Please provide a way to install the db

[LocutusOfBorg]

Hi, In order to have python-vulndb in Debian, I would like to understand how to better cope with the vulndb database.

What is your opinion? Since you mirrored it from vulndb/data, I guess I can just copy it with some python magic in setup.py...

what is your opinion?

thanks,

G.

[andresriancho]

I don't really understand what you need. Does this help?

[LocutusOfBorg]

mmm the problem seems actually related to pybuild build system, why does it fail in copying the db directory and fail the tests:

OSError: [Errno 2] No such file or directory: '/home/locutus/branches/ongoing/vulndb-0.0.19/.pybuild/pythonX.Y_2.7/build/vulndb/db'
ERROR
test_latest_db_used (vulndb.tests.test_latest_vulndb_data.TestLatestDBUsed) ... Cloning into 'data'...
fatal: unable to access 'https://github.com/vulndb/data.git/': Failed to connect to 127.0.0.1 port 9: Connection refused
ERROR
test_from_file (vulndb.tests.test_load_all_json.TestLoadAllJSON) ... ERROR

btw can you confirm that db will be kept in sync with the other repository? Otherwise I'll see how to split the package in two

[andresriancho]

There is a test which fails if the vulndb/data has new stuff which is not inside this repository

Does your build system allow connections to the internet? Why is github.com resolved to 127.0.0.1?

fatal: unable to access 'https://github.com/vulndb/data.git/': Failed to connect to 127.0.0.1 port 9: Connection refused

[LocutusOfBorg]

No buildd systems in Debian or Ubuntu allows outside connections for security reasons.

this is why I also did something like

--- python-vulndb-0.0.17.orig/setup.py
+++ python-vulndb-0.0.17/setup.py
@@ -25,7 +25,7 @@ setup(

     # With setuptools_git we make sure that the contents of vulndb/db/ , which
     # are non source code files, get copied too
-    setup_requires=['setuptools_git >= 1.1'],
+    #setup_requires=['setuptools_git >= 1.1'],
     zip_safe=False,

     # https://pypi.python.org/pypi?%3Aaction=list_classifiers

[LocutusOfBorg]

it was throwing an error like

Download error on https://pypi.python.org/simple/setuptools_git/: [Errno -2] Name or service not known -- Some packages may not be found!
Download error on https://pypi.python.org/simple/setuptools-git/: [Errno -2] Name or service not known -- Some packages may not be found!
Couldn't find index page for 'setuptools_git' (maybe misspelled?)
Download error on https://pypi.python.org/simple/: [Errno -2] Name or service not known -- Some packages may not be found!
No local packages or download links found for setuptools-git>=1.1
Traceback (most recent call last):
  File "setup.py", line 41, in <module>
    'Topic :: Security'
  File "/usr/lib/python2.7/distutils/core.py", line 111, in setup
    _setup_distribution = dist = klass(attrs)
  File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 268, in __init__
    self.fetch_build_eggs(attrs['setup_requires'])
  File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 313, in fetch_build_eggs
    replace_conflicting=True,
  File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 836, in resolve
    dist = best[req.key] = env.best_match(req, ws, installer)
  File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1081, in best_match
    return self.obtain(req, installer)
  File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1093, in obtain
    return installer(requirement)
  File "/usr/lib/python2.7/dist-packages/setuptools/dist.py", line 380, in fetch_build_egg
    return cmd.easy_install(req)
  File "/usr/lib/python2.7/dist-packages/setuptools/command/easy_install.py", line 646, in easy_install
    raise DistutilsError(msg)
distutils.errors.DistutilsError: Could not find suitable distribution for Requirement.parse('setuptools-git>=1.1')
dh_auto_build: python setup.py build --force returned exit code 1

[andresriancho]

Ok, then there you have a reason why this is failing.

[LocutusOfBorg]

so if you forget to update the vulndb I won't even notice that, neither kali folks...

seems bad... but I guess I'll upload on Debian as is

[andresriancho]

Well, if I forget to update the db in the python-sdk I should notice it because the build will fail. Not saying that it won't happen, but at least there will be a red flag waving there :)

[LocutusOfBorg]

Is that circle stuff what you mean?

I'm used to travis, not sure if that circle service is what you are talking about :)

[andresriancho]

https://circleci.com/gh/vulndb/python-sdk/tree/master

[LocutusOfBorg]

I see :) https://circleci.com/gh/vulndb/python-sdk/41

this seems trivial to check prior to release then ;)

thanks a lot! gonna do my final checks and upload on Debian today I guess