From 99effc8faa43d478371eb06aee5df8ae1383c51a Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludo@gnu.org>
Date: Tue, 17 May 2016 18:04:13 +0200
Subject: lint: Honor 'cpe-name' and 'cpe-version' package properties.

* guix/scripts/lint.scm (package-name->cpe-name): Remove.
(package-vulnerabilities): Honor 'cpe-name' and 'cpe-version'
properties.
* gnu/packages/grub.scm (grub)[properties]: New field.
* gnu/packages/gnuzilla.scm (icecat)[properties]: Add 'cpe-name' and
'cpe-version'.
* doc/guix.texi (Invoking guix lint): Mention 'cpe-name'.
---
 guix/scripts/lint.scm | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

(limited to 'guix/scripts/lint.scm')

diff --git a/guix/scripts/lint.scm b/guix/scripts/lint.scm
index 06001d3eae..b4fdb6f905 100644
--- a/guix/scripts/lint.scm
+++ b/guix/scripts/lint.scm
@@ -600,15 +600,6 @@ be determined."
     ((? origin?)
      (and=> (origin-actual-file-name patch) basename))))
 
-(define (package-name->cpe-name name)
-  "Do a basic conversion of NAME, a Guix package name, to the corresponding
-Common Platform Enumeration (CPE) name."
-  (match name
-    ("icecat"   "firefox")                        ;or "firefox_esr"
-    ("grub"     "grub2")
-    ;; TODO: Add more.
-    (_          name)))
-
 (define (current-vulnerabilities*)
   "Like 'current-vulnerabilities', but return the empty list upon networking
 or HTTP errors.  This allows network-less operation and makes problems with
@@ -635,9 +626,15 @@ from ~s: ~a (~s)~%")
                         (current-vulnerabilities*)))))
     (lambda (package)
       "Return a list of vulnerabilities affecting PACKAGE."
-      ((force lookup)
-       (package-name->cpe-name (package-name package))
-       (package-version package)))))
+      ;; First we retrieve the Common Platform Enumeration (CPE) name and
+      ;; version for PACKAGE, then we can pass them to LOOKUP.
+      (let ((name    (or (assoc-ref (package-properties package)
+                                    'cpe-name)
+                         (package-name package)))
+            (version (or (assoc-ref (package-properties package)
+                                    'cpe-version)
+                         (package-version package))))
+        ((force lookup) name version)))))
 
 (define (check-vulnerabilities package)
   "Check for known vulnerabilities for PACKAGE."
-- 
cgit v1.2.3