diff options
Diffstat (limited to 'pkgs/tools/security/cve-bin-tool/default.nix')
| -rw-r--r-- | pkgs/tools/security/cve-bin-tool/default.nix | 144 |
1 files changed, 50 insertions, 94 deletions
diff --git a/pkgs/tools/security/cve-bin-tool/default.nix b/pkgs/tools/security/cve-bin-tool/default.nix index 88b52da21eb32..b269cd362f2b0 100644 --- a/pkgs/tools/security/cve-bin-tool/default.nix +++ b/pkgs/tools/security/cve-bin-tool/default.nix @@ -1,134 +1,90 @@ { lib , buildPythonApplication , fetchFromGitHub -, fetchpatch + # aiohttp[speedups] +, aiodns +, aiohttp +, beautifulsoup4 +, brotlipy +, cvss +, distro +, filetype +, google-cloud-sdk +, jinja2 , jsonschema +, lib4sbom +, packageurl-python +, packaging , plotly -, beautifulsoup4 +, pytestCheckHook +, python-gnupg , pyyaml -, isort -, py -, jinja2 -, rpmfile -, reportlab -, zstandard , rich -, aiohttp +, rpmfile +, setuptools , toml -, distro - # aiohttp[speedups] -, aiodns -, brotlipy -, faust-cchardet -, pillow -, pytestCheckHook , xmlschema -, setuptools -, packaging -, cvss -, google-cloud-sdk +, zstandard +, reportlab , pip , testers , cve-bin-tool -# pinned packaging -, pyparsing -, fetchPypi -, buildPythonPackage -, pretend -, pythonOlder -, wheel }: -let - # pin packaging to < 22 until issue related to https://github.com/intel/cve-bin-tool/pull/2436 are resolved by upstream (post-3.2) - packaging_21_3 = buildPythonPackage rec { - inherit (packaging) pname passthru meta; - version = "21.3"; - format = "pyproject"; - disabled = pythonOlder "3.6"; - - src = fetchPypi { - inherit pname version; - sha256 = "sha256-3UfEKSfYmrkR5gZRiQfMLTofOLvQJjhZcGQ/nFuOz+s="; - }; - nativeBuildInputs = [ - setuptools - wheel - ]; - propagatedBuildInputs = [ - pyparsing - ]; - - nativeCheckInputs = [ - pytestCheckHook - pretend - ]; - - doCheck = false; - }; -in buildPythonApplication rec { pname = "cve-bin-tool"; - version = "3.2"; + version = "3.3"; format = "setuptools"; src = fetchFromGitHub { owner = "intel"; repo = "cve-bin-tool"; rev = "refs/tags/v${version}"; - hash = "sha256-QOnWt6iit0/F6d/MfZ8qJqDuT3IHh0Qjs6BcJkI/CBw="; + hash = "sha256-A5w4U5EDX+UZWNMuz8GTOcubo8N2KfDlVV0aRNsO8/E="; }; - patches = [ - # Not needed as python dependency, should just be on the PATH - ./no-gsutil-python-dependency.patch - # Already merged upstream, to be removed post-3.2 - # https://github.com/intel/cve-bin-tool/pull/2524 - (fetchpatch { - name = "cve-bin-tool-version-success.patch"; - url = "https://github.com/intel/cve-bin-tool/commit/6f9bd565219932c565c1443ac467fe4163408dd8.patch"; - hash = "sha256-Glj6qiOvmvsuetXn4tysyiN/vrcOPFLORh+u3BoGzCI="; - }) - ]; - # Wants to open a sqlite database, access the internet, etc doCheck = false; - propagatedNativeBuildInputs = [ - pip - ]; - - propagatedBuildInputs = [ - google-cloud-sdk + dependencies = [ + # aiohttp[speedups] + aiodns + aiohttp + beautifulsoup4 + brotlipy + cvss + distro + filetype + google-cloud-sdk # gsutil + jinja2 jsonschema + lib4sbom + packageurl-python + packaging plotly - beautifulsoup4 + python-gnupg pyyaml - isort - py - jinja2 - rpmfile - reportlab - zstandard rich - aiohttp - toml - distro - # aiohttp[speedups] - aiodns - brotlipy - faust-cchardet - # needed by brotlipy - pillow + rpmfile setuptools + toml xmlschema - cvss - packaging_21_3 + zstandard + ]; + + optional-dependencies = { + pdf = [ + reportlab + ]; + }; + + propagatedBuildInputs = [ + pip ]; nativeCheckInputs = [ pytestCheckHook - ]; + ] ++ lib.flatten (lib.attrValues optional-dependencies); pythonImportsCheck = [ "cve_bin_tool" |