cve-bin-tool: 3.1.2 -> 3.2
Adding pip as a propagated dependency for the python checker Co-Authored-By: Markus S. Wamser <github-dev@mail2013.wamser.eu>
This commit is contained in:
parent
da45bf6ec7
commit
bac62a387d
@ -1,6 +1,7 @@
|
|||||||
{ lib
|
{ lib
|
||||||
, buildPythonApplication
|
, buildPythonApplication
|
||||||
, fetchFromGitHub
|
, fetchFromGitHub
|
||||||
|
, fetchpatch
|
||||||
, jsonschema
|
, jsonschema
|
||||||
, plotly
|
, plotly
|
||||||
, beautifulsoup4
|
, beautifulsoup4
|
||||||
@ -24,22 +25,78 @@
|
|||||||
, xmlschema
|
, xmlschema
|
||||||
, setuptools
|
, setuptools
|
||||||
, packaging
|
, packaging
|
||||||
|
, cvss
|
||||||
|
, google-cloud-sdk
|
||||||
|
, pip
|
||||||
|
, testers
|
||||||
|
, cve-bin-tool
|
||||||
|
# pinned packaging
|
||||||
|
, pyparsing
|
||||||
|
, fetchPypi
|
||||||
|
, buildPythonPackage
|
||||||
|
, pretend
|
||||||
|
, pythonOlder
|
||||||
}:
|
}:
|
||||||
|
|
||||||
|
let
|
||||||
|
# pin packaging to < 22 until issue related to https://github.com/intel/cve-bin-tool/pull/2436 are resolved by upstream (post-3.2)
|
||||||
|
packaging_21_3 = buildPythonPackage rec {
|
||||||
|
inherit (packaging) pname passthru meta;
|
||||||
|
version = "21.3";
|
||||||
|
format = "pyproject";
|
||||||
|
disabled = pythonOlder "3.6";
|
||||||
|
|
||||||
|
src = fetchPypi {
|
||||||
|
inherit pname version;
|
||||||
|
sha256 = "sha256-3UfEKSfYmrkR5gZRiQfMLTofOLvQJjhZcGQ/nFuOz+s=";
|
||||||
|
};
|
||||||
|
nativeBuildInputs = [
|
||||||
|
setuptools
|
||||||
|
];
|
||||||
|
propagatedBuildInputs = [
|
||||||
|
pyparsing
|
||||||
|
];
|
||||||
|
|
||||||
|
nativeCheckInputs = [
|
||||||
|
pytestCheckHook
|
||||||
|
pretend
|
||||||
|
];
|
||||||
|
|
||||||
|
doCheck = false;
|
||||||
|
};
|
||||||
|
in
|
||||||
buildPythonApplication rec {
|
buildPythonApplication rec {
|
||||||
pname = "cve-bin-tool";
|
pname = "cve-bin-tool";
|
||||||
version = "3.1.2";
|
version = "3.2";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "intel";
|
owner = "intel";
|
||||||
repo = "cve-bin-tool";
|
repo = "cve-bin-tool";
|
||||||
rev = "refs/tags/v${version}";
|
rev = "refs/tags/v${version}";
|
||||||
sha256 = "sha256-P2GhGQxa6Y8BmMqFHXSfmqN58E1FbXD9Ndwwr+upK8Q=";
|
hash = "sha256-QOnWt6iit0/F6d/MfZ8qJqDuT3IHh0Qjs6BcJkI/CBw=";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
patches = [
|
||||||
|
# Not needed as python dependency, should just be on the PATH
|
||||||
|
./no-gsutil-python-dependency.patch
|
||||||
|
# Already merged upstream, to be removed post-3.2
|
||||||
|
# https://github.com/intel/cve-bin-tool/pull/2524
|
||||||
|
(fetchpatch {
|
||||||
|
name = "cve-bin-tool-version-success.patch";
|
||||||
|
url = "https://github.com/intel/cve-bin-tool/commit/6f9bd565219932c565c1443ac467fe4163408dd8.patch";
|
||||||
|
hash = "sha256-Glj6qiOvmvsuetXn4tysyiN/vrcOPFLORh+u3BoGzCI=";
|
||||||
|
})
|
||||||
|
];
|
||||||
|
|
||||||
# Wants to open a sqlite database, access the internet, etc
|
# Wants to open a sqlite database, access the internet, etc
|
||||||
doCheck = false;
|
doCheck = false;
|
||||||
|
|
||||||
|
propagatedNativeBuildInputs = [
|
||||||
|
pip
|
||||||
|
];
|
||||||
|
|
||||||
propagatedBuildInputs = [
|
propagatedBuildInputs = [
|
||||||
|
google-cloud-sdk
|
||||||
jsonschema
|
jsonschema
|
||||||
plotly
|
plotly
|
||||||
beautifulsoup4
|
beautifulsoup4
|
||||||
@ -62,7 +119,8 @@ buildPythonApplication rec {
|
|||||||
pillow
|
pillow
|
||||||
setuptools
|
setuptools
|
||||||
xmlschema
|
xmlschema
|
||||||
packaging
|
cvss
|
||||||
|
packaging_21_3
|
||||||
];
|
];
|
||||||
|
|
||||||
nativeCheckInputs = [
|
nativeCheckInputs = [
|
||||||
@ -73,10 +131,7 @@ buildPythonApplication rec {
|
|||||||
"cve_bin_tool"
|
"cve_bin_tool"
|
||||||
];
|
];
|
||||||
|
|
||||||
# required until https://github.com/intel/cve-bin-tool/pull/1665 is merged
|
passthru.tests.version = testers.testVersion { package = cve-bin-tool; };
|
||||||
postPatch = ''
|
|
||||||
sed '/^pytest/d' -i requirements.txt
|
|
||||||
'';
|
|
||||||
|
|
||||||
meta = with lib; {
|
meta = with lib; {
|
||||||
description = "CVE Binary Checker Tool";
|
description = "CVE Binary Checker Tool";
|
||||||
|
@ -0,0 +1,12 @@
|
|||||||
|
diff --git a/requirements.txt b/requirements.txt
|
||||||
|
index 1d4aa9a..c9e9171 100644
|
||||||
|
--- a/requirements.txt
|
||||||
|
+++ b/requirements.txt
|
||||||
|
@@ -14,6 +14,6 @@ xmlschema
|
||||||
|
importlib_metadata; python_version < "3.8"
|
||||||
|
requests
|
||||||
|
urllib3>=1.26.5 # dependency of requests added explictly to avoid CVEs
|
||||||
|
-gsutil
|
||||||
|
+#gsutil
|
||||||
|
cvss
|
||||||
|
packaging
|
Loading…
Reference in New Issue
Block a user