build: run new cargo deny checks

Path dependencies without a specified version will be treated as a
wildcard dependency and cause an error, so add the version to each.

Block multiple versions of crates, but skip the existing cases. The
goal is to prevent new instances from coming in unnoticed.

Signed-off-by: Ben Cressey <bcressey@amazon.com>

Makefile.toml

@@ -498,8 +498,8 @@ dependencies = ["fetch"]
 script = [
 '''
 run_cargo_deny="
-(cd /tmp/sources && cargo deny check --disable-fetch licenses)
-(cd /tmp/tools && cargo deny check --disable-fetch licenses)
+(cd /tmp/sources && cargo deny --all-features check --disable-fetch licenses bans sources) &&
+(cd /tmp/tools && cargo deny --all-features check --disable-fetch licenses bans sources)
 "
 set +e
 docker run --rm \

sources/api/apiclient/Cargo.toml

@@ -10,16 +10,16 @@ build = "build.rs"
 exclude = ["README.md"]
 
 [dependencies]
-constants = { path = "../../constants" }
-datastore = { path = "../datastore" }
+constants = { path = "../../constants", version = "0.1.0" }
+datastore = { path = "../datastore", version = "0.1.0" }
 futures = { version = "0.3", default-features = false }
 http = "0.2"
 # Ensure we use exactly hyper 0.14.2 which is the last version that does not emit a cdylib
 # See this issue for tracking https://github.com/bottlerocket-os/bottlerocket/issues/1471
 hyper = { version = "=0.14.2", default-features = false, features = [ "client", "http1", "http2" ] }
 hyper-unix-connector = "0.2"
 log = "0.4"
-models = { path = "../../models" }
+models = { path = "../../models", version = "0.1.0" }
 rand = "0.8"
 reqwest = { version = "0.11.1", default-features = false, features = ["rustls-tls"] }
 serde = { version = "1.0", features = ["derive"] }

sources/api/apiserver/Cargo.toml

@@ -11,14 +11,14 @@ exclude = ["README.md"]
 
 [dependencies]
 actix-web = { version = "4.0.0-beta.5", default-features = false }
-bottlerocket-release = { path = "../../bottlerocket-release" }
-datastore = { path = "../datastore" }
+bottlerocket-release = { path = "../../bottlerocket-release", version = "0.1.0" }
+datastore = { path = "../datastore", version = "0.1.0" }
 fs2 = "0.4.3"
 futures = { version = "0.3", default-features = false }
 http = "0.2.1"
 libc = "0.2"
 log = "0.4"
-models = { path = "../../models" }
+models = { path = "../../models", version = "0.1.0" }
 nix = "0.22"
 num = "0.4"
 percent-encoding = "2.1"
@@ -27,7 +27,7 @@ serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 simplelog = "0.10"
 snafu = "0.6"
-thar-be-updates = { path = "../thar-be-updates" }
+thar-be-updates = { path = "../thar-be-updates", version = "0.1.0" }
 walkdir = "2.2"
 
 [build-dependencies]

sources/api/bootstrap-containers/Cargo.toml

@@ -10,13 +10,13 @@ build = "build.rs"
 exclude = ["README.md"]
 
 [dependencies]
-apiclient = { path = "../apiclient" }
-constants = { path = "../../constants" }
-datastore = { path = "../datastore" }
+apiclient = { path = "../apiclient", version = "0.1.0" }
+constants = { path = "../../constants", version = "0.1.0" }
+datastore = { path = "../datastore", version = "0.1.0" }
 base64 = "0.13"
 http = "0.2"
 log = "0.4"
-models = { path = "../../models" }
+models = { path = "../../models", version = "0.1.0" }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1"
 simplelog = "0.10"

sources/api/certdog/Cargo.toml

@@ -10,17 +10,17 @@ build = "build.rs"
 exclude = ["README.md"]
 
