search

nix-community / vulnix

Vulnerability (CVE) scanner for Nix/NixOS.
BSD 3-Clause "New" or "Revised" License
464 stars 35 forks source link

Fail to start scan #48

Closed robinp closed 5 years ago

robinp commented 5 years ago

I get this error about invalid store path. I wonder where it is coming from, since it is not in the store. When I point vulnix to a specific derivation, I still get this error (even though that derivation doesn't seem to have that as requisite).

Could you give me pointers to track this down? Thank you!

vulnix --system
error: path '/nix/store/1ihf4p86pghkkgcs4bvahw152ml17pad-nixos-system-foobar.com-19.03pre-git.drv' is not valid
Traceback (most recent call last):
  File "/nix/store/nl6kirxz5ys7zy6xyyjn221bakc90l1c-vulnix-1.7.1/bin/.vulnix-wrapped", line 12, in <module>
    sys.exit(main())
  File "/nix/store/wxxgbh7cga4g9gng4rr5gliixam5i0rj-python3.6-click-6.7/lib/python3.6/site-packages/click/core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "/nix/store/wxxgbh7cga4g9gng4rr5gliixam5i0rj-python3.6-click-6.7/lib/python3.6/site-packages/click/core.py", line 697, in main
    rv = self.invoke(ctx)
  File "/nix/store/wxxgbh7cga4g9gng4rr5gliixam5i0rj-python3.6-click-6.7/lib/python3.6/site-packages/click/core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/nix/store/wxxgbh7cga4g9gng4rr5gliixam5i0rj-python3.6-click-6.7/lib/python3.6/site-packages/click/core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "/nix/store/nl6kirxz5ys7zy6xyyjn221bakc90l1c-vulnix-1.7.1/lib/python3.6/site-packages/vulnix/main.py", line 134, in main
    store = populate_store(gc_roots, paths, requisites)
  File "/nix/store/nl6kirxz5ys7zy6xyyjn221bakc90l1c-vulnix-1.7.1/lib/python3.6/site-packages/vulnix/main.py", line 59, in populate_store
    store.add_path(path)
  File "/nix/store/nl6kirxz5ys7zy6xyyjn221bakc90l1c-vulnix-1.7.1/lib/python3.6/site-packages/vulnix/nix.py", line 41, in add_path
    for candidate in call(['nix-store', '-qR', deriver]).splitlines():
  File "/nix/store/nl6kirxz5ys7zy6xyyjn221bakc90l1c-vulnix-1.7.1/lib/python3.6/site-packages/vulnix/utils.py", line 24, in call
    output = subprocess.check_output(cmd, stderr=capture)
  File "/nix/store/80qva2zal82njkg4zvb7xg94mnikqksd-python3-3.6.8/lib/python3.6/subprocess.py", line 356, in check_output
    **kwargs).stdout
  File "/nix/store/80qva2zal82njkg4zvb7xg94mnikqksd-python3-3.6.8/lib/python3.6/subprocess.py", line 438, in run
    output=stdout, stderr=stderr)
subprocess.CalledProcessError: Command '['nix-store', '-qR', '/nix/store/1ihf4p86pghkkgcs4bvahw152ml17pad-nixos-system-foobar.com-19.03pre-git.drv']' returned non-zero exit status 1.
ckauhaus commented 5 years ago

Interesting. The traceback alone is not sufficient to diagnose the problem, though. Could you please

  1. share the contents of /nix/store/1ihf4p86pghkkgcs4bvahw152ml17pad-nixos-system-foobar.com-19.03pre-git.drv (if it exists at all) here
  2. Clone vulnix, build it locally and find out the value of deriver` around the shell out in nix.py around line 41?

Alternatively, a minimal shareable example which triggers the problem would be appreciated.

ckauhaus commented 5 years ago

timeout