[PATCH 19/25] gnu: Add govulncheck.

  • Done
  • quality assurance status badge
Details
4 participants
  • Katherine Cox-Buday
  • Christopher Baines
  • Tobias Geerinckx-Rice
  • (
Owner
unassigned
Submitted by
Katherine Cox-Buday
Severity
normal
Merged with
K
K
Katherine Cox-Buday wrote on 18 Jan 2023 02:45
(address . guix-patches@gnu.org)(name . Katherine Cox-Buday)(address . cox.katherine.e@gmail.com)
20230118014510.19320-20-cox.katherine.e@gmail.com
* gnu/packages/golang.scm (govulncheck): New variable.
---
gnu/packages/golang.scm | 51 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 51 insertions(+)

Toggle diff (64 lines)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index eaff0dfc37..f135b2717f 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -2956,6 +2956,57 @@ (define-public go-golang-org-x-crypto
(home-page "https://go.googlesource.com/crypto/")
(license license:bsd-3))))
+(define-public govulncheck
+ (package
+ (name "govulncheck")
+ (version "0.0.0-20221229164908-ebf31f7dc3ef")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://go.googlesource.com/vuln")
+ (commit (go-version->git-ref version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1w055g90k7anrrcvfrsqklxzl9pl0vqdiwpayj9f0brwys9xhj7d"))))
+ (build-system go-build-system)
+ (arguments
+ `(#:import-path "golang.org/x/vuln"
+ #:go ,go-1.19
+ #:install-source? #f
+ #:phases ,#~(modify-phases %standard-phases
+ (add-after 'unpack 'remove-go-mod-tidy
+ (lambda _
+ (substitute* "src/golang.org/x/vuln/checks.bash"
+ (("go mod tidy")
+ #$(file-append coreutils-minimal "/bin/true")))))
+ (replace 'build
+ (lambda arguments
+ (apply (assoc-ref %standard-phases
+ 'build)
+ `(,@arguments #:import-path
+ "golang.org/x/vuln/cmd/govulncheck")))))))
+ (native-inputs (list coreutils-minimal))
+ (inputs (list go-golang-org-x-sys
+ go-github-com-google-renameio
+ go-github-com-burntsushi-toml
+ go-mvdan-cc-unparam
+ go-honnef-co-go-tools
+ go-golang-org-x-tools
+ go-golang-org-x-sync
+ go-golang-org-x-mod
+ go-golang-org-x-exp
+ go-github-com-google-go-cmp-cmp
+ go-github-com-google-go-cmdtest
+ go-github-com-client9-misspell))
+ (home-page "https://golang.org/x/vuln")
+ (synopsis "Go Vulnerability Management")
+ (description
+ "This repository contains packages for accessing and analyzing data from the
+@@url{https://vuln.go.dev,Go Vulnerability Database}. It contains the
+following:")
+ (license license:bsd-3)))
+
(define-public go-github-com-protonmail-go-crypto
(package
(name "go-github-com-protonmail-go-crypto")
--
2.38.1
T
T
Tobias Geerinckx-Rice wrote on 18 Jan 2023 11:56
(no subject)
(address . control@debbugs.gnu.org)
542e82bcc0f385c117ba662c7dcf1dbf@tobias.gr
merge 60898 60899 60900 60901 60902
merge 60898 60903 60904 60905 60906
merge 60898 60907 60908 60909 60910
merge 60898 60911 60912 60913 60914
merge 60898 60915 60916 60917 60918
merge 60898 60919 60920
T
T
Tobias Geerinckx-Rice wrote on 18 Jan 2023 12:43
(address . control@debbugs.gnu.org)
37de5823441633151229c783f2acfca3@tobias.gr
merge 60898 60921 60922
thanks

Weird: I got ‘Unknown command or malformed arguments to command.’ for
this obviously correct line.

Let's try again.
K
K
Katherine Cox-Buday wrote on 18 Jan 2023 18:07
Merging erroneously opened bugs
(address . control@debbugs.gnu.org)
87zgafrct9.fsf@gmail.com
merge 60899 60904 60907 60908 60917 60920 60921 60919 60910 60903 60915 60914 60922 60909 60918 60913 60900 60899 60905 60901 60912 60898 60906 60902 60916 60911
--
Katherine
C
C
Christopher Baines wrote on 6 Feb 2023 23:52
Re: [bug#60918] [PATCH 19/25] gnu: Add govulncheck.
(name . Katherine Cox-Buday)(address . cox.katherine.e@gmail.com)
87o7q6crzz.fsf@cbaines.net
Katherine Cox-Buday <cox.katherine.e@gmail.com> writes:

Toggle quote (5 lines)
> * gnu/packages/golang.scm (govulncheck): New variable.
> ---
> gnu/packages/golang.scm | 51 +++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 51 insertions(+)

...

Toggle quote (5 lines)
> + (description
> + "This repository contains packages for accessing and analyzing data from the
> +@@url{https://vuln.go.dev,Go Vulnerability Database}. It contains the
> +following:")