 [dependencies]
-apiclient = { path = "../apiclient" }
+apiclient = { path = "../apiclient", version = "0.1.0" }
 argh = "0.1.3"
 base64 = "0.13"
-constants = { path = "../../constants" }
+constants = { path = "../../constants", version = "0.1.0" }
 # x509-parser depends on der-parser ^5.0.  5.1.1 contains breaking changes.
 # The 5.1.1 release isn't in the master branch; those changes are instead in a
 # 6.0.0 release, more clearly implying breaking changes.  Lock to 5.1.0.
 der-parser = "=5.1.0"
 http = "0.2"
 log = "0.4"
-models = { path = "../../models" }
+models = { path = "../../models", version = "0.1.0" }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1"
 simplelog = "0.10"

sources/api/corndog/Cargo.toml

@@ -10,11 +10,11 @@ build = "build.rs"
 exclude = ["README.md"]
 
 [dependencies]
-apiclient = { path = "../apiclient" }
-constants = { path = "../../constants" }
+apiclient = { path = "../apiclient", version = "0.1.0" }
+constants = { path = "../../constants", version = "0.1.0" }
 http = "0.2"
 log = "0.4"
-models = { path = "../../models" }
+models = { path = "../../models", version = "0.1.0" }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1"
 simplelog = "0.10"

sources/api/early-boot-config/Cargo.toml

@@ -10,13 +10,13 @@ build = "build.rs"
 exclude = ["README.md"]
 
 [dependencies]
-apiclient = { path = "../apiclient" }
+apiclient = { path = "../apiclient", version = "0.1.0" }
 async-trait = "0.1.36"
 base64 = "0.13"
-constants = { path = "../../constants" }
+constants = { path = "../../constants", version = "0.1.0" }
 flate2 = { version = "1.0", default-features = false, features = ["rust_backend"] }
 http = "0.2"
-imdsclient = { path = "../../imdsclient" }
+imdsclient = { path = "../../imdsclient", version = "0.1.0" }
 log = "0.4"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1"

sources/api/ecs-settings-applier/Cargo.toml

@@ -10,10 +10,10 @@ build = "build.rs"
 exclude = ["README.md"]
 
 [dependencies]
-constants = { path = "../../constants" }
+constants = { path = "../../constants", version = "0.1.0" }
 serde = {version = "1.0", features = ["derive"]}
 serde_json = "1"
-schnauzer = { path = "../schnauzer" }
+schnauzer = { path = "../schnauzer", version = "0.1.0" }
 log = "0.4"
 snafu = "0.6"
 tokio = { version = "~1.8", default-features = false, features = ["macros", "rt-multi-thread"] }  # LTS

sources/api/host-containers/Cargo.toml

@@ -10,12 +10,12 @@ build = "build.rs"
 exclude = ["README.md"]
 
 [dependencies]
-apiclient = { path = "../apiclient" }
+apiclient = { path = "../apiclient", version = "0.1.0" }
 base64 = "0.13"
-constants = { path = "../../constants" }
+constants = { path = "../../constants", version = "0.1.0" }
 http = "0.2"
 log = "0.4"
-models = { path = "../../models" }
+models = { path = "../../models", version = "0.1.0" }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1"
 simplelog = "0.10"

sources/api/migration/migration-helpers/Cargo.toml

@@ -9,10 +9,10 @@ publish = false
 exclude = ["README.md"]
 
 [dependencies]
-bottlerocket-release = { path = "../../../bottlerocket-release" }
-datastore = { path = "../../datastore" }
+bottlerocket-release = { path = "../../../bottlerocket-release", version = "0.1.0" }
+datastore = { path = "../../datastore", version = "0.1.0" }
 handlebars = "4.1"
-schnauzer = { path = "../../schnauzer" }
+schnauzer = { path = "../../schnauzer", version = "0.1.0" }
 serde = "1.0.104"
 serde_json = "1.0"
 snafu = "0.6"

sources/api/migration/migrations/v1.3.0/control-container-v0-5-2/Cargo.toml

@@ -9,4 +9,4 @@ publish = false
 exclude = ["README.md"]
 
 [dependencies]
-migration-helpers = { path = "../../../migration-helpers" }
+migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" }

sources/api/migration/migrations/v1.3.0/etc-hosts-service/Cargo.toml

@@ -9,4 +9,4 @@ publish = false
 exclude = ["README.md"]
 
