pkgs/tools/security/cve-bin-tool/default.nix at netboot-syslinux-multiplatform · tjh.dev/nixpkgs

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / pkgs / tools / security / cve-bin-tool / default.nix
at netboot-syslinux-multiplatform 142 lines 2.7 kB view raw
  1{ lib
  2, buildPythonApplication
  3, fetchFromGitHub
  4, fetchpatch
  5, jsonschema
  6, plotly
  7, beautifulsoup4
  8, pyyaml
  9, isort
 10, py
 11, jinja2
 12, rpmfile
 13, reportlab
 14, zstandard
 15, rich
 16, aiohttp
 17, toml
 18, distro
 19  # aiohttp[speedups]
 20, aiodns
 21, brotlipy
 22, faust-cchardet
 23, pillow
 24, pytestCheckHook
 25, xmlschema
 26, setuptools
 27, packaging
 28, cvss
 29, google-cloud-sdk
 30, pip
 31, testers
 32, cve-bin-tool
 33# pinned packaging
 34, pyparsing
 35, fetchPypi
 36, buildPythonPackage
 37, pretend
 38, pythonOlder
 39}:
 40
 41let
 42  # pin packaging to < 22 until issue related to https://github.com/intel/cve-bin-tool/pull/2436 are resolved by upstream (post-3.2)
 43  packaging_21_3 = buildPythonPackage rec {
 44    inherit (packaging) pname passthru meta;
 45    version = "21.3";
 46    format = "pyproject";
 47    disabled = pythonOlder "3.6";
 48
 49    src = fetchPypi {
 50      inherit pname version;
 51      sha256 = "sha256-3UfEKSfYmrkR5gZRiQfMLTofOLvQJjhZcGQ/nFuOz+s=";
 52    };
 53    nativeBuildInputs = [
 54      setuptools
 55    ];
 56    propagatedBuildInputs = [
 57      pyparsing
 58    ];
 59
 60    nativeCheckInputs = [
 61      pytestCheckHook
 62      pretend
 63    ];
 64
 65    doCheck = false;
 66  };
 67in
 68buildPythonApplication rec {
 69  pname = "cve-bin-tool";
 70  version = "3.2";
 71
 72  src = fetchFromGitHub {
 73    owner = "intel";
 74    repo = "cve-bin-tool";
 75    rev = "refs/tags/v${version}";
 76    hash = "sha256-QOnWt6iit0/F6d/MfZ8qJqDuT3IHh0Qjs6BcJkI/CBw=";
 77  };
 78
 79  patches = [
 80    # Not needed as python dependency, should just be on the PATH
 81    ./no-gsutil-python-dependency.patch
 82    # Already merged upstream, to be removed post-3.2
 83    # https://github.com/intel/cve-bin-tool/pull/2524
 84    (fetchpatch {
 85      name = "cve-bin-tool-version-success.patch";
 86      url = "https://github.com/intel/cve-bin-tool/commit/6f9bd565219932c565c1443ac467fe4163408dd8.patch";
 87      hash = "sha256-Glj6qiOvmvsuetXn4tysyiN/vrcOPFLORh+u3BoGzCI=";
 88    })
 89  ];
 90
 91  # Wants to open a sqlite database, access the internet, etc
 92  doCheck = false;
 93
 94  propagatedNativeBuildInputs = [
 95    pip
 96  ];
 97
 98  propagatedBuildInputs = [
 99    google-cloud-sdk
100    jsonschema
101    plotly
102    beautifulsoup4
103    pyyaml
104    isort
105    py
106    jinja2
107    rpmfile
108    reportlab
109    zstandard
110    rich
111    aiohttp
112    toml
113    distro
114    # aiohttp[speedups]
115    aiodns
116    brotlipy
117    faust-cchardet
118    # needed by brotlipy
119    pillow
120    setuptools
121    xmlschema
122    cvss
123    packaging_21_3
124  ];
125
126  nativeCheckInputs = [
127    pytestCheckHook
128  ];
129
130  pythonImportsCheck = [
131    "cve_bin_tool"
132  ];
133
134  passthru.tests.version = testers.testVersion { package = cve-bin-tool; };
135
136  meta = with lib; {
137    description = "CVE Binary Checker Tool";
138    homepage = "https://github.com/intel/cve-bin-tool";
139    license = licenses.gpl3Plus;
140    maintainers = [ ];
141  };
142}