security/cargo-auditable: import package

Know the exact crate versions used to build your Rust executable. Audit binaries
for known bugs or security vulnerabilities in production, at scale, with zero
bookkeeping.

This works by embedding data about the dependency tree in JSON format into a
dedicated linker section of the compiled executable.

Author: 0323pin

security/cargo-auditable/DESCR

@@ -0,0 +1,6 @@
+Know the exact crate versions used to build your Rust executable. Audit binaries
+for known bugs or security vulnerabilities in production, at scale, with zero
+bookkeeping.
+
+This works by embedding data about the dependency tree in JSON format into a
+dedicated linker section of the compiled executable.

security/cargo-auditable/Makefile

@@ -0,0 +1,27 @@
+# $NetBSD: Makefile,v 1.1 2026/03/10 16:29:34 pin Exp $
+
+DISTNAME=	cargo-auditable-0.7.4
+CATEGORIES=	security
+MASTER_SITES=	${MASTER_SITE_GITHUB:=rust-secure-code/}
+GITHUB_TAG=	v${PKGVERSION_NOREV}
+
+MAINTAINER=	pkgsrc-users@NetBSD.org
+HOMEPAGE=	https://github.com/rust-secure-code/cargo-auditable/
+COMMENT=	Make production Rust binaries auditable
+LICENSE=	apache-2.0 OR mit
+
+.include "cargo-depends.mk"
+
+#RUST_REQ=		1.91.1
+#Upstream does not state the required MSRV.
+#This package is confirmed to build with Rust 1.91.0 and Rust 1.94.0 on amd64
+INSTALLATION_DIRS=	bin ${PKGMANDIR}/man1
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/target/release/cargo-auditable \
+		${DESTDIR}${PREFIX}/bin
+	${INSTALL_MAN} ${WRKSRC}/cargo-auditable/cargo-auditable.1 \
+		${DESTDIR}${PREFIX}/${PKGMANDIR}/man1/cargo-auditable.1
+
+.include "../../lang/rust/cargo.mk"
+.include "../../mk/bsd.pkg.mk"

security/cargo-auditable/PLIST

@@ -0,0 +1,3 @@
+@comment $NetBSD: PLIST,v 1.1 2026/03/10 16:29:34 pin Exp $
+bin/cargo-auditable
+man/man1/cargo-auditable.1

