We build an intermediate base image from the Rust Docker Hub image. As of the version of the image that was released on March 3 (coincident with the update of rustup to 1.28), building any executable with cargo-auditable using the shell script recommendation does not seem to work. I've provided a minimal reproduction below:
FROM library/rust:1.85.0@sha256:80ccfb51023dbb8bfa7dc469c514a5a66343252d5e7c5aa0fab1e7d82f4ebbdc AS chef
COPY files/root /root
# Install `cargo-auditable` and set it up to be used in place of `cargo` for all subsequent commands.
RUN cargo install cargo-auditable --locked --version 0.6.6
ENV PATH=/root/.bin:$PATH
RUN cargo install rust-audit-info --locked --version 0.5.4
With the recommended shell script in files/root/.bin/cargo with the executable bit set (chmod +x):
#!/bin/sh
export CARGO='/usr/local/cargo/bin/cargo'
cargo-auditable auditable "$@"
This would result in the following errors on the attempt to build rust-audit-info or any other executable after updating the PATH.
4.166 Compiling rust-audit-info v0.5.4
4.189
4.189 thread 'main' panicked at /usr/local/cargo/registry/src/index.crates.io-1949cf8c6b5b557f/cargo-auditable-0.6.6/src/collect_audit_data.rs:79:9:
4.189 cargo metadata failure:
4.189 note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
4.189 error: could not compile `rust-audit-info` (bin "rust-audit-info")
I was able to get things working again by adjusting the cargo shell script above to the following:
#!/bin/sh
exec /usr/local/cargo/bin/cargo auditable "$@"
This may require an update to the documented recommendation due to some changes in how rustup may have affected use of the CARGO environment variable to refer back to the triggering cargo, or causing it to consume the standard output from the cargo metadata command.
We build an intermediate base image from the Rust Docker Hub image. As of the version of the image that was released on March 3 (coincident with the update of rustup to 1.28), building any executable with cargo-auditable using the shell script recommendation does not seem to work. I've provided a minimal reproduction below:
With the recommended shell script in
files/root/.bin/cargowith the executable bit set (chmod +x):This would result in the following errors on the attempt to build
rust-audit-infoor any other executable after updating thePATH.I was able to get things working again by adjusting the
cargoshell script above to the following:This may require an update to the documented recommendation due to some changes in how
rustupmay have affected use of theCARGOenvironment variable to refer back to the triggeringcargo, or causing it to consume the standard output from thecargo metadatacommand.