1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
{ lib
, buildPythonApplication
, fetchFromGitHub
, fetchpatch
, jsonschema
, plotly
, beautifulsoup4
, pyyaml
, isort
, py
, jinja2
, rpmfile
, reportlab
, zstandard
, rich
, aiohttp
, toml
, distro
# aiohttp[speedups]
, aiodns
, brotlipy
, faust-cchardet
, pillow
, pytestCheckHook
, xmlschema
, setuptools
, packaging
, cvss
, google-cloud-sdk
, pip
, testers
, cve-bin-tool
# pinned packaging
, pyparsing
, fetchPypi
, buildPythonPackage
, pretend
, pythonOlder
, wheel
}:
let
# pin packaging to < 22 until issue related to https://github.com/intel/cve-bin-tool/pull/2436 are resolved by upstream (post-3.2)
packaging_21_3 = buildPythonPackage rec {
inherit (packaging) pname passthru meta;
version = "21.3";
format = "pyproject";
disabled = pythonOlder "3.6";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-3UfEKSfYmrkR5gZRiQfMLTofOLvQJjhZcGQ/nFuOz+s=";
};
nativeBuildInputs = [
setuptools
wheel
];
propagatedBuildInputs = [
pyparsing
];
nativeCheckInputs = [
pytestCheckHook
pretend
];
doCheck = false;
};
in
buildPythonApplication rec {
pname = "cve-bin-tool";
version = "3.2";
format = "setuptools";
src = fetchFromGitHub {
owner = "intel";
repo = "cve-bin-tool";
rev = "refs/tags/v${version}";
hash = "sha256-QOnWt6iit0/F6d/MfZ8qJqDuT3IHh0Qjs6BcJkI/CBw=";
};
patches = [
# Not needed as python dependency, should just be on the PATH
./no-gsutil-python-dependency.patch
# Already merged upstream, to be removed post-3.2
# https://github.com/intel/cve-bin-tool/pull/2524
(fetchpatch {
name = "cve-bin-tool-version-success.patch";
url = "https://github.com/intel/cve-bin-tool/commit/6f9bd565219932c565c1443ac467fe4163408dd8.patch";
hash = "sha256-Glj6qiOvmvsuetXn4tysyiN/vrcOPFLORh+u3BoGzCI=";
})
];
# Wants to open a sqlite database, access the internet, etc
doCheck = false;
propagatedNativeBuildInputs = [
pip
];
propagatedBuildInputs = [
google-cloud-sdk
jsonschema
plotly
beautifulsoup4
pyyaml
isort
py
jinja2
rpmfile
reportlab
zstandard
rich
aiohttp
toml
distro
# aiohttp[speedups]
aiodns
brotlipy
faust-cchardet
# needed by brotlipy
pillow
setuptools
xmlschema
cvss
packaging_21_3
];
nativeCheckInputs = [
pytestCheckHook
];
pythonImportsCheck = [
"cve_bin_tool"
];
passthru.tests.version = testers.testVersion { package = cve-bin-tool; };
meta = with lib; {
description = "CVE Binary Checker Tool";
homepage = "https://github.com/intel/cve-bin-tool";
license = licenses.gpl3Plus;
maintainers = [ ];
};
}
|
