diff mbox series

[05/10] package/pkg-utils.mk: expose CPE ID in show-info when available

Message ID 20201104145145.1316167-6-thomas.petazzoni@bootlin.com
State Accepted
Headers show
Series Introduce CPE ID matching for CVEs | expand

Commit Message

Thomas Petazzoni Nov. 4, 2020, 2:51 p.m. UTC
This commit exposes a new per-package property in the "make show-info"
JSON output: "cpe-id", which exists when a valid CPE ID is available
for the package.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 package/pkg-utils.mk | 3 +++
 1 file changed, 3 insertions(+)

Comments

Matthew Weber Nov. 4, 2020, 5:09 p.m. UTC | #1
Thomas,

On Wed, Nov 4, 2020 at 8:52 AM Thomas Petazzoni
<thomas.petazzoni@bootlin.com> wrote:
>
> This commit exposes a new per-package property in the "make show-info"
> JSON output: "cpe-id", which exists when a valid CPE ID is available
> for the package.
>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
> ---
>  package/pkg-utils.mk | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/package/pkg-utils.mk b/package/pkg-utils.mk
> index 4fcb076e21..a2cc160d0b 100644
> --- a/package/pkg-utils.mk
> +++ b/package/pkg-utils.mk
> @@ -119,6 +119,9 @@ define _json-info-pkg
>         "reverse_dependencies": [
>                 $(call make-comma-list,$(sort $($(1)_RDEPENDENCIES)))
>         ]
> +       $(if $($(1)_CPE_ID_VALID), \
> +               $(comma) "cpe-id": "$($(1)_CPE_ID)" \
> +       )

I do want to note that my original series built a CPE listing similar
to legal-info as an output for the user or other scripts to use
outside Buildroot.  This method is way more flexible and I believe can
be leveraged for future patches that could create a Software Bill of
Materials using an external script.

Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Heiko Thiery Nov. 12, 2020, 7:44 a.m. UTC | #2
Hi Thomas,

Am Mi., 4. Nov. 2020 um 15:52 Uhr schrieb Thomas Petazzoni
<thomas.petazzoni@bootlin.com>:
>
> This commit exposes a new per-package property in the "make show-info"
> JSON output: "cpe-id", which exists when a valid CPE ID is available
> for the package.
>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
> ---
>  package/pkg-utils.mk | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/package/pkg-utils.mk b/package/pkg-utils.mk
> index 4fcb076e21..a2cc160d0b 100644
> --- a/package/pkg-utils.mk
> +++ b/package/pkg-utils.mk
> @@ -119,6 +119,9 @@ define _json-info-pkg
>         "reverse_dependencies": [
>                 $(call make-comma-list,$(sort $($(1)_RDEPENDENCIES)))
>         ]
> +       $(if $($(1)_CPE_ID_VALID), \
> +               $(comma) "cpe-id": "$($(1)_CPE_ID)" \
> +       )
>         $(if $($(1)_IGNORE_CVES),
>                 $(comma) "ignore_cves": [
>                         $(call make-comma-list,$(sort $($(1)_IGNORE_CVES)))

Tested-by: Heiko Thiery <heiko.thiery@gmail.com>

Thank you
Thomas Petazzoni Nov. 26, 2020, 3:37 p.m. UTC | #3
On Wed,  4 Nov 2020 15:51:39 +0100
Thomas Petazzoni <thomas.petazzoni@bootlin.com> wrote:

> This commit exposes a new per-package property in the "make show-info"
> JSON output: "cpe-id", which exists when a valid CPE ID is available
> for the package.
> 
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
> ---
>  package/pkg-utils.mk | 3 +++
>  1 file changed, 3 insertions(+)

Applied to next, thanks to the review/testing from Matt and Heiko.

Thomas
diff mbox series

Patch

diff --git a/package/pkg-utils.mk b/package/pkg-utils.mk
index 4fcb076e21..a2cc160d0b 100644
--- a/package/pkg-utils.mk
+++ b/package/pkg-utils.mk
@@ -119,6 +119,9 @@  define _json-info-pkg
 	"reverse_dependencies": [
 		$(call make-comma-list,$(sort $($(1)_RDEPENDENCIES)))
 	]
+	$(if $($(1)_CPE_ID_VALID), \
+		$(comma) "cpe-id": "$($(1)_CPE_ID)" \
+	)
 	$(if $($(1)_IGNORE_CVES),
 		$(comma) "ignore_cves": [
 			$(call make-comma-list,$(sort $($(1)_IGNORE_CVES)))