security/cargo-auditable/cargo-depends.mk

@@ -0,0 +1,97 @@
+# $NetBSD: cargo-depends.mk,v 1.1 2026/03/10 16:29:34 pin Exp $
+
+CARGO_CRATE_DEPENDS+=	adler2-2.0.1
+CARGO_CRATE_DEPENDS+=	aho-corasick-1.1.4
+CARGO_CRATE_DEPENDS+=	autocfg-1.5.0
+CARGO_CRATE_DEPENDS+=	base64-0.21.7
+CARGO_CRATE_DEPENDS+=	binfarce-0.2.1
+CARGO_CRATE_DEPENDS+=	bitflags-1.3.2
+CARGO_CRATE_DEPENDS+=	bitflags-2.10.0
+CARGO_CRATE_DEPENDS+=	bumpalo-3.19.0
+CARGO_CRATE_DEPENDS+=	byteorder-0.5.3
+CARGO_CRATE_DEPENDS+=	camino-1.2.1
+CARGO_CRATE_DEPENDS+=	cargo-platform-0.3.1
+CARGO_CRATE_DEPENDS+=	cargo_metadata-0.23.0
+CARGO_CRATE_DEPENDS+=	cfg-if-1.0.4
+CARGO_CRATE_DEPENDS+=	crc32fast-1.5.0
+CARGO_CRATE_DEPENDS+=	cyclonedx-bom-0.8.0
+CARGO_CRATE_DEPENDS+=	cyclonedx-bom-macros-0.1.0
+CARGO_CRATE_DEPENDS+=	deranged-0.5.5
+CARGO_CRATE_DEPENDS+=	dyn-clone-1.0.20
+CARGO_CRATE_DEPENDS+=	env_home-0.1.0
+CARGO_CRATE_DEPENDS+=	equivalent-1.0.2
+CARGO_CRATE_DEPENDS+=	errno-0.3.14
+CARGO_CRATE_DEPENDS+=	fluent-uri-0.1.4
+CARGO_CRATE_DEPENDS+=	foldhash-0.1.5
+CARGO_CRATE_DEPENDS+=	getrandom-0.3.4
+CARGO_CRATE_DEPENDS+=	hashbrown-0.15.5
+CARGO_CRATE_DEPENDS+=	hashbrown-0.16.0
+CARGO_CRATE_DEPENDS+=	heck-0.5.0
+CARGO_CRATE_DEPENDS+=	hex-0.4.3
+CARGO_CRATE_DEPENDS+=	indexmap-2.12.0
+CARGO_CRATE_DEPENDS+=	itoa-1.0.15
+CARGO_CRATE_DEPENDS+=	js-sys-0.3.82
+CARGO_CRATE_DEPENDS+=	leb128-0.2.5
+CARGO_CRATE_DEPENDS+=	libc-0.2.177
+CARGO_CRATE_DEPENDS+=	linux-raw-sys-0.11.0
+CARGO_CRATE_DEPENDS+=	memchr-2.7.6
+CARGO_CRATE_DEPENDS+=	miniz_oxide-0.8.9
+CARGO_CRATE_DEPENDS+=	num-conv-0.2.0
+CARGO_CRATE_DEPENDS+=	num-traits-0.2.19
+CARGO_CRATE_DEPENDS+=	object-0.37.3
+CARGO_CRATE_DEPENDS+=	once_cell-1.21.3
+CARGO_CRATE_DEPENDS+=	ordered-float-4.6.0
+CARGO_CRATE_DEPENDS+=	percent-encoding-2.3.2
+CARGO_CRATE_DEPENDS+=	pico-args-0.5.0
+CARGO_CRATE_DEPENDS+=	powerfmt-0.2.0
+CARGO_CRATE_DEPENDS+=	proc-macro2-1.0.103
+CARGO_CRATE_DEPENDS+=	purl-0.1.6
+CARGO_CRATE_DEPENDS+=	quote-1.0.42
+CARGO_CRATE_DEPENDS+=	r-efi-5.3.0
+CARGO_CRATE_DEPENDS+=	regex-1.12.2
+CARGO_CRATE_DEPENDS+=	regex-automata-0.4.13
+CARGO_CRATE_DEPENDS+=	regex-syntax-0.8.8
+CARGO_CRATE_DEPENDS+=	rustix-1.1.2
+CARGO_CRATE_DEPENDS+=	rustversion-1.0.22
+CARGO_CRATE_DEPENDS+=	ryu-1.0.20
+CARGO_CRATE_DEPENDS+=	schemars-0.8.22
+CARGO_CRATE_DEPENDS+=	schemars_derive-0.8.22
+CARGO_CRATE_DEPENDS+=	semver-1.0.27
+CARGO_CRATE_DEPENDS+=	serde-1.0.228
+CARGO_CRATE_DEPENDS+=	serde_core-1.0.228
+CARGO_CRATE_DEPENDS+=	serde_derive-1.0.228
+CARGO_CRATE_DEPENDS+=	serde_derive_internals-0.29.1
+CARGO_CRATE_DEPENDS+=	serde_json-1.0.145
+CARGO_CRATE_DEPENDS+=	serde_spanned-0.6.9
+CARGO_CRATE_DEPENDS+=	smallvec-1.15.1
+CARGO_CRATE_DEPENDS+=	spdx-0.10.9
+CARGO_CRATE_DEPENDS+=	strum-0.26.3
+CARGO_CRATE_DEPENDS+=	strum_macros-0.26.4
+CARGO_CRATE_DEPENDS+=	syn-2.0.109
+CARGO_CRATE_DEPENDS+=	thiserror-1.0.69
+CARGO_CRATE_DEPENDS+=	thiserror-2.0.17
+CARGO_CRATE_DEPENDS+=	thiserror-impl-1.0.69
+CARGO_CRATE_DEPENDS+=	thiserror-impl-2.0.17
+CARGO_CRATE_DEPENDS+=	time-0.3.47
+CARGO_CRATE_DEPENDS+=	time-core-0.1.8
+CARGO_CRATE_DEPENDS+=	time-macros-0.2.27
+CARGO_CRATE_DEPENDS+=	toml-0.8.23
+CARGO_CRATE_DEPENDS+=	toml_datetime-0.6.11
+CARGO_CRATE_DEPENDS+=	toml_edit-0.22.27
+CARGO_CRATE_DEPENDS+=	topological-sort-0.2.2
+CARGO_CRATE_DEPENDS+=	unicode-ident-1.0.22
+CARGO_CRATE_DEPENDS+=	uuid-1.18.1
+CARGO_CRATE_DEPENDS+=	wasip2-1.0.1+wasi-0.2.4
+CARGO_CRATE_DEPENDS+=	wasm-bindgen-0.2.105
+CARGO_CRATE_DEPENDS+=	wasm-bindgen-macro-0.2.105
+CARGO_CRATE_DEPENDS+=	wasm-bindgen-macro-support-0.2.105
+CARGO_CRATE_DEPENDS+=	wasm-bindgen-shared-0.2.105
+CARGO_CRATE_DEPENDS+=	wasm-gen-0.1.4
+CARGO_CRATE_DEPENDS+=	wasmparser-0.207.0
+CARGO_CRATE_DEPENDS+=	which-8.0.0
+CARGO_CRATE_DEPENDS+=	windows-link-0.2.1
+CARGO_CRATE_DEPENDS+=	windows-sys-0.61.2
+CARGO_CRATE_DEPENDS+=	winnow-0.7.13
+CARGO_CRATE_DEPENDS+=	winsafe-0.0.19
+CARGO_CRATE_DEPENDS+=	wit-bindgen-0.46.0
+CARGO_CRATE_DEPENDS+=	xml-rs-0.8.28