#cargo #package #supply-chain #test #attack #goal #solely

yanked supply-chain-attack-test

The goal of this package is solely to test possible supply chain attack

0.1.0 Feb 28, 2023

#5 in #solely

MIT license

2KB

Cargo

Cargo downloads your Rust project’s dependencies and compiles your project.

To start using Cargo, learn more at The Cargo Book.

To start developing Cargo itself, read the Cargo Contributor Guide.

Code Status

CI

Code documentation: https://doc.rust-lang.org/nightly/nightly-rustc/cargo/

Installing Cargo

Cargo is distributed by default with Rust, so if you've got rustc installed locally you probably also have cargo installed locally.

Compiling from Source

Requirements

Cargo requires the following tools and packages to build:

Other requirements:

The following are optional based on your platform and needs.

  • pkg-config — This is used to help locate system packages, such as libssl headers/libraries. This may not be required in all cases, such as using vendored OpenSSL, or on Windows.

  • OpenSSL — Only needed on Unix-like systems and only if the vendored-openssl Cargo feature is not used.

    This requires the development headers, which can be obtained from the libssl-dev package on Ubuntu or openssl-devel with apk or yum or the openssl package from Homebrew on macOS.

    If using the vendored-openssl Cargo feature, then a static copy of OpenSSL will be built from source instead of using the system OpenSSL. This may require additional tools such as perl and make.

    On macOS, common installation directories from Homebrew, MacPorts, or pkgsrc will be checked. Otherwise it will fall back to pkg-config.

    On Windows, the system-provided Schannel will be used instead.

    LibreSSL is also supported.

Optional system libraries:

The build will automatically use vendored versions of the following libraries. However, if they are provided by the system and can be found with pkg-config, then the system libraries will be used instead:

  • libcurl — Used for network transfers.
  • libgit2 — Used for fetching git dependencies.
  • libssh2 — Used for SSH access to git repositories.
  • libz (aka zlib) — Used for data compression.

It is recommended to use the vendored versions as they are the versions that are tested to work with Cargo.

Compiling

First, you'll want to check out this repository

git clone https://github.com/rust-lang/cargo.git
cd cargo

With cargo already installed, you can simply run:

cargo build --release

Adding new subcommands to Cargo

Cargo is designed to be extensible with new subcommands without having to modify Cargo itself. See the Wiki page for more details and a list of known community-developed subcommands.

Releases

Cargo releases coincide with Rust releases. High level release notes are available as part of Rust's release notes. Detailed release notes are available in this repo at CHANGELOG.md.

Reporting issues

Found a bug? We'd love to know about it!

Please report all issues on the GitHub issue tracker.

Contributing

See the Cargo Contributor Guide for a complete introduction to contributing to Cargo.

License

Cargo is primarily distributed under the terms of both the MIT license and the Apache License (Version 2.0).

See LICENSE-APACHE and LICENSE-MIT for details.

Third party software

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (https://www.openssl.org/).

In binary form, this product includes software that is licensed under the terms of the GNU General Public License, version 2, with a linking exception, which can be obtained from the upstream repository.

See LICENSE-THIRD-PARTY for details.

No runtime deps