cve-bin-tool: 3.3 -> 3.4 (#369188)

Author: SuperSandro2000

pkgs/by-name/cs/csaf-tool/package.nix

@@ -0,0 +1,5 @@
+{
+  python3Packages,
+}:
+
+python3Packages.toPythonApplication python3Packages.csaf-tool

pkgs/development/python-modules/csaf-tool/default.nix

@@ -0,0 +1,47 @@
+{
+  lib,
+  buildPythonPackage,
+  fetchFromGitHub,
+  packageurl-python,
+  pythonOlder,
+  rich,
+  setuptools,
+  versionCheckHook,
+}:
+
+buildPythonPackage rec {
+  pname = "csaf-tool";
+  version = "0.3.2";
+  pyproject = true;
+
+  disabled = pythonOlder "3.6";
+
+  src = fetchFromGitHub {
+    owner = "anthonyharrison";
+    repo = "csaf";
+    tag = "${version}";
+    hash = "sha256-LR6r03z0nvvAQgFHaTWfukoJmLZ6SLPXfbp/G8N/HtM=";
+  };
+
+  build-system = [ setuptools ];
+
+  dependencies = [
+    packageurl-python
+    rich
+  ];
+
+  # has not tests
+  doCheck = false;
+
+  pythonImportsCheck = [ "csaf" ];
+
+  nativeCheckInputs = [ versionCheckHook ];
+
+  meta = with lib; {
+    description = "CSAF generator and validator";
+    homepage = "https://github.com/anthonyharrison/csaf";
+    changelog = "https://github.com/anthonyharrison/csaf/releases/tag/${src.tag}";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ teatwig ];
+  };
+}

pkgs/development/python-modules/lib4sbom/default.nix

@@ -12,7 +12,7 @@
 
 buildPythonPackage rec {
   pname = "lib4sbom";
-  version = "0.8.1";
+  version = "0.8.3";
   pyproject = true;
 
   disabled = pythonOlder "3.7";
@@ -21,7 +21,7 @@ buildPythonPackage rec {
     owner = "anthonyharrison";
     repo = "lib4sbom";
     tag = "v${version}";
-    hash = "sha256-OxYYHiV7TuPiLyd/rdrGfY3agv0vBcATaod37XYb7DY=";
+    hash = "sha256-7ERjzfMIz1tRvShxO2hR+DzRYyfV3KxpHmgJTLErnRw=";
   };
 
   build-system = [ setuptools ];
@@ -60,7 +60,7 @@ buildPythonPackage rec {
   meta = with lib; {
     description = "Library to ingest and generate SBOMs";
     homepage = "https://github.com/anthonyharrison/lib4sbom";
-    changelog = "https://github.com/anthonyharrison/lib4sbom/releases/tag/v${version}";
+    changelog = "https://github.com/anthonyharrison/lib4sbom/releases/tag/${src.tag}";
     license = licenses.asl20;
     maintainers = with maintainers; [ teatwig ];
   };

pkgs/development/python-modules/lib4vex/default.nix

@@ -0,0 +1,46 @@
+{
+  lib,
+  buildPythonPackage,
+  fetchFromGitHub,
+  csaf-tool,
+  lib4sbom,
+  packageurl-python,
+  pythonOlder,
+  setuptools,
+}:
+
+buildPythonPackage rec {
+  pname = "lib4vex";
+  version = "0.2.0";
+  pyproject = true;
+
+  disabled = pythonOlder "3.7";
+
+  src = fetchFromGitHub {
+    owner = "anthonyharrison";
+    repo = "lib4vex";
+    tag = "v${version}";
+    hash = "sha256-mR9ZpJDC2O04js3Kd/8qlg4Ds/jy2CmpTywRVYqmnQw=";
+  };
+
+  build-system = [ setuptools ];
+
+  dependencies = [
+    csaf-tool
+    lib4sbom
+    packageurl-python
+  ];
+
+  # has no tests
+  doCheck = false;
+
+  pythonImportsCheck = [ "lib4vex" ];
+
+  meta = with lib; {
+    description = "Library to ingest and generate VEX documents";
+    homepage = "https://github.com/anthonyharrison/lib4vex";
+    changelog = "https://github.com/anthonyharrison/lib4vex/releases/tag/${src.tag}";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ teatwig ];
+  };
+}

