0

Tweak docs to no longer ask for manual installation of cargo vet.

I tested that after https://crrev.com/c/5366668 landed
`//tools/crates/run_cargo_vet.py` works (using
`//third_party/rust-toolchain/bin/cargo-vet`) without requiring an
explicit installation step (I've verified that `locate` doesn't find any
other `cargo-vet` binaries on my machine).

Based on the above, this CL removes docs that ask for a separate
installation step for `cargo vet`.

Bug: 326234536
Change-Id: I8015fe700c5cc477d340e9205031b0bd533c1e10
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5387733
Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org>
Reviewed-by: danakj <danakj@chromium.org>
Auto-Submit: Łukasz Anforowicz <lukasza@chromium.org>
Commit-Queue: danakj <danakj@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1276978}
This commit is contained in:
Lukasz Anforowicz
2024-03-22 17:54:44 +00:00
committed by Chromium LUCI CQ
parent 85fa2139c5
commit 0aa1dcf440
3 changed files with 0 additions and 13 deletions

@ -54,11 +54,6 @@ Additional notes:
(e.g. Android, Fuchsia, etc.). This means that adding a new crate does not (e.g. Android, Fuchsia, etc.). This means that adding a new crate does not
necessarily require a new audit if the crate has already been audited by necessarily require a new audit if the crate has already been audited by
other projects. other projects.
* Before using `tools/crates/run_cargo_vet.py` you may need to install the tool
by running:
`tools/crates/run_cargo.py install cargo-vet --locked --version=0.9.1`
- TODO(https://crbug.com/326234536): Prebuild `cargo-vet` and distribute
via/into `third_party/rust-toolchain` (i.e. together with `rustc`).
* For now we kindly ask you that audit updates in `audits.toml` * For now we kindly ask you that audit updates in `audits.toml`
should be part of the submitted CL so that `run_cargo_vet.py check` will should be part of the submitted CL so that `run_cargo_vet.py check` will
continue to pass after the CL lands. continue to pass after the CL lands.

@ -80,10 +80,6 @@ To use a third-party crate "bar" version 3 from first party code:
1. Verify if all new dependencies are already audited by running `cargo vet` 1. Verify if all new dependencies are already audited by running `cargo vet`
See [`rust-unsafe.md#cargo-vet-policy`](rust-unsafe.md#cargo-vet-policy) for See [`rust-unsafe.md#cargo-vet-policy`](rust-unsafe.md#cargo-vet-policy) for
more details. This boils down to: more details. This boils down to:
* Install `cargo vet` if it's not yet installed:
* `tools/crates/run_cargo.py install cargo-vet --locked --version=0.9.1`
* TODO: Pre-package `cargo-vet` into `rust-toolchain`:
https://crrev.com/c/5366668
* `./tools/crates/run_cargo_vet.py check` * `./tools/crates/run_cargo_vet.py check`
* If `check` fails, then there are missing audits, which need to be added to * If `check` fails, then there are missing audits, which need to be added to
`//third_party/rust/chromium_crates_io/supply-chain/audits.toml`. `//third_party/rust/chromium_crates_io/supply-chain/audits.toml`.

@ -77,10 +77,6 @@ closest to `origin/main`):
that the automated script has listed in the CL description (e.g. if some that the automated script has listed in the CL description (e.g. if some
of the criteria are already covered by `audits.toml` imported from other of the criteria are already covered by `audits.toml` imported from other
projects). projects).
- Install `cargo vet` if it's not yet installed:
* `tools/crates/run_cargo.py install cargo-vet --locked --version=0.9.1`
* TODO: Pre-package `cargo-vet` into `rust-toolchain`:
https://crrev.com/c/5366668
1. Follow the cargo vet instructions to inspect diffs and certify the results 1. Follow the cargo vet instructions to inspect diffs and certify the results
1. `git add third_party/rust/chromium_crates_io/supply-chain`. 1. `git add third_party/rust/chromium_crates_io/supply-chain`.
`git commit -m 'cargo vet'` `git commit -m 'cargo vet'`