cve-bin-tool: refactor to use `pyproject = true`

pyrox.dev / nixpkgs

fork atom

lol

fork atom

tea 11 months ago 96c8bfa2 df40f158

+37 -19

1 changed file

expand all

pkgs

tools

security

cve-bin-tool

default.nix

+37 -19

pkgs/tools/security/cve-bin-tool/default.nix

··· 2 2 lib, 3 3 buildPythonApplication, 4 4 fetchFromGitHub, 5 - # aiohttp[speedups] 6 - aiodns, 5 + 6 + # build-system 7 + setuptools, 8 + 9 + # dependencies 7 10 aiohttp, 8 11 beautifulsoup4, 9 12 brotlipy, 10 13 cvss, 11 14 distro, 12 15 filetype, 13 - google-cloud-sdk, 14 16 jinja2, 15 17 jsonschema, 16 18 lib4sbom, ··· 18 20 packageurl-python, 19 21 packaging, 20 22 plotly, 21 - pytestCheckHook, 22 23 python-gnupg, 23 24 pyyaml, 24 25 requests, 25 26 rich, 26 27 rpmfile, 27 - setuptools, 28 28 xmlschema, 29 + zipp, 29 30 zstandard, 31 + 32 + # optional-dependencies 30 33 reportlab, 31 - pip, 32 - testers, 33 - cve-bin-tool, 34 + 35 + # runtime-dependencies 36 + google-cloud-sdk, 37 + 38 + # tests 39 + versionCheckHook, 34 40 }: 35 41 36 42 buildPythonApplication rec { 37 43 pname = "cve-bin-tool"; 38 44 version = "3.4"; 39 - format = "setuptools"; 45 + pyproject = true; 40 46 41 47 src = fetchFromGitHub { 42 48 owner = "intel"; ··· 45 51 hash = "sha256-pv8XjKjZBUw5FmmUn1dakGeS1uw2xzF3wSIZOYQ2/3c="; 46 52 }; 47 53 48 - # Wants to open a sqlite database, access the internet, etc 49 - doCheck = false; 54 + build-system = [ setuptools ]; 50 55 51 56 dependencies = [ 52 - # aiohttp[speedups] 53 - aiodns 54 57 aiohttp 55 58 beautifulsoup4 56 59 brotlipy 57 60 cvss 58 61 distro 59 62 filetype 60 - google-cloud-sdk # gsutil 61 63 jinja2 62 64 jsonschema 63 65 lib4sbom ··· 72 74 rpmfile 73 75 setuptools 74 76 xmlschema 77 + zipp 75 78 zstandard 76 - ]; 79 + ] ++ aiohttp.optional-dependencies.speedups; 77 80 78 81 optional-dependencies = { 79 82 pdf = [ reportlab ]; 80 83 }; 81 84 82 - propagatedBuildInputs = [ pip ]; 85 + pythonRemoveDeps = [ 86 + # gsutil is only called as a binary at runtime instead of being used as a library 87 + "gsutil" 88 + ]; 83 89 84 - nativeCheckInputs = [ pytestCheckHook ] ++ lib.flatten (lib.attrValues optional-dependencies); 90 + # don't run pytestCheckHook because it wants to open a sqlite database, access the internet, etc 91 + nativeCheckInputs = [ 92 + versionCheckHook 93 + ] ++ lib.flatten (lib.attrValues optional-dependencies); 85 94 86 - pythonImportsCheck = [ "cve_bin_tool" ]; 95 + pythonImportsCheck = [ 96 + "cve_bin_tool" 97 + "cve_bin_tool.mismatch_loader" 98 + ]; 87 99 88 - passthru.tests.version = testers.testVersion { package = cve-bin-tool; }; 100 + # provide gsutil 101 + makeWrapperArgs = [ 102 + "--prefix" 103 + "PATH" 104 + ":" 105 + (lib.makeBinPath [ google-cloud-sdk ]) 106 + ]; 89 107 90 108 meta = with lib; { 91 109 description = "CVE Binary Checker Tool";