Merge pull request #308858 from teatwig/cve-bin-tool

cve-bin-util: 3.2 -> 3.3
2024-05-04 05:05:11 +03:00 · 2024-05-04 05:05:11 +03:00 · c67f3c4288
commit c67f3c4288
parent eccd0df950 8cf964efcd
3 changed files with 68 additions and 63 deletions
--- a/pkgs/by-name/li/lib4sbom/package.nix
+++ b/pkgs/by-name/li/lib4sbom/package.nix
@ -0,0 +1,57 @@
+{ lib
+, python3Packages
+, fetchFromGitHub
+}:
+
+python3Packages.buildPythonPackage rec {
+  pname = "lib4sbom";
+  version = "0.7.1";
+  format = "setuptools";
+
+  src = fetchFromGitHub {
+    owner = "anthonyharrison";
+    repo = pname;
+    rev = "v${version}";
+    hash = "sha256-UQZZYTRDbUqSH6F8hjhp9L70025cRO3zXQ8Aoznotg4=";
+  };
+
+  propagatedBuildInputs = with python3Packages; [
+    pyyaml
+    semantic-version
+    defusedxml
+  ];
+
+  nativeCheckInputs = with python3Packages; [
+    pytestCheckHook
+  ];
+
+  disabledTests = [
+    # stub tests that always fail
+    "TestCycloneDXGenerator"
+    "TestCcycloneDX_parser"
+    "TestGenerator"
+    "TestOutput"
+    "TestParser"
+    "TestSPDX_Generator"
+    "TestSPDX_Parser"
+    # tests with missing getters
+    "test_set_downloadlocation"
+    "test_set_homepage"
+    "test_set_checksum"
+    "test_set_externalreference"
+    # checks for invalid return type
+    "test_set_type"
+    # wrong capilatization
+    "test_set_supplier"
+    "test_set_originator"
+  ];
+
+  pythonImportsCheck = [ "lib4sbom" ];
+
+  meta = with lib; {
+    description = "Library to ingest and generate SBOMs";
+    homepage = "https://github.com/anthonyharrison/lib4sbom";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ teatwig ];
+  };
+}
--- a/pkgs/tools/security/cve-bin-tool/default.nix
+++ b/pkgs/tools/security/cve-bin-tool/default.nix
@ -1,8 +1,11 @@
 { lib
 , buildPythonApplication
 , fetchFromGitHub
-, fetchpatch
+, filetype
 , jsonschema
+, lib4sbom
+, packageurl-python
+, python-gnupg
 , plotly
 , beautifulsoup4
 , pyyaml
@ -30,67 +33,20 @@
 , pip
 , testers
 , cve-bin-tool
-# pinned packaging
-, pyparsing
-, fetchPypi
-, buildPythonPackage
-, pretend
-, pythonOlder
-, wheel
 }:

-let
-  # pin packaging to < 22 until issue related to https://github.com/intel/cve-bin-tool/pull/2436 are resolved by upstream (post-3.2)
-  packaging_21_3 = buildPythonPackage rec {
-    inherit (packaging) pname passthru meta;
-    version = "21.3";
-    format = "pyproject";
-    disabled = pythonOlder "3.6";
-
-    src = fetchPypi {
-      inherit pname version;
-      sha256 = "sha256-3UfEKSfYmrkR5gZRiQfMLTofOLvQJjhZcGQ/nFuOz+s=";
-    };
-    nativeBuildInputs = [
-      setuptools
-      wheel
-    ];
-    propagatedBuildInputs = [
-      pyparsing
-    ];
-
-    nativeCheckInputs = [
-      pytestCheckHook
-      pretend
-    ];
-
-    doCheck = false;
-  };
-in
 buildPythonApplication rec {
  pname = "cve-bin-tool";
-  version = "3.2";
+  version = "3.3";
  format = "setuptools";

  src = fetchFromGitHub {
    owner = "intel";
    repo = "cve-bin-tool";
    rev = "refs/tags/v${version}";
-    hash = "sha256-QOnWt6iit0/F6d/MfZ8qJqDuT3IHh0Qjs6BcJkI/CBw=";
+    hash = "sha256-A5w4U5EDX+UZWNMuz8GTOcubo8N2KfDlVV0aRNsO8/E=";
  };

-  patches = [
-    # Not needed as python dependency, should just be on the PATH
-    ./no-gsutil-python-dependency.patch
-    # Already merged upstream, to be removed post-3.2
-    # https://github.com/intel/cve-bin-tool/pull/2524
-    (fetchpatch {
-      name = "cve-bin-tool-version-success.patch";
-      url = "https://github.com/intel/cve-bin-tool/commit/6f9bd565219932c565c1443ac467fe4163408dd8.patch";
-      hash = "sha256-Glj6qiOvmvsuetXn4tysyiN/vrcOPFLORh+u3BoGzCI=";
-    })
-  ];
-
  # Wants to open a sqlite database, access the internet, etc
  doCheck = false;

@ -100,7 +56,11 @@ buildPythonApplication rec {

  propagatedBuildInputs = [
    google-cloud-sdk
+    filetype
    jsonschema
+    lib4sbom
+    packageurl-python
+    python-gnupg
    plotly
    beautifulsoup4
    pyyaml
@ -123,7 +83,7 @@ buildPythonApplication rec {
    setuptools
    xmlschema
    cvss
-    packaging_21_3
+    packaging
  ];

  nativeCheckInputs = [
--- a/pkgs/tools/security/cve-bin-tool/no-gsutil-python-dependency.patch
+++ b/pkgs/tools/security/cve-bin-tool/no-gsutil-python-dependency.patch
@ -1,12 +0,0 @@
-diff --git a/requirements.txt b/requirements.txt
-index 1d4aa9a..c9e9171 100644
--- a/requirements.txt
-+++ b/requirements.txt
-@@ -14,6 +14,6 @@ xmlschema
- importlib_metadata; python_version < "3.8"
- requests
- urllib3>=1.26.5 # dependency of requests added explictly to avoid CVEs
-gsutil
-+#gsutil
- cvss
- packaging