diff mbox series

[04/10] docs/manual: document <pkg>_CPE_ID variables

Message ID 20201104145145.1316167-5-thomas.petazzoni@bootlin.com
State Accepted
Headers show
Series Introduce CPE ID matching for CVEs | expand

Commit Message

Thomas Petazzoni Nov. 4, 2020, 2:51 p.m. UTC
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 docs/manual/adding-packages-generic.txt | 39 +++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

Comments

Matthew Weber Nov. 4, 2020, 5:06 p.m. UTC | #1
Thomas,

On Wed, Nov 4, 2020 at 8:53 AM Thomas Petazzoni
<thomas.petazzoni@bootlin.com> wrote:
>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
> ---
>  docs/manual/adding-packages-generic.txt | 39 +++++++++++++++++++++++++
>  1 file changed, 39 insertions(+)
>
> diff --git a/docs/manual/adding-packages-generic.txt b/docs/manual/adding-packages-generic.txt
> index b8bfcb4aff..3fcf741a1a 100644
> --- a/docs/manual/adding-packages-generic.txt
> +++ b/docs/manual/adding-packages-generic.txt
> @@ -502,6 +502,45 @@ LIBFOO_IGNORE_CVES += CVE-2020-12345
>  LIBFOO_IGNORE_CVES += CVE-2020-54321
>  ----------------------
>
> +* +LIBFOO_CPE_ID_*+ variables is a set of variables that allows the
> +  package to define its https://nvd.nist.gov/products/cpe[CPE
> +  identifier]. The available variables are:
> ++
> +--
> +** +LIBFOO_CPE_ID_PREFIX+, specifies the prefix of the CPE identifier,
> +   i.e the first three fields. When not defined, the default value is
> +   +cpe:2.3:a+.
> +
> +** +LIBFOO_CPE_ID_VENDOR+, specifies the vendor part of the CPE
> +   identifier. When not defined, the default value is
> +   +<pkgname>_project+.
> +
> +** +LIBFOO_CPE_ID_PRODUCT+, specifies the product part of the CPE
> +   identifier. When not defined, the default value is +<pkgname>+.
> +
> +** +LIBFOO_CPE_ID_VERSION+, specifies the version part of the CPE
> +   identifier. When not defined the default value is
> +   +$(LIBFOO_VERSION)+.
> +
> +** +LIBFOO_CPE_ID_VERSION_MINOR+ specifies the _update_ part of the
> +   CPE identifier. When not defined the default value is +*+.
> +--
> ++
> +If any of those variables is defined, then the generic package
> +infrastructure assumes the package provides valid CPE information. In
> +this case, +LIBFOO_CPE_ID_VALID = YES+ will be sent, and the generic
> +package infrastructure will define +LIBFOO_CPE_ID+.
> ++
> +Alternatively, a package can also explicitly set +LIBFOO_CPE_ID_VALID
> += YES+ if the default values for +LIBFOO_CPE_ID_PREFIX+,
> ++LIBFOO_CPE_ID_VENDOR+, +LIBFOO_CPE_ID_PRODUCT+,
> ++LIBFOO_CPE_ID_VERSION+, +LIBFOO_CPE_ID_VERSION_MINOR+ are all correct
> +for this package and don't need to be explicitly overridden.
> ++
> +For a host package, if its +LIBFOO_CPE_ID_*+ variables are not
> +defined, it inherits the value of those variables from the
> +corresponding target package.
> +
>  The recommended way to define these variables is to use the following
>  syntax:
>

Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Heiko Thiery Nov. 12, 2020, 7:36 a.m. UTC | #2
Hi Thomas,

Am Mi., 4. Nov. 2020 um 15:52 Uhr schrieb Thomas Petazzoni
<thomas.petazzoni@bootlin.com>:
>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
> ---
>  docs/manual/adding-packages-generic.txt | 39 +++++++++++++++++++++++++
>  1 file changed, 39 insertions(+)
>
> diff --git a/docs/manual/adding-packages-generic.txt b/docs/manual/adding-packages-generic.txt
> index b8bfcb4aff..3fcf741a1a 100644
> --- a/docs/manual/adding-packages-generic.txt
> +++ b/docs/manual/adding-packages-generic.txt
> @@ -502,6 +502,45 @@ LIBFOO_IGNORE_CVES += CVE-2020-12345
>  LIBFOO_IGNORE_CVES += CVE-2020-54321
>  ----------------------
>
> +* +LIBFOO_CPE_ID_*+ variables is a set of variables that allows the
> +  package to define its https://nvd.nist.gov/products/cpe[CPE
> +  identifier]. The available variables are:
> ++
> +--
> +** +LIBFOO_CPE_ID_PREFIX+, specifies the prefix of the CPE identifier,
> +   i.e the first three fields. When not defined, the default value is
> +   +cpe:2.3:a+.
> +
> +** +LIBFOO_CPE_ID_VENDOR+, specifies the vendor part of the CPE
> +   identifier. When not defined, the default value is
> +   +<pkgname>_project+.
> +
> +** +LIBFOO_CPE_ID_PRODUCT+, specifies the product part of the CPE
> +   identifier. When not defined, the default value is +<pkgname>+.
> +
> +** +LIBFOO_CPE_ID_VERSION+, specifies the version part of the CPE
> +   identifier. When not defined the default value is
> +   +$(LIBFOO_VERSION)+.
> +
> +** +LIBFOO_CPE_ID_VERSION_MINOR+ specifies the _update_ part of the
> +   CPE identifier. When not defined the default value is +*+.
> +--
> ++
> +If any of those variables is defined, then the generic package
> +infrastructure assumes the package provides valid CPE information. In
> +this case, +LIBFOO_CPE_ID_VALID = YES+ will be sent, and the generic

