On Tue, 2021-03-16 at 22:12 +0100, Tobias Geerinckx-Rice wrote: > Léo! Tobias! :-) > Léo Le Bouter via Guix-patches via 写道： > > guix/cve.scm:328:18: warning: possibly unbound variable > > `cve-item-base- > > severity' > > One dark and stormy night I turned away an old woman at my doors, > and ever since I have been cursed to include at least one stupid > typo in each patch I send. True story. > > Thanks for testing. Fixed but it should not affect running guix > lint. I tried fixing it as well, $ git diff diff --git a/guix/cve.scm b/guix/cve.scm index 3809e4493f..d52ea05117 100644 --- a/guix/cve.scm +++ b/guix/cve.scm @@ -325,7 +325,7 @@ versions." return #f if ITEM does not list any configuration or if it does not list any \"a\" (application) configuration." (let ((id (cve-id (cve-item-cve item))) - (severity (cve-item-base-severity item))) + (severity (cve-item-cvssv3-base-severity item))) (match (cve-item-configurations item) (() ;no configurations #f) Look right? > Hmm. I bet ‘rm -rf ~/.cache/guix/http’ will make this go > conveniently away, just like lady stormypants. I tried that (without the fix above) and: $ ./pre-inst-env guix lint -c cve patch fetching CVE database for 2021... Backtrace: In ice-9/boot-9.scm: 1736:10 18 (with-exception-handler _ _ #:unwind? _ # _) In unknown file: 17 (apply-smob/0 #) In ice-9/boot-9.scm: 718:2 16 (call-with-prompt _ _ #) In ice-9/eval.scm: 619:8 15 (_ #(#(#))) In guix/ui.scm: 2164:12 14 (run-guix-command _ . _) In ice-9/boot-9.scm: 1736:10 13 (with-exception-handler _ _ #:unwind? _ # _) 1731:15 12 (with-exception-handler # …) In srfi/srfi-1.scm: 634:9 11 (for-each # …) In guix/scripts/lint.scm: 65:4 10 (run-checkers _ _ #:store _) In srfi/srfi-1.scm: 634:9 9 (for-each # …) In guix/scripts/lint.scm: 74:21 8 (_ _) In guix/lint.scm: 1205:4 7 (check-vulnerabilities _ _) 1151:9 6 (_ _) In unknown file: 5 (force #) In guix/lint.scm: 1134:2 4 (_) 1093:2 3 (call-with-networking-fail-safe _ _ _) In ice-9/boot-9.scm: 1736:10 2 (with-exception-handler _ _ #:unwind? _ # _) 1669:16 1 (raise-exception _ #:continuable? _) 1667:16 0 (raise-exception _ #:continuable? _) ice-9/boot-9.scm:1667:16: In procedure raise-exception: error: cve-item-base-severity: unbound variable Then *with* the fix: $ ./pre-inst-env guix lint -c cve patch fetching CVE database for 2021... Backtrace: In ice-9/boot-9.scm: 1736:10 18 (with-exception-handler _ _ #:unwind? _ # _) In unknown file: 17 (apply-smob/0 #) In ice-9/boot-9.scm: 718:2 16 (call-with-prompt _ _ #) In ice-9/eval.scm: 619:8 15 (_ #(#(#))) In guix/ui.scm: 2164:12 14 (run-guix-command _ . _) In ice-9/boot-9.scm: 1736:10 13 (with-exception-handler _ _ #:unwind? _ # _) 1731:15 12 (with-exception-handler # …) In srfi/srfi-1.scm: 634:9 11 (for-each # …) In guix/scripts/lint.scm: 65:4 10 (run-checkers _ _ #:store _) In srfi/srfi-1.scm: 634:9 9 (for-each # …) In guix/scripts/lint.scm: 74:21 8 (_ _) In guix/lint.scm: 1205:4 7 (check-vulnerabilities _ _) 1151:9 6 (_ _) In unknown file: 5 (force #) In guix/lint.scm: 1134:2 4 (_) 1093:2 3 (call-with-networking-fail-safe _ _ _) In ice-9/boot-9.scm: 1736:10 2 (with-exception-handler _ _ #:unwind? _ # _) 1669:16 1 (raise-exception _ #:continuable? _) 1667:16 0 (raise-exception _ #:continuable? _) ice-9/boot-9.scm:1667:16: In procedure raise-exception: Throw to key `match-error' with args `("match" "no matching pattern" (vulnerabilities 2 ((v "CVE-2021-0212" "MEDIUM" (("contrail_networking" (< "1911.31")))) (v "CVE-2021-0220" "MEDIUM" (("junos_space" (or "19.1" (or "18.4" (or "18.3" (or "18.2" (or "18.1r1" (or "18.1" (or "17.21.4" (or "17.2" (or "17.1" (or "16.1" (or "15.2" (or "15.14" (or "15.12" (or "15.1" (or "14.1" (or "13.33" (or "13.11.8" (or "13.1" (or "12.3" (or "12.2" (or "12.1" (or "11.4" (or "11.3" (or "11.2" (or "11.1" (or "2.0" (or "1.4" (or "1.3" (or "1.2" (or "1.1" "1.0"))))))))))))))))))))))))))))))))) (v "CVE-2021-1051" "HIGH" (("gpu_driver" (or (and (>= "460") (< "461.09")) (or (and (>= "450") (< "452.77")) (or (and (>= "418") (< "427.11")) (and (>= "390") (< "392.63")))))))) (v "CVE-2021-1052" "HIGH" (("gpu_driver" (or (or (and (>= "460") (< "460.32.03")) (or (and (>= "450") (< "450.102.04")) (and (>= "390") (< "390.141")))) (or (and (>= "460") (< "461.09")) (or (and (>= "450") (< "452.77")) (or (and (>= "418") (< "427.11")) (and (>= "390") (< "392.63"))))))))) (v "CVE-2021-1053" "MEDIUM" (("gpu_driver" (or (or (and (>= "460") (< "460.32.03")) (or (and (>= "450") (< "450.102.04")) (and (>= "390") (< "390.141")))) (or (and (>= "460") (< "461.09")) (or (and (>= "450") (< "452.77")) (or (and (>= "418") (< "427.11")) (and (>= "390") (< "392.63"))))))))) (v "CVE-2021-1054" "MEDIUM" (("gpu_driver" (or (and (>= "460") (< "461.09")) (or (and (>= "450") (< "452.77")) (or (and (>= "418") (< "427.11")) (and (>= "390") (< "392.63")))))))) (v "CVE-2021-1055" "MEDIUM" (("gpu_driver" (or (and (>= "460") (< "461.09")) (or (and (>= "450") (< "452.77")) (or (and (>= " [...] I ran "$ rm -rf ~/.cache/guix/http" between each and every of these attempts. The cache is clear, I also did make clean and recompiled (so no left around .go file). > > > (v "CVE-2021-0212" (("contrail_networking" ... > > This is a stale cache file lacking the newly added ‘severity’ > field: > > (v "CVE-2021-0212" "MEDIUM" (("contrail_networking" ... > > I bumped the format version to 2 in (guix cve) to signal this > incompatible change, but it appears this field may exist merely as > a friendly reminder to actually add version handling some day...? > > I guess today is that day. > > Bah, Don't know! I think there's some other issue here, or maybe you modified the patch a little more on your side. PS: I looked at the image you initially posted and the output looks really nice and helpful!! > > T G-R Thank you :-D Léo