From 986d6a416459276650a7d81b6204da5236c0b7b5 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Tue, 16 Nov 2021 13:24:06 +0200 Subject: docs: add cargo audit and deny steps to release process Sponsored-by: author --- RELEASE.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/RELEASE.md b/RELEASE.md index fc72718..652b9bf 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -17,6 +17,12 @@ To find all crates, run the following at the root of the source tree: git ls-files | grep Cargo.toml ~~~ +Run these at the root of the source tree, and either fix anything +that's found, or at least report it on the issue tracker: + +1. `cargo audit` +2. `cargo deny --workspace check` + Do these for each crate, with leaf crates in the dependency tree first: -- cgit v1.2.1 From 9a8382cf570afbe7f9c4267f9a293ecc189f23aa Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Tue, 16 Nov 2021 13:24:18 +0200 Subject: chore: add config for `cargo deny` This allows `cargo deny check` to finish cleanly. The configuration NEEDS to be improved: currently it silently allows things like vulnerable dependencies. However, let's introduce the configuration this way and tighten it up later. This will us at least get started with using `cargo deny` without landing a large amount of works in our laps at once. Sponsored-by: author --- deny.toml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 deny.toml diff --git a/deny.toml b/deny.toml new file mode 100644 index 0000000..060738d --- /dev/null +++ b/deny.toml @@ -0,0 +1,31 @@ +[advisories] +vulnerability = "allow" +unmaintained = "warn" +unsound = "warn" +yanked = "allow" +notice = "warn" +severity-threshold = "medium" + +[licenses] +unlicensed = "deny" +allow = [ + "Apache-2.0", + "BSD-3-Clause", + "MIT", + "MIT-0", +] +copyleft = "warn" +allow-osi-fsf-free = "neither" +default = "deny" +confidence-threshold = 0.8 +exceptions = [ + { allow = ["GPL-3.0"], name = "roadmap" }, +] + +[licenses.private] +ignore = false + +[bans] +multiple-versions = "allow" +wildcards = "allow" +highlight = "all" -- cgit v1.2.1 From 92d44b0fd409ca15981e7c9a6503595b1d45cbdd Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Tue, 16 Nov 2021 14:13:13 +0200 Subject: chore: update crate versions Sponsored-by: author --- Cargo.toml | 2 +- subplot-build/Cargo.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 6f90c62..1a40e00 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "subplot" -version = "0.3.0" +version = "0.3.1" authors = [ "Lars Wirzenius ", "Daniel Silverstone ", diff --git a/subplot-build/Cargo.toml b/subplot-build/Cargo.toml index ef1ca54..6faca35 100644 --- a/subplot-build/Cargo.toml +++ b/subplot-build/Cargo.toml @@ -14,6 +14,6 @@ repository = "https://gitlab.com/subplot/subplot" [dependencies] -subplot = { version="0.3.0", path = ".." } +subplot = { version="0.3.1", path = ".." } tracing = "0.1" tempfile = "3.1.0" -- cgit v1.2.1 From 2c1d79a5b20f620684da2ab767213aa8fdc4e911 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Tue, 16 Nov 2021 14:12:59 +0200 Subject: chore: update Cargo.lock The git-testament and git-testament-derive crates are held back at old versions, because new versions break the build for 1.48.0, breaking Subplot's MSRV. Sponsored-by: author --- Cargo.lock | 63 +++++++++++++++++++++++++++++++++++++++----------------------- 1 file changed, 40 insertions(+), 23 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index b6beef4..937a4c3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -31,9 +31,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.44" +version = "1.0.45" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "61604a8f862e1d5c3229fdd78f8b02c68dcf73a4c4b05fd636d12240aaa242c1" +checksum = "ee10e43ae4a853c0a3591d4e2ada1719e553be18199d9da9d4a83f5927c2f5c7" [[package]] name = "atty" @@ -108,9 +108,9 @@ checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" [[package]] name = "cc" -version = "1.0.71" +version = "1.0.72" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "79c2681d6594606957bbb8631c4b90a7fcaaa72cdb714743a437b156d6a7eedd" +checksum = "22a9137b95ea06864e018375b72adfb7db6e6f68cfc8df5a04d00288050485ee" [[package]] name = "cfg-if" @@ -127,7 +127,7 @@ dependencies = [ "libc", "num-integer", "num-traits", - "time", + "time 0.1.43", "winapi", ] @@ -343,9 +343,9 @@ dependencies = [ [[package]] name = "git-testament" -version = "0.2.0" +version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "096cb9c8aa6f1924d079bf417f1d1685286958ff362fa58ae4d65a53ffec6c02" +checksum = "080c47ef3c243fb13474429c14dce386021cd64de731c353998a745c2fa2435b" dependencies = [ "git-testament-derive", "no-std-compat", @@ -353,15 +353,15 @@ dependencies = [ [[package]] name = "git-testament-derive" -version = "0.1.12" +version = "0.1.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "45ceded7b01141664c3fc4a50199c408a6ed247e6c8415dc005e895f1d233374" +checksum = "c0803898541a48d6f0809fa681bc8d38603f727d191f179631d85ddc3b6a9a2c" dependencies = [ - "chrono", "log", "proc-macro2", "quote", "syn", + "time 0.3.5", ] [[package]] @@ -469,9 +469,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" [[package]] name = "libc" -version = "0.2.104" +version = "0.2.107" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7b2f96d100e1cf1929e7719b7edb3b90ab5298072638fccd77be9ce942ecdfce" +checksum = "fbe5e23404da5b4f555ef85ebed98fb4083e55a00c317800bc2a50ede9f3d219" [[package]] name = "linked-hash-map" @@ -726,9 +726,9 @@ checksum = "8d31d11c69a6b52a174b42bdc0c30e5e11670f90788b2c471c31c1d17d449443" [[package]] name = "ppv-lite86" -version = "0.2.14" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c3ca011bd0129ff4ae15cd04c4eef202cadf6c51c21e47aba319b4e0501db741" +checksum = "ed0cfbc8191465bed66e1718596ee0b0b35d5ee1f41c5df2189d0fe8bde535ba" [[package]] name = "proc-macro-error" @@ -756,9 +756,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.30" +version = "1.0.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "edc3358ebc67bc8b7fa0c007f945b0b18226f78437d61bec735a9eb96b61ee70" +checksum = "ba508cc11742c0dc5c1659771673afbab7a0efab23aa17e854cbab0837ed0b43" dependencies = [ "unicode-xid", ] @@ -985,9 +985,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.68" +version = "1.0.70" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0f690853975602e1bfe1ccbf50504d67174e3bcf340f23b5ea9992e0587a52d8" +checksum = "e277c495ac6cd1a01a58d0a0c574568b4d1ddf14f59965c6a58b8d96400b54f3" dependencies = [ "itoa", "ryu", @@ -1095,7 +1095,7 @@ dependencies = [ [[package]] name = "subplot" -version = "0.3.0" +version = "0.3.1" dependencies = [ "anyhow", "base64", @@ -1165,9 +1165,9 @@ dependencies = [ [[package]] name = "syn" -version = "1.0.80" +version = "1.0.81" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d010a1623fbd906d51d650a9916aaefc05ffa0e4053ff7fe601167f3e715d194" +checksum = "f2afee18b8beb5a596ecb4a2dce128c719b4ba399d34126b9e4396e3f9860966" dependencies = [ "proc-macro2", "quote", @@ -1201,9 +1201,9 @@ dependencies = [ [[package]] name = "tera" -version = "1.13.0" +version = "1.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ed0c0eee8fbbbaab449287574b292f21ca53224b92a07b4a23266b77376f0ce7" +checksum = "d3cac831b615c25bcef632d1cabf864fa05813baad3d526829db18eb70e8b58d" dependencies = [ "chrono", "chrono-tz", @@ -1269,6 +1269,23 @@ dependencies = [ "winapi", ] +[[package]] +name = "time" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41effe7cfa8af36f439fac33861b66b049edc6f9a32331e2312660529c1c24ad" +dependencies = [ + "itoa", + "libc", + "time-macros", +] + +[[package]] +name = "time-macros" +version = "0.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "25eb0ca3468fc0acc11828786797f6ef9aa1555e4a211a60d64cc8e4d1be47d6" + [[package]] name = "tracing" version = "0.1.29" -- cgit v1.2.1 From 257e5f7bfaa595c615424dd85c715626732b8305 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Tue, 16 Nov 2021 14:31:38 +0200 Subject: chore: update debian/changelog for new release Sponsored-by: author --- Cargo.lock | 29 ++++++----------------------- debian/changelog | 7 +++++++ 2 files changed, 13 insertions(+), 23 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 937a4c3..58a1a86 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -127,7 +127,7 @@ dependencies = [ "libc", "num-integer", "num-traits", - "time 0.1.43", + "time", "winapi", ] @@ -343,9 +343,9 @@ dependencies = [ [[package]] name = "git-testament" -version = "0.2.1" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "080c47ef3c243fb13474429c14dce386021cd64de731c353998a745c2fa2435b" +checksum = "096cb9c8aa6f1924d079bf417f1d1685286958ff362fa58ae4d65a53ffec6c02" dependencies = [ "git-testament-derive", "no-std-compat", @@ -353,15 +353,15 @@ dependencies = [ [[package]] name = "git-testament-derive" -version = "0.1.13" +version = "0.1.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0803898541a48d6f0809fa681bc8d38603f727d191f179631d85ddc3b6a9a2c" +checksum = "45ceded7b01141664c3fc4a50199c408a6ed247e6c8415dc005e895f1d233374" dependencies = [ + "chrono", "log", "proc-macro2", "quote", "syn", - "time 0.3.5", ] [[package]] @@ -1269,23 +1269,6 @@ dependencies = [ "winapi", ] -[[package]] -name = "time" -version = "0.3.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41effe7cfa8af36f439fac33861b66b049edc6f9a32331e2312660529c1c24ad" -dependencies = [ - "itoa", - "libc", - "time-macros", -] - -[[package]] -name = "time-macros" -version = "0.2.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25eb0ca3468fc0acc11828786797f6ef9aa1555e4a211a60d64cc8e4d1be47d6" - [[package]] name = "tracing" version = "0.1.29" diff --git a/debian/changelog b/debian/changelog index 40e778f..9f162d6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +subplot (0.3.1) unstable; urgency=medium + + * New upstream release. + * Licence changed to MIT-0. + + -- Lars Wirzenius Tue, 16 Nov 2021 14:31:32 +0200 + subplot (0.3.0-1) unstable; urgency=medium * New upstream release. -- cgit v1.2.1 From eed18a593d75796b79a858268b9e54c69b164a47 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Tue, 16 Nov 2021 14:13:28 +0200 Subject: docs: update NEWS.md for new release Sponsored-by: author --- NEWS.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/NEWS.md b/NEWS.md index 6335624..2ddba74 100644 --- a/NEWS.md +++ b/NEWS.md @@ -4,6 +4,29 @@ This file summarises the changes between released versions of Subplot and its associated libraries, especially with regards to changes visible to the user of the Subplot software. +# Version 0.3.1, released 2021-11-16 + +* The primary purpose of this release is to make the `PATH` bug fix + available via crates.io, to fix use of Subplot in the Sequoia-PGP + project. There are no breaking changes, so only the patch level of + the version number is incremented. + +* The licence of Subplot has been changed to + [MIT-0](https://mit-license.org/), to make it as simple as possible + to use Subplot on other projects, without having to worry about + license compatibility. Previously, this was technically possible, + but the Subplot licence situation was complex enough that it caused + people ask questions. + + The Subplot developers prefer, for Subplot, to maximize adoption and + though they would favor a copyleft licence otherwise, they're + willing to compromise this time. + +* A bug has been fixed in the Rust `lib/runcmd` function + implementation to prepend a directory to the `PATH`, in the + `subplotlib::steplibrary::runcmd::try_to_run_in` function. The bug + meant that the directories in `PATH` ended up in the wrong order. + # Version 0.3.0, released 2021-10-20 This is still an ALPHA quality release, and includes breaking changes. -- cgit v1.2.1