ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-10-06 12:39:54 +03:00
Code Issues Projects Releases Wiki Activity

Merge pull request #299429 from henrirosten/sbomnix-to-1.6.1

Browse Source
This commit is contained in:
Sandro 2024-04-09 14:34:04 +02:00 committed by GitHub
commit cd2c9968cf
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 248 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
pkgs/development/python-modules/dfdiskcache/default.nix Normal file
View File

@ -0,0 +1,45 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, pandas
, setuptools
, simplesqlite
, typing-extensions
, pytestCheckHook
}:
buildPythonPackage rec {
pname = "df-diskcache";
version = "0.0.2";
pyproject = true;
src = fetchFromGitHub {
owner = "thombashi";
repo = "df-diskcache";
rev = "v${version}";
hash = "sha256-s+sqEPXw6tbEz9mnG+qeUSF6BmDssYhaDYOmraFaRbw=";
};
nativeBuildInputs = [ setuptools ];
propagatedBuildInputs = [
pandas
simplesqlite
typing-extensions
];
preCheck = ''
# Needed for Permission denied: '/homeless-shelter'
export HOME=$(mktemp -d)
'';
nativeCheckInputs = [ pytestCheckHook ];
pythonImportsCheck = [ "dfdiskcache" ];
meta = with lib; {
description = "Python library for caching pandas.DataFrame objects to local disk";
homepage = "https://github.com/thombashi/df-diskcache";
license = licenses.mit;
maintainers = with maintainers; [ henrirosten ];
};
}

46
pkgs/development/python-modules/simplesqlite/default.nix Normal file
View File

@ -0,0 +1,46 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, dataproperty
, mbstrdecoder
, pathvalidate
, sqliteschema
, setuptools
, tabledata
, typepy
, pytestCheckHook
}:
buildPythonPackage rec {
pname = "SimpleSQLite";
version = "1.5.2";
pyproject = true;
src = fetchFromGitHub {
owner = "thombashi";
repo = "SimpleSQLite";
rev = "v${version}";
hash = "sha256-Yr17T0/EwVaOjG+mzdxopivj0fuvQdZdX1bFj8vq0MM=";
};
nativeBuildInputs = [ setuptools ];
propagatedBuildInputs = [
dataproperty
mbstrdecoder
pathvalidate
sqliteschema
tabledata
typepy
];
nativeCheckInputs = [ pytestCheckHook ];
pythonImportsCheck = [ "simplesqlite" ];
meta = with lib; {
description = "Python library to simplify SQLite database operations";
homepage = "https://github.com/thombashi/simplesqlite";
license = licenses.mit;
maintainers = with maintainers; [ henrirosten ];
};
}

55
pkgs/development/python-modules/sqliteschema/default.nix Normal file
View File

@ -0,0 +1,55 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, mbstrdecoder
, setuptools
, simplesqlite
, sqliteschema
, tabledata
, typepy
, pytestCheckHook
}:
buildPythonPackage rec {
pname = "sqliteschema";
version = "1.4.0";
pyproject = true;
src = fetchFromGitHub {
owner = "thombashi";
repo = "sqliteschema";
rev = "v${version}";
hash = "sha256-IzHdYBnh6udVsanWTPSsX4p4PG934YCdzs9Ow/NW86E=";
};
nativeBuildInputs = [ setuptools ];
propagatedBuildInputs = [
mbstrdecoder
tabledata
typepy
];
nativeCheckInputs = [
pytestCheckHook
simplesqlite
sqliteschema
];
pythonImportsCheck = [ "sqliteschema" ];
# Enabling tests would trigger infinite recursion due to circular
# dependency between this package and simplesqlite.
# Therefore, we enable tests only when building passthru.tests.
doCheck = false;
passthru.tests.pytest = sqliteschema.overridePythonAttrs (_: {
doCheck = true;
});
meta = with lib; {
description = "Python library to dump table schema of a SQLite database file";
homepage = "https://github.com/thombashi/sqliteschema";
license = licenses.mit;
maintainers = with maintainers; [ henrirosten ];
};
}

49
pkgs/tools/package-management/nix-visualize/default.nix Normal file
View File

@ -0,0 +1,49 @@
{ lib
, fetchFromGitHub
, nix
, python
, matplotlib
, networkx
, pandas
, pygraphviz
, setuptools
}:
python.pkgs.buildPythonApplication rec {
version = "1.0.5-unstable-2024-01-17";
pname = "nix-visualize";
pyproject = true;
src = fetchFromGitHub {
owner = "craigmbooth";
repo = "nix-visualize";
rev = "5b9beae330ac940df56433d347494505e2038904";
hash = "sha256-VgEsR/Odddc7v6oq2tNcVwCYm08PhiqhZJueuEYCR0o=";
};
postInstall = ''
wrapProgram $out/bin/nix-visualize \
--prefix PATH : ${lib.makeBinPath [nix]}
'';
nativeBuildInputs = [ setuptools ];
propagatedBuildInputs = [
matplotlib
networkx
pandas
pygraphviz
];
pythonImportsCheck = [ "nix_visualize" ];
# No tests
doCheck = false;
meta = with lib; {
description = "Generate dependency graphs of a given nix package";
mainProgram = "nix-visualize";
homepage = "https://github.com/craigmbooth/nix-visualize";
license = with licenses; [ asl20 ];
maintainers = with maintainers; [ henrirosten ];
};
}

