lint: cve: Catch host name lookup errors.

* guix/scripts/lint.scm (package-vulnerabilities): Catch
'getaddrinfo-error'.
This commit is contained in:
Ludovic Courtès 2016-01-06 15:53:20 +01:00
parent 7b78f359d1
commit f888c0b120

View file

@ -1,7 +1,7 @@
;;; GNU Guix --- Functional package management for GNU ;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2014 Cyril Roelandt <tipecaml@gmail.com> ;;; Copyright © 2014 Cyril Roelandt <tipecaml@gmail.com>
;;; Copyright © 2014, 2015 Eric Bavier <bavier@member.fsf.org> ;;; Copyright © 2014, 2015 Eric Bavier <bavier@member.fsf.org>
;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2015 Mathieu Lirzin <mthl@openmailbox.org> ;;; Copyright © 2015 Mathieu Lirzin <mthl@openmailbox.org>
;;; ;;;
;;; This file is part of GNU Guix. ;;; This file is part of GNU Guix.
@ -593,7 +593,16 @@ (define (package-name->cpe-name name)
(define package-vulnerabilities (define package-vulnerabilities
(let ((lookup (delay (vulnerabilities->lookup-proc (let ((lookup (delay (vulnerabilities->lookup-proc
(current-vulnerabilities))))) ;; Catch networking errors to allow network-less
;; operation.
(catch 'getaddrinfo-error
(lambda ()
(current-vulnerabilities))
(lambda (key errcode)
(warn (_ "failed to lookup NIST host: ~a~%")
(gai-strerror errcode))
(warn (_ "assuming no CVE vulnerabilities~%"))
'()))))))
(lambda (package) (lambda (package)
"Return a list of vulnerabilities affecting PACKAGE." "Return a list of vulnerabilities affecting PACKAGE."
((force lookup) ((force lookup)