646b892680
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
118 lines
2.0 KiB
Nix
118 lines
2.0 KiB
Nix
{
|
|
lib,
|
|
buildPythonApplication,
|
|
fetchFromGitHub,
|
|
|
|
# build-system
|
|
setuptools,
|
|
|
|
# dependencies
|
|
aiohttp,
|
|
beautifulsoup4,
|
|
brotlipy,
|
|
cvss,
|
|
distro,
|
|
filetype,
|
|
jinja2,
|
|
jsonschema,
|
|
lib4sbom,
|
|
lib4vex,
|
|
packageurl-python,
|
|
packaging,
|
|
plotly,
|
|
python-gnupg,
|
|
pyyaml,
|
|
requests,
|
|
rich,
|
|
rpmfile,
|
|
xmlschema,
|
|
zipp,
|
|
zstandard,
|
|
|
|
# optional-dependencies
|
|
reportlab,
|
|
|
|
# runtime-dependencies
|
|
google-cloud-sdk,
|
|
|
|
# tests
|
|
versionCheckHook,
|
|
}:
|
|
|
|
buildPythonApplication rec {
|
|
pname = "cve-bin-tool";
|
|
version = "3.4";
|
|
pyproject = true;
|
|
|
|
src = fetchFromGitHub {
|
|
owner = "intel";
|
|
repo = "cve-bin-tool";
|
|
tag = "v${version}";
|
|
hash = "sha256-pv8XjKjZBUw5FmmUn1dakGeS1uw2xzF3wSIZOYQ2/3c=";
|
|
};
|
|
|
|
build-system = [ setuptools ];
|
|
|
|
dependencies = [
|
|
aiohttp
|
|
beautifulsoup4
|
|
brotlipy
|
|
cvss
|
|
distro
|
|
filetype
|
|
jinja2
|
|
jsonschema
|
|
lib4sbom
|
|
lib4vex
|
|
packageurl-python
|
|
packaging
|
|
plotly
|
|
python-gnupg
|
|
pyyaml
|
|
requests
|
|
rich
|
|
rpmfile
|
|
setuptools
|
|
xmlschema
|
|
zipp
|
|
zstandard
|
|
]
|
|
++ aiohttp.optional-dependencies.speedups;
|
|
|
|
optional-dependencies = {
|
|
pdf = [ reportlab ];
|
|
};
|
|
|
|
pythonRemoveDeps = [
|
|
# gsutil is only called as a binary at runtime instead of being used as a library
|
|
"gsutil"
|
|
];
|
|
|
|
# don't run pytestCheckHook because it wants to open a sqlite database, access the internet, etc
|
|
nativeCheckInputs = [
|
|
versionCheckHook
|
|
]
|
|
++ lib.flatten (lib.attrValues optional-dependencies);
|
|
|
|
pythonImportsCheck = [
|
|
"cve_bin_tool"
|
|
"cve_bin_tool.mismatch_loader"
|
|
];
|
|
|
|
# provide gsutil
|
|
makeWrapperArgs = [
|
|
"--prefix"
|
|
"PATH"
|
|
":"
|
|
(lib.makeBinPath [ google-cloud-sdk ])
|
|
];
|
|
|
|
meta = with lib; {
|
|
description = "CVE Binary Checker Tool";
|
|
homepage = "https://github.com/intel/cve-bin-tool";
|
|
changelog = "https://github.com/intel/cve-bin-tool/releases/tag/${src.tag}";
|
|
license = licenses.gpl3Plus;
|
|
maintainers = [ ];
|
|
};
|
|
}
|