From 0682d6dceafe7631253c61023b58e2b3a592b006 Mon Sep 17 00:00:00 2001
From: David Runge <dave@sleepmap.de>
Date: Wed, 17 May 2023 18:21:57 +0200
Subject: [PATCH] Add cargo-deny integration

- Add `deny.toml` for `cargo deny` with advisory error for `RUSTSEC-
  2020-0071` disabled as it does not affect chrono (or us for that
  matter).
  Allow multiple versions as there is not much we can do about those
  anyways and it clutters the output immensely.
  Add all currently used licenses to allow list.
  Deny the use of `ring` as it does not have a responsible disclosure
  policy: https://github.com/briansmith/ring#bug-reporting
- Run `cargo deny` as further `test` step in GitLab CI, so that it is
  among the last things that may fail in a merge request.
---
 .gitlab-ci.yml          | 14 ++++++++++++++
 deny.toml               | 31 +++++++++++++++++++++++++++++++
 src/commands/decrypt.rs |  8 +++-----
 3 files changed, 48 insertions(+), 5 deletions(-)
 create mode 100644 deny.toml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c11ff4d0..2053423a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -125,6 +125,20 @@ codespell:
   script:
     - codespell --summary -L "crate,ede,iff,mut,nd,te,uint,KeyServer,keyserver,Keyserver,keyservers,Keyservers,keypair,keypairs,KeyPair,fpr,dedup,deriver" -S "*.bin,*.gpg,*.pgp,./.git,*/target,Cargo.lock"
 
+deny:
+  tags:
+    - linux
+  stage: test
+  interruptible: true
+  image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/rust-stable:latest
+
+  before_script:
+    - *before_script_start
+    - cargo install --locked cargo-deny
+    - *before_script_end
+  script:
+    - cargo deny check
+
 rust-stable:
   tags:
     - linux
diff --git a/deny.toml b/deny.toml
new file mode 100644
index 00000000..5a7ba9f9
--- /dev/null
+++ b/deny.toml
@@ -0,0 +1,31 @@
+[advisories]
+ignore = [
+  "RUSTSEC-2020-0071", # chrono not affected by time 0.1 issue
+]
+unmaintained = "deny"
+yanked = "deny"
+
+[bans]
+multiple-versions = "allow"
+deny = [
+  # does not have responsible disclosure policy:
+  # https://github.com/briansmith/ring#bug-reporting
+  {name = "ring"},
+]
+
+[licenses]
+allow = [
+  "Apache-2.0",
+  "BSD-3-Clause",
+  "BSL-1.0",
+  "CC0-1.0",
+  "GPL-2.0",
+  "GPL-3.0",
+  "ISC",
+  "LGPL-2.0",
+  "LGPL-3.0",
+  "MIT",
+  "MIT-0",
+  "MPL-2.0",
+  "Unicode-DFS-2016",
+]
diff --git a/src/commands/decrypt.rs b/src/commands/decrypt.rs
index 93899050..744b5ddf 100644
--- a/src/commands/decrypt.rs
+++ b/src/commands/decrypt.rs
@@ -149,11 +149,9 @@ impl<'a, 'certdb> Helper<'a, 'certdb> {
             session_keys,
             dump_session_key,
             dumper: if dump {
-                let width = if let Some((width, _)) = terminal_size() {
-                    width.0.into()
-                } else {
-                    80
-                };
+                let width = terminal_size()
+                    .map(|(width, _height)| width.0.into())
+                    .unwrap_or(80);
                 Some(PacketDumper::new(width, false))
             } else {
                 None