octant{,-desktop},starboard-octant-plugin: drop
octant is archived and vulnerable to CVE-2023-5217
This commit is contained in:
06kellyjac
parent
c41af66278
commit
153d4fab7b
|
|
@ -1,68 +0,0 @@
|
|||
{ lib, stdenv, fetchzip }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "octant";
|
||||
version = "0.25.1";
|
||||
|
||||
src =
|
||||
let
|
||||
inherit (stdenv.hostPlatform) system;
|
||||
suffix = {
|
||||
x86_64-linux = "Linux-64bit";
|
||||
aarch64-linux = "Linux-arm64";
|
||||
x86_64-darwin = "macOS-64bit";
|
||||
aarch64-darwin = "macOS-arm64";
|
||||
}.${system} or (throw "Unsupported system: ${system}");
|
||||
fetchsrc = version: sha256: fetchzip {
|
||||
url = "https://github.com/vmware-tanzu/octant/releases/download/v${version}/octant_${version}_${suffix}.tar.gz";
|
||||
sha256 = sha256.${system};
|
||||
};
|
||||
in
|
||||
fetchsrc version {
|
||||
x86_64-linux = "sha256-bYqycTB036J8trojySPNkC+jrw76F7+N4I4puGCyalU=";
|
||||
aarch64-linux = "sha256-DlzSIZCAASPnflXQ8ndPU7/0jXA18U4bGGOfmgLXPr0=";
|
||||
x86_64-darwin = "sha256-FaPyrPzO7AzC6LHQP5c58NjLTqU+ei8vFffT8x6mUhQ=";
|
||||
aarch64-darwin = "sha256-31CYhAsHYIVAenp8hFHYj8LhFf3lSiOTw7gULBu3gio=";
|
||||
};
|
||||
|
||||
dontConfigure = true;
|
||||
dontBuild = true;
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
install -D octant $out/bin/octant
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
doInstallCheck = true;
|
||||
installCheckPhase = ''
|
||||
runHook preInstallCheck
|
||||
$out/bin/octant --help
|
||||
$out/bin/octant version | grep "${version}"
|
||||
runHook postInstallCheck
|
||||
'';
|
||||
|
||||
dontPatchELF = true;
|
||||
dontPatchShebangs = true;
|
||||
|
||||
passthru.updateScript = ./update.sh;
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://octant.dev/";
|
||||
changelog = "https://github.com/vmware-tanzu/octant/blob/v${version}/CHANGELOG.md";
|
||||
description = "Highly extensible platform for developers to better understand the complexity of Kubernetes clusters";
|
||||
longDescription = ''
|
||||
Octant is a tool for developers to understand how applications run on a
|
||||
Kubernetes cluster.
|
||||
It aims to be part of the developer's toolkit for gaining insight and
|
||||
approaching complexity found in Kubernetes. Octant offers a combination of
|
||||
introspective tooling, cluster navigation, and object management along
|
||||
with a plugin system to further extend its capabilities.
|
||||
'';
|
||||
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ jk ];
|
||||
platforms = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ];
|
||||
knownVulnerabilities = [ "CVE-2023-5217" ];
|
||||
};
|
||||
}
|
||||
|
|
@ -1,78 +0,0 @@
|
|||
{ lib, stdenv, appimageTools, fetchurl, undmg }:
|
||||
|
||||
let
|
||||
pname = "octant-desktop";
|
||||
version = "0.23.0";
|
||||
name = "${pname}-${version}";
|
||||
|
||||
inherit (stdenv.hostPlatform) system;
|
||||
|
||||
suffix = {
|
||||
x86_64-linux = "AppImage";
|
||||
x86_64-darwin = "dmg";
|
||||
}.${system} or (throw "Unsupported system: ${system}");
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/vmware-tanzu/octant/releases/download/v${version}/Octant-${version}.${suffix}";
|
||||
sha256 = {
|
||||
x86_64-linux = "sha256-K4z6SVCiuqy3xkWMWpm8KM7iYVXyKcnERljMG3NEFMw=";
|
||||
x86_64-darwin = "sha256-WYra0yw/aPW/wUGrlIn5ud3kjFTkekYEi2LWZcYO5Nw=";
|
||||
}.${system};
|
||||
};
|
||||
|
||||
linux = appimageTools.wrapType2 {
|
||||
inherit name src passthru meta;
|
||||
|
||||
profile = ''
|
||||
export LC_ALL=C.UTF-8
|
||||
'';
|
||||
|
||||
multiArch = false; # no 32bit needed
|
||||
extraPkgs = appimageTools.defaultFhsEnvArgs.multiPkgs;
|
||||
extraInstallCommands =
|
||||
let appimageContents = appimageTools.extractType2 { inherit name src; }; in
|
||||
''
|
||||
mv $out/bin/{${name},${pname}}
|
||||
install -Dm444 ${appimageContents}/octant.desktop -t $out/share/applications
|
||||
substituteInPlace $out/share/applications/octant.desktop \
|
||||
--replace 'Exec=AppRun --no-sandbox' 'Exec=${pname}'
|
||||
install -m 444 -D ${appimageContents}/octant.png \
|
||||
$out/share/icons/hicolor/512x512/apps/octant.png
|
||||
'';
|
||||
};
|
||||
|
||||
darwin = stdenv.mkDerivation {
|
||||
inherit name src passthru meta;
|
||||
|
||||
nativeBuildInputs = [ undmg ];
|
||||
sourceRoot = "Octant.app";
|
||||
installPhase = ''
|
||||
mkdir -p $out/Applications/Octant.app
|
||||
cp -R . $out/Applications/Octant.app
|
||||
'';
|
||||
};
|
||||
|
||||
passthru = { updateScript = ./update-desktop.sh; };
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://octant.dev/";
|
||||
changelog = "https://github.com/vmware-tanzu/octant/blob/v${version}/CHANGELOG.md";
|
||||
description = "Highly extensible platform for developers to better understand the complexity of Kubernetes clusters";
|
||||
longDescription = ''
|
||||
Octant is a tool for developers to understand how applications run on a
|
||||
Kubernetes cluster.
