bac62a387d
Adding pip as a propagated dependency for the python checker Co-Authored-By: Markus S. Wamser <github-dev@mail2013.wamser.eu>
143 lines
2.7 KiB
Nix
143 lines
2.7 KiB
Nix
{ lib
|
|
, buildPythonApplication
|
|
, fetchFromGitHub
|
|
, fetchpatch
|
|
, jsonschema
|
|
, plotly
|
|
, beautifulsoup4
|
|
, pyyaml
|
|
, isort
|
|
, py
|
|
, jinja2
|
|
, rpmfile
|
|
, reportlab
|
|
, zstandard
|
|
, rich
|
|
, aiohttp
|
|
, toml
|
|
, distro
|
|
# aiohttp[speedups]
|
|
, aiodns
|
|
, brotlipy
|
|
, faust-cchardet
|
|
, pillow
|
|
, pytestCheckHook
|
|
, xmlschema
|
|
, setuptools
|
|
, packaging
|
|
, cvss
|
|
, google-cloud-sdk
|
|
, pip
|
|
, testers
|
|
, cve-bin-tool
|
|
# pinned packaging
|
|
, pyparsing
|
|
, fetchPypi
|
|
, buildPythonPackage
|
|
, pretend
|
|
, pythonOlder
|
|
}:
|
|
|
|
let
|
|
# pin packaging to < 22 until issue related to https://github.com/intel/cve-bin-tool/pull/2436 are resolved by upstream (post-3.2)
|
|
packaging_21_3 = buildPythonPackage rec {
|
|
inherit (packaging) pname passthru meta;
|
|
version = "21.3";
|
|
format = "pyproject";
|
|
disabled = pythonOlder "3.6";
|
|
|
|
src = fetchPypi {
|
|
inherit pname version;
|
|
sha256 = "sha256-3UfEKSfYmrkR5gZRiQfMLTofOLvQJjhZcGQ/nFuOz+s=";
|
|
};
|
|
nativeBuildInputs = [
|
|
setuptools
|
|
];
|
|
propagatedBuildInputs = [
|
|
pyparsing
|
|
];
|
|
|
|
nativeCheckInputs = [
|
|
pytestCheckHook
|
|
pretend
|
|
];
|
|
|
|
doCheck = false;
|
|
};
|
|
in
|
|
buildPythonApplication rec {
|
|
pname = "cve-bin-tool";
|
|
version = "3.2";
|
|
|
|
src = fetchFromGitHub {
|
|
owner = "intel";
|
|
repo = "cve-bin-tool";
|
|
rev = "refs/tags/v${version}";
|
|
hash = "sha256-QOnWt6iit0/F6d/MfZ8qJqDuT3IHh0Qjs6BcJkI/CBw=";
|
|
};
|
|
|
|
patches = [
|
|
# Not needed as python dependency, should just be on the PATH
|
|
./no-gsutil-python-dependency.patch
|
|
# Already merged upstream, to be removed post-3.2
|
|
# https://github.com/intel/cve-bin-tool/pull/2524
|
|
(fetchpatch {
|
|
name = "cve-bin-tool-version-success.patch";
|
|
url = "https://github.com/intel/cve-bin-tool/commit/6f9bd565219932c565c1443ac467fe4163408dd8.patch";
|
|
hash = "sha256-Glj6qiOvmvsuetXn4tysyiN/vrcOPFLORh+u3BoGzCI=";
|
|
})
|
|
];
|
|
|
|
# Wants to open a sqlite database, access the internet, etc
|
|
doCheck = false;
|
|
|
|
propagatedNativeBuildInputs = [
|
|
pip
|
|
];
|
|
|
|
propagatedBuildInputs = [
|
|
google-cloud-sdk
|
|
jsonschema
|
|
plotly
|
|
beautifulsoup4
|
|
pyyaml
|
|
isort
|
|
py
|
|
jinja2
|
|
rpmfile
|
|
reportlab
|
|
zstandard
|
|
rich
|
|
aiohttp
|
|
toml
|
|
distro
|
|
# aiohttp[speedups]
|
|
aiodns
|
|
brotlipy
|
|
faust-cchardet
|
|
# needed by brotlipy
|
|
pillow
|
|
setuptools
|
|
xmlschema
|
|
cvss
|
|
packaging_21_3
|
|
];
|
|
|
|
nativeCheckInputs = [
|
|
pytestCheckHook
|
|
];
|
|
|
|
pythonImportsCheck = [
|
|
"cve_bin_tool"
|
|
];
|
|
|
|
passthru.tests.version = testers.testVersion { package = cve-bin-tool; };
|
|
|
|
meta = with lib; {
|
|
description = "CVE Binary Checker Tool";
|
|
homepage = "https://github.com/intel/cve-bin-tool";
|
|
license = licenses.gpl3Plus;
|
|
maintainers = [ ];
|
|
};
|
|
}
|