-
Notifications
You must be signed in to change notification settings - Fork 31
/
Copy pathsnapcraft.yaml
89 lines (87 loc) · 2.34 KB
/
snapcraft.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
name: cvescan
base: core18
adopt-info: cvescan-python
summary: Security/CVE vulnerability monitoring for Ubuntu
license: GPL-3.0
description: |
CVEScan analyzes an Ubuntu system to check whether all available security
patches have been installed. CVEScan produces a clear, concise report that
tells you which, if any, security patches an Ubuntu system may be missing.
Installation -> `sudo snap install cvescan`
Usage Information -> `cvescan -h`
grade: stable
confinement: strict
plugs:
apt-dpkg-db:
interface: system-files
read:
- /var/lib/snapd/hostfs/var/lib/dpkg
- /var/lib/snapd/hostfs/var/cache/apt
- /etc/apt
- /etc/dpkg
hostfs-var-lib-ubuntu-advantage-status-json:
interface: system-files
read:
- /var/lib/snapd/hostfs/var/lib/ubuntu-advantage/status.json
layout:
/usr/lib/x86_64-linux-gnu/openscap:
bind: $SNAP/usr/lib/x86_64-linux-gnu/openscap
/usr/share/dpkg:
bind: $SNAP/usr/share/dpkg
/usr/share/openscap:
bind: $SNAP/usr/share/openscap
/usr/bin/dpkg:
bind-file: $SNAP/usr/bin/dpkg
/etc/dpkg/dpkg.cfg:
bind-file: $SNAP/etc/dpkg/dpkg.cfg
apps:
cvescan:
command: bin/cvescan
environment:
APT_CONFIG: $SNAP/etc/apt.conf
PATH: >-
$PATH:$SNAP/usr/local/sbin:$SNAP/usr/local/bin:$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$SNAP/snap/bin
LC_ALL: C.UTF-8
LANG: C.UTF-8
plugs:
- home
- network
- apt-dpkg-db
- hostfs-var-lib-ubuntu-advantage-status-json
sh:
command: ./cvescan.sh
environment:
PATH: >-
$PATH:$SNAP/usr/local/sbin:$SNAP/usr/local/bin:$SNAP/usr/sbin:$SNAP/usr/bin:$SNAP/sbin:$SNAP/bin:$SNAP/snap/bin
APT_CONFIG: $SNAP/etc/apt.conf
plugs:
- home
- network
- apt-dpkg-db
parts:
cvescan-python:
plugin: python
stage-packages:
- python3-apt
build-packages:
- gcc
source: .
override-pull: |
snapcraftctl pull
snapcraftctl set-version `python3 cvescan/version.py`
override-prime: |
snapcraftctl prime
echo "Compiling pyc files..."
"$SNAPCRAFT_PART_INSTALL/usr/bin/python3" -m compileall -q .
cvescan-bash:
plugin: dump
source: snapcraft/
stage-packages:
- grep
- dpkg
- libopenscap8
- debianutils
- xsltproc
- coreutils
- curl
- bzip2