58
pkgs/tools/security/sbomnix/default.nix
View File

@ -1,53 +1,85 @@
{ lib
, fetchFromGitHub
, coreutils
, curl
, gnugrep
, gnused
, gzip
, grype
, nix
, nix-visualize
, python
# python libs
, vulnix
, # python libs
beautifulsoup4
, colorlog
, dfdiskcache
, graphviz
, numpy
, packageurl-python
, packaging
, pandas
, pyrate-limiter
, requests
, requests-cache
, requests-ratelimiter
, reuse
, setuptools
, tabulate
,
}:
python.pkgs.buildPythonApplication rec {
pname = "sbomnix";
version = "1.4.5";
version = "1.6.1";
pyproject = true;
src = fetchFromGitHub {
owner = "tiiuae";
repo = pname;
repo = "sbomnix";
rev = "refs/tags/v${version}";
hash = "sha256-RxDFxVGivVBw2uhtzf231Q2HHTBFKSqGrknr2Es/ygM=";
hash = "sha256-kPjCK9NEs3D0qFsSSVX6MYGKbwqeij0svTfzz5JC4qM=";
# Remove documentation as it contains references to nix store
postFetch = ''
rm -fr "$out"/doc
find "$out" -name '*.md' ! -name "README.md" -exec rm -f '{}' \;
'';
};
makeWrapperArgs = [
"--prefix PATH : ${lib.makeBinPath [ coreutils curl gnugrep gnused gzip graphviz nix ]}"
];
postInstall = ''
wrapProgram $out/bin/sbomnix \
--prefix PATH : ${lib.makeBinPath [nix graphviz]}
wrapProgram $out/bin/nixgraph \
--prefix PATH : ${lib.makeBinPath [nix graphviz]}
wrapProgram $out/bin/vulnxscan \
--prefix PATH : ${lib.makeBinPath [grype nix vulnix]}
wrapProgram $out/bin/nix_outdated \
--prefix PATH : ${lib.makeBinPath [nix-visualize]}
wrapProgram $out/bin/provenance \
--prefix PATH : ${lib.makeBinPath [nix]}
'';
nativeBuildInputs = [ setuptools ];
propagatedBuildInputs = [
beautifulsoup4
colorlog
dfdiskcache
graphviz
numpy
packageurl-python
packaging
pandas
pyrate-limiter
requests
requests-cache
requests-ratelimiter
reuse
tabulate
];
pythonImportsCheck = [ "sbomnix" ];
# Tests require network access
doCheck = false;
meta = with lib; {
description = "Generate SBOMs for nix targets";
description = "Utilities to help with software supply chain challenges on nix targets";
homepage = "https://github.com/tiiuae/sbomnix";
license = with licenses; [ asl20 bsd3 cc-by-30 ];
maintainers = with maintainers; [ henrirosten jk ];

2
pkgs/top-level/all-packages.nix
View File

@ -40047,6 +40047,8 @@ with pkgs;
nix-simple-deploy = callPackage ../tools/package-management/nix-simple-deploy { };
nix-visualize = python3.pkgs.callPackage ../tools/package-management/nix-visualize { };
alejandra = callPackage ../tools/nix/alejandra { };
nixci = callPackage ../tools/nix/nixci {

6
pkgs/top-level/python-packages.nix
View File

@ -2939,6 +2939,8 @@ self: super: with self; {
devtools = callPackage ../development/python-modules/devtools { };
dfdiskcache = callPackage ../development/python-modules/dfdiskcache { };
diagrams = callPackage ../development/python-modules/diagrams { };
diceware = callPackage ../development/python-modules/diceware { };
@ -13762,6 +13764,8 @@ self: super: with self; {
simplesat = callPackage ../development/python-modules/simplesat { };
simplesqlite = callPackage ../development/python-modules/simplesqlite { };
simple-dftd3 = callPackage ../development/libraries/science/chemistry/simple-dftd3/python.nix {
inherit (pkgs) simple-dftd3;
};
@ -14276,6 +14280,8 @@ self: super: with self; {
sqlite-utils = callPackage ../development/python-modules/sqlite-utils { };
sqliteschema = callPackage ../development/python-modules/sqliteschema { };
sqlmap = callPackage ../development/python-modules/sqlmap { };
sqlmodel = callPackage ../development/python-modules/sqlmodel { };