;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015, 2016, 2019 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . (define-module (test-cve) #:use-module (guix cve) #:use-module (srfi srfi-1) #:use-module (srfi srfi-19) #:use-module (srfi srfi-64)) (define %sample (search-path %load-path "tests/cve-sample.json")) (define (vulnerability id packages) (make-struct/no-tail (@@ (guix cve) ) id packages)) (define %expected-vulnerabilities ;; What we should get when reading %SAMPLE. (list (vulnerability "CVE-2019-0001" ;; Only the "a" CPE configurations are kept; the "o" ;; configurations are discarded. '(("junos" (or "18.21-s4" (or "18.21-s3" "18.2"))))) (vulnerability "CVE-2019-0005" '(("junos" (or "18.11" "18.1")))) ;; CVE-2019-0005 has no "a" configurations. (vulnerability "CVE-2019-14811" '(("ghostscript" (< "9.28")))) (vulnerability "CVE-2019-17365" '(("nix" (<= "2.3")))) (vulnerability "CVE-2019-1010180" '(("gdb" _))) ;any version (vulnerability "CVE-2019-1010204" '(("binutils" (and (>= "2.21") (<= "2.31.1"))) ("binutils_gold" (and (>= "1.11") (<= "1.16"))))) ;; CVE-2019-18192 has no associated configurations. )) (test-begin "cve") (test-equal "json->cve-items" '("CVE-2019-0001" "CVE-2019-0005" "CVE-2019-14811" "CVE-2019-17365" "CVE-2019-1010180" "CVE-2019-1010204" "CVE-2019-18192") (map (compose cve-id cve-item-cve) (call-with-input-file %sample json->cve-items))) (test-equal "cve-item-published-date" '(2019) (delete-duplicates (map (compose date-year cve-item-published-date) (call-with-input-file %sample json->cve-items)))) (test-equal "json->vulnerabilities" %expected-vulnerabilities (call-with-input-file %sample json->vulnerabilities)) (test-equal "vulnerabilities->lookup-proc" (list (list (third %expected-vulnerabilities)) ;ghostscript (list (third %expected-vulnerabilities)) '() (list (fifth %expected-vulnerabilities)) ;gdb (list (fifth %expected-vulnerabilities)) (list (fourth %expected-vulnerabilities)) ;nix '() (list (sixth %expected-vulnerabilities)) ;binutils '() (list (sixth %expected-vulnerabilities)) '()) (let* ((vulns (call-with-input-file %sample json->vulnerabilities)) (lookup (vulnerabilities->lookup-proc vulns))) (list (lookup "ghostscript") (lookup "ghostscript" "9.27") (lookup "ghostscript" "9.28") (lookup "gdb") (lookup "gdb" "42.0") (lookup "nix") (lookup "nix" "2.4") (lookup "binutils" "2.31.1") (lookup "binutils" "2.10") (lookup "binutils_gold" "1.11") (lookup "binutils" "2.32")))) (test-end "cve") IDs") can be obtained ;; by running 'blkid' in a terminal. ... This is strange because call-with-output-file uses the O_TRUNC flag which resets the file size to zero. Remove the configuration file before writing it as a work-around. * gnu/installer/tests.scm (edit-configuration-file): Remove the configuration file before re-writing it. Mathieu Othacehe 2021-12-28installer: Recommend 'ntp-service-type' for non-graphical systems....We had several bug reports with a root cause of "the clock was incorrect" from users who used the installer to install a non-graphical Guix System. * gnu/installer/services.scm (%system-services): Add the ntp-service-type. * gnu/installer/newt/services.scm (run-system-administration-cbt-page): New variable. (run-services-page): Use run-system-administration-cbt-page when not installing a desktop. * gnu/installer/tests.scm (choose-services): Add and use a choose-misc-service? procedure. * gnu/tests/install.scm (installation-target-os-for-gui-tests)<services>: Add ntp-service-type. Leo Famulari 2021-12-28installer: Offer the CUPS printing service on a dedicated page....Currently, the installer page RUN-OTHER-SERVICES-CBT-PAGE offers to the user all installer services that are not of the types 'desktop', 'network-management', or 'networking'. Concretely, this means that it offers the CUPS printing service, because that is the only service of a different type defined in the installer. In later commits, we will add some services of a new type, and we only want them to be offered when the user is installing a non-graphical system. At least one of these new services (NTP) is part of %DESKTOP-SERVICES. If it was also offered on RUN-OTHER-SERVICES-CBT-PAGE, and the user had configured a system using %DESKTOP-SERVICES, the user could accidentally add NTP to their services twice, which is an error and would break installation. So, this commit makes the RUN-OTHER-SERVICES-CBT-PAGE be more specific about what services to offer. This makes it easier to discriminate between desktop and non-desktop installations, in terms of when a given service is offered. * gnu/installer/newt/services.scm (RUN-OTHER-SERVICES-CBT-PAGE): Rename to ... (RUN-PRINTING-SERVICES-CBT-PAGE): ... new variable, and select only 'document' services. (RUN-SERVICES-PAGE): Adjust accordingly. * gnu/installer/tests.scm (CHOOSE-SERVICES): Adjust accordingly. Leo Famulari