aboutsummaryrefslogtreecommitdiff
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015, 2016, 2019 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (test-cve)
  #:use-module (guix cve)
  #:use-module (srfi srfi-1)
  #:use-module (srfi srfi-19)
  #:use-module (srfi srfi-64))

(define %sample
  (search-path %load-path "tests/cve-sample.json"))

(define (vulnerability id packages)
  (make-struct/no-tail (@@ (guix cve) <vulnerability>) id packages))

(define %expected-vulnerabilities
  ;; What we should get when reading %SAMPLE.
  (list
   (vulnerability "CVE-2019-0001"
                  ;; Only the "a" CPE configurations are kept; the "o"
                  ;; configurations are discarded.
                  '(("junos" (or "18.21-s4" (or "18.21-s3" "18.2")))))
   (vulnerability "CVE-2019-0005"
                  '(("junos" (or "18.11" "18.1"))))
   ;; CVE-2019-0005 has no "a" configurations.
   (vulnerability "CVE-2019-14811"
                  '(("ghostscript" (< "9.28"))))
   (vulnerability "CVE-2019-17365"
                  '(("nix" (<= "2.3"))))
   (vulnerability "CVE-2019-1010180"
                  '(("gdb" _)))                   ;any version
   (vulnerability "CVE-2019-1010204"
                  '(("binutils" (and (>= "2.21") (<= "2.31.1")))
                    ("binutils_gold" (and (>= "1.11") (<= "1.16")))))
   ;; CVE-2019-18192 has no associated configurations.
   ))


(test-begin "cve")

(test-equal "json->cve-items"
  '("CVE-2019-0001"
    "CVE-2019-0005"
    "CVE-2019-14811"
    "CVE-2019-17365"
    "CVE-2019-1010180"
    "CVE-2019-1010204"
    "CVE-2019-18192")
  (map (compose cve-id cve-item-cve)
       (call-with-input-file %sample json->cve-items)))

(test-equal "cve-item-published-date"
  '(2019)
  (delete-duplicates
   (map (compose date-year cve-item-published-date)
        (call-with-input-file %sample json->cve-items))))

(test-equal "json->vulnerabilities"
  %expected-vulnerabilities
  (call-with-input-file %sample json->vulnerabilities))

(test-equal "vulnerabilities->lookup-proc"
  (list (list (third %expected-vulnerabilities))  ;ghostscript
        (list (third %expected-vulnerabilities))
        '()

        (list (fifth %expected-vulnerabilities))  ;gdb
        (list (fifth %expected-vulnerabilities))

        (list (fourth %expected-vulnerabilities)) ;nix
        '()

        (list (sixth %expected-vulnerabilities))  ;binutils
        '()
        (list (sixth %expected-vulnerabilities))
        '())
  (let* ((vulns  (call-with-input-file %sample json->vulnerabilities))
         (lookup (vulnerabilities->lookup-proc vulns)))
    (list (lookup "ghostscript")
          (lookup "ghostscript" "9.27")
          (lookup "ghostscript" "9.28")
          (lookup "gdb")
          (lookup "gdb" "42.0")
          (lookup "nix")
          (lookup "nix" "2.4")
          (lookup "binutils" "2.31.1")
          (lookup "binutils" "2.10")
          (lookup "binutils_gold" "1.11")
          (lookup "binutils" "2.32"))))

