GNU bug report logs -
#60918
[PATCH 19/25] gnu: Add govulncheck.
Previous Next
Reported by: Katherine Cox-Buday <cox.katherine.e <at> gmail.com>
Date: Wed, 18 Jan 2023 01:46:15 UTC
Severity: normal
Tags: patch
Merged with 60898,
60899,
60900,
60901,
60902,
60903,
60904,
60905,
60906,
60907,
60908,
60909,
60910,
60911,
60912,
60913,
60914,
60915,
60916,
60917,
60919,
60920,
60921,
60922
Done: Christopher Baines <mail <at> cbaines.net>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 60918 in the body.
You can then email your comments to 60918 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org
:
bug#60918
; Package
guix-patches
.
(Wed, 18 Jan 2023 01:46:15 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Katherine Cox-Buday <cox.katherine.e <at> gmail.com>
:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org
.
(Wed, 18 Jan 2023 01:46:15 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/golang.scm (govulncheck): New variable.
---
gnu/packages/golang.scm | 51 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 51 insertions(+)
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index eaff0dfc37..f135b2717f 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -2956,6 +2956,57 @@ (define-public go-golang-org-x-crypto
(home-page "https://go.googlesource.com/crypto/")
(license license:bsd-3))))
+(define-public govulncheck
+ (package
+ (name "govulncheck")
+ (version "0.0.0-20221229164908-ebf31f7dc3ef")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://go.googlesource.com/vuln")
+ (commit (go-version->git-ref version))))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1w055g90k7anrrcvfrsqklxzl9pl0vqdiwpayj9f0brwys9xhj7d"))))
+ (build-system go-build-system)
+ (arguments
+ `(#:import-path "golang.org/x/vuln"
+ #:go ,go-1.19
+ #:install-source? #f
+ #:phases ,#~(modify-phases %standard-phases
+ (add-after 'unpack 'remove-go-mod-tidy
+ (lambda _
+ (substitute* "src/golang.org/x/vuln/checks.bash"
+ (("go mod tidy")
+ #$(file-append coreutils-minimal "/bin/true")))))
+ (replace 'build
+ (lambda arguments
+ (apply (assoc-ref %standard-phases
+ 'build)
+ `(,@arguments #:import-path
+ "golang.org/x/vuln/cmd/govulncheck")))))))
+ (native-inputs (list coreutils-minimal))
+ (inputs (list go-golang-org-x-sys
+ go-github-com-google-renameio
+ go-github-com-burntsushi-toml
+ go-mvdan-cc-unparam
+ go-honnef-co-go-tools
+ go-golang-org-x-tools
+ go-golang-org-x-sync
+ go-golang-org-x-mod
+ go-golang-org-x-exp
+ go-github-com-google-go-cmp-cmp
+ go-github-com-google-go-cmdtest
+ go-github-com-client9-misspell))
+ (home-page "https://golang.org/x/vuln")
+ (synopsis "Go Vulnerability Management")
+ (description
+ "This repository contains packages for accessing and analyzing data from the
+@@url{https://vuln.go.dev,Go Vulnerability Database}. It contains the
+following:")
+ (license license:bsd-3)))
+
(define-public go-github-com-protonmail-go-crypto
(package
(name "go-github-com-protonmail-go-crypto")
--
2.38.1
Information forwarded
to
guix-patches <at> gnu.org
:
bug#60918
; Package
guix-patches
.
(Mon, 06 Feb 2023 23:08:02 GMT)
Full text and
rfc822 format available.
Message #16 received at 60918 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Katherine Cox-Buday <cox.katherine.e <at> gmail.com> writes:
> * gnu/packages/golang.scm (govulncheck): New variable.
> ---
> gnu/packages/golang.scm | 51 +++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 51 insertions(+)
...
> + (description
> + "This repository contains packages for accessing and analyzing data from the
> +@@url{https://vuln.go.dev,Go Vulnerability Database}. It contains the
> +following:")
I've cut the second incomplete sentance out, and also fixed the @url bit
(just one @, you can test this with guix show).
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org
:
bug#60918
; Package
guix-patches
.
(Mon, 06 Feb 2023 23:09:01 GMT)
Full text and
rfc822 format available.
Information forwarded
to
guix-patches <at> gnu.org
:
bug#60918
; Package
guix-patches
.
(Mon, 06 Feb 2023 23:11:02 GMT)
Full text and
rfc822 format available.
Message #22 received at 60918 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
* gnu/packages/golang.scm (govulncheck): New variable.
> --- a/gnu/packages/golang.scm
> +++ b/gnu/packages/golang.scm
> @@ -2956,6 +2956,57 @@ (define-public go-golang-org-x-crypto
> + (version "0.0.0-20221229164908-ebf31f7dc3ef")
Please use git-version.
> + (arguments
> + `(#:import-path "golang.org/x/vuln"
> + #:go ,go-1.19
> + #:install-source? #f
> + #:phases ,#~(modify-phases %standard-phases
> + (add-after 'unpack 'remove-go-mod-tidy
> + (lambda _
> + (substitute* "src/golang.org/x/vuln/checks.bash"
> + (("go mod tidy")
> + #$(file-append coreutils-minimal "/bin/true")))))
> + (replace 'build
> + (lambda arguments
> + (apply (assoc-ref %standard-phases
> + 'build)
> + `(,@arguments #:import-path
> + "golang.org/x/vuln/cmd/govulncheck")))))))
Please try to see if you can remove ``(replace 'build ...)'' et cetera.
> + (synopsis "Go Vulnerability Management")
(synopsis "Manage data from the Go Vulnerability Database")
> + (description
> + "This repository contains packages for accessing and analyzing data from the
> +@@url{https://vuln.go.dev,Go Vulnerability Database}. It contains the
> +following:")
(description
"This package provides a Go library and program for accessing and analysing
data from the @url{https://vuln.go.dev, Go Vulnerability Database.")
-- (
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org
:
bug#60918
; Package
guix-patches
.
(Tue, 07 Feb 2023 17:57:02 GMT)
Full text and
rfc822 format available.
Message #25 received at 60918 <at> debbugs.gnu.org (full text, mbox):
Christopher Baines <mail <at> cbaines.net> writes:
> Katherine Cox-Buday <cox.katherine.e <at> gmail.com> writes:
>
>> * gnu/packages/golang.scm (govulncheck): New variable.
>> ---
>> gnu/packages/golang.scm | 51 +++++++++++++++++++++++++++++++++++++++++
>> 1 file changed, 51 insertions(+)
>
> ...
>
>> + (description
>> + "This repository contains packages for accessing and analyzing data from the
>> +@@url{https://vuln.go.dev,Go Vulnerability Database}. It contains the
>> +following:")
>
> I've cut the second incomplete sentance out, and also fixed the @url bit
> (just one @, you can test this with guix show).
Thanks, and sorry. I'll update my local tooling to try and start
checking for this.
I think this must have been `guix import go`? It might have a bug that
adds an extra `@`, because I don't recall adding the description for
this package.
--
Katherine
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Wed, 08 Mar 2023 12:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 1 year and 48 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.