summaryrefslogtreecommitdiff
path: root/guix
diff options
context:
space:
mode:
Diffstat (limited to 'guix')
-rw-r--r--guix/cve.scm12
-rw-r--r--guix/lint.scm2
2 files changed, 8 insertions, 6 deletions
diff --git a/guix/cve.scm b/guix/cve.scm
index 57b8459d01..b3a8b13a06 100644
--- a/guix/cve.scm
+++ b/guix/cve.scm
@@ -336,7 +336,7 @@ sexp to CACHE."
,(map vulnerability->sexp vulns))
cache))))
-(define (fetch-vulnerabilities year ttl)
+(define* (fetch-vulnerabilities year ttl #:key (timeout 10))
"Return the list of <vulnerability> for YEAR, assuming the on-disk cache has
the given TTL (fetch from the NIST web site when TTL has expired)."
(define (cache-miss uri)
@@ -361,16 +361,18 @@ the given TTL (fetch from the NIST web site when TTL has expired)."
(let* ((port (http-fetch/cached (yearly-feed-uri year)
#:ttl ttl
#:write-cache write-cache
- #:cache-miss cache-miss))
+ #:cache-miss cache-miss
+ #:timeout timeout))
(sexp (read* port)))
(close-port port)
(match sexp
(('vulnerabilities 1 vulns)
(map sexp->vulnerability vulns)))))
-(define (current-vulnerabilities)
+(define* (current-vulnerabilities #:key (timeout 10))
"Return the current list of Common Vulnerabilities and Exposures (CVE) as
-published by the US NIST."
+published by the US NIST. TIMEOUT specifies the timeout in seconds for
+connection establishment."
(let ((past-years (unfold (cut > <> 3)
(lambda (n)
(- %current-year n))
@@ -381,7 +383,7 @@ published by the US NIST."
(* n %past-year-ttl))
1+
1)))
- (append-map fetch-vulnerabilities
+ (append-map (cut fetch-vulnerabilities <> <> #:timeout timeout)
(cons %current-year past-years)
(cons %current-year-ttl past-ttls))))
diff --git a/guix/lint.scm b/guix/lint.scm
index ec43a4dcad..e1a77e8ac7 100644
--- a/guix/lint.scm
+++ b/guix/lint.scm
@@ -1084,7 +1084,7 @@ or HTTP errors. This allows network-less operation and makes problems with
the NIST server non-fatal."
(with-networking-fail-safe (G_ "while retrieving CVE vulnerabilities")
'()
- (current-vulnerabilities)))
+ (current-vulnerabilities #:timeout 4)))
(define package-vulnerabilities
(let ((lookup (delay (vulnerabilities->lookup-proc