Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • 02:01

    terriko on black_bracket

    README: Update version to be 3.… Fix failing long tests (#378) Update documentation in prepara… and 3 more (compare)

  • Feb 22 01:20

    terriko on test_checker

    WIP: Adding a checker vs filena… (compare)

  • Feb 21 23:32

    terriko on master

    Test on windows in github actio… Remove separate run of helper f… test: Rename test_definitions t… and 3 more (compare)

  • Feb 21 23:31

    terriko on update_minversion

    Update version to be 3.6+ (compare)

  • Feb 21 23:29

    terriko on update_minversion

    Remove separate run of helper f… test: Rename test_definitions t… Use pytest parametrize (#366) … and 2 more (compare)

  • Feb 21 00:13

    terriko on windows_removetest

    Test on windows in github actio… Remove separate run of helper f… (compare)

  • Feb 20 22:47

    terriko on windows_ci

    turn off continue-on-error for … (compare)

  • Feb 20 01:49

    terriko on windows_ci

    continue-on-error (compare)

  • Feb 20 01:46

    terriko on windows_ci

    expand tests on windows (compare)

  • Feb 20 01:37

    terriko on windows_ci

    fail-fast: false (compare)

  • Feb 20 01:27

    terriko on windows_ci

    Enable only a few tests on wind… (compare)

  • Feb 20 01:14

    terriko on master

    Make quiet mode actually quiet (compare)

  • Feb 20 01:14

    terriko on master

    Add Berkeleydb checker Fixes: … Test for version unknown warnin… Added unittest for package: sql… and 4 more (compare)

  • Feb 20 01:13

    terriko on windows_ci

    Test on windows (compare)

  • Feb 20 00:57

    pdxjohnny on fix_quiet

    Add python 3.8.2 rpm test Improve help text * Grouped a … Merge branch 'master' into fix_… (compare)

  • Feb 20 00:35

    terriko on fix_quiet

    Make quiet mode actually quiet (compare)

  • Feb 20 00:28

    terriko on argparse_groups

    remove unecessary default (compare)

  • Feb 20 00:18

    terriko on argparse_groups

    Improve help text (compare)

  • Feb 19 22:47

    terriko on test_python

    Enable test_sample_csv (fixes #… Add python 3.8.2 rpm test (compare)

  • Feb 19 18:57

    terriko on test_csv2cve

    Add Berkeleydb checker Fixes: … Test for version unknown warnin… Added unittest for package: sql… and 2 more (compare)

