GNU bug report logs - #37838
[PATCH 0/2] Rewrite (guix cve) to read NIST's JSON feed

Previous Next

Package: guix-patches;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Sun, 20 Oct 2019 20:36:01 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #22 received at 37838-done <at> debbugs.gnu.org (full text, mbox):

From: Marius Bakke <mbakke <at> fastmail.com>
To: Ludovic Courtès <ludo <at> gnu.org>, 37838-done <at> debbugs.gnu.org
Subject: Re: bug#37838: [PATCH 0/2] Rewrite (guix cve) to read NIST's JSON feed
Date: Wed, 23 Oct 2019 19:35:55 +0200

[Message part 1 (text/plain, inline)]
Ludovic Courtès <ludo <at> gnu.org> writes:

> Hello,
>
> Ludovic Courtès <ludo <at> gnu.org> skribis:
>
>>   cve: Rewrite to read the JSON feed instead of the XML feed.
>>   lint: Re-enable CVE checker.
>
> Pushed as 9efa2c28a4f842b7ca1977e084299de441842856.
>
> Please let me know if you notice anything fishy with ‘guix lint -c cve’:
> CVEs not showing up, CVEs showing up that should not, etc.

Here is what I get (on ee42e9f9f):

$ ./pre-inst-env guix lint -c cve ao
fetching CVE database for 2019...]...
Backtrace:
          11 (apply-smob/1 #<catch-closure 7f08d6d9d900>)
In ice-9/boot-9.scm:
    705:2 10 (call-with-prompt _ _ #<procedure default-prompt-handler (k proc)>)
In ice-9/eval.scm:
    619:8  9 (_ #(#(#<directory (guile-user) 7f08d6a23140>)))
In guix/ui.scm:
  1730:12  8 (run-guix-command _ . _)
In srfi/srfi-1.scm:
    640:9  7 (for-each #<procedure 7f08d689f3c0 at guix/scripts/lint.scm:168:16 (spec)> ("ao"))
In guix/scripts/lint.scm:
     57:4  6 (run-checkers _ _)
In srfi/srfi-1.scm:
    640:9  5 (for-each #<procedure 7f08c7706480 at guix/scripts/lint.scm:57:14 (checker)> (#<<lint-checker> name: c…>))
In guix/scripts/lint.scm:
    64:17  4 (_ _)
In guix/lint.scm:
    999:4  3 (check-vulnerabilities _)
    994:9  2 (_ _)
In unknown file:
           1 (force #<promise #<procedure 7f08d42e7928 at guix/lint.scm:982:16 ()>>)
In guix/lint.scm:
   983:24  0 (_)

guix/lint.scm:983:24: Throw to key `srfi-34' with args `(#<condition &message [message: "invalid CVE feed"] 7f08b5a39920>)'.

I tried downloading the .json.gz files manually and they seem fine.

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 5 years and 258 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.