|
||||
It aims to be part of the developer's toolkit for gaining insight and
|
||||
approaching complexity found in Kubernetes. Octant offers a combination of
|
||||
introspective tooling, cluster navigation, and object management along
|
||||
with a plugin system to further extend its capabilities.
|
||||
'';
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ jk ];
|
||||
platforms = [ "x86_64-linux" "x86_64-darwin" ];
|
||||
knownVulnerabilities = [ "CVE-2023-5217" ];
|
||||
};
|
||||
|
||||
in
|
||||
if stdenv.isDarwin
|
||||
then darwin
|
||||
else linux
|
||||
|
|
@ -1,31 +0,0 @@
|
|||
{ lib, buildGoModule, fetchFromGitHub }:
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "starboard-octant-plugin";
|
||||
version = "0.12.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "aquasecurity";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-JTSZtIRVFdUjhQsp2EMukeoVIo6nNx4xofq+3iOZUIk=";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-1zrB+CobUBgdpBHRJPpfDYCD6oVWY4j4Met9EqNQQbE=";
|
||||
|
||||
ldflags = [
|
||||
"-s" "-w"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://github.com/aquasecurity/starboard-octant-plugin";
|
||||
changelog = "https://github.com/aquasecurity/starboard-octant-plugin/releases/tag/v${version}";
|
||||
description = "Octant plugin for viewing Starboard security information";
|
||||
longDescription = ''
|
||||
This is an Octant plugin for Starboard which provides visibility into vulnerability assessment reports for
|
||||
Kubernetes workloads stored as custom security resources.
|
||||
'';
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ jk ];
|
||||
};
|
||||
}
|
||||
|
|
@ -1,36 +0,0 @@
|
|||
#!/usr/bin/env nix-shell
|
||||
#!nix-shell -i bash -p curl gnused gawk nix-prefetch
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
ROOT="$(dirname "$(readlink -f "$0")")"
|
||||
NIX_DRV="$ROOT/desktop.nix"
|
||||
if [ ! -f "$NIX_DRV" ]; then
|
||||
echo "ERROR: cannot find desktop.nix in $ROOT"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
fetch_arch() {
|
||||
VER="$1"; SUFFIX="$2"
|
||||
URL="https://github.com/vmware-tanzu/octant/releases/download/v${VER}/Octant-${VER}.${SUFFIX}"
|
||||
nix-prefetch "{ stdenv, fetchurl }:
|
||||
stdenv.mkDerivation rec {
|
||||
pname = \"octant-desktop\"; version = \"${VER}\";
|
||||
src = fetchurl { url = \"$URL\"; };
|
||||
}
|
||||
"
|
||||
}
|
||||
|
||||
replace_sha() {
|
||||
sed -i "s#$1 = \"sha256-.\{44\}\"#$1 = \"$2\"#" "$NIX_DRV"
|
||||
}
|
||||
|
||||
OCTANT_VER=$(curl -Ls -w "%{url_effective}" -o /dev/null https://github.com/vmware-tanzu/octant/releases/latest | awk -F'/' '{print $NF}' | sed 's/v//')
|
||||
|
||||
OCTANT_DESKTOP_LINUX_X64_SHA256=$(fetch_arch "$OCTANT_VER" "AppImage")
|
||||
OCTANT_DESKTOP_DARWIN_X64_SHA256=$(fetch_arch "$OCTANT_VER" "dmg")
|
||||
|
||||
sed -i "s/version = \".*\"/version = \"$OCTANT_VER\"/" "$NIX_DRV"
|
||||
|
||||
replace_sha "x86_64-linux" "$OCTANT_DESKTOP_LINUX_X64_SHA256"
|
||||
replace_sha "x86_64-darwin" "$OCTANT_DESKTOP_DARWIN_X64_SHA256"
|
||||
|
|
@ -1,40 +0,0 @@
|
|||
#!/usr/bin/env nix-shell
|
||||
#!nix-shell -i bash -p curl gnused gawk nix-prefetch
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
ROOT="$(dirname "$(readlink -f "$0")")"
|
||||
NIX_DRV="$ROOT/default.nix"
|
||||
if [ ! -f "$NIX_DRV" ]; then
|
||||
echo "ERROR: cannot find default.nix in $ROOT"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
fetch_arch() {
|
||||
VER="$1"; ARCH="$2"
|
||||
URL="https://github.com/vmware-tanzu/octant/releases/download/v${VER}/octant_${VER}_${ARCH}.tar.gz"
