attune-system/attune
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

hopefully resolving cargo audit
Some checks failed
CI / Rustfmt (push) Successful in 19s
Details
CI / Cargo Audit & Deny (push) Successful in 29s
Details
CI / Web Blocking Checks (push) Successful in 48s
Details
CI / Security Blocking Checks (push) Successful in 8s
Details
CI / Clippy (push) Successful in 2m2s
Details
CI / Web Advisory Checks (push) Successful in 32s
Details
CI / Security Advisory Checks (push) Successful in 35s
Details
CI / Tests (push) Failing after 7m54s
Details

Browse Source
This commit is contained in:
David Culbreth
2026-03-05 14:30:29 -06:00
parent 649648896e
commit 9af3192d1d
6 changed files with 6650 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.gitea/workflows/ci.yml
View File

@@ -124,9 +124,8 @@ jobs:
with: with:
path: | path: |
~/.cargo/bin/cargo-binstall ~/.cargo/bin/cargo-binstall
~/.cargo/bin/cargo-audit
~/.cargo/bin/cargo-deny ~/.cargo/bin/cargo-deny
key: cargo-security-tools-v1 key: cargo-security-tools-v2
- name: Install cargo-binstall - name: Install cargo-binstall
run: | run: |
@@ -136,12 +135,8 @@ jobs:
- name: Install security tools (pre-built binaries) - name: Install security tools (pre-built binaries)
run: | run: |
command -v cargo-audit &> /dev/null || cargo binstall --no-confirm --locked cargo-audit
command -v cargo-deny &> /dev/null || cargo binstall --no-confirm --locked cargo-deny command -v cargo-deny &> /dev/null || cargo binstall --no-confirm --locked cargo-deny
- name: Cargo Audit
run: cargo audit
- name: Cargo Deny - name: Cargo Deny
run: cargo deny check run: cargo deny check

1
.gitignore vendored
View File

@@ -1,6 +1,5 @@
# Rust # Rust
target/ target/
Cargo.lock
**/*.rs.bk **/*.rs.bk
*.pdb *.pdb

6642
Cargo.lock generated Normal file
View File

File diff suppressed because it is too large Load Diff

10
Makefile
View File

@@ -316,14 +316,9 @@ coverage:
update: update:
cargo update cargo update
# Audit dependencies for security issues # Audit dependencies for security issues (ignores configured in deny.toml)
# Ignored advisories:
# RUSTSEC-2023-0071: rsa via sqlx-mysql (we only use postgres, no upstream fix)
# RUSTSEC-2025-0134: rustls-pemfile via lapin TLS stack (no alternative)
AUDIT_IGNORE = --ignore RUSTSEC-2023-0071 --ignore RUSTSEC-2025-0134
audit: audit:
cargo audit $(AUDIT_IGNORE) cargo deny check advisories
deny: deny:
cargo deny check cargo deny check
@@ -332,7 +327,6 @@ ci-rust:
cargo fmt --all -- --check cargo fmt --all -- --check
cargo clippy --workspace --all-targets --all-features -- -D warnings cargo clippy --workspace --all-targets --all-features -- -D warnings
cargo test --workspace --all-features cargo test --workspace --all-features
cargo audit $(AUDIT_IGNORE)
cargo deny check cargo deny check
ci-web-blocking: ci-web-blocking:

11
deny.toml
View File

@@ -4,13 +4,12 @@ all-features = true
[advisories] [advisories]
version = 2 version = 2
yanked = "deny" yanked = "deny"
# Note: RUSTSEC-2023-0071 (rsa via sqlx-mysql) is in Cargo.lock but unreachable —
# sqlx-macros-core unconditionally resolves sqlx-mysql; we only use postgres.
# cargo deny's graph analysis correctly identifies it as unreachable, so no
# ignore entry is needed here. If cargo audit is ever re-added, it will need
# --ignore RUSTSEC-2023-0071 since it scans the lockfile without graph analysis.
ignore = [ ignore = [
# rsa v0.9.10 - Marvin Attack timing sidechannel (medium severity)
# Pulled in transitively by sqlx-mysql, which sqlx compiles unconditionally
# for its macro system. We only use PostgreSQL — the rsa code is never
# executed. No upstream fix available.
{ id = "RUSTSEC-2023-0071", reason = "transitive via sqlx-mysql; we only use postgres" },
# rustls-pemfile v2.x - unmaintained # rustls-pemfile v2.x - unmaintained
# Transitive dependency via lapin → amq-protocol-tcp → tcp-stream. # Transitive dependency via lapin → amq-protocol-tcp → tcp-stream.
# No alternative available until lapin updates its TLS stack. # No alternative available until lapin updates its TLS stack.

14
systemctl status postgresql.service
View File

@@ -1,14 +0,0 @@
valkey.service - Advanced key-value store
Loaded: loaded (]8;;file://hp-probook-cachy/usr/lib/systemd/system/valkey.service\/usr/lib/systemd/system/valkey.service]8;;\; [0;1;38:5:185mdisabled; preset: [0;1;38:5:185mdisabled)
Active: inactive (dead)
Feb 10 20:42:44 hp-probook-cachy systemd[1]: Started Advanced key-value store.
Feb 19 13:50:06 hp-probook-cachy valkey-server[1154]: 1154:signal-handler (1771530606) Received SIGTERM scheduling shutdown...
Feb 19 13:50:06 hp-probook-cachy systemd[1]: Stopping Advanced key-value store...
Feb 19 13:50:06 hp-probook-cachy valkey-server[1154]: 1154:M 19 Feb 2026 13:50:06.871 * User requested shutdown...
Feb 19 13:50:06 hp-probook-cachy valkey-server[1154]: 1154:M 19 Feb 2026 13:50:06.871 * Saving the final RDB snapshot before exiting.
Feb 19 13:50:06 hp-probook-cachy valkey-server[1154]: 1154:M 19 Feb 2026 13:50:06.874 * DB saved on disk
Feb 19 13:50:06 hp-probook-cachy valkey-server[1154]: 1154:M 19 Feb 2026 13:50:06.874 # Valkey is now ready to exit, bye bye...
Feb 19 13:50:06 hp-probook-cachy systemd[1]: valkey.service: Deactivated successfully.
Feb 19 13:50:06 hp-probook-cachy systemd[1]: Stopped Advanced key-value store.
Feb 19 13:50:06 hp-probook-cachy systemd[1]: valkey.service: Consumed 3min 58.539s CPU time over 1d 15h 35min 51.539s wall clock time, 13.2M memory peak.