cve-bin-tool: 3.1.2 -> 3.2

Adding pip as a propagated dependency for the python checker

Co-Authored-By: Markus S. Wamser <github-dev@mail2013.wamser.eu>
This commit is contained in:
Arnout Engelen 2022-10-25 16:25:14 +02:00
parent da45bf6ec7
commit bac62a387d
No known key found for this signature in database
GPG Key ID: 061107B0F74A6DAA
2 changed files with 74 additions and 7 deletions

View File

@ -1,6 +1,7 @@
{ lib
, buildPythonApplication
, fetchFromGitHub
, fetchpatch
, jsonschema
, plotly
, beautifulsoup4
@ -24,22 +25,78 @@
, xmlschema
, setuptools
, packaging
, cvss
, google-cloud-sdk
, pip
, testers
, cve-bin-tool
# pinned packaging
, pyparsing
, fetchPypi
, buildPythonPackage
, pretend
, pythonOlder
}:
let
# pin packaging to < 22 until issue related to https://github.com/intel/cve-bin-tool/pull/2436 are resolved by upstream (post-3.2)
packaging_21_3 = buildPythonPackage rec {
inherit (packaging) pname passthru meta;
version = "21.3";
format = "pyproject";
disabled = pythonOlder "3.6";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-3UfEKSfYmrkR5gZRiQfMLTofOLvQJjhZcGQ/nFuOz+s=";
};
nativeBuildInputs = [
setuptools
];
propagatedBuildInputs = [
pyparsing
];
nativeCheckInputs = [
pytestCheckHook
pretend
];
doCheck = false;
};
in
buildPythonApplication rec {
pname = "cve-bin-tool";
version = "3.1.2";
version = "3.2";
src = fetchFromGitHub {
owner = "intel";
repo = "cve-bin-tool";
rev = "refs/tags/v${version}";
sha256 = "sha256-P2GhGQxa6Y8BmMqFHXSfmqN58E1FbXD9Ndwwr+upK8Q=";
hash = "sha256-QOnWt6iit0/F6d/MfZ8qJqDuT3IHh0Qjs6BcJkI/CBw=";
};
patches = [
# Not needed as python dependency, should just be on the PATH
./no-gsutil-python-dependency.patch
# Already merged upstream, to be removed post-3.2
# https://github.com/intel/cve-bin-tool/pull/2524
(fetchpatch {
name = "cve-bin-tool-version-success.patch";
url = "https://github.com/intel/cve-bin-tool/commit/6f9bd565219932c565c1443ac467fe4163408dd8.patch";
hash = "sha256-Glj6qiOvmvsuetXn4tysyiN/vrcOPFLORh+u3BoGzCI=";
})
];
# Wants to open a sqlite database, access the internet, etc
doCheck = false;
propagatedNativeBuildInputs = [
pip
];
propagatedBuildInputs = [
google-cloud-sdk
jsonschema
plotly
beautifulsoup4
@ -62,7 +119,8 @@ buildPythonApplication rec {
pillow
setuptools
xmlschema
packaging
cvss
packaging_21_3
];
nativeCheckInputs = [
@ -73,10 +131,7 @@ buildPythonApplication rec {
"cve_bin_tool"
];
# required until https://github.com/intel/cve-bin-tool/pull/1665 is merged
postPatch = ''
sed '/^pytest/d' -i requirements.txt
'';
passthru.tests.version = testers.testVersion { package = cve-bin-tool; };
meta = with lib; {
description = "CVE Binary Checker Tool";

View File

@ -0,0 +1,12 @@
diff --git a/requirements.txt b/requirements.txt
index 1d4aa9a..c9e9171 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -14,6 +14,6 @@ xmlschema
importlib_metadata; python_version < "3.8"
requests
urllib3>=1.26.5 # dependency of requests added explictly to avoid CVEs
-gsutil
+#gsutil
cvss
packaging