Skip to content

Commit

Permalink
Use patched protobuf with RUSTSEC-2019-0003 fix. (#7770)
Browse files Browse the repository at this point in the history 
A crates index patch was needed here to ensure both our crates and
transitive dependent crates saw the same rust-protobuf. Without this we
hit many errors like:
```
   Compiling bazel_protos v0.0.1 (/home/jsirois/dev/pantsbuild/jsirois-pants/src/rust/engine/process_execution/bazel_protos)
error[E0277]: the trait bound `gen::bytestream::ReadRequest: protobuf::core::Message` is not satisfied
  --> process_execution/bazel_protos/src/gen/bytestream_grpc.rs:23:42
   |
23 |     req_mar: ::grpcio::Marshaller { ser: ::grpcio::pb_ser, de: ::grpcio::pb_de },
   |                                          ^^^^^^^^^^^^^^^^ the trait `protobuf::core::Message` is not implemented for `gen::bytestream::ReadRequest`
   |
   = note: required by `grpcio::codec::pb_codec::ser`
```

Fixes #7760
  • Loading branch information
@jsirois
jsirois committed May 20, 2019
1 parent aed9ac6 commit d4d8f4c
Show file tree
Hide file tree
Showing 9 changed files with 25 additions and 20 deletions.
26 changes: 13 additions & 13 deletions src/rust/engine/Cargo.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 5 additions & 0 deletions src/rust/engine/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,3 +103,8 @@ tempfile = "3"
ui = { path = "ui" }
url = "1.7.1"
tar_api = { path = "tar_api" }

[patch.crates-io]
# TODO: Remove patch when we can upgrade to an official released version of protobuf with a fix.
# See: https://github.com/pantsbuild/pants/issues/7760 for context.
protobuf = { git="https://github.com/pantsbuild/rust-protobuf", rev="171611c33ec92f07e1b7107327f6d0139a7afebf", version="2.0.6", features = ["with-bytes"] }
2 changes: 1 addition & 1 deletion src/rust/engine/fs/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ lazy_static = "1"
lmdb = { git = "https://github.com/pantsbuild/lmdb-rs.git", rev = "06bdfbfc6348f6804127176e561843f214fc17f8" }
log = "0.4"
parking_lot = "0.6"
protobuf = { version = "2.0.4", features = ["with-bytes"] }
protobuf = { version = "2.0.6", features = ["with-bytes"] }
serverset = { path = "../serverset" }
sha2 = "0.8"
serde = "1.0"
Expand Down
2 changes: 1 addition & 1 deletion src/rust/engine/fs/brfs/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ hashing = { path = "../../hashing" }
libc = "0.2.39"
log = "0.4.1"
parking_lot = "0.6"
protobuf = { version = "2.0.4", features = ["with-bytes"] }
protobuf = { version = "2.0.6", features = ["with-bytes"] }
serverset = { path = "../../serverset" }
time = "0.1.39"
tokio = "0.1"
Expand Down
2 changes: 1 addition & 1 deletion src/rust/engine/fs/fs_util/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ futures = "^0.1.16"
futures-timer = { git = "https://github.com/pantsbuild/futures-timer", rev = "0b747e565309a58537807ab43c674d8951f9e5a0" }
hashing = { path = "../../hashing" }
parking_lot = "0.6"
protobuf = { version = "2.0.4", features = ["with-bytes"] }
protobuf = { version = "2.0.6", features = ["with-bytes"] }
rand = "0.6"
serde = "1.0"
serde_json = "1.0"
Expand Down
2 changes: 1 addition & 1 deletion src/rust/engine/process_execution/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ futures = "^0.1.16"
grpcio = { git = "https://github.com/pantsbuild/grpc-rs.git", rev = "4dfafe9355dc996d7d0702e7386a6fedcd9734c0", default_features = false, features = ["protobuf-codec", "secure"] }
hashing = { path = "../hashing" }
log = "0.4"
protobuf = { version = "2.0.4", features = ["with-bytes"] }
protobuf = { version = "2.0.6", features = ["with-bytes"] }
resettable = { path = "../resettable" }
sha2 = "0.8"
tempfile = "3"
Expand Down
2 changes: 1 addition & 1 deletion src/rust/engine/process_execution/bazel_protos/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ hashing = { path = "../../hashing" }
prost = "0.4"
prost-derive = "0.4"
prost-types = "0.4"
protobuf = { version = "2.0.4", features = ["with-bytes"] }
protobuf = { version = "2.0.6", features = ["with-bytes"] }
# Waiting for https://github.com/tower-rs/tower-grpc/pull/108 and a first actual release.
tower-grpc = { git = "https://github.com/pantsbuild/tower-grpc.git", rev = "ef19f2e1715f415ecb699e8f17f5845ad2b45daf", features = ["prost"] }

Expand Down
2 changes: 1 addition & 1 deletion src/rust/engine/testutil/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,5 @@ bazel_protos = { path = "../process_execution/bazel_protos" }
bytes = "0.4.5"
digest = "0.8"
hashing = { path = "../hashing" }
protobuf = { version = "2.0.4", features = ["with-bytes"] }
protobuf = { version = "2.0.6", features = ["with-bytes"] }
sha2 = "0.8"
2 changes: 1 addition & 1 deletion src/rust/engine/testutil/mock/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,5 +12,5 @@ futures = "^0.1.16"
grpcio = { git = "https://github.com/pantsbuild/grpc-rs.git", rev = "4dfafe9355dc996d7d0702e7386a6fedcd9734c0", default_features = false, features = ["protobuf-codec", "secure"] }
hashing = { path = "../../hashing" }
parking_lot = "0.6"
protobuf = { version = "2.0.4", features = ["with-bytes"] }
protobuf = { version = "2.0.6", features = ["with-bytes"] }
testutil = { path = ".." }

0 comments on commit d4d8f4c

Please sign in to comment.