Scripts and whitelists for the weekly NixOS vulnerability roundups.
- Check out nixpkgs-channels.
- Make sure that the branches you want to scan exist.
- Build vulnix and the survey tool:
nix-build default.nix
(note that it needs Rust >= 1.30 which is currently only in nixos-unstable).
Create iteration N covering branches BRANCH1 and BRANCH2:
result/bin/survey -v result/bin/vulnix -n /path/to/nixpkgs-channels \
N BRANCH1 BRANCH2
Submit created tickets (files in iterations/N
) to
https://github.com/NixOS/nixpkgs/issues.