Loading pkgs/by-name/gr/grype/0001-test_helpers-redact-support-nix.patch 0 → 100644 +35 −0 Original line number Diff line number Diff line diff --git a/grype/presenter/internal/test_helpers.go b/grype/presenter/internal/test_helpers.go index 2bfafbc2..6e70ed87 100644 --- a/grype/presenter/internal/test_helpers.go +++ b/grype/presenter/internal/test_helpers.go @@ -1,6 +1,7 @@ package internal import ( + "os" "regexp" "testing" @@ -92,8 +93,21 @@ func Redact(s []byte) []byte { cycloneDxBomRefPattern := regexp.MustCompile(`[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`) tempDirPattern := regexp.MustCompile(`/tmp/[^"]+`) macTempDirPattern := regexp.MustCompile(`/var/folders/[^"]+`) + // nix build dir isn't always /build so we'll identify it by $TMP + nixDir := os.Getenv("TMP") + if nixDir == "" { + panic("missing $TMP for identifying nix build dir") + } + end := regexp.QuoteMeta(nixDir) + pattern := `[^"]+` + // add slash prefix to pattern only if required + // don't use strings lib to reduce chance of merge conflicts above + if end[len(end)-1] != '/' { + pattern = "/" + pattern + } + nixBuildDirPattern := regexp.MustCompile(end + pattern) - for _, pattern := range []*regexp.Regexp{serialPattern, rfc3339Pattern, refPattern, uuidPattern, cycloneDxBomRefPattern, tempDirPattern, macTempDirPattern} { + for _, pattern := range []*regexp.Regexp{serialPattern, rfc3339Pattern, refPattern, uuidPattern, cycloneDxBomRefPattern, tempDirPattern, macTempDirPattern, nixBuildDirPattern} { s = pattern.ReplaceAll(s, []byte("")) } return s pkgs/by-name/gr/grype/package.nix +45 −49 Original line number Diff line number Diff line Loading @@ -7,17 +7,21 @@ installShellFiles, openssl, net-tools, zstd, }: buildGoModule (finalAttrs: { pname = "grype"; version = "0.108.0"; version = "0.111.1"; # required for tests __darwinAllowLocalNetworking = true; src = fetchFromGitHub { owner = "anchore"; repo = "grype"; tag = "v${finalAttrs.version}"; hash = "sha256-5TYQKLVl3iM1Litp86n0aAaj3p2yKA1fbJ6bduIjfp8="; hash = "sha256-eAiExxvLFkHsmslfhhbQG0ogaSMF9eOeCq0u2wUimp0="; # populate values that require us to use git. By doing this in postFetch we # can delete .git afterwards and maintain better reproducibility of the src. leaveDotGit = true; Loading @@ -32,7 +36,13 @@ buildGoModule (finalAttrs: { proxyVendor = true; vendorHash = "sha256-8LVpcSjWdGwYv8CMuMZyaHC9+wMJNPDSNV6a8VsmA0M="; vendorHash = "sha256-rsdZt+xKjIJpWS5pYx8A+ryY1D2WIKquKjsQBkxToUQ="; patches = [ # several test golden files have unstable paths based on the platform # this patch adjusts the `Redact` helper to also work for builds by nix. ./0001-test_helpers-redact-support-nix.patch ]; nativeBuildInputs = [ installShellFiles ]; Loading @@ -40,6 +50,7 @@ buildGoModule (finalAttrs: { git openssl net-tools zstd ]; subPackages = [ "cmd/grype" ]; Loading Loading @@ -70,54 +81,39 @@ buildGoModule (finalAttrs: { unset ldflags # patch utility script patchShebangs grype/db/v5/distribution/test-fixtures/tls/generate-x509-cert-pair.sh # FIXME: these tests fail when building with Nix substituteInPlace test/cli/config_test.go \ --replace-fail "Test_configLoading" "Skip_configLoading" substituteInPlace test/cli/db_providers_test.go \ --replace-fail "TestDBProviders" "SkipDBProviders" substituteInPlace grype/presenter/cyclonedx/presenter_test.go \ --replace-fail "TestCycloneDxPresenterDir" "SkipCycloneDxPresenterDir" \ --replace-fail "Test_CycloneDX_Valid" "Skip_CycloneDX_Valid" # remove tests that depend on docker substituteInPlace test/cli/cmd_test.go \ --replace-fail "TestCmd" "SkipCmd" substituteInPlace grype/pkg/provider_test.go \ --replace-fail "TestSyftLocationExcludes" "SkipSyftLocationExcludes" substituteInPlace test/cli/cmd_test.go \ --replace-fail "Test_descriptorNameAndVersionSet" "Skip_descriptorNameAndVersionSet" # remove tests that depend on git substituteInPlace test/cli/db_validations_test.go \ --replace-fail "TestDBValidations" "SkipDBValidations" substituteInPlace test/cli/registry_auth_test.go \ --replace-fail "TestRegistryAuth" "SkipRegistryAuth" substituteInPlace test/cli/sbom_input_test.go \ --replace-fail "TestSBOMInput_FromStdin" "SkipSBOMInput_FromStdin" \ --replace-fail "TestSBOMInput_AsArgument" "SkipSBOMInput_AsArgument" substituteInPlace test/cli/subprocess_test.go \ --replace-fail "TestSubprocessStdin" "SkipSubprocessStdin" substituteInPlace grype/internal/packagemetadata/names_test.go \ --replace-fail "TestAllNames" "SkipAllNames" substituteInPlace test/cli/version_cmd_test.go \ --replace-fail "TestVersionCmdPrintsToStdout" "SkipVersionCmdPrintsToStdout" substituteInPlace grype/presenter/sarif/presenter_test.go \ --replace-fail "Test_SarifIsValid" "SkipTest_SarifIsValid" substituteInPlace test/cli/config_test.go \ --replace-fail "Test_dpkgUseCPEsForEOLEnvVar" "SkipTest_dpkgUseCPEsForEOLEnvVar" \ --replace-fail "Test_rpmUseCPEsForEOLEnvVar" "SkipTest_rpmUseCPEsForEOLEnvVar" # May fail on NixOS, probably due bug in how syft handles tmpfs. # See https://github.com/anchore/grype/issues/1822 substituteInPlace grype/distro/distro_test.go \ --replace-fail "Test_NewDistroFromRelease_Coverage" "SkipTest_NewDistroFromRelease_Coverage" # segfault rm grype/db/v5/namespace/cpe/namespace_test.go patchShebangs grype/db/v5/distribution/testdata/tls/generate-x509-cert-pair.sh ''; checkFlags = let skippedTests = [ # depend on docker "TestCmd" "TestSyftLocationExcludes" "Test_descriptorNameAndVersionSet" # depend on .git "Test_configLoading" "TestDBProviders" "TestDBValidations" "TestRegistryAuth" "TestRegistryAuthRedactions" "TestSBOMInput_FromStdin" "TestSBOMInput_AsArgument" "TestSubprocessStdin" "TestAllNames" "TestVersionCmdPrintsToStdout" "Test_SarifIsValid" "Test_dpkgUseCPEsForEOLEnvVar" "Test_rpmUseCPEsForEOLEnvVar" ] ++ lib.optionals stdenv.isDarwin [ # fails to generate x509 certificate # cat: /etc/ssl/openssl.cnf: Operation not permitted "Test_defaultHTTPClientHasCert" ]; in [ "-skip=^${builtins.concatStringsSep "$|^" skippedTests}$" ]; postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) '' installShellCompletion --cmd grype \ --bash <($out/bin/grype completion bash) \ Loading Loading
pkgs/by-name/gr/grype/0001-test_helpers-redact-support-nix.patch 0 → 100644 +35 −0 Original line number Diff line number Diff line diff --git a/grype/presenter/internal/test_helpers.go b/grype/presenter/internal/test_helpers.go index 2bfafbc2..6e70ed87 100644 --- a/grype/presenter/internal/test_helpers.go +++ b/grype/presenter/internal/test_helpers.go @@ -1,6 +1,7 @@ package internal import ( + "os" "regexp" "testing" @@ -92,8 +93,21 @@ func Redact(s []byte) []byte { cycloneDxBomRefPattern := regexp.MustCompile(`[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}`) tempDirPattern := regexp.MustCompile(`/tmp/[^"]+`) macTempDirPattern := regexp.MustCompile(`/var/folders/[^"]+`) + // nix build dir isn't always /build so we'll identify it by $TMP + nixDir := os.Getenv("TMP") + if nixDir == "" { + panic("missing $TMP for identifying nix build dir") + } + end := regexp.QuoteMeta(nixDir) + pattern := `[^"]+` + // add slash prefix to pattern only if required + // don't use strings lib to reduce chance of merge conflicts above + if end[len(end)-1] != '/' { + pattern = "/" + pattern + } + nixBuildDirPattern := regexp.MustCompile(end + pattern) - for _, pattern := range []*regexp.Regexp{serialPattern, rfc3339Pattern, refPattern, uuidPattern, cycloneDxBomRefPattern, tempDirPattern, macTempDirPattern} { + for _, pattern := range []*regexp.Regexp{serialPattern, rfc3339Pattern, refPattern, uuidPattern, cycloneDxBomRefPattern, tempDirPattern, macTempDirPattern, nixBuildDirPattern} { s = pattern.ReplaceAll(s, []byte("")) } return s
