \
cargo $(CARGO_RS_BUILD_TOOLCHAIN) install cargo-deny || \
( echo "Unable to install cargo deny, unknown error." && exit 1 )

.PHONY: install_cargo_vet # Install cargo-vet to audit dependencies
install_cargo_vet: install_rs_build_toolchain
@cargo vet --version > /dev/null 2>&1 || \
cargo $(CARGO_RS_BUILD_TOOLCHAIN) install cargo-vet || \
( echo "Unable to install cargo vet, unknown error." && exit 1 )

.PHONY: install_tfhe_lints # Install custom tfhe-rs lints
install_tfhe_lints:
(cd utils/cargo-tfhe-lints-inner && cargo install --path .) && \
Expand Down Expand Up @@ -296,6 +308,14 @@ check_newline: check_linelint_installed
lint_workflow: check_actionlint_installed
actionlint

.PHONY: check_licenses # Run cargo-deny to check dependencies licenses
check_licenses: install_cargo_deny
cargo deny check licenses

.PHONY: audit_deps # Run cargo-vet to audit dependencies
audit_deps: install_cargo_vet
cargo vet

.PHONY: clippy_core # Run clippy lints on core_crypto with and without experimental features
clippy_core: install_rs_check_toolchain
RUSTFLAGS="$(RUSTFLAGS)" cargo "$(CARGO_RS_CHECK_TOOLCHAIN)" clippy \
Expand Down Expand Up @@ -1251,14 +1271,14 @@ sha256_bool: install_rs_check_toolchain
--features=$(TARGET_ARCH_FEATURE),boolean

.PHONY: pcc # pcc stands for pre commit checks (except GPU)
pcc: no_tfhe_typo no_dbg_log check_fmt check_typos lint_doc check_md_docs_are_tested check_intra_md_links \
pcc: no_tfhe_typo no_dbg_log check_fmt check_typos check_licenses audit_deps lint_doc check_md_docs_are_tested check_intra_md_links \
clippy_all tfhe_lints check_compile_tests

.PHONY: pcc_gpu # pcc stands for pre commit checks for GPU compilation
pcc_gpu: clippy_gpu clippy_cuda_backend check_compile_tests_benches_gpu check_rust_bindings_did_not_change

.PHONY: fpcc # pcc stands for pre commit checks, the f stands for fast
fpcc: no_tfhe_typo no_dbg_log check_fmt check_typos lint_doc check_md_docs_are_tested clippy_fast \
fpcc: no_tfhe_typo no_dbg_log check_fmt check_typos audit_deps check_licenses lint_doc check_md_docs_are_tested clippy_fast \
check_compile_tests

.PHONY: conformance # Automatically fix problems that can be fixed
Expand Down
1 change: 1 addition & 0 deletions apps/trivium/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
name = "tfhe-trivium"
version = "0.1.0"
edition = "2021"
license = "BSD-3-Clause-Clear"

# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

Expand Down
27 changes: 27 additions & 0 deletions deny.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# This section is considered when running `cargo deny check licenses`
# More documentation for the licenses section can be found here:
# https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html
[licenses]
# List of explicitly allowed licenses
# See https://spdx.org/licenses/ for list of possible licenses
# [possible values: any SPDX 3.11 short identifier (+ optional exception)].
allow = [
"MIT",
"BSD-3-Clause",
"ISC",
"Apache-2.0",
"Unicode-DFS-2016"
]
Comment on lines +8 to +14
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@aquint-zama those are good to use ?


exceptions = [
{ crate = "concrete-csprng", allow = ["BSD-3-Clause-Clear"] },
{ crate = "concrete-fft", allow = ["BSD-3-Clause-Clear"] },
{ crate = "concrete-ntt", allow = ["BSD-3-Clause-Clear"] },
{ crate = "tasks", allow = ["BSD-3-Clause-Clear"] },
{ crate = "tfhe", allow = ["BSD-3-Clause-Clear"] },
{ crate = "tfhe-cuda-backend", allow = ["BSD-3-Clause-Clear"] },
{ crate = "tfhe-trivium", allow = ["BSD-3-Clause-Clear"] },
{ crate = "tfhe-versionable", allow = ["BSD-3-Clause-Clear"] },
{ crate = "tfhe-versionable-derive", allow = ["BSD-3-Clause-Clear"] },
{ crate = "tfhe-zk-pok", allow = ["BSD-3-Clause-Clear"] }
]
4 changes: 4 additions & 0 deletions supply-chain/audits.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@

# cargo-vet audits file
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how does this work for configuration ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

cargo-vet needs it to perform the audit (store acquisition).


[audits]
Loading
Loading