I've cut the second incomplete sentance out, and also fixed the @url bit
(just one @, you can test this with guix show).
-----BEGIN PGP SIGNATURE-----

iQKlBAEBCgCPFiEEPonu50WOcg2XVOCyXiijOwuE9XcFAmPhiEBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcRHG1haWxAY2Jh
aW5lcy5uZXQACgkQXiijOwuE9XcqcBAArHBav7Jp8Mt5dRZJil8iZO/hx6fzr7lW
oIfAGF0o6UCq7DDDeSh8tkOEkh/KDA6mXjG+DmosJq+b0J7KAFNynw0/LbiniJuV
c+niorF72a1/D+tp2B34bQZCPjuI7Ro5ZlAuDz+/eZKffuQ3/a+wuq4Luut5JlE4
x/NS15gpa424DxRk+CxYv3IV7trm09TClwloGsiX9gWzvfvQWSyRu33fZoPZgz+B
HstTowqTgLf0RX2RD+F8m/crjrxQgQDPR46FPGDO9Ikg9Hg9/VzSUEFVzxC8hCix
B2EOyUwy+k8tiAjAcMNtOf/+Tu3CshxY3hOE3E2a8cN5eQMna41wxAZjs+80BD8U
KCXEKinFqXcsuO6ikI8sb/P9um64ERaOVL45ENPh7czBXJH1zAMHerSCJOoOJFv2
H4LdadN/P47kUmelZF00lO9HYDj1sc/ID8Ll8yli3ptzEY0XkCs7tixDaUbzbVd9
5oCUFYa9iCJiB3opH0PaWo9amcaJJ5haKIzwhW51M75Vj0BuEEGizUvGo1NGkeFs
wxeOR/Pa7lY7uQo8BmUgDZGS3aK4hhhz4VbHfk3B0ECaomsbm2hjOD1gBQtxUS+g
8fETCk3ANJnaxHBhbwh5LCxGYyERInVNw5OA0ar4/hnxmStdA3IwtYjWLnNQMEnR
9xzfK5ik/9s=
=GFsq
-----END PGP SIGNATURE-----

(
(
( wrote on 7 Feb 2023 00:10
CQBUY5IA59RE.2PBZ83T1NKTR1@guix-framework
* gnu/packages/golang.scm (govulncheck): New variable.

Toggle quote (7 lines)
> --- a/gnu/packages/golang.scm
> +++ b/gnu/packages/golang.scm

> @@ -2956,6 +2956,57 @@ (define-public go-golang-org-x-crypto

> + (version "0.0.0-20221229164908-ebf31f7dc3ef")

Please use git-version.

Toggle quote (17 lines)
> + (arguments
> + `(#:import-path "golang.org/x/vuln"
> + #:go ,go-1.19
> + #:install-source? #f
> + #:phases ,#~(modify-phases %standard-phases
> + (add-after 'unpack 'remove-go-mod-tidy
> + (lambda _
> + (substitute* "src/golang.org/x/vuln/checks.bash"
> + (("go mod tidy")
> + #$(file-append coreutils-minimal "/bin/true")))))
> + (replace 'build
> + (lambda arguments
> + (apply (assoc-ref %standard-phases
> + 'build)
> + `(,@arguments #:import-path
> + "golang.org/x/vuln/cmd/govulncheck")))))))

Please try to see if you can remove ``(replace 'build ...)'' et cetera.

Toggle quote (2 lines)
> + (synopsis "Go Vulnerability Management")

(synopsis "Manage data from the Go Vulnerability Database")

Toggle quote (5 lines)
> + (description
> + "This repository contains packages for accessing and analyzing data from the
> +@@url{https://vuln.go.dev,Go Vulnerability Database}. It contains the
> +following:")

(description
"This package provides a Go library and program for accessing and analysing
data from the @url{https://vuln.go.dev, Go Vulnerability Database.")

-- (
-----BEGIN PGP SIGNATURE-----

iQGzBAABCgAdFiEE6Vh10NblKE5doNlW7ImHg/nqI20FAmPhiOsACgkQ7ImHg/nq
I23E+Av+J23p0yg0LBTGn1OJQAnUlyFOz5dy7P9omN6/EI3SYpoPrPgvK/LG/hQi
oiw9dTB+EjQGDWy/3k9BGZUf/J2Z2mAVraFJBf2jC5uaQ/OYHJU7c170mRk3v1AJ
ce5QC2emwaHPEOzpjTw4obAcklHTEYG0uDzIj9jQmOKEWIaSS/q1Y2Vhs8gqGiOM
rvf+9LDAC52PJcsNLPS8g/ele0c+qn6qXIrJI3ef3UiiAdnjXhIMpmGD75QwHZ+W
953IHIFHpQWjyRHvPT7l05rPtvOAGiNdNrBvldAuiiFhKfw1HbcRCtoGSRYm9aeY
jGc04rBAifqjdp6Y73j12qhHbHWbohCTHur+49SCRQjanXqDtCdTz7KvNsQ6UFw7
CTGTpNDjWQDb3oUmnlFF9u5lnb6oV56MjCxB4+d/aj67mLbs7WNJcK34Tnr6SrFq
bjpfVMHNk79NSCoy1L/wsd3zlOa/pem7DUzSOH8Xk4H/I2ki2G6BMtBsvYCZ8hp1
8h75Go5W
=u9HY
-----END PGP SIGNATURE-----


K
K
Katherine Cox-Buday wrote on 7 Feb 2023 18:56
(name . Christopher Baines)(address . mail@cbaines.net)(address . 60918@debbugs.gnu.org)
87ttzxwe8s.fsf@gmail.com
Christopher Baines <mail@cbaines.net> writes:

Toggle quote (17 lines)
> Katherine Cox-Buday <cox.katherine.e@gmail.com> writes:
>
>> * gnu/packages/golang.scm (govulncheck): New variable.
>> ---
>> gnu/packages/golang.scm | 51 +++++++++++++++++++++++++++++++++++++++++
>> 1 file changed, 51 insertions(+)
>
> ...
>
>> + (description
>> + "This repository contains packages for accessing and analyzing data from the
>> +@@url{https://vuln.go.dev,Go Vulnerability Database}. It contains the
>> +following:")
>
> I've cut the second incomplete sentance out, and also fixed the @url bit
> (just one @, you can test this with guix show).

Thanks, and sorry. I'll update my local tooling to try and start
checking for this.

I think this must have been `guix import go`? It might have a bug that
adds an extra `@`, because I don't recall adding the description for
this package.

--
Katherine
?