cve-bin-tool: 3.1.2 -> 3.2
Adding pip as a propagated dependency for the python checker Co-Authored-By: Markus S. Wamser <github-dev@mail2013.wamser.eu>
This commit is contained in:
parent
da45bf6ec7
commit
bac62a387d
@ -1,6 +1,7 @@
|
||||
{ lib
|
||||
, buildPythonApplication
|
||||
, fetchFromGitHub
|
||||
, fetchpatch
|
||||
, jsonschema
|
||||
, plotly
|
||||
, beautifulsoup4
|
||||
@ -24,22 +25,78 @@
|
||||
, xmlschema
|
||||
, setuptools
|
||||
, packaging
|
||||
, cvss
|
||||
, google-cloud-sdk
|
||||
, pip
|
||||
, testers
|
||||
, cve-bin-tool
|
||||
# pinned packaging
|
||||
, pyparsing
|
||||
, fetchPypi
|
||||
, buildPythonPackage
|
||||
, pretend
|
||||
, pythonOlder
|
||||
}:
|
||||
|
||||
let
|
||||
# pin packaging to < 22 until issue related to https://github.com/intel/cve-bin-tool/pull/2436 are resolved by upstream (post-3.2)
|
||||
packaging_21_3 = buildPythonPackage rec {
|
||||
inherit (packaging) pname passthru meta;
|
||||
version = "21.3";
|
||||
format = "pyproject";
|
||||
disabled = pythonOlder "3.6";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "sha256-3UfEKSfYmrkR5gZRiQfMLTofOLvQJjhZcGQ/nFuOz+s=";
|
||||
};
|
||||
nativeBuildInputs = [
|
||||
setuptools
|
||||
];
|
||||
propagatedBuildInputs = [
|
||||
pyparsing
|
||||
];
|
||||
|
||||
nativeCheckInputs = [
|
||||
pytestCheckHook
|
||||
pretend
|
||||
];
|
||||
|
||||
doCheck = false;
|
||||
};
|
||||
in
|
||||
buildPythonApplication rec {
|
||||
pname = "cve-bin-tool";
|
||||
version = "3.1.2";
|
||||
version = "3.2";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "intel";
|
||||
repo = "cve-bin-tool";
|
||||
rev = "refs/tags/v${version}";
|
||||
sha256 = "sha256-P2GhGQxa6Y8BmMqFHXSfmqN58E1FbXD9Ndwwr+upK8Q=";
|
||||
hash = "sha256-QOnWt6iit0/F6d/MfZ8qJqDuT3IHh0Qjs6BcJkI/CBw=";
|
||||
};
|
||||
|
||||
patches = [
|
||||
# Not needed as python dependency, should just be on the PATH
|
||||
./no-gsutil-python-dependency.patch
|
||||
# Already merged upstream, to be removed post-3.2
|
||||
# https://github.com/intel/cve-bin-tool/pull/2524
|
||||
(fetchpatch {
|
||||
name = "cve-bin-tool-version-success.patch";
|
||||
url = "https://github.com/intel/cve-bin-tool/commit/6f9bd565219932c565c1443ac467fe4163408dd8.patch";
|
||||
hash = "sha256-Glj6qiOvmvsuetXn4tysyiN/vrcOPFLORh+u3BoGzCI=";
|
||||
})
|
||||
];
|
||||
|
||||
# Wants to open a sqlite database, access the internet, etc
|
||||
doCheck = false;
|
||||
|
||||
propagatedNativeBuildInputs = [
|
||||
pip
|
||||
];
|
||||
|
||||
propagatedBuildInputs = [
|
||||
google-cloud-sdk
|
||||
jsonschema
|
||||
plotly
|
||||
beautifulsoup4
|
||||
@ -62,7 +119,8 @@ buildPythonApplication rec {
|
||||
pillow
|
||||
setuptools
|
||||
xmlschema
|
||||
packaging
|
||||
cvss
|
||||
packaging_21_3
|
||||
];
|
||||
|
||||
nativeCheckInputs = [
|
||||
@ -73,10 +131,7 @@ buildPythonApplication rec {
|
||||
"cve_bin_tool"
|
||||
];
|
||||
|
||||
# required until https://github.com/intel/cve-bin-tool/pull/1665 is merged
|
||||
postPatch = ''
|
||||
sed '/^pytest/d' -i requirements.txt
|
||||
'';
|
||||
passthru.tests.version = testers.testVersion { package = cve-bin-tool; };
|
||||
|
||||
meta = with lib; {
|
||||
description = "CVE Binary Checker Tool";
|
||||
|
@ -0,0 +1,12 @@
|
||||
diff --git a/requirements.txt b/requirements.txt
|
||||
index 1d4aa9a..c9e9171 100644
|
||||
--- a/requirements.txt
|
||||
+++ b/requirements.txt
|
||||
@@ -14,6 +14,6 @@ xmlschema
|
||||
importlib_metadata; python_version < "3.8"
|
||||
requests
|
||||
urllib3>=1.26.5 # dependency of requests added explictly to avoid CVEs
|
||||
-gsutil
|
||||
+#gsutil
|
||||
cvss
|
||||
packaging
|
Loading…
Reference in New Issue
Block a user