nixpkgs/pkgs/tools/security/cve-bin-tool/default.nix

146 lines
2.7 KiB
Nix

{ lib
, buildPythonApplication
, fetchFromGitHub
, fetchpatch
, jsonschema
, plotly
, beautifulsoup4
, pyyaml
, isort
, py
, jinja2
, rpmfile
, reportlab
, zstandard
, rich
, aiohttp
, toml
, distro
# aiohttp[speedups]
, aiodns
, brotlipy
, faust-cchardet
, pillow
, pytestCheckHook
, xmlschema
, setuptools
, packaging
, cvss
, google-cloud-sdk
, pip
, testers
, cve-bin-tool
# pinned packaging
, pyparsing
, fetchPypi
, buildPythonPackage
, pretend
, pythonOlder
, wheel
}:
let
# pin packaging to < 22 until issue related to https://github.com/intel/cve-bin-tool/pull/2436 are resolved by upstream (post-3.2)
packaging_21_3 = buildPythonPackage rec {
inherit (packaging) pname passthru meta;
version = "21.3";
format = "pyproject";
disabled = pythonOlder "3.6";
src = fetchPypi {
inherit pname version;
sha256 = "sha256-3UfEKSfYmrkR5gZRiQfMLTofOLvQJjhZcGQ/nFuOz+s=";
};
nativeBuildInputs = [
setuptools
wheel
];
propagatedBuildInputs = [
pyparsing
];
nativeCheckInputs = [
pytestCheckHook
pretend
];
doCheck = false;
};
in
buildPythonApplication rec {
pname = "cve-bin-tool";
version = "3.2";
format = "setuptools";
src = fetchFromGitHub {
owner = "intel";
repo = "cve-bin-tool";
rev = "refs/tags/v${version}";
hash = "sha256-QOnWt6iit0/F6d/MfZ8qJqDuT3IHh0Qjs6BcJkI/CBw=";
};
patches = [
# Not needed as python dependency, should just be on the PATH
./no-gsutil-python-dependency.patch
# Already merged upstream, to be removed post-3.2
# https://github.com/intel/cve-bin-tool/pull/2524
(fetchpatch {
name = "cve-bin-tool-version-success.patch";
url = "https://github.com/intel/cve-bin-tool/commit/6f9bd565219932c565c1443ac467fe4163408dd8.patch";
hash = "sha256-Glj6qiOvmvsuetXn4tysyiN/vrcOPFLORh+u3BoGzCI=";
})
];
# Wants to open a sqlite database, access the internet, etc
doCheck = false;
propagatedNativeBuildInputs = [
pip
];
propagatedBuildInputs = [
google-cloud-sdk
jsonschema
plotly
beautifulsoup4
pyyaml
isort
py
jinja2
rpmfile
reportlab
zstandard
rich
aiohttp
toml
distro
# aiohttp[speedups]
aiodns
brotlipy
faust-cchardet
# needed by brotlipy
pillow
setuptools
xmlschema
cvss
packaging_21_3
];
nativeCheckInputs = [
pytestCheckHook
];
pythonImportsCheck = [
"cve_bin_tool"
];
passthru.tests.version = testers.testVersion { package = cve-bin-tool; };
meta = with lib; {
description = "CVE Binary Checker Tool";
homepage = "https://github.com/intel/cve-bin-tool";
license = licenses.gpl3Plus;
maintainers = [ ];
};
}