diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security/cve-bin-tool/default.nix')
| -rw-r--r-- | nixpkgs/pkgs/tools/security/cve-bin-tool/default.nix | 79 |
1 files changed, 67 insertions, 12 deletions
diff --git a/nixpkgs/pkgs/tools/security/cve-bin-tool/default.nix b/nixpkgs/pkgs/tools/security/cve-bin-tool/default.nix index ac3771510c38..7b0cda0b7382 100644 --- a/nixpkgs/pkgs/tools/security/cve-bin-tool/default.nix +++ b/nixpkgs/pkgs/tools/security/cve-bin-tool/default.nix @@ -1,6 +1,7 @@ { lib , buildPythonApplication , fetchFromGitHub +, fetchpatch , jsonschema , plotly , beautifulsoup4 @@ -18,28 +19,84 @@ # aiohttp[speedups] , aiodns , brotlipy -, cchardet +, faust-cchardet , pillow , pytestCheckHook , xmlschema , setuptools , packaging +, cvss +, google-cloud-sdk +, pip +, testers +, cve-bin-tool +# pinned packaging +, pyparsing +, fetchPypi +, buildPythonPackage +, pretend +, pythonOlder }: + +let + # pin packaging to < 22 until issue related to https://github.com/intel/cve-bin-tool/pull/2436 are resolved by upstream (post-3.2) + packaging_21_3 = buildPythonPackage rec { + inherit (packaging) pname passthru meta; + version = "21.3"; + format = "pyproject"; + disabled = pythonOlder "3.6"; + + src = fetchPypi { + inherit pname version; + sha256 = "sha256-3UfEKSfYmrkR5gZRiQfMLTofOLvQJjhZcGQ/nFuOz+s="; + }; + nativeBuildInputs = [ + setuptools + ]; + propagatedBuildInputs = [ + pyparsing + ]; + + nativeCheckInputs = [ + pytestCheckHook + pretend + ]; + + doCheck = false; + }; +in buildPythonApplication rec { pname = "cve-bin-tool"; - version = "3.1.1"; + version = "3.2"; src = fetchFromGitHub { owner = "intel"; repo = "cve-bin-tool"; - rev = "v${version}"; - sha256 = "0nz3ax3ldnrzk8694x0p743g5h2zply29ljpn21llbc7ca27zdv9"; + rev = "refs/tags/v${version}"; + hash = "sha256-QOnWt6iit0/F6d/MfZ8qJqDuT3IHh0Qjs6BcJkI/CBw="; }; + patches = [ + # Not needed as python dependency, should just be on the PATH + ./no-gsutil-python-dependency.patch + # Already merged upstream, to be removed post-3.2 + # https://github.com/intel/cve-bin-tool/pull/2524 + (fetchpatch { + name = "cve-bin-tool-version-success.patch"; + url = "https://github.com/intel/cve-bin-tool/commit/6f9bd565219932c565c1443ac467fe4163408dd8.patch"; + hash = "sha256-Glj6qiOvmvsuetXn4tysyiN/vrcOPFLORh+u3BoGzCI="; + }) + ]; + # Wants to open a sqlite database, access the internet, etc doCheck = false; + propagatedNativeBuildInputs = [ + pip + ]; + propagatedBuildInputs = [ + google-cloud-sdk jsonschema plotly beautifulsoup4 @@ -57,15 +114,16 @@ buildPythonApplication rec { # aiohttp[speedups] aiodns brotlipy - cchardet + faust-cchardet # needed by brotlipy pillow setuptools xmlschema - packaging + cvss + packaging_21_3 ]; - checkInputs = [ + nativeCheckInputs = [ pytestCheckHook ]; @@ -73,15 +131,12 @@ buildPythonApplication rec { "cve_bin_tool" ]; - # required until https://github.com/intel/cve-bin-tool/pull/1665 is merged - postPatch = '' - sed '/^pytest/d' -i requirements.txt - ''; + passthru.tests.version = testers.testVersion { package = cve-bin-tool; }; meta = with lib; { description = "CVE Binary Checker Tool"; homepage = "https://github.com/intel/cve-bin-tool"; license = licenses.gpl3Plus; - maintainers = teams.determinatesystems.members; + maintainers = [ ]; }; } |