From 99effc8faa43d478371eb06aee5df8ae1383c51a Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 17 May 2016 18:04:13 +0200 Subject: lint: Honor 'cpe-name' and 'cpe-version' package properties. * guix/scripts/lint.scm (package-name->cpe-name): Remove. (package-vulnerabilities): Honor 'cpe-name' and 'cpe-version' properties. * gnu/packages/grub.scm (grub)[properties]: New field. * gnu/packages/gnuzilla.scm (icecat)[properties]: Add 'cpe-name' and 'cpe-version'. * doc/guix.texi (Invoking guix lint): Mention 'cpe-name'. --- guix/scripts/lint.scm | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) (limited to 'guix') diff --git a/guix/scripts/lint.scm b/guix/scripts/lint.scm index 06001d3eae..b4fdb6f905 100644 --- a/guix/scripts/lint.scm +++ b/guix/scripts/lint.scm @@ -600,15 +600,6 @@ be determined." ((? origin?) (and=> (origin-actual-file-name patch) basename)))) -(define (package-name->cpe-name name) - "Do a basic conversion of NAME, a Guix package name, to the corresponding -Common Platform Enumeration (CPE) name." - (match name - ("icecat" "firefox") ;or "firefox_esr" - ("grub" "grub2") - ;; TODO: Add more. - (_ name))) - (define (current-vulnerabilities*) "Like 'current-vulnerabilities', but return the empty list upon networking or HTTP errors. This allows network-less operation and makes problems with @@ -635,9 +626,15 @@ from ~s: ~a (~s)~%") (current-vulnerabilities*))))) (lambda (package) "Return a list of vulnerabilities affecting PACKAGE." - ((force lookup) - (package-name->cpe-name (package-name package)) - (package-version package))))) + ;; First we retrieve the Common Platform Enumeration (CPE) name and + ;; version for PACKAGE, then we can pass them to LOOKUP. + (let ((name (or (assoc-ref (package-properties package) + 'cpe-name) + (package-name package))) + (version (or (assoc-ref (package-properties package) + 'cpe-version) + (package-version package)))) + ((force lookup) name version))))) (define (check-vulnerabilities package) "Check for known vulnerabilities for PACKAGE." -- cgit v1.2.3