diff options
Diffstat (limited to 'nixpkgs/pkgs/tools/security/grype/default.nix')
-rw-r--r-- | nixpkgs/pkgs/tools/security/grype/default.nix | 51 |
1 files changed, 44 insertions, 7 deletions
diff --git a/nixpkgs/pkgs/tools/security/grype/default.nix b/nixpkgs/pkgs/tools/security/grype/default.nix index aa7b9158adea..551a845ba19c 100644 --- a/nixpkgs/pkgs/tools/security/grype/default.nix +++ b/nixpkgs/pkgs/tools/security/grype/default.nix @@ -1,19 +1,19 @@ { lib -, stdenv , buildGoModule , fetchFromGitHub , installShellFiles +, openssl }: buildGoModule rec { pname = "grype"; - version = "0.42.0"; + version = "0.62.3"; src = fetchFromGitHub { owner = "anchore"; repo = pname; - rev = "v${version}"; - hash = "sha256-MShlKtrorqXRInQ01dEzVeLDRDua9PISkficF02PrBI="; + rev = "refs/tags/v${version}"; + hash = "sha256-GZj0grVqpIE+BwCUpcDnoa7Lnm+FXu4wNbfINA9uuzQ="; # populate values that require us to use git. By doing this in postFetch we # can delete .git afterwards and maintain better reproducibility of the src. leaveDotGit = true; @@ -26,12 +26,22 @@ buildGoModule rec { ''; }; - vendorSha256 = "sha256-MusEvYNaMM0kqHSDdenPKo4IrIFmvPHSCRzciKMFiew="; + proxyVendor = true; + + vendorHash = "sha256-pK8Gse/Qb+Z3QHEq35gB72Lvsm7ot4HmH62sxhVopv8="; nativeBuildInputs = [ installShellFiles ]; + nativeCheckInputs = [ + openssl + ]; + + subPackages = [ "." ]; + + excludedPackages = "test/integration"; + ldflags = [ "-s" "-w" @@ -49,8 +59,35 @@ buildGoModule rec { ldflags+=" -X github.com/anchore/grype/internal/version.buildDate=$(cat SOURCE_DATE_EPOCH)" ''; - # Tests require a running Docker instance - doCheck = false; + preCheck = '' + # test all dirs (except excluded) + unset subPackages + # test goldenfiles expect no version + unset ldflags + + # patch utility script + patchShebangs grype/db/test-fixtures/tls/generate-x509-cert-pair.sh + + # remove tests that depend on docker + substituteInPlace test/cli/cmd_test.go \ + --replace "TestCmd" "SkipCmd" + substituteInPlace grype/pkg/provider_test.go \ + --replace "TestSyftLocationExcludes" "SkipSyftLocationExcludes" + # remove tests that depend on git + substituteInPlace test/cli/db_validations_test.go \ + --replace "TestDBValidations" "SkipDBValidations" + substituteInPlace test/cli/registry_auth_test.go \ + --replace "TestRegistryAuth" "SkipRegistryAuth" + substituteInPlace test/cli/sbom_input_test.go \ + --replace "TestSBOMInput_FromStdin" "SkipSBOMInput_FromStdin" \ + --replace "TestSBOMInput_AsArgument" "SkipSBOMInput_AsArgument" \ + --replace "TestAttestationInput_AsArgument" "SkipAttestationInput_AsArgument" + substituteInPlace test/cli/subprocess_test.go \ + --replace "TestSubprocessStdin" "SkipSubprocessStdin" + + # segfault + rm grype/db/v5/namespace/cpe/namespace_test.go + ''; postInstall = '' installShellCompletion --cmd grype \ |