(test-end "cve")
generated by cgit
an specify modules to import....* gnu/system/mapped-devices.scm (<mapped-device-type>)[modules]: New field. (device-mapping-service-type): Honor it. * gnu/system/linux-initrd.scm (raw-initrd): Likewise. Change-Id: Icc702cb6f281741975e33203f87fbc1ffa9856da Ludovic Courtès 2024-03-31linux-initrd: don't add hid-apple module for riscv64-linux....* gnu/system/linux-initrd.scm(default-initrd-modules): when target-riscv64, don't add hid-apple module. Change-Id: I633468421db0cb1ebd61e0603021fa1c79038473 Signed-off-by: Ludovic Courtès <ludo@gnu.org> Zheng Junjie 2024-03-09linux-initrd: Avoid looking up builtin modules....* gnu/system/linux-initrd.scm (flat-linux-module-directory) [build-exp]<builtin-modules,modules-to-lookup>: New variables. <modules>: Use ‘modules-to-lookup’ to avoid looking up builtin modules. Change-Id: I60fdae0211bb6632508b1c63582e013e78186cd1 Hilton Chain 2022-11-18linux-initrd: raw-initrd: Add keyword argument #:pre-mount....* gnu/system/linux-initrd.scm (raw-initrd): Add keyword argument #:pre-mount. Document it. * doc/guix.texi (initial RAM disk): Likewise. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Hilton Chain 2022-03-01initrd: Use non-hyphenated kernel command-line parameter names....This is to make it less surprising, given the common convention sets forth by the kernel Linux command-line parameters. * gnu/build/linux-boot.scm (boot-system): Rename '--load', '--repl', '--root' and '--system' to 'gnu.load', 'gnu.repl', 'root' and 'gnu.system', respectively. Adjust doc. (find-long-option): Adjust doc. * gnu/installer/parted.scm (installer-root-partition-path): Adjust accordingly. * gnu/system.scm (bootable-kernel-arguments): Add a VERSION argument and update doc. Use VERSION to conditionally return old style vs new style initrd arguments. (%boot-parameters-version): Increment to 1. (operating-system-boot-parameters): Adjust doc. (operating-system-boot-parameters-file): Likewise. * gnu/system/linux-initrd.scm (raw-initrd, base-initrd): Likewise. * doc/guix.texi: Adjust doc. * gnu/build/activation.scm (boot-time-system): Adjust accordingly. * gnu/build/hurd-boot.scm (boot-hurd-system): Likewise. * gnu/packages/commencement.scm (%final-inputs-riscv64): Adjust comment. Maxim Cournoyer 2022-02-09Revert kernel modules changes to support the Coreboot framebuffer...These changes broke the creation of the 'linux-modules-database' for all kernel series besides 5.15, 5.4, and 5.10, like this: ------ gnu/build/linux-modules.scm:257:5: kernel module not found "framebuffer_coreboot" "/gnu/store/yff45fr6q93mw44zdql9ffr95zcvwxcn-linux-libre-4.9.299/lib/modules" ------ We should support the coreboot framebuffer, but we need to test that change more completely before deploying it. This effectively reverts the following commits: 1dfe8c372163d481ebebb97dd3b4cafa49906b28 "gnu: linux-libre: Build simplefb into all x86{,_64} kernels." bc09e7ab569d5306ce99c5525150695c9d539ef0 "gnu: linux-libre: Support the Coreboot framebuffer." Fixes <https://issues.guix.gnu.org/52667> "System reconfiguration fails to build linux-modules.drv". Leo Famulari 2021-12-25gnu: linux-libre: Build simplefb into all x86{,_64} kernels....This attempts to mitigate <https://issues.guix.gnu.org/52667>. It makes linux-libre@5.15 consistent with older versions which do not support a modular simplefb, allowing a single %base-initrd-modules simple list for all of them. Unlike CONFIG_FB_SIMPLE=m, CONFIG_FB_SIMPLE=y conflicts with CONFIG_DRM_SIMPLEDRM, so the latter is now disabled. Let us hope it is not missed. * gnu/packages/aux-files/linux-libre/5.15-i686.conf, gnu/packages/aux-files/linux-libre/5.15-x86_64.conf: Unset CONFIG_DRM_SIMPLEDRM to build in CONFIG_FB_SIMPLE=y. * gnu/system/linux-initrd.scm (default-initrd-modules): Remove "simplefb". Tobias Geerinckx-Rice 2021-12-16gnu: linux-libre: Support the Coreboot framebuffer....Without this, the kernel cannot write to the display