diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2016-05-17 18:04:13 +0200 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2016-05-17 18:15:53 +0200 |
| commit | 99effc8faa43d478371eb06aee5df8ae1383c51a (patch) | |
| tree | 6e01a04c76f80f4707c56c12bdb6cad80d410b20 /guix/scripts | |
| parent | 1c29f3ef8452860c4301d7ae57c89ac5956d1663 (diff) | |
lint: Honor 'cpe-name' and 'cpe-version' package properties.
* guix/scripts/lint.scm (package-name->cpe-name): Remove.
(package-vulnerabilities): Honor 'cpe-name' and 'cpe-version'
properties.
* gnu/packages/grub.scm (grub)[properties]: New field.
* gnu/packages/gnuzilla.scm (icecat)[properties]: Add 'cpe-name' and
'cpe-version'.
* doc/guix.texi (Invoking guix lint): Mention 'cpe-name'.
Diffstat (limited to 'guix/scripts')
| -rw-r--r-- | guix/scripts/lint.scm | 21 |
1 files changed, 9 insertions, 12 deletions
diff --git a/guix/scripts/lint.scm b/guix/scripts/lint.scm index 06001d3eae..b4fdb6f905 100644 --- a/guix/scripts/lint.scm +++ b/guix/scripts/lint.scm @@ -600,15 +600,6 @@ be determined." ((? origin?) (and=> (origin-actual-file-name patch) basename)))) -(define (package-name->cpe-name name) - "Do a basic conversion of NAME, a Guix package name, to the corresponding -Common Platform Enumeration (CPE) name." - (match name - ("icecat" "firefox") ;or "firefox_esr" - ("grub" "grub2") - ;; TODO: Add more. - (_ name))) - (define (current-vulnerabilities*) "Like 'current-vulnerabilities', but return the empty list upon networking or HTTP errors. This allows network-less operation and makes problems with @@ -635,9 +626,15 @@ from ~s: ~a (~s)~%") (current-vulnerabilities*))))) (lambda (package) "Return a list of vulnerabilities affecting PACKAGE." - ((force lookup) - (package-name->cpe-name (package-name package)) - (package-version package))))) + ;; First we retrieve the Common Platform Enumeration (CPE) name and + ;; version for PACKAGE, then we can pass them to LOOKUP. + (let ((name (or (assoc-ref (package-properties package) + 'cpe-name) + (package-name package))) + (version (or (assoc-ref (package-properties package) + 'cpe-version) + (package-version package)))) + ((force lookup) name version))))) (define (check-vulnerabilities package) "Check for known vulnerabilities for PACKAGE." |