 [dependencies]
-migration-helpers = { path = "../../../migration-helpers" }
+migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" }

sources/api/migration/migrations/v1.3.0/hostname-affects-etc-hosts/Cargo.toml

@@ -9,4 +9,4 @@ publish = false
 exclude = ["README.md"]
 
 [dependencies]
-migration-helpers = { path = "../../../migration-helpers" }
+migration-helpers = { path = "../../../migration-helpers", version = "0.1.0" }

sources/api/migration/migrator/Cargo.toml

@@ -10,7 +10,7 @@ build = "build.rs"
 exclude = ["README.md"]
 
 [dependencies]
-bottlerocket-release = { path = "../../../bottlerocket-release" }
+bottlerocket-release = { path = "../../../bottlerocket-release", version = "0.1.0" }
 log = "0.4"
 lz4 = "1.23.1"
 nix = "0.22"
@@ -21,15 +21,15 @@ semver = "1.0"
 simplelog = "0.10"
 snafu = "0.6"
 tough = "0.11"
-update_metadata = { path = "../../../updater/update_metadata" }
+update_metadata = { path = "../../../updater/update_metadata", version = "0.1.0" }
 url = "2.1.1"
 
 [build-dependencies]
 cargo-readme = "3.1"
 
 [dev-dependencies]
 chrono = "0.4.11"
-storewolf = { path = "../../storewolf" }
+storewolf = { path = "../../storewolf", version = "0.1.0" }
 tempfile = "3.1.0"
 
 [[bin]]

sources/api/pluto/Cargo.toml

@@ -10,10 +10,10 @@ build = "build.rs"
 exclude = ["README.md"]
 
 [dependencies]
-apiclient = { path = "../apiclient" }
-constants = { path = "../../constants" }
-imdsclient = { path = "../../imdsclient" }
-models = { path = "../../models" }
+apiclient = { path = "../apiclient", version = "0.1.0" }
+constants = { path = "../../constants", version = "0.1.0" }
+imdsclient = { path = "../../imdsclient", version = "0.1.0" }
+models = { path = "../../models", version = "0.1.0" }
 rusoto_core = { version = "0.47", default-features = false, features = ["rustls"] }
 rusoto_eks = { version = "0.47", default-features = false, features = ["rustls"] }
 serde_json = "1"

sources/api/schnauzer/Cargo.toml

@@ -10,16 +10,16 @@ build = "build.rs"
 exclude = ["README.md"]
 
 [dependencies]
-apiclient = { path = "../apiclient" }
+apiclient = { path = "../apiclient", version = "0.1.0" }
 base64 = "0.13"
-constants = { path = "../../constants" }
-bottlerocket-release = { path = "../../bottlerocket-release" }
+constants = { path = "../../constants", version = "0.1.0" }
+bottlerocket-release = { path = "../../bottlerocket-release", version = "0.1.0" }
 dns-lookup = "1.0"
 handlebars = "4.1"
 http = "0.2"
 lazy_static = "1.4"
 log = "0.4"
-models = { path = "../../models" }
+models = { path = "../../models", version = "0.1.0" }
 percent-encoding = "2.1"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1"

sources/api/servicedog/Cargo.toml

@@ -10,12 +10,12 @@ build = "build.rs"
 exclude = ["README.md"]
 
 [dependencies]
-apiclient = { path = "../apiclient" }
-constants = { path = "../../constants" }
-datastore = { path = "../datastore" }
+apiclient = { path = "../apiclient", version = "0.1.0" }
+constants = { path = "../../constants", version = "0.1.0" }
+datastore = { path = "../datastore", version = "0.1.0" }
 http = "0.2"
 log = "0.4"
-models = { path = "../../models" }
+models = { path = "../../models", version = "0.1.0" }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1"
 simplelog = "0.10"

sources/api/settings-committer/Cargo.toml

@@ -10,8 +10,8 @@ build = "build.rs"
 exclude = ["README.md"]
 