until the full-featured driver module (often i915) is loaded from the root file system. If the root file system is encrypted, the initrd's passphrase prompt won't make it to the screen, and the fully responsive system will appear frozen whilst waiting for user input. * gnu/packages/aux-files/linux-libre/4.4-i686.conf, gnu/packages/aux-files/linux-libre/4.4-x86_64.conf, gnu/packages/aux-files/linux-libre/4.14-i686.conf, gnu/packages/aux-files/linux-libre/4.14-x86_64.conf, gnu/packages/aux-files/linux-libre/4.19-i686.conf, gnu/packages/aux-files/linux-libre/4.19-x86_64.conf, gnu/packages/aux-files/linux-libre/5.4-i686.conf, gnu/packages/aux-files/linux-libre/5.4-x86_64.conf, gnu/packages/aux-files/linux-libre/5.10-i686.conf, gnu/packages/aux-files/linux-libre/5.10-x86_64.conf, gnu/packages/aux-files/linux-libre/5.15-i686.conf, gnu/packages/aux-files/linux-libre/5.15-x86_64.conf: Mark simple framebuffers as generic system ones and enable ‘Google’ firmware drivers to enable Coreboot table support and its dependent framebuffer driver module. * gnu/system/linux-initrd.scm (default-initrd-modules): Add the framebuffer_coreboot and simplefb modules on x86 systems. Tobias Geerinckx-Rice via Guix-patches via 2021-10-13linux-initrd: Support checking NTFS volumes on boot....* gnu/system/linux-initrd.scm (file-system-packages): Add ntfsfix/static when needed. Tobias Geerinckx-Rice 2021-09-23linux-initrd: Support XFS....* gnu/system/linux-initrd.scm (file-system-packages): Add xfs_repair/static when needed. (file-system-type-modules): Add ‘xfs’ module when needed. Tobias Geerinckx-Rice 2021-09-23linux-initrd: Include only the single ‘bcachefs’ binary....* gnu/system/linux-initrd.scm (file-system-packages): Substitute bcachefs/static for bcachefs-tools/static. Tobias Geerinckx-Rice 2021-09-23gnu: Don't abuse check-btrfs-file-system to scan....It was never guaranteed to be run for non-root file systems. It was for root file systems only due to a bug now fixed. * gnu/build/file-systems.scm (check-btrfs-file-system): Don't invoke ‘btrfs device scan’ here. * gnu/system/linux-initrd.scm (raw-initrd): Do so here if any btrfs file systems are present. Tobias Geerinckx-Rice 2021-07-08gnu: %guile-3.0-static-stripped: Rename to %guile-static-stripped....* gnu/packages/make-bootstrap.scm (%guile-3.0-static-stripped): Rename to %guile-static-stripped. (%guile-bootstrap-tarball): Adjust accordingly. * gnu/system/linux-initrd.scm (expression->initrd): Use %guile-static-stripped as default guile. * doc/guix.texi (initial RAM disk)[expression->initrd]: Adjust documentation accordingly. Efraim Flashner 2020-12-15store-copy: 'populate-store' can optionally deduplicate files....Until now deduplication was performed as an additional pass after copying files, which involve re-traversing all the files that had just been copied. * guix/store/deduplication.scm (copy-file/deduplicate): New procedure. * tests/store-deduplication.scm ("copy-file/deduplicate"): New test. * guix/build/store-copy.scm (populate-store): Add #:deduplicate? parameter and honor it. * tests/gexp.scm ("gexp->derivation, store copy"): Pass #:deduplicate? #f to 'populate-store'. * gnu/build/image.scm (initialize-root-partition): Pass #:deduplicate? to 'populate-store'. Pass #:deduplicate? #f to 'register-closure'. * gnu/build/vm.scm (root-partition-initializer): Likewise. * gnu/build/install.scm (populate-single-profile-directory): Pass #:deduplicate? #f to 'populate-store'. * gnu/build/linux-initrd.scm (build-initrd): Likewise. * guix/scripts/pack.scm (self-contained-tarball)[import-module?]: New procedure. [build]: Pass it as an argument to 'source-module-closure'. * guix/scripts/pack.scm (squashfs-image)[build]: Wrap in 'with-extensions'. * gnu/system/linux-initrd.scm (expression->initrd)[import-module?]: New procedure. [builder]: Pass it to 'source-module-closure'. * gnu/system/install.scm (cow-store-service-type)[import-module?]: New procedure. Pass it to 'source-module-closure'. Ludovic Courtès 2020-12-06linux-initrd: Add bcachefs support....