pkgs/by-name/gr/grype/package.nix +45 −49 Original line number Diff line number Diff line Loading @@ -7,17 +7,21 @@ installShellFiles, openssl, net-tools, zstd, }: buildGoModule (finalAttrs: { pname = "grype"; version = "0.108.0"; version = "0.111.1"; # required for tests __darwinAllowLocalNetworking = true; src = fetchFromGitHub { owner = "anchore"; repo = "grype"; tag = "v${finalAttrs.version}"; hash = "sha256-5TYQKLVl3iM1Litp86n0aAaj3p2yKA1fbJ6bduIjfp8="; hash = "sha256-eAiExxvLFkHsmslfhhbQG0ogaSMF9eOeCq0u2wUimp0="; # populate values that require us to use git. By doing this in postFetch we # can delete .git afterwards and maintain better reproducibility of the src. leaveDotGit = true; Loading @@ -32,7 +36,13 @@ buildGoModule (finalAttrs: { proxyVendor = true; vendorHash = "sha256-8LVpcSjWdGwYv8CMuMZyaHC9+wMJNPDSNV6a8VsmA0M="; vendorHash = "sha256-rsdZt+xKjIJpWS5pYx8A+ryY1D2WIKquKjsQBkxToUQ="; patches = [ # several test golden files have unstable paths based on the platform # this patch adjusts the `Redact` helper to also work for builds by nix. ./0001-test_helpers-redact-support-nix.patch ]; nativeBuildInputs = [ installShellFiles ]; Loading @@ -40,6 +50,7 @@ buildGoModule (finalAttrs: { git openssl net-tools zstd ]; subPackages = [ "cmd/grype" ]; Loading Loading @@ -70,54 +81,39 @@ buildGoModule (finalAttrs: { unset ldflags # patch utility script patchShebangs grype/db/v5/distribution/test-fixtures/tls/generate-x509-cert-pair.sh # FIXME: these tests fail when building with Nix substituteInPlace test/cli/config_test.go \ --replace-fail "Test_configLoading" "Skip_configLoading" substituteInPlace test/cli/db_providers_test.go \ --replace-fail "TestDBProviders" "SkipDBProviders" substituteInPlace grype/presenter/cyclonedx/presenter_test.go \ --replace-fail "TestCycloneDxPresenterDir" "SkipCycloneDxPresenterDir" \ --replace-fail "Test_CycloneDX_Valid" "Skip_CycloneDX_Valid" # remove tests that depend on docker substituteInPlace test/cli/cmd_test.go \ --replace-fail "TestCmd" "SkipCmd" substituteInPlace grype/pkg/provider_test.go \ --replace-fail "TestSyftLocationExcludes" "SkipSyftLocationExcludes" substituteInPlace test/cli/cmd_test.go \ --replace-fail "Test_descriptorNameAndVersionSet" "Skip_descriptorNameAndVersionSet" # remove tests that depend on git substituteInPlace test/cli/db_validations_test.go \ --replace-fail "TestDBValidations" "SkipDBValidations" substituteInPlace test/cli/registry_auth_test.go \ --replace-fail "TestRegistryAuth" "SkipRegistryAuth" substituteInPlace test/cli/sbom_input_test.go \ --replace-fail "TestSBOMInput_FromStdin" "SkipSBOMInput_FromStdin" \ --replace-fail "TestSBOMInput_AsArgument" "SkipSBOMInput_AsArgument" substituteInPlace test/cli/subprocess_test.go \ --replace-fail "TestSubprocessStdin" "SkipSubprocessStdin" substituteInPlace grype/internal/packagemetadata/names_test.go \ --replace-fail "TestAllNames" "SkipAllNames" substituteInPlace test/cli/version_cmd_test.go \ --replace-fail "TestVersionCmdPrintsToStdout" "SkipVersionCmdPrintsToStdout" substituteInPlace grype/presenter/sarif/presenter_test.go \ --replace-fail "Test_SarifIsValid" "SkipTest_SarifIsValid" substituteInPlace test/cli/config_test.go \ --replace-fail "Test_dpkgUseCPEsForEOLEnvVar" "SkipTest_dpkgUseCPEsForEOLEnvVar" \ --replace-fail "Test_rpmUseCPEsForEOLEnvVar" "SkipTest_rpmUseCPEsForEOLEnvVar" # May fail on NixOS, probably due bug in how syft handles tmpfs. # See https://github.com/anchore/grype/issues/1822 substituteInPlace grype/distro/distro_test.go \ --replace-fail "Test_NewDistroFromRelease_Coverage" "SkipTest_NewDistroFromRelease_Coverage" # segfault rm grype/db/v5/namespace/cpe/namespace_test.go patchShebangs grype/db/v5/distribution/testdata/tls/generate-x509-cert-pair.sh ''; checkFlags = let skippedTests = [ # depend on docker "TestCmd" "TestSyftLocationExcludes" "Test_descriptorNameAndVersionSet" # depend on .git "Test_configLoading" "TestDBProviders" "TestDBValidations" "TestRegistryAuth" "TestRegistryAuthRedactions" "TestSBOMInput_FromStdin" "TestSBOMInput_AsArgument" "TestSubprocessStdin" "TestAllNames" "TestVersionCmdPrintsToStdout" "Test_SarifIsValid" "Test_dpkgUseCPEsForEOLEnvVar" "Test_rpmUseCPEsForEOLEnvVar" ] ++ lib.optionals stdenv.isDarwin [ # fails to generate x509 certificate # cat: /etc/ssl/openssl.cnf: Operation not permitted "Test_defaultHTTPClientHasCert" ]; in [ "-skip=^${builtins.concatStringsSep "$|^" skippedTests}$" ]; postInstall = lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) '' installShellCompletion --cmd grype \ --bash <($out/bin/grype completion bash) \ Loading
