diff --git a/lib/maintainers.nix b/lib/maintainers.nix index 8253caa808c..4f9754445fa 100644 --- a/lib/maintainers.nix +++ b/lib/maintainers.nix @@ -398,6 +398,7 @@ pjones = "Peter Jones "; pkmx = "Chih-Mao Chen "; plcplc = "Philip Lykke Carlsen "; + plumps = "Maksim Bronsky -Date: Tue, 15 Sep 2015 17:20:18 -0400 -Subject: [PATCH 1/2] Ensure that we don't overlook errors in first - PyObject_RichCompareBool call. - -Python 3.5 turns such cases into SystemErrors. - -See: https://bugs.python.org/issue23571 - -Fixes #15. ---- - BTrees/_compat.h | 22 +++++++++++++++++++--- - 1 file changed, 19 insertions(+), 3 deletions(-) - -diff --git a/BTrees/_compat.h b/BTrees/_compat.h -index e004d54..19dd377 100644 ---- a/BTrees/_compat.h -+++ b/BTrees/_compat.h -@@ -27,9 +27,25 @@ - #define TEXT_FROM_STRING PyUnicode_FromString - #define TEXT_FORMAT PyUnicode_Format - --#define COMPARE(lhs, rhs) \ -- PyObject_RichCompareBool((lhs), (rhs), Py_LT) > 0 ? -1 : \ -- (PyObject_RichCompareBool((lhs), (rhs), Py_EQ) > 0 ? 0 : 1) -+/* Emulate Python2's __cmp__, wrapping PyObject_RichCompareBool(), -+ * Return -2/-3 for errors, -1 for lhsrhs. -+ */ -+static inline -+int __compare(PyObject *lhs, PyObject *rhs) { -+ int less, equal; -+ -+ less = PyObject_RichCompareBool(lhs, rhs, Py_LT); -+ if ( less == -1 ) { -+ return -2; -+ } -+ equal = PyObject_RichCompareBool(lhs, rhs, Py_EQ); -+ if ( equal == -1 ) { -+ return -3; -+ } -+ return less ? -1 : (equal ? 0 : 1); -+} -+ -+#define COMPARE(lhs, rhs) __compare((lhs), (rhs)) - - - #else - -From ff4c3309fe471f2b9bdd642b8f7d1c2fe0f5e458 Mon Sep 17 00:00:00 2001 -From: Tres Seaver -Date: Sun, 20 Sep 2015 11:07:10 -0400 -Subject: [PATCH 2/2] Avoid unnecessary comparison for 'Py_EQ' if 'Py_LT' - returned True. - ---- - BTrees/_compat.h | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/BTrees/_compat.h b/BTrees/_compat.h -index 19dd377..ece2bf9 100644 ---- a/BTrees/_compat.h -+++ b/BTrees/_compat.h -@@ -38,11 +38,14 @@ int __compare(PyObject *lhs, PyObject *rhs) { - if ( less == -1 ) { - return -2; - } -+ if (less) { -+ return -1; -+ } - equal = PyObject_RichCompareBool(lhs, rhs, Py_EQ); - if ( equal == -1 ) { - return -3; - } -- return less ? -1 : (equal ? 0 : 1); -+ return equal ? 0 : 1; - } - - #define COMPARE(lhs, rhs) __compare((lhs), (rhs)) diff --git a/pkgs/development/python-modules/btrees/default.nix b/pkgs/development/python-modules/btrees/default.nix new file mode 100644 index 00000000000..44e96b5ff30 --- /dev/null +++ b/pkgs/development/python-modules/btrees/default.nix @@ -0,0 +1,20 @@ +{ stdenv, buildPythonPackage, persistent, zope_interface, transaction }: + +buildPythonPackage rec { + pname = "BTrees"; + version = "4.3.1"; + name = "${pname}-${version}"; + + propagatedBuildInputs = [ persistent zope_interface transaction ]; + + src = fetchPypi { + inherit pname version; + sha256 = "15as34f9sa4nnd62nnjkik2jd4rg1byp0i4kwaqwdpv0ab9vfr95"; + }; + + meta = with stdenv.lib; { + description = "Scalable persistent components"; + homepage = http://packages.python.org/BTrees; + license = licenses.zpt21; + }; +} diff --git a/pkgs/tools/security/vulnix/default.nix b/pkgs/tools/security/vulnix/default.nix new file mode 100644 index 00000000000..55defd68090 --- /dev/null +++ b/pkgs/tools/security/vulnix/default.nix @@ -0,0 +1,42 @@ +{ stdenv, pythonPackages, fetchurl, callPackage, nix, }: + +let + external = callPackage ./requirements.nix { + inherit pythonPackages; + }; +in pythonPackages.buildPythonApplication rec{ + name = "${pname}-${version}"; + pname = "vulnix"; + version = "1.2.2"; + + src = pythonPackages.fetchPypi { + inherit pname version; + sha256 = "1ia9plziwach0bxnlcd33q30kcsf8sv0nf2jc78gsmrqnxjabr12"; + }; + + buildInputs = with pythonPackages; [ flake8 pytest pytestcov ]; + + postPatch = '' + sed -i -e 's/==\([^=]\+\)/>=\1/g' setup.py + ''; + + propagatedBuildInputs = [ + nix + ] ++ (with pythonPackages; [ + click + colorama + lxml + pyyaml + requests2 + external.zodb + ]); + + checkPhase = "py.test"; + + meta = with stdenv.lib; { + description = "NixOS vulnerability scanner"; + homepage = https://github.com/flyingcircusio/vulnix; + license = licenses.bsd2; + maintainers = with maintainers; [ plumps ]; + }; +} diff --git a/pkgs/tools/security/vulnix/requirements.nix b/pkgs/tools/security/vulnix/requirements.nix new file mode 100644 index 00000000000..952dc1ce652 --- /dev/null +++ b/pkgs/tools/security/vulnix/requirements.nix @@ -0,0 +1,131 @@ +{ pythonPackages, fetchurl, stdenv }: + +rec { + BTrees = pythonPackages.buildPythonPackage { + name = "BTrees-4.3.1"; + src = fetchurl { + url = "https://pypi.python.org/packages/24/76/cd6f225f2180c22af5cdb6656f51aec5fca45e45bdc4fa75c0a32f161a61/BTrees-4.3.1.tar.gz"; + sha256 = "2565b7d35260dfc6b1e2934470fd0a2f9326c58c535a2b4cb396289d1c195a95"; + }; + propagatedBuildInputs = [ + persistent + transaction + zope_interface + ] ++ (with pythonPackages; [ coverage ]); + + meta = with stdenv.lib; { + homepage = ""; + license = licenses.zpt21; + description = "Scalable persistent object containers"; + }; + }; + + ZConfig = pythonPackages.buildPythonPackage { + name = "ZConfig-3.1.0"; + src = fetchurl { + url = "https://pypi.python.org/packages/52/b3/a96d62711a26d8cfbe546519975dc9ed54d2eb50b3238d2e6de045764796/ZConfig-3.1.0.tar.gz"; + sha256 = "c21fa3a073a56925a8098036d46717392994a92cffea1b3cda3176b70c0a842e"; + }; + meta = with stdenv.lib; { + homepage = ""; + license = licenses.zpt21; + description = "Structured Configuration Library"; + }; + }; + + zodb = pythonPackages.buildPythonPackage { + name = "ZODB-5.2.0"; + src = fetchurl { + url = "https://pypi.python.org/packages/1e/47/2f17075ca94a4a537ebd8e195c458456ef49aa67355ec805e478b8ad1959/ZODB-5.2.0.tar.gz"; + sha256 = "11l495lyym2fpvalj18yvcqwnsp8gyp18sgv5v575k4s2035lz0x"; + }; + doCheck = false; + propagatedBuildInputs = [ + BTrees + persistent + transaction + ZConfig + zc.lockfile + zodbpickle + ] ++ (with pythonPackages; [ six wheel zope_interface ]); + meta = with stdenv.lib; { + homepage = ""; + license = licenses.zpt21; + description = "Zope Object Database: object database and persistence"; + }; + }; + + persistent = pythonPackages.buildPythonPackage { + name = "persistent-4.2.2"; + src = fetchurl { + url = "https://pypi.python.org/packages/3d/71/3302512282b606ec4d054e09be24c065915518903b29380b6573bff79c24/persistent-4.2.2.tar.gz"; + sha256 = "52ececc6dbba5ef572d3435189318b4dff07675bafa9620e32f785e147c6563c"; + }; + propagatedBuildInputs = [ + zope_interface + ] ++ (with pythonPackages; [ six wheel ]); + meta = with