pkgs/tools/security/cve-bin-tool/default.nix

@@ -2,64 +2,68 @@
   lib,
   buildPythonApplication,
   fetchFromGitHub,
-  # aiohttp[speedups]
-  aiodns,
+
+  # build-system
+  setuptools,
+
+  # dependencies
   aiohttp,
   beautifulsoup4,
   brotlipy,
   cvss,
   distro,
   filetype,
-  google-cloud-sdk,
   jinja2,
   jsonschema,
   lib4sbom,
+  lib4vex,
   packageurl-python,
   packaging,
   plotly,
-  pytestCheckHook,
   python-gnupg,
   pyyaml,
   requests,
   rich,
   rpmfile,
-  setuptools,
   xmlschema,
+  zipp,
   zstandard,
+
+  # optional-dependencies
   reportlab,
-  pip,
-  testers,
-  cve-bin-tool,
+
+  # runtime-dependencies
+  google-cloud-sdk,
+
+  # tests
+  versionCheckHook,
 }:
 
 buildPythonApplication rec {
   pname = "cve-bin-tool";
-  version = "3.3";
-  format = "setuptools";
+  version = "3.4";
+  pyproject = true;
 
   src = fetchFromGitHub {
     owner = "intel";
     repo = "cve-bin-tool";
     tag = "v${version}";
-    hash = "sha256-A5w4U5EDX+UZWNMuz8GTOcubo8N2KfDlVV0aRNsO8/E=";
+    hash = "sha256-pv8XjKjZBUw5FmmUn1dakGeS1uw2xzF3wSIZOYQ2/3c=";
   };
 
-  # Wants to open a sqlite database, access the internet, etc
-  doCheck = false;
+  build-system = [ setuptools ];
 
   dependencies = [
-    # aiohttp[speedups]
-    aiodns
     aiohttp
     beautifulsoup4
     brotlipy
     cvss
     distro
     filetype
-    google-cloud-sdk # gsutil
     jinja2
     jsonschema
     lib4sbom
+    lib4vex
     packageurl-python
     packaging
     plotly
@@ -70,24 +74,41 @@ buildPythonApplication rec {
     rpmfile
     setuptools
     xmlschema
+    zipp
     zstandard
-  ];
+  ] ++ aiohttp.optional-dependencies.speedups;
 
   optional-dependencies = {
     pdf = [ reportlab ];
   };
 
-  propagatedBuildInputs = [ pip ];
+  pythonRemoveDeps = [
+    # gsutil is only called as a binary at runtime instead of being used as a library
+    "gsutil"
+  ];
 
-  nativeCheckInputs = [ pytestCheckHook ] ++ lib.flatten (lib.attrValues optional-dependencies);
+  # don't run pytestCheckHook because it wants to open a sqlite database, access the internet, etc
+  nativeCheckInputs = [
+    versionCheckHook
+  ] ++ lib.flatten (lib.attrValues optional-dependencies);
 
-  pythonImportsCheck = [ "cve_bin_tool" ];
+  pythonImportsCheck = [
+    "cve_bin_tool"
+    "cve_bin_tool.mismatch_loader"
+  ];
 
-  passthru.tests.version = testers.testVersion { package = cve-bin-tool; };
+  # provide gsutil
+  makeWrapperArgs = [
+    "--prefix"
+    "PATH"
+    ":"
+    (lib.makeBinPath [ google-cloud-sdk ])
+  ];
 
   meta = with lib; {
     description = "CVE Binary Checker Tool";
     homepage = "https://github.com/intel/cve-bin-tool";
+    changelog = "https://github.com/intel/cve-bin-tool/releases/tag/${src.tag}";
     license = licenses.gpl3Plus;
     maintainers = [ ];
   };

pkgs/top-level/python-packages.nix

@@ -2946,6 +2946,8 @@ self: super: with self; {
 
   crytic-compile = callPackage ../development/python-modules/crytic-compile { };
 
+  csaf-tool = callPackage ../development/python-modules/csaf-tool { };
+
   cson = callPackage ../development/python-modules/cson { };
 
   csrmesh = callPackage ../development/python-modules/csrmesh { };
@@ -7644,6 +7646,8 @@ self: super: with self; {
 
   lib4sbom = callPackage ../development/python-modules/lib4sbom { };
 
+  lib4vex = callPackage ../development/python-modules/lib4vex { };
+
   libagent = callPackage ../development/python-modules/libagent { };
 
   libais = callPackage ../development/python-modules/libais { };