|
||||
nix-prefetch "{ stdenv, fetchzip }:
|
||||
stdenv.mkDerivation rec {
|
||||
pname = \"octant\"; version = \"${VER}\";
|
||||
src = fetchzip { url = \"$URL\"; };
|
||||
}
|
||||
"
|
||||
}
|
||||
|
||||
replace_sha() {
|
||||
sed -i "s#$1 = \"sha256-.\{44\}\"#$1 = \"$2\"#" "$NIX_DRV"
|
||||
}
|
||||
|
||||
OCTANT_VER=$(curl -Ls -w "%{url_effective}" -o /dev/null https://github.com/vmware-tanzu/octant/releases/latest | awk -F'/' '{print $NF}' | sed 's/v//')
|
||||
|
||||
OCTANT_LINUX_X64_SHA256=$(fetch_arch "$OCTANT_VER" "Linux-64bit")
|
||||
OCTANT_LINUX_AARCH64_SHA256=$(fetch_arch "$OCTANT_VER" "Linux-arm64")
|
||||
OCTANT_DARWIN_X64_SHA256=$(fetch_arch "$OCTANT_VER" "macOS-64bit")
|
||||
OCTANT_DARWIN_AARCH64_SHA256=$(fetch_arch "$OCTANT_VER" "macOS-arm64")
|
||||
|
||||
sed -i "s/version = \".*\"/version = \"$OCTANT_VER\"/" "$NIX_DRV"
|
||||
|
||||
replace_sha "x86_64-linux" "$OCTANT_LINUX_X64_SHA256"
|
||||
replace_sha "aarch64-linux" "$OCTANT_LINUX_AARCH64_SHA256"
|
||||
replace_sha "x86_64-darwin" "$OCTANT_DARWIN_X64_SHA256"
|
||||
replace_sha "aarch64-darwin" "$OCTANT_DARWIN_AARCH64_SHA256"
|
||||
|
|
@ -1253,6 +1253,8 @@ mapAliases ({
|
|||
ocropus = throw "ocropus has been removed: abandoned by upstream"; # Added 2022-04-24
|
||||
octoprint-plugins = throw "octoprint-plugins are now part of the octoprint.python.pkgs package set"; # Added 2021-01-24
|
||||
ocz-ssd-guru = throw "ocz-ssd-guru has been removed due to there being no source available"; # Added 2021-07-12
|
||||
octant = throw "octant has been dropped due to being archived and vulnerable"; # Added 2023-09-29
|
||||
octant-desktop = throw "octant-desktop has been dropped due to being archived and vulnerable"; # Added 2023-09-29
|
||||
odpdown = throw "odpdown has been removed because it lacks python3 support"; # Added 2022-04-25
|
||||
ofp = throw "ofp is not compatible with odp-dpdk";
|
||||
ogre1_9 = throw "ogre1_9 has been removed, use ogre instead"; # Added 2023-03-22
|
||||
|
|
@ -1720,6 +1722,7 @@ mapAliases ({
|
|||
ssmtp = throw "'ssmtp' has been removed due to the software being unmaintained. 'msmtp' can be used as a replacement"; # Added 2022-04-17
|
||||
ssr = throw "ssr has been removed, because it was unmaintained in nixpkgs and depended on qt4"; # Added 2022-05-26
|
||||
stanchion = throw "Stanchion was part of riak-cs which is not maintained anymore"; # added 2020-10-14
|
||||
starboard-octant-plugin = throw "starboard-octant-plugin has been dropped due to needing octant which is archived"; # Added 2023-09-29
|
||||
steam-run-native = steam-run; # added 2022-02-21
|
||||
stride = throw "'stride' aka. Atlassian Stride is dead since 2019 (bought by Slack)"; # added 2022-06-15
|
||||
structure-synth = throw "structure-synth has been removed, because it was unmaintained"; # Added 2022-05-09
|
||||
|
|
|
|||
|
|
@ -1304,10 +1304,6 @@ with pkgs;
|
|||
|
||||
ociTools = callPackage ../build-support/oci-tools { };
|
||||
|
||||
octant = callPackage ../applications/networking/cluster/octant { };
|
||||
octant-desktop = callPackage ../applications/networking/cluster/octant/desktop.nix { };
|
||||
starboard-octant-plugin = callPackage ../applications/networking/cluster/octant/plugins/starboard-octant-plugin.nix { };
|
||||
|
||||
inherit (
|
||||
callPackages ../build-support/setup-hooks/patch-rc-path-hooks { }
|
||||
) patchRcPathBash patchRcPathCsh patchRcPathFish patchRcPathPosix;
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user