* gnu/system/linux-initrd.scm (file-system-packages): Add bcachefs-tools/static. (file-system-type-modules): Add an entry for the "bcachefs" type and module. Tobias Geerinckx-Rice 2020-11-26mapped-devices: Add 'lvm-device-mapping'....* gnu/system/mapped-devices.scm (lvm-device-mapping, open-lvm-device, close-lvm-device): New variables. * gnu/tests/install.scm (%lvm-separate-home-os, %lvm-separate-home-os-source, %lvm-separate-home-installation-script, %test-lvm-separate-home-os): New variables. * gnu/system/linux-initrd.scm (raw-initrd): Add (srfi srfi-1) to initrd expression. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Mikhail Tsykalov 2020-11-26mapped-devices: Allow target to be list of strings....* gnu/system/mapped-devices.scm (<mapped-device>): Rename constructor to %mapped-device. [target]: Remove field. [targets]: New field. Adjust users. (mapped-device-compatibility-helper, mapped-device): New macros. (mapped-device-target): New deprecated procedure. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Mikhail Tsykalov 2020-08-25linux-libre: Support module compression....This commit adds support for GZIP compression for linux-libre kernel modules. The initrd modules are kept uncompressed as the initrd is already compressed as a whole. The linux-libre kernel also supports XZ compression, but as Guix does not have any available bindings for now, and the compression time is far more significant, GZIP seems to be a better option. * gnu/build/linux-modules.scm (modinfo-section-contents): Use 'call-with-gzip-input-port' to read from a module file using '.gz' extension, (strip-extension): new procedure, (dot-ko): adapt to support compression, (ensure-dot-ko): ditto, (file-name->module-name): ditto, (find-module-file): ditto, (load-linux-module*): ditto, (module-name->file-name/guess): ditto, (module-name-lookup): ditto, (write-module-name-database): ditto, (write-module-alias-database): ditto, (write-module-device-database): ditto. * gnu/installer.scm (installer-program): Add "guile-zlib" to the extensions. * gnu/machine/ssh.scm (machine-check-initrd-modules): Ditto. * gnu/services.scm (activation-script): Ditto. * gnu/services/base.scm (default-serial-port): Ditto, (agetty-shepherd-service): ditto, (udev-service-type): ditto. * gnu/system/image.scm (gcrypt-sqlite3&co): Ditto. * gnu/system/linux-initrd.scm (flat-linux-module-directory): Add "guile-zlib" to the extensions and make sure that the initrd only contains uncompressed module files. * gnu/system/shadow.scm (account-shepherd-service): Add "guile-zlib" to the extensions. * guix/profiles.scm (linux-module-database): Ditto. Mathieu Othacehe 2020-05-16linux-initrd: Silence Guile warnings....Previously, since the switch to Guile 3, we'd see this warning repeated several times at boot time: WARNING: …: imported module (guix build utils) overrides core binding `delete' * gnu/system/linux-initrd.scm (raw-initrd): In gexp, #:hide 'delete' from (guix build utils). Wrap 'boot-system' in 'parameterize'. Ludovic Courtès 2020-05-05Merge branch 'master' into core-updatesMarius Bakke 2020-05-03linux-initrd: Provide fsck for F2FS....* gnu/system/linux-initrd.scm (file-system-packages): Add F2FS fsck. Danny Milosavljevic 2020-05-02Merge branch 'master' into core-updatesMarius Bakke 2020-05-02linux-initrd: Add initial support for F2FS....* gnu/system/linux-initrd.scm (file-system-type-modules): Add f2fs module. Signed-off-by: Danny Milosavljevic <dannym@scratchpost.org> raingloom 2020-05-01gnu: linux-initrd: Use Guile 3.0....* gnu/system/linux-initrd.scm (expression->initrd): Change from %GUILE-STATIC-STRIPPED to %GUILE-3.0-STATIC-STRIPPED. Marius Bakke 2020-01-03linux-initrd: Add support for JFS....* gnu/system/linux-initrd.scm (file-system-packages): Add jfs_fsck/static. (file-system-type-modules): Add ‘jfs’ module. Tobias Geerinckx-Rice