-
Notifications
You must be signed in to change notification settings - Fork 2.7k
Expand file tree
/
Copy pathinstall-cargo-extensions.sh
More file actions
executable file
·41 lines (37 loc) · 1.42 KB
/
install-cargo-extensions.sh
File metadata and controls
executable file
·41 lines (37 loc) · 1.42 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#!/usr/bin/env sh
## Install cargo extensions for release builds.
##
## Installs cargo-auditable for SBOM embedding and cargo-code-sign for binary signing.
##
## Includes handling for cross-build containers in our release workflow.
##
## Usage:
##
## $ scripts/install-cargo-extensions.sh
##
## Expected to be used with `scripts/cargo.sh`.
set -eu
# TODO(zanieb): Use the upstream once https://github.com/rust-secure-code/cargo-auditable/pull/245
# is released.
CARGO_AUDITABLE_INSTALL="cargo install cargo-auditable \
--locked \
--git https://github.com/rust-secure-code/cargo-auditable.git \
--rev 7df767ff9e844d742d7223c62b80353da0f18433"
CARGO_CODE_SIGN_INSTALL="cargo install cargo-code-sign \
--locked \
--git https://github.com/zanieb/cargo-code-sign \
--rev 5d3dea1e1f4319a37dfa18d8018703a04050a561"
# In Linux containers running on x86_64, build a static musl binary so the installed tool works in
# musl-based environments (Alpine, etc.).
#
# On i686 containers the 32-bit linker can't produce 64-bit musl binaries, so we fall back to a
# default build.
if [ "$(uname -m 2>/dev/null)" = "x86_64" ] && [ "$(uname -s 2>/dev/null)" = "Linux" ]; then
MUSL_TARGET="x86_64-unknown-linux-musl"
rustup target add "$MUSL_TARGET"
CC=gcc $CARGO_AUDITABLE_INSTALL --target "$MUSL_TARGET"
CC=gcc $CARGO_CODE_SIGN_INSTALL --target "$MUSL_TARGET"
else
$CARGO_AUDITABLE_INSTALL
$CARGO_CODE_SIGN_INSTALL
fi