First off, yes we are currently on cargo-auditable 0.6.5, I was just trying to test something for upstream and ended up running into a bunch of errors.
The crux is that I can only reproduce this when building with Nix (i.e. sandboxed) and I’ve pinned it down to a single dependency bump which does not look like it should break something.
Take this glued together expression that I just pulled out of my sleeve:
nom build --no-link --print-build-logs --print-out-paths --impure --expr 'let inherit (import (builtins.fetchTree { type = "github"; owner = "NixOS"; repo = "nixpkgs"; rev = "5461b7fa65f3ca74cef60be837fd559a8918eaa0"; }) {}) pkgs lib; version = "0.6.6"; repo = pkgs.fetchFromGitHub { owner = "rust-secure-code"; repo = "cargo-auditable"; rev = "v${version}"; hash = "sha256-cyOfaHdGERQakLn8Zcu8NDHHBUih5elOSshJzZB2YLs="; }; in pkgs.cargo-auditable.overrideAttrs (attrs: rec { inherit version; src = repo; cargoDeps = pkgs.rustPlatform.importCargoLock { lockFile = "${src}/Cargo.lock"; }; })'
This will fail the test_self_hosting test of cargo-auditable.
You can switch the version to 0.6.5 (and adjust the hash) and it will run fine.
Now however if you were to downgrade bitflags from 2.6.0 to 2.5.0, it will build and check just fine.
nom build --no-link --print-build-logs --print-out-paths --impure --expr 'let inherit (import (builtins.fetchTree { type = "github"; owner = "NixOS"; repo = "nixpkgs"; rev = "5461b7fa65f3ca74cef60be837fd559a8918eaa0"; }) {}) pkgs lib; version = "0.6.6"; repo = pkgs.fetchFromGitHub { owner = "rust-secure-code"; repo = "cargo-auditable"; rev = "v${version}"; hash = "sha256-cyOfaHdGERQakLn8Zcu8NDHHBUih5elOSshJzZB2YLs="; }; in pkgs.cargo-auditable.overrideAttrs (attrs: rec { inherit version; src = pkgs.stdenv.mkDerivation { name = "cargo-auditable-src-downgraded-bitflags"; buildInputs = with pkgs; [ cargo ]; src = repo; buildPhase = "env CARGO_HTTP_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt cargo update -p bitflags@2.6.0 --precise 2.5.0"; installPhase = "cd .. && mv $OLDPWD $out"; outputHashMode = "recursive"; outputHashAlgo = "sha256"; outputHash = "sha256-9QsIroAsUtfc3BUUrjw7OnZpdyWVDp7QI30/Nyj6UXY="; }; cargoDeps = pkgs.rustPlatform.importCargoLock { lockFile = "${src}/Cargo.lock"; }; })'
I can only seem to reproduce this in the Nix sandbox, because running cargo test outside the sandbox shows me this:
running 1 test
Removed 61 files, 10.5MiB total
Compiling bitflags v2.5.0
Compiling binfarce v0.2.1
Compiling adler2 v2.0.0
Compiling miniz_oxide v0.8.0
Compiling wasmparser v0.207.0
Compiling auditable-extract v0.3.5 (/tmp/cargo-auditable/auditable-extract)
Compiling auditable-info v0.9.0 (/tmp/cargo-auditable/auditable-info)
Compiling rust-audit-info v0.5.4 (/tmp/cargo-auditable/rust-audit-info)
Finished `release` profile [optimized] target(s) in 6.96s
test test_self_hosting ... ok
test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 10 filtered out; finished in 7.06s
Note that it uses bitflags 2.5.0 in the tests.
So, either I’m doing something wrong with my builds, which is more than likely, or I’m hitting some weird issue.
Even if I knew it wasn’t specific to my builds, I’m not sure whether to report this to the upstream project, nixpkgs (which has not yet shipped 0.6.6, but this info might help), or bitflags or whereever else.
This is also the tenth or so issue with something I’ve run into in the past weeks and I’m just tired, if someone could help me figure out where to report what, that’d be cool.
Running NixOS btw:
- system: `"x86_64-linux"`
- host os: `Linux 6.6.87, NixOS, 24.11 (Vicuna), 24.11`
- multi-user?: `yes`
- sandbox: `yes`
- version: `nix-env (Lix, like Nix) 2.93.0-dev
System type: x86_64-linux
Additional system types: i686-linux, x86_64-v1-linux, x86_64-v2-linux, x86_64-v3-linux
Features: gc, signed-caches
System configuration file: /etc/nix/nix.conf
User configuration files: /home/benaryorg/.config/nix/nix.conf:/etc/xdg/nix/nix.conf:/home/benaryorg/.local/share/flatpak/exports/etc/xdg/nix/nix.conf:/var/lib/flatpak/exports/etc/xdg/nix/nix.conf:/home/benaryorg/.nix-profile/etc/xdg/nix/nix.conf:/nix/profile/etc/xdg/nix/nix.conf:/home/benaryorg/.local/state/nix/profile/etc/xdg/nix/nix.conf:/etc/profiles/per-user/benaryorg/etc/xdg/nix/nix.conf:/nix/var/nix/profiles/default/etc/xdg/nix/nix.conf:/run/current-system/sw/etc/xdg/nix/nix.conf
Store directory: /nix/store
State directory: /nix/var/nix
Data directory: /nix/store/qy5n8bhf315ds1psv4qr3bnrb5md0ksa-lix-2.93.0-dev/share`
- nixpkgs: `/nix/store/rqx5zrz9bmbk9lbzz730qlx2g7cwgrw7-source`
(hitting this with Lix main, but it looks agnostic)