INF-649: nix/sources.json: don't use builtin fetchers to allow restricted eval#323
Merged
mergify[bot] merged 1 commit intomasterfrom Jan 27, 2020
Merged
Conversation
nmattia
approved these changes
Jan 16, 2020
basvandijk
force-pushed
the
basvandijk/do-not-use-builtin-fetchers
branch
from
010f713 to
a1b361a
Compare
Contributor
Author
|
@nmattia just a heads-up that I also had to push a |
basvandijk
force-pushed
the
basvandijk/do-not-use-builtin-fetchers
branch
4 times, most recently
from
299d23b to
c27930d
Compare
eftychis
reviewed
Jan 16, 2020
nix/sources.json
Outdated
| "ref": "master", | ||
| "repo": "ssh://git@github.com/dfinity-lab/dfinity", | ||
| "rev": "fd64793ba310671093820f7437c5278cb21f8bb6", | ||
| "rev": "9969e6c552a240b8c0b3d8c73a4c1dd35ccf1beb", |
Contributor
There was a problem hiding this comment.
wait wait! This might break userlib and we are not testing it. I am guessing this is not the latest master right?
#315 tries to get us in sync
Contributor
Author
There was a problem hiding this comment.
I am guessing this is not the latest master right?
No, not any more. But I need to use at least this revision for restricted-eval to work.
Hopefully #315 gets merged soon. We need to have support for restricted-eval to fix a security vulnerability in our CI system.
Contributor
There was a problem hiding this comment.
Working on it. Should have it working. Hmm The issue is we are a bit conservative due to demo so things might freeze. What is the vulnerability/priority level? Oh this is 15 hours ago. That means we do need #315 in for sure.
Contributor
Author
There was a problem hiding this comment.
This can definitely wait until after Davos.
Contributor
Author
basvandijk
force-pushed
the
basvandijk/do-not-use-builtin-fetchers
branch
2 times, most recently
from
5209ea7 to
b438826
Compare
basvandijk
force-pushed
the
basvandijk/do-not-use-builtin-fetchers
branch
from
b438826 to
d2f1138
Compare
Contributor
Author
dfinity-bot
added a commit
that referenced
this pull request
Jul 8, 2020
## Changelog for advisory-db: Branch: Commits: [rustsec/advisory-db@aa789b9c...6b10ce09](rustsec/advisory-db@aa789b9...6b10ce0) * [`cff4f820`](rustsec/advisory-db@cff4f82) warn about CVE-2020-1967 * [`b0bc62bd`](rustsec/advisory-db@b0bc62b) Add `cargo-deny` to the list RustSec clients * [`e44e26f3`](rustsec/advisory-db@e44e26f) Assign RUSTSEC-2020-0015 to openssl-src * [`b1d3a5e7`](rustsec/advisory-db@b1d3a5e) Advisory for rio * [`25f622ba`](rustsec/advisory-db@25f622b) tempdir crate has been deprecated since 2018-02-13. * [`a3c68605`](rustsec/advisory-db@a3c6860) net2 crate has been deprecated; use socket2 instead * [`1639be65`](rustsec/advisory-db@1639be6) Assign RUSTSEC-2020-0016 to net2 * [`7d4ce9ae`](rustsec/advisory-db@7d4ce9a) Assign RUSTSEC-2018-0017 to tempdir * [`0f5a2dc2`](rustsec/advisory-db@0f5a2dc) Add advisory for internment ([RustSec/advisory-db#306](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/306)) * [`8587ec25`](rustsec/advisory-db@8587ec2) Assign RUSTSEC-2020-0017 to internment ([RustSec/advisory-db#309](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/309)) * [`5049594b`](rustsec/advisory-db@5049594) Add unmaintained crate advisory for `block-cipher-trait` (RUSTSEC-2020-0018) ([RustSec/advisory-db#310](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/310)) * [`ae22eb47`](rustsec/advisory-db@ae22eb4) CONTRIBUTING: mention soundness issues ([RustSec/advisory-db#314](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/314)) * [`7c96397e`](rustsec/advisory-db@7c96397) Security advisory for AtheMathmo/rulinalg[RustSec/advisory-db#201](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/201) * [`8149410e`](rustsec/advisory-db@8149410) Fix toml format error * [`45495b76`](rustsec/advisory-db@45495b7) .github: bump rustsec-admin cache key ([RustSec/advisory-db#321](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/321)) * [`418954a9`](rustsec/advisory-db@418954a) Create github action to assign RUSTSEC ids ([RustSec/advisory-db#311](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/311)) * [`48c86534`](rustsec/advisory-db@48c8653) Attempt to fix failing assign-ids task ([RustSec/advisory-db#322](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/322)) * [`de07a7d2`](rustsec/advisory-db@de07a7d) Add tokio-rustls DoS advisory ([RustSec/advisory-db#304](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/304)) * [`46c23f6c`](rustsec/advisory-db@46c23f6) Assign RUSTSEC IDs ([RustSec/advisory-db#323](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/323)) * [`9cd619f1`](rustsec/advisory-db@9cd619f) make memoffset advisory informational ([RustSec/advisory-db#317](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/317)) * [`1dfcb1d6`](rustsec/advisory-db@1dfcb1d) .github: lint advisories after assigning ID ([RustSec/advisory-db#324](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/324)) * [`6e2241c0`](rustsec/advisory-db@6e2241c) stb_truetype crate has been deprecated; use ttf-parser instead ([RustSec/advisory-db#307](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/307)) * [`07ae3fb2`](rustsec/advisory-db@07ae3fb) Assign RUSTSEC IDs ([RustSec/advisory-db#325](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/325)) * [`49fcc50d`](rustsec/advisory-db@49fcc50) Reflect PR feedback and describe what might happen * [`297725a1`](rustsec/advisory-db@297725a) README.md: bump maintained quarter comment * [`73b40e7d`](rustsec/advisory-db@73b40e7) Assign RUSTSEC IDs ([RustSec/advisory-db#326](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/326)) * [`ee09393d`](rustsec/advisory-db@ee09393) Security advisory for bqv/ozone * [`c649f538`](rustsec/advisory-db@c649f53) Assign RUSTSEC-2020-0022 to ozone ([RustSec/advisory-db#329](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/329)) * [`6b56bccc`](rustsec/advisory-db@6b56bcc) Assign RUSTSEC IDs * [`6b10ce09`](rustsec/advisory-db@6b10ce0) Update yaml-rust advirsory to indicate clap as non-vulnerable ([RustSec/advisory-db#331](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/331))
dfinity-bot
added a commit
that referenced
this pull request
Jul 9, 2020
## Changelog for advisory-db: Branch: Commits: [rustsec/advisory-db@aa789b9c...6b10ce09](rustsec/advisory-db@aa789b9...6b10ce0) * [`cff4f820`](rustsec/advisory-db@cff4f82) warn about CVE-2020-1967 * [`b0bc62bd`](rustsec/advisory-db@b0bc62b) Add `cargo-deny` to the list RustSec clients * [`e44e26f3`](rustsec/advisory-db@e44e26f) Assign RUSTSEC-2020-0015 to openssl-src * [`b1d3a5e7`](rustsec/advisory-db@b1d3a5e) Advisory for rio * [`25f622ba`](rustsec/advisory-db@25f622b) tempdir crate has been deprecated since 2018-02-13. * [`a3c68605`](rustsec/advisory-db@a3c6860) net2 crate has been deprecated; use socket2 instead * [`1639be65`](rustsec/advisory-db@1639be6) Assign RUSTSEC-2020-0016 to net2 * [`7d4ce9ae`](rustsec/advisory-db@7d4ce9a) Assign RUSTSEC-2018-0017 to tempdir * [`0f5a2dc2`](rustsec/advisory-db@0f5a2dc) Add advisory for internment ([RustSec/advisory-db#306](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/306)) * [`8587ec25`](rustsec/advisory-db@8587ec2) Assign RUSTSEC-2020-0017 to internment ([RustSec/advisory-db#309](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/309)) * [`5049594b`](rustsec/advisory-db@5049594) Add unmaintained crate advisory for `block-cipher-trait` (RUSTSEC-2020-0018) ([RustSec/advisory-db#310](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/310)) * [`ae22eb47`](rustsec/advisory-db@ae22eb4) CONTRIBUTING: mention soundness issues ([RustSec/advisory-db#314](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/314)) * [`7c96397e`](rustsec/advisory-db@7c96397) Security advisory for AtheMathmo/rulinalg[RustSec/advisory-db#201](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/201) * [`8149410e`](rustsec/advisory-db@8149410) Fix toml format error * [`45495b76`](rustsec/advisory-db@45495b7) .github: bump rustsec-admin cache key ([RustSec/advisory-db#321](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/321)) * [`418954a9`](rustsec/advisory-db@418954a) Create github action to assign RUSTSEC ids ([RustSec/advisory-db#311](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/311)) * [`48c86534`](rustsec/advisory-db@48c8653) Attempt to fix failing assign-ids task ([RustSec/advisory-db#322](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/322)) * [`de07a7d2`](rustsec/advisory-db@de07a7d) Add tokio-rustls DoS advisory ([RustSec/advisory-db#304](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/304)) * [`46c23f6c`](rustsec/advisory-db@46c23f6) Assign RUSTSEC IDs ([RustSec/advisory-db#323](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/323)) * [`9cd619f1`](rustsec/advisory-db@9cd619f) make memoffset advisory informational ([RustSec/advisory-db#317](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/317)) * [`1dfcb1d6`](rustsec/advisory-db@1dfcb1d) .github: lint advisories after assigning ID ([RustSec/advisory-db#324](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/324)) * [`6e2241c0`](rustsec/advisory-db@6e2241c) stb_truetype crate has been deprecated; use ttf-parser instead ([RustSec/advisory-db#307](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/307)) * [`07ae3fb2`](rustsec/advisory-db@07ae3fb) Assign RUSTSEC IDs ([RustSec/advisory-db#325](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/325)) * [`49fcc50d`](rustsec/advisory-db@49fcc50) Reflect PR feedback and describe what might happen * [`297725a1`](rustsec/advisory-db@297725a) README.md: bump maintained quarter comment * [`73b40e7d`](rustsec/advisory-db@73b40e7) Assign RUSTSEC IDs ([RustSec/advisory-db#326](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/326)) * [`ee09393d`](rustsec/advisory-db@ee09393) Security advisory for bqv/ozone * [`c649f538`](rustsec/advisory-db@c649f53) Assign RUSTSEC-2020-0022 to ozone ([RustSec/advisory-db#329](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/329)) * [`6b56bccc`](rustsec/advisory-db@6b56bcc) Assign RUSTSEC IDs * [`6b10ce09`](rustsec/advisory-db@6b10ce0) Update yaml-rust advirsory to indicate clap as non-vulnerable ([RustSec/advisory-db#331](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/331))
mergify bot
pushed a commit
that referenced
this pull request
Jul 14, 2020
## Changelog for advisory-db: Branch: Commits: [rustsec/advisory-db@aa789b9c...6b10ce09](rustsec/advisory-db@aa789b9...6b10ce0) * [`cff4f820`](rustsec/advisory-db@cff4f82) warn about CVE-2020-1967 * [`b0bc62bd`](rustsec/advisory-db@b0bc62b) Add `cargo-deny` to the list RustSec clients * [`e44e26f3`](rustsec/advisory-db@e44e26f) Assign RUSTSEC-2020-0015 to openssl-src * [`b1d3a5e7`](rustsec/advisory-db@b1d3a5e) Advisory for rio * [`25f622ba`](rustsec/advisory-db@25f622b) tempdir crate has been deprecated since 2018-02-13. * [`a3c68605`](rustsec/advisory-db@a3c6860) net2 crate has been deprecated; use socket2 instead * [`1639be65`](rustsec/advisory-db@1639be6) Assign RUSTSEC-2020-0016 to net2 * [`7d4ce9ae`](rustsec/advisory-db@7d4ce9a) Assign RUSTSEC-2018-0017 to tempdir * [`0f5a2dc2`](rustsec/advisory-db@0f5a2dc) Add advisory for internment ([RustSec/advisory-db#306](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/306)) * [`8587ec25`](rustsec/advisory-db@8587ec2) Assign RUSTSEC-2020-0017 to internment ([RustSec/advisory-db#309](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/309)) * [`5049594b`](rustsec/advisory-db@5049594) Add unmaintained crate advisory for `block-cipher-trait` (RUSTSEC-2020-0018) ([RustSec/advisory-db#310](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/310)) * [`ae22eb47`](rustsec/advisory-db@ae22eb4) CONTRIBUTING: mention soundness issues ([RustSec/advisory-db#314](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/314)) * [`7c96397e`](rustsec/advisory-db@7c96397) Security advisory for AtheMathmo/rulinalg[RustSec/advisory-db#201](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/201) * [`8149410e`](rustsec/advisory-db@8149410) Fix toml format error * [`45495b76`](rustsec/advisory-db@45495b7) .github: bump rustsec-admin cache key ([RustSec/advisory-db#321](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/321)) * [`418954a9`](rustsec/advisory-db@418954a) Create github action to assign RUSTSEC ids ([RustSec/advisory-db#311](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/311)) * [`48c86534`](rustsec/advisory-db@48c8653) Attempt to fix failing assign-ids task ([RustSec/advisory-db#322](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/322)) * [`de07a7d2`](rustsec/advisory-db@de07a7d) Add tokio-rustls DoS advisory ([RustSec/advisory-db#304](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/304)) * [`46c23f6c`](rustsec/advisory-db@46c23f6) Assign RUSTSEC IDs ([RustSec/advisory-db#323](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/323)) * [`9cd619f1`](rustsec/advisory-db@9cd619f) make memoffset advisory informational ([RustSec/advisory-db#317](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/317)) * [`1dfcb1d6`](rustsec/advisory-db@1dfcb1d) .github: lint advisories after assigning ID ([RustSec/advisory-db#324](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/324)) * [`6e2241c0`](rustsec/advisory-db@6e2241c) stb_truetype crate has been deprecated; use ttf-parser instead ([RustSec/advisory-db#307](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/307)) * [`07ae3fb2`](rustsec/advisory-db@07ae3fb) Assign RUSTSEC IDs ([RustSec/advisory-db#325](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/325)) * [`49fcc50d`](rustsec/advisory-db@49fcc50) Reflect PR feedback and describe what might happen * [`297725a1`](rustsec/advisory-db@297725a) README.md: bump maintained quarter comment * [`73b40e7d`](rustsec/advisory-db@73b40e7) Assign RUSTSEC IDs ([RustSec/advisory-db#326](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/326)) * [`ee09393d`](rustsec/advisory-db@ee09393) Security advisory for bqv/ozone * [`c649f538`](rustsec/advisory-db@c649f53) Assign RUSTSEC-2020-0022 to ozone ([RustSec/advisory-db#329](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/329)) * [`6b56bccc`](rustsec/advisory-db@6b56bcc) Assign RUSTSEC IDs * [`6b10ce09`](rustsec/advisory-db@6b10ce0) Update yaml-rust advirsory to indicate clap as non-vulnerable ([RustSec/advisory-db#331](http://r.duckduckgo.com/l/?uddg=https://github.com/RustSec/advisory-db/issues/331))
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
We would like to enable restricted evaluation on Hydra. For this we need to use non-builtin fetchers as much as possible.