From 8528b5d8536c692dde1bb8ea886dc2cc92b35091 Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Tue, 3 Mar 2026 16:55:08 +0000 Subject: [PATCH 1/4] Add a test for bare linker configuration --- .../fixtures/bare_linker/.cargo/config.toml | 33 +++++++++++++++++++ .../tests/fixtures/bare_linker/Cargo.toml | 8 +++++ .../tests/fixtures/bare_linker/src/main.rs | 3 ++ cargo-auditable/tests/it.rs | 25 ++++++++++++++ 4 files changed, 69 insertions(+) create mode 100644 cargo-auditable/tests/fixtures/bare_linker/.cargo/config.toml create mode 100644 cargo-auditable/tests/fixtures/bare_linker/Cargo.toml create mode 100644 cargo-auditable/tests/fixtures/bare_linker/src/main.rs diff --git a/cargo-auditable/tests/fixtures/bare_linker/.cargo/config.toml b/cargo-auditable/tests/fixtures/bare_linker/.cargo/config.toml new file mode 100644 index 0000000..1287e6b --- /dev/null +++ b/cargo-auditable/tests/fixtures/bare_linker/.cargo/config.toml @@ -0,0 +1,33 @@ +# copied from https://github.com/EFForg/rayhunter/blob/adeeb751667d3b44ba6ad215a1bc0ac73d90ae72/.cargo/config.toml#L1 +# as a motivating example for bare linker support + +[target.aarch64-apple-darwin] +linker = "rust-lld" +rustflags = ["-C", "target-feature=+crt-static"] + +[target.aarch64-unknown-linux-musl] +linker = "rust-lld" +rustflags = ["-C", "target-feature=+crt-static"] + +# apt install build-essential libc6-armhf-cross libc6-dev-armhf-cross gcc-arm-linux-gnueabihf +[target.armv7-unknown-linux-gnueabihf] +linker = "arm-linux-gnueabihf-gcc" +rustflags = ["-C", "target-feature=+crt-static"] + +[target.armv7-unknown-linux-musleabihf] +linker = "rust-lld" +rustflags = ["-C", "target-feature=+crt-static"] + +[target.armv7-unknown-linux-musleabi] +linker = "rust-lld" +rustflags = ["-C", "target-feature=+crt-static"] + +# Disable rust-lld for x86 macOS because the linker crashers when compiling +# the installer in release mode with debug info on. +# [target.x86_64-apple-darwin] +# linker = "rust-lld" +# rustflags = ["-C", "target-feature=+crt-static"] + +[target.x86_64-unknown-linux-musl] +linker = "rust-lld" +rustflags = ["-C", "target-feature=+crt-static"] diff --git a/cargo-auditable/tests/fixtures/bare_linker/Cargo.toml b/cargo-auditable/tests/fixtures/bare_linker/Cargo.toml new file mode 100644 index 0000000..af15949 --- /dev/null +++ b/cargo-auditable/tests/fixtures/bare_linker/Cargo.toml @@ -0,0 +1,8 @@ +[package] +name = "bare_linker" +version = "0.1.0" +edition = "2024" + +[dependencies] + +[workspace] diff --git a/cargo-auditable/tests/fixtures/bare_linker/src/main.rs b/cargo-auditable/tests/fixtures/bare_linker/src/main.rs new file mode 100644 index 0000000..e7a11a9 --- /dev/null +++ b/cargo-auditable/tests/fixtures/bare_linker/src/main.rs @@ -0,0 +1,3 @@ +fn main() { + println!("Hello, world!"); +} diff --git a/cargo-auditable/tests/it.rs b/cargo-auditable/tests/it.rs index 960427f..e944ce7 100644 --- a/cargo-auditable/tests/it.rs +++ b/cargo-auditable/tests/it.rs @@ -585,3 +585,28 @@ fn test_proc_macro_inner(sbom: bool) { .expect("Could not find 'syn' in the embedded dependency list!"); assert_eq!(syn_info.kind, DependencyKind::Build); } + +#[test] +fn test_bare_linker() { + test_bare_linker_inner(false); + test_bare_linker_inner(true); +} +fn test_bare_linker_inner(sbom: bool) { + // Path to workspace fixture Cargo.toml. See that file for overview of workspace members and their dependencies. + let workspace_cargo_toml = + PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("tests/fixtures/bare_linker/Cargo.toml"); + + // The motivating example is https://github.com/EFForg/rayhunter/blob/main/.cargo/config.toml + // There doesn't seem to be a way to build with a bare linker for GNU targets, only Apple and Musl, + // so this tests really only does anything on those. + + let bins = run_cargo_auditable(workspace_cargo_toml, &[], &[], sbom); + eprintln!("Test fixture binary map: {bins:?}"); + + // bare_linker should only depend on itself + let bare_linker_bin = &bins.get("bare_linker").unwrap()[0]; + let dep_info = get_dependency_info(bare_linker_bin); + eprintln!