1  #!/usr/bin/env bash
 2  #
 3  # Use cargo-tree to check our dependencies for crates which we must
 4  # not depend on unconditionally.
 5  
 6  set -eu
 7  
 8  forbid () {
 9      local our_crate="$1"
10      local feature="$2"
11      local forbidden="$3"
12  
13      set +e
14      cargo tree --prefix=none -p "$our_crate" --features "$feature" \
15  	  --format="    {p}" | grep "^    $forbidden "
16      # Note that the space in the grep pattern above is necessary to
17      # make sure we don't match prefixes.  (The cargo tree output will be
18      # something like "    cratename v1.2.3".)
19  
20      local result="${PIPESTATUS[*]}"
21      set -e
22  
23      case "$result" in
24  	"0 0")
25  	    # cargo-tree succeeded, and so did grep: we found the
26  	    # forbidden package.
27              echo "Uh-oh: $forbidden has shown up in $our_crate/$feature."
28      	    exit 1
29  	    ;;
30  	"0 1")
31  	    # cargo-tree succeeded, and grep failed: we didn't find the
32  	    # forbidden package.
33  	    echo "Didn't find $forbidden in $our_crate/$feature.  Good."
34  	    ;;
35  	*)
36  	    # cargo-tree failed (or maybe grep is gruesomely nonstandard)
37  	    echo "cargo tree failed unexpectedly when checking for $forbidden in $our_crate/$feature" >&2
38  	    exit 1
39  	    ;;
40      esac
41  }
42  
43  # We can't use these crates in arti/full, since they expose us to the old
44  # OpenSSL (3BSD + SSLeay) license.
45  forbid arti full ring
46  forbid arti full webpki
47  
48  echo "Everything looks fine."