ff1a94e523
The nixpkgs-unstable channel's programs.sqlite was used to identify packages producing exactly one binary, and these automatically added to their package definitions wherever possible.
70 lines
1.5 KiB
Nix
70 lines
1.5 KiB
Nix
{ lib
|
|
, fetchFromGitHub
|
|
, python3
|
|
}:
|
|
|
|
python3.pkgs.buildPythonApplication rec {
|
|
pname = "pip-audit";
|
|
version = "2.7.2";
|
|
format = "pyproject";
|
|
|
|
src = fetchFromGitHub {
|
|
owner = "trailofbits";
|
|
repo = pname;
|
|
rev = "refs/tags/v${version}";
|
|
hash = "sha256-IlIPLuHGmnmt6FgX+Psw+f6XpkuhP+BZ+e4k4DV8e/U=";
|
|
};
|
|
|
|
nativeBuildInputs = with python3.pkgs; [
|
|
flit-core
|
|
];
|
|
|
|
propagatedBuildInputs = with python3.pkgs; [
|
|
cachecontrol
|
|
cyclonedx-python-lib
|
|
html5lib
|
|
packaging
|
|
pip-api
|
|
pip-requirements-parser
|
|
rich
|
|
toml
|
|
] ++ cachecontrol.optional-dependencies.filecache;
|
|
|
|
nativeCheckInputs = with python3.pkgs; [
|
|
pretend
|
|
pytestCheckHook
|
|
];
|
|
|
|
pythonImportsCheck = [
|
|
"pip_audit"
|
|
];
|
|
|
|
preCheck = ''
|
|
export HOME=$(mktemp -d);
|
|
'';
|
|
|
|
disabledTestPaths = [
|
|
# Tests require network access
|
|
"test/dependency_source/test_requirement.py"
|
|
"test/service/test_pypi.py"
|
|
"test/service/test_osv.py"
|
|
];
|
|
|
|
disabledTests = [
|
|
# Tests requrire network access
|
|
"test_get_pip_cache"
|
|
"test_virtual_env"
|
|
"test_pyproject_source"
|
|
"test_pyproject_source_duplicate_deps"
|
|
];
|
|
|
|
meta = with lib; {
|
|
description = "Tool for scanning Python environments for known vulnerabilities";
|
|
mainProgram = "pip-audit";
|
|
homepage = "https://github.com/trailofbits/pip-audit";
|
|
changelog = "https://github.com/pypa/pip-audit/releases/tag/v${version}";
|
|
license = with licenses; [ asl20 ];
|
|
maintainers = with maintainers; [ fab ];
|
|
};
|
|
}
|