 [dependencies]
-apiclient = { path = "../apiclient" }
-constants = { path = "../../constants" }
+apiclient = { path = "../apiclient", version = "0.1.0" }
+constants = { path = "../../constants", version = "0.1.0" }
 snafu = "0.6"
 http = "0.2"
 log = "0.4"

sources/api/shibaken/Cargo.toml

@@ -11,7 +11,7 @@ exclude = ["README.md"]
 
 [dependencies]
 base64 = "0.13"
-imdsclient = { path = "../../imdsclient" }
+imdsclient = { path = "../../imdsclient", version = "0.1.0" }
 log = "0.4"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1"

sources/api/static-pods/Cargo.toml

@@ -10,11 +10,11 @@ build = "build.rs"
 exclude = ["README.md"]
 
 [dependencies]
-constants = { path = "../../constants" }
+constants = { path = "../../constants", version = "0.1.0" }
 base64 = "0.13"
 log = "0.4"
-models = { path = "../../models" }
-schnauzer = { path = "../schnauzer" }
+models = { path = "../../models", version = "0.1.0" }
+schnauzer = { path = "../schnauzer", version = "0.1.0" }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1"
 simplelog = "0.10"

sources/api/storewolf/Cargo.toml

@@ -10,11 +10,11 @@ build = "build.rs"
 exclude = ["README.md"]
 
 [dependencies]
-constants = { path = "../../constants" }
-bottlerocket-release = { path = "../../bottlerocket-release" }
-datastore = { path = "../datastore" }
+constants = { path = "../../constants", version = "0.1.0" }
+bottlerocket-release = { path = "../../bottlerocket-release", version = "0.1.0" }
+datastore = { path = "../datastore", version = "0.1.0" }
 log = "0.4"
-models = { path = "../../models" }
+models = { path = "../../models", version = "0.1.0" }
 rand = { version = "0.8", default-features = false, features = ["std", "std_rng"] }
 semver = "1.0"
 simplelog = "0.10"
@@ -23,13 +23,13 @@ toml = "0.5"
 
 [build-dependencies]
 cargo-readme = "3.1"
-merge-toml = { path = "merge-toml" }
+merge-toml = { path = "merge-toml", version = "0.1.0" }
 # We have a models build-dep because we read default settings from the models
 # directory and need its build.rs to run first; we also reflect the dependency
 # with cargo:rerun-if-changed statements in our build.rs.  The models build.rs
 # runs twice, once for the above dependency and once for this build-dependency,
 # so it's important that it remains reentrant.
-models = { path = "../../models" }
+models = { path = "../../models", version = "0.1.0" }
 snafu = "0.6"
 toml = "0.5"
 walkdir = "2"

sources/api/sundog/Cargo.toml

@@ -10,12 +10,12 @@ build = "build.rs"
 exclude = ["README.md"]
 
 [dependencies]
-apiclient = { path = "../apiclient" }
-constants = { path = "../../constants" }
-datastore = { path = "../datastore" }
+apiclient = { path = "../apiclient", version = "0.1.0" }
+constants = { path = "../../constants", version = "0.1.0" }
+datastore = { path = "../datastore", version = "0.1.0" }
 http = "0.2"
 log = "0.4"
-models = { path = "../../models" }
+models = { path = "../../models", version = "0.1.0" }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1"
 simplelog = "0.10"

sources/api/thar-be-settings/Cargo.toml

@@ -10,15 +10,15 @@ build = "build.rs"
 exclude = ["README.md"]
 
 [dependencies]
-apiclient = { path = "../apiclient" }
-constants = { path = "../../constants" }
+apiclient = { path = "../apiclient", version = "0.1.0" }
+constants = { path = "../../constants", version = "0.1.0" }
 handlebars = "4.1"
 http = "0.2"
 itertools = "0.10"
 log = "0.4"
-models = { path = "../../models" }
+models = { path = "../../models", version = "0.1.0" }
 nix = "0.22"
-schnauzer = { path = "../schnauzer" }
+schnauzer = { path = "../schnauzer", version = "0.1.0" }
 serde_json = "1"
 simplelog = "0.10"
 snafu = "0.6"