GNU bug report logs -
#47193
Fancify guix lint -c cve output
Previous Next
Full log
View this message in rfc822 format
* guix/lint.scm (check-vulnerabilities): Sort unpatched vulnerabilities
by ID.
---
guix/lint.scm | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/guix/lint.scm b/guix/lint.scm
index 5144fa139d..ed57e19fe2 100644
--- a/guix/lint.scm
+++ b/guix/lint.scm
@@ -1164,6 +1164,23 @@ the NIST server non-fatal."
package-vulnerabilities))
"Check for known vulnerabilities for PACKAGE. Obtain the list of
vulnerability records for PACKAGE by calling PACKAGE-VULNERABILITIES."
+
+ (define (vulnerability< v1 v2)
+ (define (string-list< list1 list2)
+ (match list1
+ ((head1 tail1 ...)
+ (match list2
+ ((head2 tail2 ...)
+ (if (string=? head1 head2)
+ (string-list< tail1 tail2)
+ (string<? head1 head2)))
+ (_ #f)))
+ (_ #f)))
+
+ (let ((separators (char-set-complement char-set:letter+digit)))
+ (string-list< (string-split (vulnerability-id v1) separators)
+ (string-split (vulnerability-id v2) separators))))
+
(let ((package (or (package-replacement package) package)))
(match (package-vulnerabilities package)
(()
@@ -1184,7 +1201,8 @@ vulnerability records for PACKAGE by calling PACKAGE-VULNERABILITIES."
(make-warning
package
(G_ "probably vulnerable to ~a")
- (list (string-join (map vulnerability-id unpatched)
+ (list (string-join (map vulnerability-id
+ (sort unpatched vulnerability<))
", "))))))))))
(define (check-for-updates package)
--
2.30.1
This bug report was last modified 4 years and 76 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.