01/02: lint: Honor 'cpe-name' and 'cpe-version' package properties.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/02: lint: Honor 'cpe-name' and 'cpe-version' package properties.

From:	Ludovic Court�s
Subject:	01/02: lint: Honor 'cpe-name' and 'cpe-version' package properties.
Date:	Tue, 17 May 2016 16:16:10 +0000 (UTC)

civodul pushed a commit to branch master
in repository guix.

commit 99effc8faa43d478371eb06aee5df8ae1383c51a
Author: Ludovic Courtès <address@hidden>
Date:   Tue May 17 18:04:13 2016 +0200

    lint: Honor 'cpe-name' and 'cpe-version' package properties.
    
    * guix/scripts/lint.scm (package-name->cpe-name): Remove.
    (package-vulnerabilities): Honor 'cpe-name' and 'cpe-version'
    properties.
    * gnu/packages/grub.scm (grub)[properties]: New field.
    * gnu/packages/gnuzilla.scm (icecat)[properties]: Add 'cpe-name' and
    'cpe-version'.
    * doc/guix.texi (Invoking guix lint): Mention 'cpe-name'.
---
 doc/guix.texi             |   13 +++++++++++++
 gnu/packages/gnuzilla.scm |    6 +++++-
 gnu/packages/grub.scm     |    5 +++--
 guix/scripts/lint.scm     |   21 +++++++++------------
 4 files changed, 30 insertions(+), 15 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 0e63eca..3f0106b 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -4961,6 +4961,19 @@ To view information about a particular vulnerability, 
visit pages such as:
 where @code{CVE-YYYY-ABCD} is the CVE identifier---e.g.,
 @code{CVE-2015-7554}.
 
+Package developers can specify in package recipes the
address@hidden://nvd.nist.gov/cpe.cfm,Common Platform Enumeration (CPE)}
+name and version of the package when they differ from the name that Guix
+uses, as in this example:
+
address@hidden
+(package
+  (name "grub")
+  ;; @dots{}
+  ;; CPE calls this package "grub2".
+  (properties '((cpe-name . "grub2"))))
address@hidden example
+
 @item formatting
 Warn about obvious source code formatting issues: trailing white space,
 use of tabulations, etc.
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index df1075c..7e52534 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -517,4 +517,8 @@ standards.")
 software, which does not recommend non-free plugins and addons.  It also
 features built-in privacy-protecting features.")
     (license license:mpl2.0)     ;and others, see toolkit/content/license.html
-    (properties '((ftp-directory . "/gnu/gnuzilla")))))
+    (properties
+     `((ftp-directory . "/gnu/gnuzilla")
+       (cpe-name . "firefox_esr")
+       (cpe-version . ,(string-drop-right version
+                                          (string-length "-gnu1")))))))
diff --git a/gnu/packages/grub.scm b/gnu/packages/grub.scm
index 5fc7ee8..ec2feeb 100644
--- a/gnu/packages/grub.scm
+++ b/gnu/packages/grub.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <address@hidden>
+;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <address@hidden>
 ;;; Copyright © 2015 Mark H Weaver <address@hidden>
 ;;; Copyright © 2015 Leo Famulari <address@hidden>
 ;;;
@@ -132,4 +132,5 @@ then goes on to load the rest of the operating system.  As 
a multiboot
 bootloader, GRUB handles the presence of multiple operating systems installed
 on the same computer; upon booting the computer, the user is presented with a
 menu to select one of the installed operating systems.")
-    (license gpl3+)))
+    (license gpl3+)
+    (properties '((cpe-name . "grub2")))))
diff --git a/guix/scripts/lint.scm b/guix/scripts/lint.scm
index 06001d3..b4fdb6f 100644
--- a/guix/scripts/lint.scm
+++ b/guix/scripts/lint.scm
@@ -600,15 +600,6 @@ be determined."
     ((? origin?)
      (and=> (origin-actual-file-name patch) basename))))
 
-(define (package-name->cpe-name name)
-  "Do a basic conversion of NAME, a Guix package name, to the corresponding
-Common Platform Enumeration (CPE) name."
-  (match name
-    ("icecat"   "firefox")                        ;or "firefox_esr"
-    ("grub"     "grub2")
-    ;; TODO: Add more.
-    (_          name)))
-
 (define (current-vulnerabilities*)
   "Like 'current-vulnerabilities', but return the empty list upon networking
 or HTTP errors.  This allows network-less operation and makes problems with
@@ -635,9 +626,15 @@ from ~s: ~a (~s)~%")
                         (current-vulnerabilities*)))))
     (lambda (package)
       "Return a list of vulnerabilities affecting PACKAGE."
-      ((force lookup)
-       (package-name->cpe-name (package-name package))
-       (package-version package)))))
+      ;; First we retrieve the Common Platform Enumeration (CPE) name and
+      ;; version for PACKAGE, then we can pass them to LOOKUP.
+      (let ((name    (or (assoc-ref (package-properties package)
+                                    'cpe-name)
+                         (package-name package)))
+            (version (or (assoc-ref (package-properties package)
+                                    'cpe-version)
+                         (package-version package))))
+        ((force lookup) name version)))))
 
 (define (check-vulnerabilities package)
   "Check for known vulnerabilities for PACKAGE."

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (1c29f3e -> bbb5d8a), Ludovic Court�s, 2016/05/17
- 02/02: gnu: gd: Specify 'cpe-name'., Ludovic Court�s, 2016/05/17
- 01/02: lint: Honor 'cpe-name' and 'cpe-version' package properties., Ludovic Court�s <=

Prev by Date: 02/02: gnu: gd: Specify 'cpe-name'.
Next by Date: branch master updated (bbb5d8a -> fb2b0f5)
Previous by thread: 02/02: gnu: gd: Specify 'cpe-name'.
Next by thread: branch master updated (bbb5d8a -> fb2b0f5)
Index(es):
- Date
- Thread