stdenv.lib; { + homepage = ""; + license = licenses.zpt21; + description = "Translucent persistent objects"; + }; + }; + + transaction = pythonPackages.buildPythonPackage { + name = "transaction-2.0.3"; + src = fetchurl { + url = "https://pypi.python.org/packages/8c/af/3ffafe85bcc93ecb09459f3f2bd8fbe142e9ab34048f9e2774543b470cbd/transaction-2.0.3.tar.gz"; + sha256 = "67bfb81309ba9717edbb2ca2e5717c325b78beec0bf19f44e5b4b9410f82df7f"; + }; + propagatedBuildInputs = [ + zope_interface + ] ++ (with pythonPackages; [ six wheel ]); + meta = with stdenv.lib; { + homepage = ""; + license = licenses.zpt21; + description = "Transaction management for Python"; + }; + }; + + zc.lockfile = pythonPackages.buildPythonPackage { + name = "zc.lockfile-1.2.1"; + src = fetchurl { + url = "https://pypi.python.org/packages/bd/84/0299bbabbc9d3f84f718ba1039cc068030d3ad723c08f82a64337edf901e/zc.lockfile-1.2.1.tar.gz"; + sha256 = "11db91ada7f22fe8aae268d4bfdeae012c4fe655f66bbb315b00822ec00d043e"; + }; + meta = with stdenv.lib; { + homepage = ""; + license = licenses.zpt21; + description = "Basic inter-process locks"; + }; + }; + + zodbpickle = pythonPackages.buildPythonPackage { + name = "zodbpickle-0.6.0"; + src = fetchurl { + url = "https://pypi.python.org/packages/7a/fc/f6f437a5222b330735eaf8f1e67a6845bd1b600e9a9455e552d3c13c4902/zodbpickle-0.6.0.tar.gz"; + sha256 = "ea3248be966159e7791e3db0e35ea992b9235d52e7d39835438686741d196665"; + }; + doCheck = false; + + meta = with stdenv.lib; { + homepage = ""; + license = licenses.zpt21; + description = "Fork of Python 3 pickle module."; + }; + }; + + zope_interface = pythonPackages.buildPythonPackage { + name = "zope.interface-4.3.3"; + src = fetchurl { + url = "https://pypi.python.org/packages/44/af/cea1e18bc0d3be0e0824762d3236f0e61088eeed75287e7b854d65ec9916/zope.interface-4.3.3.tar.gz"; + sha256 = "8780ef68ca8c3fe1abb30c058a59015129d6e04a6b02c2e56b9c7de6078dfa88"; + }; + propagatedBuildInputs = [ ]; + meta = with stdenv.lib; { + homepage = ""; + license = licenses.zpt21; + description = "Interfaces for Python"; + }; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index e07efc74838..e3a1d42be71 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6963,6 +6963,10 @@ with pkgs; vultr = callPackage ../development/tools/vultr { }; + vulnix = callPackage ../tools/security/vulnix { + pythonPackages = python3Packages; + }; + xc3sprog = callPackage ../development/tools/misc/xc3sprog { }; xcbuild = callPackage ../development/tools/xcbuild/wrapper.nix { diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 2283847ddef..39c361a16bb 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -27550,25 +27550,7 @@ EOF }; }; - - BTrees = self.buildPythonPackage rec { - name = "BTrees-4.1.4"; - - propagatedBuildInputs = with self; [ persistent zope_interface transaction ]; - - src = pkgs.fetchurl { - url = "mirror://pypi/B/BTrees/${name}.tar.gz"; - sha256 = "1avvhkd7rvp3rzhw20v6ank8a8m9a1lmh99c4gjjsa1ry0zsri3y"; - }; - - patches = [ ../development/python-modules/btrees-py35.patch ]; - - meta = { - description = "Scalable persistent components"; - homepage = http://packages.python.org/BTrees; - }; - }; - + BTrees = callPackage ../development/python-modules/btrees {}; persistent = self.buildPythonPackage rec { name = "persistent-4.0.8";