Allow disabling the CARGO_TREE variable in the output as it can contain sensitive information

[kleinesfilmroellchen]

CARGO_TREE includes the dependency tree. This in turn will include the full file system path for any path dependencies, as is common for multi-crate projects. The file system path may contain sensitive information, and I do not want to rely on the linker removing CARGO_TREE from the built binary if I don't use it; I must be sure that the compiler never sees it.

Therefore I'm just asking for the ability to disable this build information variable via a feature flag or a build script configuration option.

[baoyachi]

I can support. I'm try do it.

[baoyachi]

hi @kleinesfilmroellchen
I'm sorry I was a little late in solving this issue, but the new version can solve the problem you mentioned. Please use :

shadow-rs = "0.20.0"

see detail: https://docs.rs/shadow-rs/latest/shadow_rs/fn.new_deny.html

Change build.rs:

use std::collections::BTreeSet;

fn main() -> shadow_rs::SdResult<()> {
   let mut deny = BTreeSet::new();
   deny.insert(shadow_rs::CARGO_TREE);
   shadow_rs::new_deny(deny)
}

[kleinesfilmroellchen]

@baoyachi tyvm!