("{bare_linker_bin} dependency info: {dep_info:?}"); + assert!(dep_info.packages.len() == 1); + assert!(dep_info.packages.iter().any(|p| p.name == "bare_linker")); +} From 38228c354e1a0b14b0dbbccc3c18145aa801ea67 Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Tue, 3 Mar 2026 17:02:59 +0000 Subject: [PATCH 2/4] Deliberately inject faults to verify CI tests these paths --- cargo-auditable/src/rustc_wrapper.rs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cargo-auditable/src/rustc_wrapper.rs b/cargo-auditable/src/rustc_wrapper.rs index 92d34f4..cfe6bfa 100644 --- a/cargo-auditable/src/rustc_wrapper.rs +++ b/cargo-auditable/src/rustc_wrapper.rs @@ -129,6 +129,7 @@ fn rustc_command_with_audit_data(rustc_path: &OsStr) -> Option { if is_apple(&target_info) { if args.bare_linker() { command.arg("-Clink-arg=-u,_AUDITABLE_VERSION_INFO"); + panic!("Apple codepath reached, CI should fail"); } else { command.arg("-Clink-arg=-Wl,-u,_AUDITABLE_VERSION_INFO"); } @@ -143,6 +144,7 @@ fn rustc_command_with_audit_data(rustc_path: &OsStr) -> Option { if args.bare_linker() { command.arg("-Clink-arg=-u"); command.arg("-Clink-arg=AUDITABLE_VERSION_INFO"); + panic!("POSIX codepath reached, CI should fail"); } else { command.arg("-Clink-arg=-Wl,-u,AUDITABLE_VERSION_INFO"); } From e016c030609e0e5d8604a4a3d177826960ba4e77 Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Tue, 3 Mar 2026 17:32:14 +0000 Subject: [PATCH 3/4] Make Cargo actually load the config file; it doesn't load the associated config when just passing Cargo.toml path --- cargo-auditable/tests/it.rs | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/cargo-auditable/tests/it.rs b/cargo-auditable/tests/it.rs index e944ce7..bf3a9ae 100644 --- a/cargo-auditable/tests/it.rs +++ b/cargo-auditable/tests/it.rs @@ -592,15 +592,22 @@ fn test_bare_linker() { test_bare_linker_inner(true); } fn test_bare_linker_inner(sbom: bool) { - // Path to workspace fixture Cargo.toml. See that file for overview of workspace members and their dependencies. - let workspace_cargo_toml = + // Path to workspace fixture Cargo.toml + let cargo_toml = PathBuf::from(env!("CARGO_MANIFEST_DIR")).join("tests/fixtures/bare_linker/Cargo.toml"); - // The motivating example is https://github.com/EFForg/rayhunter/blob/main/.cargo/config.toml + // and the config file fixture is based on that. // There doesn't seem to be a way to build with a bare linker for GNU targets, only Apple and Musl, // so this tests really only does anything on those. + let config_path = PathBuf::from(env!("CARGO_MANIFEST_DIR")) + .join("tests/fixtures/bare_linker/.cargo/config.toml"); - let bins = run_cargo_auditable(workspace_cargo_toml, &[], &[], sbom); + let bins = run_cargo_auditable( + cargo_toml, + &["--config", config_path.to_str().unwrap()], + &[], + sbom, + ); eprintln!("Test fixture binary map: {bins:?}"); // bare_linker should only depend on itself From 75e33d839bf631fac3e559c408b7ca4bfd45a598 Mon Sep 17 00:00:00 2001 From: "Sergey \"Shnatsel\" Davidoff" Date: Tue, 3 Mar 2026 17:32:28 +0000 Subject: [PATCH 4/4] Revert "Deliberately inject faults to verify CI tests these paths" This reverts commit 38228c354e1a0b14b0dbbccc3c18145aa801ea67. --- cargo-auditable/src/rustc_wrapper.rs | 2 -- 1 file changed, 2 deletions(-) diff --git a/cargo-auditable/src/rustc_wrapper.rs b/cargo-auditable/src/rustc_wrapper.rs index cfe6bfa..92d34f4 100644 --- a/cargo-auditable/src/rustc_wrapper.rs +++ b/cargo-auditable/src/rustc_wrapper.rs @@ -129,7 +129,6 @@ fn rustc_command_with_audit_data(rustc_path: &OsStr) -> Option { if is_apple(&target_info) { if args.bare_linker() { command.arg("-Clink-arg=-u,_AUDITABLE_VERSION_INFO"); - panic!("Apple codepath reached, CI should fail"); } else { command.arg("-Clink-arg=-Wl,-u,_AUDITABLE_VERSION_INFO"); } @@ -144,7 +143,6 @@ fn rustc_command_with_audit_data(rustc_path: &OsStr) -> Option { if args.bare_linker() { command.arg("-Clink-arg=-u"); command.arg("-Clink-arg=AUDITABLE_VERSION_INFO"); - panic!("POSIX codepath reached, CI should fail"); } else { command.arg("-Clink-arg=-Wl,-u,AUDITABLE_VERSION_INFO"); }