diff options
author | Ludovic Courtès <ludo@gnu.org> | 2016-03-04 10:44:08 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2016-03-04 11:48:52 +0100 |
commit | 4ce783a2f9edc5cf1024b02e3c434ed361e8897d (patch) | |
tree | 2757e0394e91fd6024686e0fa1ac1ea1c1cb2cfa /guix | |
parent | fe4e698d770e96b0a5dc0aa3b11a7f85da15e55f (diff) | |
download | gnu-guix-4ce783a2f9edc5cf1024b02e3c434ed361e8897d.tar gnu-guix-4ce783a2f9edc5cf1024b02e3c434ed361e8897d.tar.gz |
lint: cve: Gracefully handle HTTP errors.
* guix/scripts/lint.scm (current-vulnerabilities*): New procedure.
(package-vulnerabilities): Use it.
Diffstat (limited to 'guix')
-rw-r--r-- | guix/scripts/lint.scm | 33 |
1 files changed, 23 insertions, 10 deletions
diff --git a/guix/scripts/lint.scm b/guix/scripts/lint.scm index 8876704d4d..f135bde9df 100644 --- a/guix/scripts/lint.scm +++ b/guix/scripts/lint.scm @@ -24,6 +24,7 @@ #:use-module (guix base32) #:use-module (guix download) #:use-module (guix ftp-client) + #:use-module (guix http-client) #:use-module (guix packages) #:use-module (guix licenses) #:use-module (guix records) @@ -593,18 +594,30 @@ Common Platform Enumeration (CPE) name." ;; TODO: Add more. (_ name))) +(define (current-vulnerabilities*) + "Like 'current-vulnerabilities', but return the empty list upon networking +or HTTP errors. This allows network-less operation and makes problems with +the NIST server non-fatal.." + (guard (c ((http-get-error? c) + (warning (_ "failed to retrieve CVE vulnerabilities \ +from ~s: ~a (~s)~%") + (uri->string (http-get-error-uri c)) + (http-get-error-code c) + (http-get-error-reason c)) + (warning (_ "assuming no CVE vulnerabilities~%")) + '())) + (catch 'getaddrinfo-error + (lambda () + (current-vulnerabilities)) + (lambda (key errcode) + (warning (_ "failed to lookup NIST host: ~a~%") + (gai-strerror errcode)) + (warning (_ "assuming no CVE vulnerabilities~%")) + '())))) + (define package-vulnerabilities (let ((lookup (delay (vulnerabilities->lookup-proc - ;; Catch networking errors to allow network-less - ;; operation. - (catch 'getaddrinfo-error - (lambda () - (current-vulnerabilities)) - (lambda (key errcode) - (warn (_ "failed to lookup NIST host: ~a~%") - (gai-strerror errcode)) - (warn (_ "assuming no CVE vulnerabilities~%")) - '())))))) + (current-vulnerabilities*))))) (lambda (package) "Return a list of vulnerabilities affecting PACKAGE." ((force lookup) |