aboutsummaryrefslogtreecommitdiff
path: root/guix/scripts
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2016-05-17 18:04:13 +0200
committerLudovic Courtès <ludo@gnu.org>2016-05-17 18:15:53 +0200
commit99effc8faa43d478371eb06aee5df8ae1383c51a (patch)
tree6e01a04c76f80f4707c56c12bdb6cad80d410b20 /guix/scripts
parent1c29f3ef8452860c4301d7ae57c89ac5956d1663 (diff)
downloadgnu-guix-99effc8faa43d478371eb06aee5df8ae1383c51a.tar
gnu-guix-99effc8faa43d478371eb06aee5df8ae1383c51a.tar.gz
lint: Honor 'cpe-name' and 'cpe-version' package properties.
* guix/scripts/lint.scm (package-name->cpe-name): Remove. (package-vulnerabilities): Honor 'cpe-name' and 'cpe-version' properties. * gnu/packages/grub.scm (grub)[properties]: New field. * gnu/packages/gnuzilla.scm (icecat)[properties]: Add 'cpe-name' and 'cpe-version'. * doc/guix.texi (Invoking guix lint): Mention 'cpe-name'.
Diffstat (limited to 'guix/scripts')
-rw-r--r--guix/scripts/lint.scm21
1 files changed, 9 insertions, 12 deletions
diff --git a/guix/scripts/lint.scm b/guix/scripts/lint.scm
index 06001d3eae..b4fdb6f905 100644
--- a/guix/scripts/lint.scm
+++ b/guix/scripts/lint.scm
@@ -600,15 +600,6 @@ be determined."
((? origin?)
(and=> (origin-actual-file-name patch) basename))))
-(define (package-name->cpe-name name)
- "Do a basic conversion of NAME, a Guix package name, to the corresponding
-Common Platform Enumeration (CPE) name."
- (match name
- ("icecat" "firefox") ;or "firefox_esr"
- ("grub" "grub2")
- ;; TODO: Add more.
- (_ name)))
-
(define (current-vulnerabilities*)
"Like 'current-vulnerabilities', but return the empty list upon networking
or HTTP errors. This allows network-less operation and makes problems with
@@ -635,9 +626,15 @@ from ~s: ~a (~s)~%")
(current-vulnerabilities*)))))
(lambda (package)
"Return a list of vulnerabilities affecting PACKAGE."
- ((force lookup)
- (package-name->cpe-name (package-name package))
- (package-version package)))))
+ ;; First we retrieve the Common Platform Enumeration (CPE) name and
+ ;; version for PACKAGE, then we can pass them to LOOKUP.
+ (let ((name (or (assoc-ref (package-properties package)
+ 'cpe-name)
+ (package-name package)))
+ (version (or (assoc-ref (package-properties package)
+ 'cpe-version)
+ (package-version package))))
+ ((force lookup) name version)))))
(define (check-vulnerabilities package)
"Check for known vulnerabilities for PACKAGE."