New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
truffleHog: init at 2.0.91 #40391
truffleHog: init at 2.0.91 #40391
Conversation
# Relax overly restricted version constraint | ||
postPatch = '' | ||
sed -i "s/GitPython == 2.1.1/GitPython >= 2.1.1/" setup.py | ||
''; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CC @FRidh is there a better way to loosen overly conservative semver bounds? I did build all of these packages, and verified that truffleHog is working fine with the newer GitPython.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sadly, there isn't. But using
sed -i "s/GitPython ==/GitPython >=/" setup.py
could reduce the pain upon updating.
Also, consider using substituteInPlace
.
Success on x86_64-linux (full log) Attempted: truffleHog Partial log (click to expand)
|
Success on aarch64-linux (full log) Attempted: truffleHog Partial log (click to expand)
|
Would you mind moving |
# Relax overly restricted version constraint | ||
postPatch = '' | ||
sed -i "s/GitPython == 2.1.1/GitPython >= 2.1.1/" setup.py | ||
''; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sadly, there isn't. But using
sed -i "s/GitPython ==/GitPython >=/" setup.py
could reduce the pain upon updating.
Also, consider using substituteInPlace
.
buildInputs = [ ]; | ||
propagatedBuildInputs = [ GitPython truffleHogRegexes ]; | ||
|
||
doCheck = false; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add a comment why tests are disabled.
sed -i "s/GitPython == 2.1.1/GitPython >= 2.1.1/" setup.py | ||
''; | ||
|
||
buildInputs = [ ]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
drop this line
pkgs/top-level/all-packages.nix
Outdated
@@ -21110,6 +21110,8 @@ with pkgs; | |||
|
|||
tup = callPackage ../development/tools/build-managers/tup { }; | |||
|
|||
truffleHog = python3.pkgs.callPackage ../tools/security/truffleHog { }; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please pass python3
or python3Packages
as an argument instead. This will allow overriding of specific dependencies' versions if necessary.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Like this?
truffleHog = pythonPackages.callPackage ../tools/security/truffleHog { };
pkgs/top-level/python-packages.nix
Outdated
}; | ||
|
||
buildInputs = with self; [ mock nose ]; | ||
propagatedBuildInputs = with self; [ gitdb ]; | ||
buildInputs = with self; [ mock nose ddt ]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
checkInputs
pkgs/top-level/python-packages.nix
Outdated
sha256 = "1hvn28p3zvxa98sbi9lrqvv2ps4q284j4jq9a619zw0m7yv0sly7"; | ||
}; | ||
|
||
buildInputs = with self; [ nosexcover ]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
checkInputs
pkgs/top-level/python-packages.nix
Outdated
@@ -2843,20 +2843,39 @@ in { | |||
homepage = https://github.com/gitpython-developers/gitdb; | |||
license = licenses.bsd3; | |||
}; | |||
}; | |||
|
|||
gitdb2 = buildPythonPackage rec { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We are moving Python expressions out of pkgs/top-level/python-packages.nix
into pkgs/development/python-modules/<module>/default.nix
.
Please move the expression there, and call it from pkgs/top-level/python-packages.nix
using callPackage ../development/python-modules/<package> { };
.
pkgs/top-level/python-packages.nix
Outdated
maintainers = with maintainers; [ ]; | ||
homepage = https://github.com/gitpython-developers/gitdb; | ||
license = licenses.bsd3; | ||
}; | ||
}; | ||
|
||
GitPython = buildPythonPackage rec { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you also move this while you're at it.
pkgs/top-level/python-packages.nix
Outdated
@@ -14291,6 +14310,24 @@ in { | |||
}; | |||
}; | |||
|
|||
smmap2 = buildPythonPackage rec { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We are moving Python expressions out of pkgs/top-level/python-packages.nix
into pkgs/development/python-modules/<module>/default.nix
.
Please move the expression there, and call it from pkgs/top-level/python-packages.nix
using callPackage ../development/python-modules/<package> { };
.
59ef98f
to
1db90ab
Compare
Thx guys; the newer python module structure looks a lot cleaner and nicer! I've refactored this into four commits: the first one moves
|
604839e
to
fd614c9
Compare
Success on x86_64-linux (full log) Attempted: truffleHog Partial log (click to expand)
|
Success on aarch64-linux (full log) Attempted: truffleHog Partial log (click to expand)
|
}; | ||
} | ||
|
||
# smmap2 = buildPythonPackage rec { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
old, needs to be removed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah thanks, forgot to remove that; I had initially thought about putting them both in one file, since they come from the same git repo and share the same meta info, but decided against it to keep the consistent directory name -> python import name.
Removed.
pkgs/top-level/all-packages.nix
Outdated
@@ -21110,6 +21110,8 @@ with pkgs; | |||
|
|||
tup = callPackage ../development/tools/build-managers/tup { }; | |||
|
|||
truffleHog = pythonPackages.callPackage ../tools/security/truffleHog { }; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you keep the attribute entirely lowercase, and the same for the folder of the package.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, this should simply be callPackage
, and the trufflehog
expressions then has a parameter python
instead of the individual Python packages and functions that are needed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lowercased and swapped to callPackage
; thanks! Should I reword the commit message to trufflehog: init at 2.0.91
, or leave it consistent with the pypi name?
This commit adds smmap2, which is a separate pypi package from the existing smmap 0.9.0, though they both come from the same repo. It also moves smmap into the new python modules location.
Also move gitdb and gitdb2 to the new python module structure.
Also moves GitPython into the newer python module folder structure.
fd614c9
to
3a91dc1
Compare
This commit adds the python3 application truffleHog, which is a stand-alone tool that scans a git repo for unencrypted passwords. This depends on a newer GitPython, which depends on a new major version of gitdb, which depends on a new major version of smmap, so I've packaged those as well in the preceding commits.
3a91dc1
to
3fc1694
Compare
This commit adds the python3 application truffleHog, which is a stand-alone tool
that scans a git repo for unencrypted passwords.
This depends on a newer GitPython, which depends on a new major version of
gitdb, which depends on a new major version of smmap2, so I've packaged those
as well.
Things done
build-use-sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)