s/sent/set/ ?

> +package infrastructure will define +LIBFOO_CPE_ID+.
> ++
> +Alternatively, a package can also explicitly set +LIBFOO_CPE_ID_VALID
> += YES+ if the default values for +LIBFOO_CPE_ID_PREFIX+,
> ++LIBFOO_CPE_ID_VENDOR+, +LIBFOO_CPE_ID_PRODUCT+,
> ++LIBFOO_CPE_ID_VERSION+, +LIBFOO_CPE_ID_VERSION_MINOR+ are all correct
> +for this package and don't need to be explicitly overridden.
> ++
> +For a host package, if its +LIBFOO_CPE_ID_*+ variables are not
> +defined, it inherits the value of those variables from the
> +corresponding target package.
> +
>  The recommended way to define these variables is to use the following
>  syntax:
>

Reviewed-by: Heiko Thiery <heiko.thiery@gmail.com>
Thomas Petazzoni Nov. 26, 2020, 3:36 p.m. UTC | #3
On Wed,  4 Nov 2020 15:51:38 +0100
Thomas Petazzoni <thomas.petazzoni@bootlin.com> wrote:

> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
> ---
>  docs/manual/adding-packages-generic.txt | 39 +++++++++++++++++++++++++
>  1 file changed, 39 insertions(+)

Both Matt and Heiko have given their Reviewed-by, so I have applied. I
have fixed when applying the typo reported by Heiko.

Thomas
diff mbox series

Patch

diff --git a/docs/manual/adding-packages-generic.txt b/docs/manual/adding-packages-generic.txt
index b8bfcb4aff..3fcf741a1a 100644
--- a/docs/manual/adding-packages-generic.txt
+++ b/docs/manual/adding-packages-generic.txt
@@ -502,6 +502,45 @@  LIBFOO_IGNORE_CVES += CVE-2020-12345
 LIBFOO_IGNORE_CVES += CVE-2020-54321
 ----------------------
 
+* +LIBFOO_CPE_ID_*+ variables is a set of variables that allows the
+  package to define its https://nvd.nist.gov/products/cpe[CPE
+  identifier]. The available variables are:
++
+--
+** +LIBFOO_CPE_ID_PREFIX+, specifies the prefix of the CPE identifier,
+   i.e the first three fields. When not defined, the default value is
+   +cpe:2.3:a+.
+
+** +LIBFOO_CPE_ID_VENDOR+, specifies the vendor part of the CPE
+   identifier. When not defined, the default value is
+   +<pkgname>_project+.
+
+** +LIBFOO_CPE_ID_PRODUCT+, specifies the product part of the CPE
+   identifier. When not defined, the default value is +<pkgname>+.
+
+** +LIBFOO_CPE_ID_VERSION+, specifies the version part of the CPE
+   identifier. When not defined the default value is
+   +$(LIBFOO_VERSION)+.
+
+** +LIBFOO_CPE_ID_VERSION_MINOR+ specifies the _update_ part of the
+   CPE identifier. When not defined the default value is +*+.
+--
++
+If any of those variables is defined, then the generic package
+infrastructure assumes the package provides valid CPE information. In
+this case, +LIBFOO_CPE_ID_VALID = YES+ will be sent, and the generic
+package infrastructure will define +LIBFOO_CPE_ID+.
++
+Alternatively, a package can also explicitly set +LIBFOO_CPE_ID_VALID
+= YES+ if the default values for +LIBFOO_CPE_ID_PREFIX+,
++LIBFOO_CPE_ID_VENDOR+, +LIBFOO_CPE_ID_PRODUCT+,
++LIBFOO_CPE_ID_VERSION+, +LIBFOO_CPE_ID_VERSION_MINOR+ are all correct
+for this package and don't need to be explicitly overridden.
++
+For a host package, if its +LIBFOO_CPE_ID_*+ variables are not
+defined, it inherits the value of those variables from the
+corresponding target package.
+
 The recommended way to define these variables is to use the following
 syntax: