From 09207233315ef6d484ed3c24284b8524e94b4f75 Mon Sep 17 00:00:00 2001 From: Adam Spofford Date: Thu, 30 Jan 2025 16:34:38 -0800 Subject: [PATCH 1/3] Allow disabling cargo-audit --- e2e/tests-dfx/build_rust.bash | 3 +++ src/dfx-core/src/config/model/dfinity.rs | 8 ++++++++ src/dfx/src/lib/canister_info.rs | 5 +++++ src/dfx/src/lib/canister_info/rust.rs | 7 +++---- src/dfx/src/lib/models/canister.rs | 4 ++-- 5 files changed, 21 insertions(+), 6 deletions(-) diff --git a/e2e/tests-dfx/build_rust.bash b/e2e/tests-dfx/build_rust.bash index 60dc5f19a1..6df5a8cb18 100644 --- a/e2e/tests-dfx/build_rust.bash +++ b/e2e/tests-dfx/build_rust.bash @@ -34,4 +34,7 @@ teardown() { dfx canister create --all assert_command dfx build assert_match "Audit found vulnerabilities" + jq '.canisters.hello.skip_cargo_audit=true' dfx.json | sponge dfx.json + assert_command dfx build + assert_not_match "Audit found vulnerabilities" } diff --git a/src/dfx-core/src/config/model/dfinity.rs b/src/dfx-core/src/config/model/dfinity.rs index d657a1858c..1593a470d5 100644 --- a/src/dfx-core/src/config/model/dfinity.rs +++ b/src/dfx-core/src/config/model/dfinity.rs @@ -355,6 +355,11 @@ pub enum CanisterTypeProperties { /// # Candid File /// Path of this canister's candid interface declaration. candid: PathBuf, + + /// # `cargo-audit` check + /// If set to true, does not run `cargo audit` before building. + #[serde(default)] + skip_cargo_audit: bool, }, /// # Asset-Specific Properties Assets { @@ -1296,6 +1301,7 @@ impl<'de> Visitor<'de> for PropertiesVisitor { let mut wasm = None; let mut candid = None; let mut package = None; + let mut skip_cargo_audit = None; let mut crate_name = None; let mut source = None; let mut build = None; @@ -1313,6 +1319,7 @@ impl<'de> Visitor<'de> for PropertiesVisitor { "type" => r#type = Some(map.next_value::()?), "id" => id = Some(map.next_value()?), "workspace" => workspace = Some(map.next_value()?), + "skip_cargo_audit" => skip_cargo_audit = Some(map.next_value()?), _ => continue, } } @@ -1321,6 +1328,7 @@ impl<'de> Visitor<'de> for PropertiesVisitor { Some("rust") => CanisterTypeProperties::Rust { candid: PathBuf::from(candid.ok_or_else(|| missing_field("candid"))?), package: package.ok_or_else(|| missing_field("package"))?, + skip_cargo_audit: skip_cargo_audit.unwrap_or(false), crate_name, }, Some("assets") => CanisterTypeProperties::Assets { diff --git a/src/dfx/src/lib/canister_info.rs b/src/dfx/src/lib/canister_info.rs index 95b4808af9..b217041d91 100644 --- a/src/dfx/src/lib/canister_info.rs +++ b/src/dfx/src/lib/canister_info.rs @@ -145,6 +145,7 @@ impl CanisterInfo { package: _, crate_name: _, candid, + skip_cargo_audit: _, } => workspace_root.join(candid), CanisterTypeProperties::Assets { .. } => output_root.join("assetstorage.did"), CanisterTypeProperties::Custom { @@ -360,6 +361,10 @@ impl CanisterInfo { matches!(self.type_specific, CanisterTypeProperties::Rust { .. }) } + pub fn should_cargo_audit(&self) -> bool { + matches!(self.type_specific, CanisterTypeProperties::Rust { skip_cargo_audit, .. } if !skip_cargo_audit) + } + pub fn is_assets(&self) -> bool { matches!(self.type_specific, CanisterTypeProperties::Assets { .. }) } diff --git a/src/dfx/src/lib/canister_info/rust.rs b/src/dfx/src/lib/canister_info/rust.rs index de6cdd01ad..1d933b31a9 100644 --- a/src/dfx/src/lib/canister_info/rust.rs +++ b/src/dfx/src/lib/canister_info/rust.rs @@ -34,14 +34,13 @@ impl CanisterInfoFactory for RustCanisterInfo { bail!("`cargo metadata` was unsuccessful"); } - let (package, crate_name) = if let CanisterTypeProperties::Rust { + let CanisterTypeProperties::Rust { package, crate_name, candid: _, + skip_cargo_audit: _, } = info.type_specific.clone() - { - (package, crate_name) - } else { + else { bail!( "Attempted to construct a custom canister from a type:{} canister config", info.type_specific.name() diff --git a/src/dfx/src/lib/models/canister.rs b/src/dfx/src/lib/models/canister.rs index f4f1412cef..e6d3e9824a 100644 --- a/src/dfx/src/lib/models/canister.rs +++ b/src/dfx/src/lib/models/canister.rs @@ -682,13 +682,13 @@ impl CanisterPool { if self .canisters_to_build(build_config) .iter() - .any(|can| can.info.is_rust()) + .any(|can| can.info.should_cargo_audit()) { self.run_cargo_audit()?; } else { trace!( self.logger, - "No canister of type 'rust' found. Not trying to run 'cargo audit'." + "No canister of type 'rust' found (or it disabled the audit step). Not trying to run 'cargo audit'." ) } From 6555eac77d5b6b45886b2dfb1d0b1b025a739930 Mon Sep 17 00:00:00 2001 From: Adam Spofford Date: Thu, 30 Jan 2025 16:36:36 -0800 Subject: [PATCH 2/3] schema --- docs/dfx-json-schema.json | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/dfx-json-schema.json b/docs/dfx-json-schema.json index 6f6fdc505f..808d531979 100644 --- a/docs/dfx-json-schema.json +++ b/docs/dfx-json-schema.json @@ -246,6 +246,12 @@ "description": "Name of the Rust package that compiles this canister's Wasm.", "type": "string" }, + "skip_cargo_audit": { + "title": "`cargo-audit` check", + "description": "If set to true, does not run `cargo audit` before building.", + "default": false, + "type": "boolean" + }, "type": { "type": "string", "enum": [ From 9e15a2fb89984c22a07a8875f1b008ab1be6af9c Mon Sep 17 00:00:00 2001 From: Adam Spofford Date: Thu, 30 Jan 2025 16:37:50 -0800 Subject: [PATCH 3/3] changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b2d0e4fcdd..c7469a7fd8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ # UNRELEASED +### feat: `skip_cargo_audit` flag in dfx.json to skip `cargo audit` build step + ### fix: `dfx canister install` and `dfx deploy` with `--no-asset-upgrade` no longer hang indefinitely when wasm is not up to date ### feat: streamlined output during asset synchronization