lint: cve: Set a connection timeout.
This (notably) works around the fact that nvd.nist.gov is currently inaccessible over IPv6. * guix/cve.scm (fetch-vulnerabilities): Add #:timeout and pass it to 'http-fetch/cached'. (current-vulnerabilities): Add #:timeout and pass it to 'fetch-vulnerabilities'. * guix/lint.scm (current-vulnerabilities*): Pass #:timeout to 'current-vulnerabilities'.master
Ludovic Courtès
parent
d11f7f62b6
commit
baa4a2ef81
12
guix/cve.scm
12
guix/cve.scm
|
|
@ -336,7 +336,7 @@ sexp to CACHE."
|
||||||
,(map vulnerability->sexp vulns))
|
,(map vulnerability->sexp vulns))
|
||||||
cache))))
|
cache))))
|
||||||
|
|
||||||
(define (fetch-vulnerabilities year ttl)
|
(define* (fetch-vulnerabilities year ttl #:key (timeout 10))
|
||||||
"Return the list of <vulnerability> for YEAR, assuming the on-disk cache has
|
"Return the list of <vulnerability> for YEAR, assuming the on-disk cache has
|
||||||
the given TTL (fetch from the NIST web site when TTL has expired)."
|
the given TTL (fetch from the NIST web site when TTL has expired)."
|
||||||
(define (cache-miss uri)
|
(define (cache-miss uri)
|
||||||
|
|
@ -361,16 +361,18 @@ the given TTL (fetch from the NIST web site when TTL has expired)."
|
||||||
(let* ((port (http-fetch/cached (yearly-feed-uri year)
|
(let* ((port (http-fetch/cached (yearly-feed-uri year)
|
||||||
#:ttl ttl
|
#:ttl ttl
|
||||||
#:write-cache write-cache
|
#:write-cache write-cache
|
||||||
#:cache-miss cache-miss))
|
#:cache-miss cache-miss
|
||||||
|
#:timeout timeout))
|
||||||
(sexp (read* port)))
|
(sexp (read* port)))
|
||||||
(close-port port)
|
(close-port port)
|
||||||
(match sexp
|
(match sexp
|
||||||
(('vulnerabilities 1 vulns)
|
(('vulnerabilities 1 vulns)
|
||||||
(map sexp->vulnerability vulns)))))
|
(map sexp->vulnerability vulns)))))
|
||||||
|
|
||||||
(define (current-vulnerabilities)
|
(define* (current-vulnerabilities #:key (timeout 10))
|
||||||
"Return the current list of Common Vulnerabilities and Exposures (CVE) as
|
"Return the current list of Common Vulnerabilities and Exposures (CVE) as
|
||||||
published by the US NIST."
|
published by the US NIST. TIMEOUT specifies the timeout in seconds for
|
||||||
|
connection establishment."
|
||||||
(let ((past-years (unfold (cut > <> 3)
|
(let ((past-years (unfold (cut > <> 3)
|
||||||
(lambda (n)
|
(lambda (n)
|
||||||
(- %current-year n))
|
(- %current-year n))
|
||||||
|
|
@ -381,7 +383,7 @@ published by the US NIST."
|
||||||
(* n %past-year-ttl))
|
(* n %past-year-ttl))
|
||||||
1+
|
1+
|
||||||
1)))
|
1)))
|
||||||
(append-map fetch-vulnerabilities
|
(append-map (cut fetch-vulnerabilities <> <> #:timeout timeout)
|
||||||
(cons %current-year past-years)
|
(cons %current-year past-years)
|
||||||
(cons %current-year-ttl past-ttls))))
|
(cons %current-year-ttl past-ttls))))
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1084,7 +1084,7 @@ or HTTP errors. This allows network-less operation and makes problems with
|
||||||
the NIST server non-fatal."
|
the NIST server non-fatal."
|
||||||
(with-networking-fail-safe (G_ "while retrieving CVE vulnerabilities")
|
(with-networking-fail-safe (G_ "while retrieving CVE vulnerabilities")
|
||||||
'()
|
'()
|
||||||
(current-vulnerabilities)))
|
(current-vulnerabilities #:timeout 4)))
|
||||||
|
|
||||||
(define package-vulnerabilities
|
(define package-vulnerabilities
|
||||||
(let ((lookup (delay (vulnerabilities->lookup-proc
|
(let ((lookup (delay (vulnerabilities->lookup-proc
|
||||||
|
|
|
||||||
Reference in New Issue