Patch Rust to avoid /dev/urandom usage

kleisauke · kleisauke · commit 94e67b1617fc · 2023-01-18T12:06:33.000+01:00
See: kleisauke/rust@c705a6a kleisauke/libc@dc597af
diff --git a/Dockerfile b/Dockerfile
@@ -51,4 +51,10 @@ RUN \
 
 # Rust patches
 RUN \
-  curl -Ls https://github.com/rust-lang/rust/pull/106779.patch | patch -p1 -d $RUSTUP_HOME/toolchains/nightly-x86_64-unknown-linux-gnu/lib/rustlib/src/rust
+  curl -Ls https://github.com/rust-lang/rust/pull/106779.patch | patch -p1 -d $(rustc --print sysroot)/lib/rustlib/src/rust && \
+  curl -Ls https://github.com/kleisauke/rust/commit/c705a6a9b68b0262a01ddc50d80fbf8571580cfc.patch | patch -p1 -d $(rustc --print sysroot)/lib/rustlib/src/rust
+
+# Copy the Cargo.lock for Rust to places `vendor` will see
+# https://github.com/rust-lang/wg-cargo-std-aware/issues/23#issuecomment-720455524
+RUN \
+  cp $(rustc --print sysroot)/lib/rustlib/src/rust/Cargo.lock $(rustc --print sysroot)/lib/rustlib/src/rust/library/test
diff --git a/build.sh b/build.sh
@@ -427,13 +427,18 @@ node --version
   stage "Compiling resvg"
   mkdir -p $DEPS/resvg
   curl -Ls https://github.com/RazrFalcon/resvg/releases/download/v$VERSION_RESVG/resvg-$VERSION_RESVG.tar.xz | tar xJC $DEPS/resvg --strip-components=1
-  cd $DEPS/resvg/c-api
-  # Vendor dir doesn't work with -Zbuild-std right now due to https://github.com/rust-lang/wg-cargo-std-aware/issues/23
-  # Just delete the config so that all deps are downloaded off the internet.
-  rm ../.cargo/config
+  cd $DEPS/resvg
+  # Allow building vendored sources with `-Zbuild-std`, see:
+  # https://github.com/rust-lang/wg-cargo-std-aware/issues/23#issuecomment-720455524
+  cargo vendor -s $(rustc --print sysroot)/lib/rustlib/src/rust/library/test/Cargo.toml
+  # Patch libc
+  curl -Ls https://github.com/kleisauke/libc/commit/dc597aff818dd32856758feab0d9c530d15985c4.patch | patch -p1 -d vendor/libc
+  # Update expected Cargo SHA256 hashes for the vendored files we have patched
+  sed -i 's/6ef4652dfb94e3c58aed5133ece982ad30569d46b6b1054552cd61905fa61690/8ff63140fc57d10a185f0883d02564d08c93120dcbbaa0410f753154efde3a71/' vendor/libc/.cargo-checksum.json
   # We don't want to build the shared library
-  sed -i 's/crate-type = .*/crate-type = ["staticlib"]/' Cargo.toml
-  cargo build --release --target wasm32-unknown-emscripten --locked -Zbuild-std=panic_abort,std --no-default-features --features filter,raster-images
+  sed -i 's/crate-type = .*/crate-type = ["staticlib"]/' c-api/Cargo.toml
+  cargo build --manifest-path=c-api/Cargo.toml --release --target wasm32-unknown-emscripten --locked \
+    -Zbuild-std=panic_abort,std --no-default-features --features filter,raster-images
   cp $DEPS/resvg/target/wasm32-unknown-emscripten/release/libresvg.a $TARGET/lib/
   cp $DEPS/resvg/c-api/resvg.h $TARGET/include/
 )
