implement "target" features #63
Comments
|
Here are some "interesting" cfg's that show up in firefox's and wasm-time's |
|
In general a cfg expression is a boolean expression with a possible large number of input vars, and answering questions like "is this cfg <= another" is BOOL SAT and therefore NP-complete. Cargo and rustc don't need to answer such questions because the pick a specific target and just plug the inputs in and check if an expr is true or false. We would be evaluating the exprs more abstractly, putting us more in BOOL SAT territory. The existence of "not" also introduces problematic law-of-the-excluded-middle problems. For instance, checking if an audit with "any(X, Y)" satisfies "NOT Z" requires you to know for certain that the universe is strictly "X, Y, Z". This is not generally possible to know, as rustc can always introduce new OSes/arches. If you remove "all" and "not" and just support "any" this is relatively tractable because "any" just means "set all these bits" and you can have nice little bitvectors of length N (N=number of atoms) and do subset queries easily. If you introduce either AND or NOT then things quickly become BOOL SAT and you need to have bitvectors of length 2N to represent the full truth table, in the general case. "triples" and "families" are however still annoying because we potentially need to "understand" the contents of "unix" or "x86_64-unknown-linux-gnu" to map them to equivalent atoms (which again, may have excluded middle issues). |
|
Still not quite sure what to do with this. I think we can work around the lack of this for now, and reevaluate when a strong use-case arises. |
|
I have a use case for this: My company only deploys code to linux servers and runs dev environments on linux/macos laptops. Currently, [policy.'*']
targets = ["unix"]and it would just ignore windows-sys |
|
For sure. We definitely want some kind of affordance for this, we just have to figure out how to make it computationally tractable. In the mean time, you can add |
|
cargo-deny seems to have figured out some tolerable approach to this, we should look into it https://embarkstudios.github.io/cargo-deny/checks/cfg.html#the-targets-field-optional (cc @Jake-Shadle who was interested in the two interoping) |
|
So I think there are two broad categories of potential feature here. The first is to exclude crates from the vet graph that don't get built on the platforms of interest. This seems like something we can just borrow cargo-deny's approach for (neat to see that rustc has a set of built-ins). The key point here is that audits don't have to be target-aware at all. The second is to allow excluding target-specific code at sub-crate granularity, by augmenting audit records to record that the audit is only valid for a subset of the targets for which the crate builds. This is a much-harder problem per all the discussion above. So it seems like we should perhaps do the first-thing, which has clear use-cases, and punt on the second thing, which may never be needed often enough to justify the complexity. |
|
would definitely appreciate, esp. as a start, the first and simple approach we have with cargo-deny of set of exact target triples to include in the vetting graph. here is for example how our main application/server project's targets = [
{ triple = "x86_64-unknown-linux-gnu" },
{ triple = "aarch64-apple-darwin" },
{ triple = "x86_64-apple-darwin" },
{ triple = "x86_64-pc-windows-msvc" },
{ triple = "aarch64-linux-android" },
{ triple = "x86_64-unknown-linux-musl" },
]and a our Wasm-only projects correspondingly have just: targets = [
{ triple = "wasm32-unknown-unknown" },
]which drastically helps prune the dependency graph, and exclude the more exotic dependencies for platforms we are not even supporting. would be a good step towards to reduce set of exemptions and be able to eventually get to 0 in some projects. |
|
Just FYI, one current limitation is laid out here EmbarkStudios/cargo-deny#324, my plan was just do each requested target in parallel and collate diagnostics, but it's not a huge issue. |
|
It'd be extra nice if we could use the same target list for cargo-vet and cargo-vendor, which would allow us to fix rust-lang/cargo#6179. Right now we have some gross a-hoc workarounds to avoid vendoring certain crates into mozilla-central. |
Is this unaudited.toml file a feature that has been removed? The documentation does not seem to mention it. I'm looking for a way to configure a crate as a permanent excemption (any version), for cases where a crate is pulled in to support a platform that we will never building for. |
|
unaudited has been renamed to exemptions since #228 - you can find the entry in your |
|
If you want a permanent exemption across all versions, you can also add a policy entry for the crate and set criteria = [] |
Perfect. Thanks! It could be useful to have this in the docs. I think many developers that do not target all platforms will benefit from this trick. |
|
Of course, the perfect solution would be "option 1" mentioned by @bholley above. That would be extremely useful. It seems that without this I'll have to add exemptions for all crates (but not their transitive dependencies) that end up in the dependency graph due to platforms that we're not building for. That creates a little bit of annoying extra work, especially when the tool is introduced to an existing project. |
Since we only target Linux x86_64 machines, I ignored all the obvious Windows/WASM/Redox dependencies. In the future it seems like we should be able to set an explicit target for this (mozilla/cargo-vet#63). We import the Firefox audits to help reduce review load; the SecureDrop security model relies on Firefox already via Tor Browser. Refs #6500
|
Fuchsia would benefit from having configurable policies and exemptions. We have a set of host-only crates which are roughly our equivalent of dev-dependencies, and it would be nice to select a set of criteria for them like we could with |
Since we only target Linux x86_64 machines, I ignored all the obvious Windows/WASM/Redox dependencies. In the future it seems like we should be able to set an explicit target for this (mozilla/cargo-vet#63). We import the Firefox audits to help reduce review load; the SecureDrop security model relies on Firefox already via Tor Browser. Refs #6500
Since we only target Linux x86_64 machines, I ignored all the obvious Windows/WASM/Redox dependencies. In the future it seems like we should be able to set an explicit target for this (mozilla/cargo-vet#63). We import the Firefox audits to help reduce review load; the SecureDrop security model relies on Firefox already via Tor Browser. Refs #6500
Since we only target Linux x86_64 machines, I ignored all the obvious Windows/WASM/Redox dependencies. In the future it seems like we should be able to set an explicit target for this (mozilla/cargo-vet#63). We import the Firefox audits to help reduce review load; the SecureDrop security model relies on Firefox already via Tor Browser. Refs #6500
Since we only target Linux x86_64 machines, I ignored all the obvious Windows/WASM/Redox dependencies. In the future it seems like we should be able to set an explicit target for this (mozilla/cargo-vet#63). We import the Firefox audits to help reduce review load; the SecureDrop security model relies on Firefox already via Tor Browser. Refs #6500
Since we only target Linux x86_64 machines, I ignored all the obvious Windows/WASM/Redox dependencies. In the future it seems like we should be able to set an explicit target for this (mozilla/cargo-vet#63). We import the Firefox audits to help reduce review load; the SecureDrop security model relies on Firefox already via Tor Browser. Refs #6500
Targets are based on cfg syntax and include:
The text was updated successfully, but these errors were encountered: