Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nist-feed: init at unstable-2024-01-20 #284782

Closed
wants to merge 3 commits into from
Closed

nist-feed: init at unstable-2024-01-20 #284782

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f5d65aa
nist-feed: init at unstable-2024-01-20
octodi Jan 29, 2024
c292f08
nixos/nist-feed: init module
octodi Jan 29, 2024
9f70705
Merge branch 'NixOS:master' into nist-feed
octodi Jan 29, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions nixos/modules/module-list.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -222,6 +222,7 @@
./programs/neovim.nix
./programs/nethoscope.nix
./programs/nexttrace.nix
./programs/nist-feed.nix
./programs/nix-index.nix
./programs/nix-ld.nix
./programs/nm-applet.nix
Expand Down
47 changes: 47 additions & 0 deletions nixos/modules/programs/nist-feed.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
{ config, lib, pkgs, ... }:

with lib;

let
cfg = config.programs.nist-feed;
in
{
options = {
programs.nist-feed = {
enable = mkEnableOption (mdDoc "NIST Feed notifies you about the newest published CVEs.");
package = mkPackageOption pkgs "nist-feed" { };
arguments = mkOption {
type = types.str;
default = "-l -s CRITICAL";
description = mdDoc ''lib.
Arguments to provide to NIST-Feed.
'';
};
};
};

config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
systemd.user.services.nist-feed = {
wantedBy = [ "default.target" ];
description = "NIST-Feed service";
path = [ pkgs.curl pkgs.busybox ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${cfg.package}/bin/nist-feed ${cfg.arguments}";
};
};

systemd.user.timers.nist-feed = {
wantedBy = [ "default.target" ];
description = "NIST-Feed timer";
timerConfig = {
Unit = "nist-feed.service";
OnCalendar = "*:0/2";
Persistent = "true";
};
};
};

meta.maintainers = with maintainers; [octodi];
}
56 changes: 56 additions & 0 deletions pkgs/by-name/ni/nist-feed/cron.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
--- a/nist-feed 2024-01-28 19:03:44.721621784 +0530
+++ b/nist-feed2024-01-29 18:58:25.981732803 +0530
@@ -1,7 +1,5 @@
#!/bin/sh

-pkill -f "/usr/bin/gjs /usr/share/gnome-shell/org.gnome.Shell.Notifications"
-
############################################################
# Colors #
############################################################
@@ -67,7 +65,7 @@
echo "-i Filter by integrity metric (NONE='I:N', LOW='I:L' or HIGH='I:H')."
echo "-l Retrieve the latest CVE according to the filters."
echo "-m Filter by the specified CVSSv3 metric codes. It is used mainly for managing all filters selected by the user when the notification popup must be created."
- echo "-n Enable desktop notification for the latest CVE according the applied filters by crontab."
+ echo "-n Notification option has been removed for nix, to enable notifications use programs.nist-feed.enable = true; "
echo "-P Filter by privileges required metric (NONE='PR:N', LOW='PR:L' or HIGH='PR:H')."
echo "-r Specify the maximum number of results that are returned based on the request parameters. The default value is 20. For network considerations, maximum allowable limit is 2,000."
echo "-S Filter by scope metric (UNCHANGED='S:U' or CHANGED='S:C')."
@@ -237,7 +235,6 @@

if [ "$end" ]; then
echo "Disabling NIST NVD feed popup notification..."
- crontab -l | sed '/nist-feed/d' | crontab
rm -rf $last_cve_file
rm -rf $cve_json_file
exit 0
@@ -336,27 +333,13 @@
fi
fi

-if [[ "$id" != "$LAST_CVE" ]] || [ $(crontab -l | wc -c) -eq 0 ];then #if the previous CVE is different from the current one, OR the crontab is empty, popup notification
+if [[ "$id" != "$LAST_CVE" ]];then #if the previous CVE is different from the current one, OR the crontab is empty, popup notification
if [[ ! "$notify" ]]; then #LAST_CVE must be set only if the user does not set the notification parameters, otherwise when crontab will call the 1st time nist-feed, $id is already = to $LAST_CVE
echo "$id" > $last_cve_file
#Generate the popup notification
killall dunst;notify-send -u normal "$id" "$description\n\n<b>$nvdURL</b>"
fi

- if [[ "$notify" -eq 1 ]] && [ ! "$severity" ] && [ ! "$metric" ]; then
- crontab -l | sed '/nist-feed/d' | crontab
- (crontab -l 2>/dev/null; echo "*/30 * * * * ( killall dunst ; XDG_RUNTIME_DIR=/run/user/$(id -u) /usr/local/bin/nist-feed -l)") | crontab -
- elif [[ "$notify" -eq 1 ]] && [ "$severity" ] && [ ! "$metric" ]; then
- crontab -l | sed '/nist-feed/d' | crontab
- (crontab -l 2>/dev/null; echo "*/30 * * * * ( killall dunst ; XDG_RUNTIME_DIR=/run/user/$(id -u) /usr/local/bin/nist-feed -l -s $severity)") | crontab -
- elif [[ "$notify" -eq 1 ]] && [ ! "$severity" ] && [ "$metric" ]; then
- crontab -l | sed '/nist-feed/d' | crontab
- (crontab -l 2>/dev/null; echo "*/30 * * * * ( killall dunst ; XDG_RUNTIME_DIR=/run/user/$(id -u) /usr/local/bin/nist-feed -l -m $metric)") | crontab -
- elif [[ "$notify" -eq 1 ]] && [ "$severity" ] && [ "$metric" ]; then
- crontab -l | sed '/nist-feed/d' | crontab
- (crontab -l 2>/dev/null; echo "*/30 * * * * ( killall dunst ; XDG_RUNTIME_DIR=/run/user/$(id -u) /usr/local/bin/nist-feed -l -s $severity -m $metric)") | crontab -
- fi
-
fi

rm -rf $cve_json_file
50 changes: 50 additions & 0 deletions pkgs/by-name/ni/nist-feed/package.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
{ stdenv
, lib
, fetchFromGitHub
, makeWrapper
, bash
, jq
, killall
, libnotify
, cron
}:

stdenv.mkDerivation rec {
pname = "nist-feed";
version = "unstable-2024-01-20";

src = fetchFromGitHub {
owner = "D3vil0p3r";
repo = "NIST-Feed";
rev = "775bd871490b680784a1855cdc1d4958a83a7866";
hash = "sha256-OcVf766q7vELYkGOEzQMLS6zH8Nn96ibGP+6kizHN28=";
};

patches = [
./cron.patch
];

buildInputs = [ bash ];
nativeBuildInputs = [ makeWrapper ];

postPatch = ''
substituteInPlace nist-feed \
--replace "/usr/local/bin/nist-feed" $out/bin/nist-feed
'';

installPhase = ''
runHook preInstall
install -Dm755 nist-feed -D $out/bin/nist-feed
wrapProgram "$out/bin/nist-feed" \
--prefix PATH : "$out/bin:${lib.makeBinPath [ jq killall libnotify ]}"
runHook postInstall
'';

meta = with lib; {
description = "NIST NVD feed and popup notifications";
homepage = "https://github.com/D3vil0p3r/NIST-Feed/";
license = licenses.gpl3Plus;
maintainers = with maintainers; [ octodi ];
mainProgram = "nist-feed";
};
}
Loading