Loading pkgs/tools/security/cve-bin-tool/default.nix +11 −51 Original line number Diff line number Diff line { lib , buildPythonApplication , fetchFromGitHub , fetchpatch , filetype , jsonschema , lib4sbom , packageurl-python , python-gnupg , plotly , beautifulsoup4 , pyyaml Loading Loading @@ -30,67 +33,20 @@ , pip , testers , cve-bin-tool # pinned packaging , pyparsing , fetchPypi , buildPythonPackage , pretend , pythonOlder , wheel }: let # pin packaging to < 22 until issue related to https://github.com/intel/cve-bin-tool/pull/2436 are resolved by upstream (post-3.2) packaging_21_3 = buildPythonPackage rec { inherit (packaging) pname passthru meta; version = "21.3"; format = "pyproject"; disabled = pythonOlder "3.6"; src = fetchPypi { inherit pname version; sha256 = "sha256-3UfEKSfYmrkR5gZRiQfMLTofOLvQJjhZcGQ/nFuOz+s="; }; nativeBuildInputs = [ setuptools wheel ]; propagatedBuildInputs = [ pyparsing ]; nativeCheckInputs = [ pytestCheckHook pretend ]; doCheck = false; }; in buildPythonApplication rec { pname = "cve-bin-tool"; version = "3.2"; version = "3.3"; format = "setuptools"; src = fetchFromGitHub { owner = "intel"; repo = "cve-bin-tool"; rev = "refs/tags/v${version}"; hash = "sha256-QOnWt6iit0/F6d/MfZ8qJqDuT3IHh0Qjs6BcJkI/CBw="; hash = "sha256-A5w4U5EDX+UZWNMuz8GTOcubo8N2KfDlVV0aRNsO8/E="; }; patches = [ # Not needed as python dependency, should just be on the PATH ./no-gsutil-python-dependency.patch # Already merged upstream, to be removed post-3.2 # https://github.com/intel/cve-bin-tool/pull/2524 (fetchpatch { name = "cve-bin-tool-version-success.patch"; url = "https://github.com/intel/cve-bin-tool/commit/6f9bd565219932c565c1443ac467fe4163408dd8.patch"; hash = "sha256-Glj6qiOvmvsuetXn4tysyiN/vrcOPFLORh+u3BoGzCI="; }) ]; # Wants to open a sqlite database, access the internet, etc doCheck = false; Loading @@ -100,7 +56,11 @@ buildPythonApplication rec { propagatedBuildInputs = [ google-cloud-sdk filetype jsonschema lib4sbom packageurl-python python-gnupg plotly beautifulsoup4 pyyaml Loading @@ -123,7 +83,7 @@ buildPythonApplication rec { setuptools xmlschema cvss packaging_21_3 packaging ]; nativeCheckInputs = [ Loading pkgs/tools/security/cve-bin-tool/no-gsutil-python-dependency.patchdeleted 100644 → 0 +0 −12 Original line number Diff line number Diff line diff --git a/requirements.txt b/requirements.txt index 1d4aa9a..c9e9171 100644 --- a/requirements.txt +++ b/requirements.txt @@ -14,6 +14,6 @@ xmlschema importlib_metadata; python_version < "3.8" requests urllib3>=1.26.5 # dependency of requests added explictly to avoid CVEs -gsutil +#gsutil cvss packaging Loading
pkgs/tools/security/cve-bin-tool/default.nix +11 −51 Original line number Diff line number Diff line { lib , buildPythonApplication , fetchFromGitHub , fetchpatch , filetype , jsonschema , lib4sbom , packageurl-python , python-gnupg , plotly , beautifulsoup4 , pyyaml Loading Loading @@ -30,67 +33,20 @@ , pip , testers , cve-bin-tool # pinned packaging , pyparsing , fetchPypi , buildPythonPackage , pretend , pythonOlder , wheel }: let # pin packaging to < 22 until issue related to https://github.com/intel/cve-bin-tool/pull/2436 are resolved by upstream (post-3.2) packaging_21_3 = buildPythonPackage rec { inherit (packaging) pname passthru meta; version = "21.3"; format = "pyproject"; disabled = pythonOlder "3.6"; src = fetchPypi { inherit pname version; sha256 = "sha256-3UfEKSfYmrkR5gZRiQfMLTofOLvQJjhZcGQ/nFuOz+s="; }; nativeBuildInputs = [ setuptools wheel ]; propagatedBuildInputs = [ pyparsing ]; nativeCheckInputs = [ pytestCheckHook pretend ]; doCheck = false; }; in buildPythonApplication rec { pname = "cve-bin-tool"; version = "3.2"; version = "3.3"; format = "setuptools"; src = fetchFromGitHub { owner = "intel"; repo = "cve-bin-tool"; rev = "refs/tags/v${version}"; hash = "sha256-QOnWt6iit0/F6d/MfZ8qJqDuT3IHh0Qjs6BcJkI/CBw="; hash = "sha256-A5w4U5EDX+UZWNMuz8GTOcubo8N2KfDlVV0aRNsO8/E="; }; patches = [ # Not needed as python dependency, should just be on the PATH ./no-gsutil-python-dependency.patch # Already merged upstream, to be removed post-3.2 # https://github.com/intel/cve-bin-tool/pull/2524 (fetchpatch { name = "cve-bin-tool-version-success.patch"; url = "https://github.com/intel/cve-bin-tool/commit/6f9bd565219932c565c1443ac467fe4163408dd8.patch"; hash = "sha256-Glj6qiOvmvsuetXn4tysyiN/vrcOPFLORh+u3BoGzCI="; }) ]; # Wants to open a sqlite database, access the internet, etc doCheck = false; Loading @@ -100,7 +56,11 @@ buildPythonApplication rec { propagatedBuildInputs = [ google-cloud-sdk filetype jsonschema lib4sbom packageurl-python python-gnupg plotly beautifulsoup4 pyyaml Loading @@ -123,7 +83,7 @@ buildPythonApplication rec { setuptools xmlschema cvss packaging_21_3 packaging ]; nativeCheckInputs = [ Loading
pkgs/tools/security/cve-bin-tool/no-gsutil-python-dependency.patchdeleted 100644 → 0 +0 −12 Original line number Diff line number Diff line diff --git a/requirements.txt b/requirements.txt index 1d4aa9a..c9e9171 100644 --- a/requirements.txt +++ b/requirements.txt @@ -14,6 +14,6 @@ xmlschema importlib_metadata; python_version < "3.8" requests urllib3>=1.26.5 # dependency of requests added explictly to avoid CVEs -gsutil +#gsutil cvss packaging