PRAJWAL M
@PrajwalM2212
@utkrisht-sikka cve-bin-tool has nothing to do with the Microsoft Visual C++.
You could probably try pasting the entire error / paste a link to the error, so that we can help.
Terri Oda
@terriko
@utkrisht-sikka Are you trying to install it on windows? It does need make to run the tests (it's building .c files to then scan them) and it needs a compiler for the strings alternative (which is also written in c for performance reasons). It doesn't need to be Visual C++ specifically but I think that's the usual top alternative on windows.
Terri Oda
@terriko
I know that the proper windows port is a little broken right now in CI, so it might just be broken unless you have make and some sort of C compiler installed. You should be ok to install and run it on windows in cygwin (that's how I did the initial windows support so I know it works), and it might work on Ubuntu for Windows using the Linux subsystem for Windows, but I haven't actually tried that out.
So yeah, it's erroring on the cve_bin_tool.pstring extension. That does indeed require a compiler.
utkrisht-sikka
@utkrisht-sikka
I have mingw c++ compiler installed.Could you guide me through steps on how to install using it?
Terri Oda
@terriko
Not really? I honestly don't know how to install it on windows right now. I've started debugging the CI but it's basically just broken right now.
and I don't have a windows development machine, so it's kind of a stab in the dark at the moment.
utkrisht-sikka
@utkrisht-sikka
is it surely working on ubuntu?
PRAJWAL M
@PrajwalM2212
Yes
utkrisht-sikka
@utkrisht-sikka
ok thanks ,then i will try dual booting my laptop or try to work on lab pcs on my college
Terri Oda
@terriko
On ubuntu proper, yes. that's what we're using for tests. And I do have it working on cygwin if you want something that's less work than seting up a full distro
It basically just needs make and a compiler, though. If the mingw c++ compiler will work on the c code, you should be able to modify it so that it works, but you'll have to install from source rather than using pip.
So probably you can do git clone git@github.com:intel/cve-bin-tool.git and then cd cve-bin-tool and python -m cve_bin_tool.cli and it will run.
utkrisht-sikka
@utkrisht-sikka
I have mingw gcc too.By the way by modify you mean modify c source code or mingw compiler?
Terri Oda
@terriko
and if that runs, then you can go and manually compile the strings library using whatever command line you usually use...
utkrisht-sikka
@utkrisht-sikka
one more thing to ask...what to do for getting git command working in cmd?
PRAJWAL M
@PrajwalM2212
Install git
utkrisht-sikka
@utkrisht-sikka
ok thanks
Terri Oda
@terriko
install git for windows. I think there's a checkbox to make it work in cmd specifically, or you can use their git bash which is actualyl pretty nice
PRAJWAL M
@PrajwalM2212
Terri Oda
@terriko
And as for modifications, it's not going to be either the source code or the compiler. I'm looking at setup.py and it doesn't actually specify a compiler, which makes me think it might be something in your path setting that needs to change.
PRAJWAL M
@PrajwalM2212
@terriko I found https://docs.python.org/3.3/extending/windows.html . Not sure if this helpful for the conversation here. But it is about Visual C++
Terri Oda
@terriko
@PrajwalM2212 yeah. I works if you have visual studio installed, because you can see it working in CI right now: https://github.com/intel/cve-bin-tool/runs/461430938
I'm guessing we need ... maybe just documentation on how to make it work if you have another compiler installed?
The error's being triggered from the c extension part of setup.py here: https://github.com/intel/cve-bin-tool/blob/master/setup.py#L61 (or maybe the line above)
that definitely doesn't specify a compiler, so we're not tied to visual studio there, but I don't know how it chooses the compiler. And the doc you linked helpfully says "Windows Python is built in Microsoft Visual C++; using other compilers may or may not work (though Borland seems to)."
so.. I'm not sure they know either?
I mean, they know, but they haven't really worked on supporting other options.
might have to do some digging. And again, I'm kind of useless at debugging this because I have only a very locked-down IT windows machine available to me here, which is locked to a weird version of visual studio because I need a specific security extension when teaching.
utkrisht-sikka
@utkrisht-sikka
let me try with cygwin and then execute commands requiring git.Then I will report back to you tomorrow
Terri Oda
@terriko
@utkrisht-sikka I should be able to help debug on cygwin, at least! That, at least, works on my IT laptop.
PRAJWAL M
@PrajwalM2212
@terriko We can provide a docker image. It may not help windows developers but will help windows users till the problems are sorted out. https://www.docker.com/blog/preview-linux-containers-on-windows/
This is also experimental it seems
Terri Oda
@terriko
Honestly, no one reported when the windows port stopped working, which makes me think we don't really have any windows users other than the odd summer of code student. So I'm not super excited about spending a lot of effort on a container to support... no one?
Releasing a docker container as part of an Intel project requires a very long checklist of security and license compliance checks, so it would easily triple (or more!) the amount of backend work I have to do to release cve-bin-tool.
PRAJWAL M
@PrajwalM2212
Did not know one has to go through so many checks to release a OSS project at big companies.
Terri Oda
@terriko
I'm not sure if it's true at all big companies, but Intel takes security seriously, even for random tiny open source projects. :)
Terri Oda
@terriko
Most of my job involves helping our other (mostly bigger) open source projects understand the security risks, our rules, and improve their security for every release. Usually that's 80%+ of my time at work, but it's been quiet this quarter so I've been able to spend some extra time on getting cve-bin-tool ready for a 1.0 release.
Terri Oda
@terriko
For anyone who had failing long tests: I just merged @PrajwalM2212 's patch that should fix the kernel.org tests that were broken. If you go into github actions it should let you re-run your tests.
Sorry I had some other stuff take precedence over making it through all the PRs today. I've got meetings through the rest of today but now that the tests are behaving it should be faster to go through the PRs tomorrow.
PRAJWAL M
@PrajwalM2212
@terriko A number of students have been asking me a few questions lately. I don't think I can give them the right answers. Also I am definitely not the right person to be answering these questions. It would be nice if you could answer them. I did answer a few of them with stuff like ‘new orgs get 2 slots, older orgs get many slots’. ‘Selection depends of your proposal, contributions and number of mentors.’ Few common questions are
  1. How many slots will a org get ?
  2. Will I get selected ?
  3. Are contributions made in orgA applicable to orgB ?
Terri Oda
@terriko
@PrajwalM2212 Sorry you've been dealing with that; feel free to send them to me! Or actually, all of those are handled in the python FAQ: https://python-gsoc.org/students.html#faq
GSoC students are... rather notorious for asking questions in the wrong places. We had people send applications in through the mentor signup system before Google changed that to be invite-only!
Sometimes the kindest thing you can do it show them where they should have read the instructions and point them in the right direction.
Terri Oda
@terriko
You can also send them to @pdxjohnny if I'm not around (My next upcoming vacation is March 5-9, and sometimes he's just around while I'm in meetings or whatever.)
John Andersen
@pdxjohnny
:+1:
PRAJWAL M
@PrajwalM2212
👍