From 70cabcb4d5f80a85c122412a3fc7f9335b56c2ff Mon Sep 17 00:00:00 2001 From: Henri Rosten Date: Tue, 26 Mar 2024 15:03:39 +0200 Subject: [PATCH] sbomnix: 1.4.5 -> 1.6.1 Signed-off-by: Henri Rosten --- pkgs/tools/security/sbomnix/default.nix | 58 +++++++++++++++++++------ 1 file changed, 45 insertions(+), 13 deletions(-) diff --git a/pkgs/tools/security/sbomnix/default.nix b/pkgs/tools/security/sbomnix/default.nix index 2449573c080a..d4ce0c4feaec 100644 --- a/pkgs/tools/security/sbomnix/default.nix +++ b/pkgs/tools/security/sbomnix/default.nix @@ -1,53 +1,85 @@ { lib , fetchFromGitHub -, coreutils -, curl -, gnugrep -, gnused -, gzip +, grype , nix +, nix-visualize , python - # python libs +, vulnix +, # python libs + beautifulsoup4 , colorlog +, dfdiskcache , graphviz , numpy , packageurl-python +, packaging , pandas +, pyrate-limiter , requests +, requests-cache +, requests-ratelimiter , reuse +, setuptools , tabulate +, }: python.pkgs.buildPythonApplication rec { pname = "sbomnix"; - version = "1.4.5"; + version = "1.6.1"; + pyproject = true; src = fetchFromGitHub { owner = "tiiuae"; - repo = pname; + repo = "sbomnix"; rev = "refs/tags/v${version}"; - hash = "sha256-RxDFxVGivVBw2uhtzf231Q2HHTBFKSqGrknr2Es/ygM="; + hash = "sha256-kPjCK9NEs3D0qFsSSVX6MYGKbwqeij0svTfzz5JC4qM="; + + # Remove documentation as it contains references to nix store + postFetch = '' + rm -fr "$out"/doc + find "$out" -name '*.md' ! -name "README.md" -exec rm -f '{}' \; + ''; }; - makeWrapperArgs = [ - "--prefix PATH : ${lib.makeBinPath [ coreutils curl gnugrep gnused gzip graphviz nix ]}" - ]; + postInstall = '' + wrapProgram $out/bin/sbomnix \ + --prefix PATH : ${lib.makeBinPath [nix graphviz]} + wrapProgram $out/bin/nixgraph \ + --prefix PATH : ${lib.makeBinPath [nix graphviz]} + wrapProgram $out/bin/vulnxscan \ + --prefix PATH : ${lib.makeBinPath [grype nix vulnix]} + wrapProgram $out/bin/nix_outdated \ + --prefix PATH : ${lib.makeBinPath [nix-visualize]} + wrapProgram $out/bin/provenance \ + --prefix PATH : ${lib.makeBinPath [nix]} + ''; + + nativeBuildInputs = [ setuptools ]; propagatedBuildInputs = [ + beautifulsoup4 colorlog + dfdiskcache graphviz numpy packageurl-python + packaging pandas + pyrate-limiter requests + requests-cache + requests-ratelimiter reuse tabulate ]; pythonImportsCheck = [ "sbomnix" ]; + # Tests require network access + doCheck = false; meta = with lib; { - description = "Generate SBOMs for nix targets"; + description = "Utilities to help with software supply chain challenges on nix targets"; homepage = "https://github.com/tiiuae/sbomnix"; license = with licenses; [ asl20 bsd3 cc-by-30 ]; maintainers = with maintainers; [ henrirosten jk ];