On 9/13/23 18:05, Simon Falsig wrote:
> From: Simon Falsig <sfal...@verity.ch>
>
> If a package specifies a CPE, this is extracted into the fast report for
> that package. If no CPE is specified, then no value is added.
>
> The CPE (Common Platform Enumerator) allows matching CVEs to specific
> packages, and see if these apply to a specific deployment.
Hi Simon.
I think this is a good thing going forward, but some minor nag.
My objection would be that sticking full versioned CPE strings straight
into the .make as an only-source just creates clutter.
As an full CPE override, absolutely though.
I suggest that some basic CPE modelling should be done by ptxdist, with
possibly trivial hinting or nameing in the .make, with complete
overrides as a last resort. That way ptxdist could start by filling most
stuff and people could override on demand.
I'd primarily poke the vendor:product tuple. Maybe ptxdist could do
packagename:packagename as default. If you specify the smaller override
it could be something like APPL_CPE_VENDOR and APPL_CPE_PRODUCT. Here
you could use * or other strings. Overriding any of them or both.
APPL_CPE would serve as the full override.
That could help in hiding CPE format or other usages (subject to
changes) in a lot of places. Hopefully, most packages won't require
extra information to match.
Regards,
Christian
> ---
> rules/post/ptxd_make_world_common.make | 1 +
> scripts/lib/ptxd_make_world_report.sh | 1 +
> 2 files changed, 2 insertions(+)
>
> diff --git a/rules/post/ptxd_make_world_common.make
> b/rules/post/ptxd_make_world_common.make
> index 08120607a..6c646fb16 100644
> --- a/rules/post/ptxd_make_world_common.make
> +++ b/rules/post/ptxd_make_world_common.make
> @@ -78,6 +78,7 @@ world/env/impl = \
> pkg_PKG="$(call ptx/escape,$(1))"
> \
> pkg_pkg="$(call ptx/escape,$($(1)))"
> \
> pkg_version="$(call ptx/escape,$($(1)_VERSION))"
> \
> + pkg_cpe="$(call ptx/escape,$($(1)_CPE))" \
> pkg_config="$(call ptx/escape,$($(1)_CONFIG))"
> \
> pkg_ref_config="$(call ptx/escape,$($(1)_REF_CONFIG))"
> \
> pkg_path="$(call ptx/escape,$($(1)_PATH))"
> \
> diff --git a/scripts/lib/ptxd_make_world_report.sh
> b/scripts/lib/ptxd_make_world_report.sh
> index dbdae5736..2bfe4c201 100644
> --- a/scripts/lib/ptxd_make_world_report.sh
> +++ b/scripts/lib/ptxd_make_world_report.sh
> @@ -39,6 +39,7 @@ ptxd_make_world_report_yaml() {
> do_list "rundeps:" "${pkg_run_deps}"
> do_echo "config:" "${pkg_config}"
> do_echo "version:" "${pkg_version}"
> + do_echo "cpe:" "${pkg_cpe}"
> do_list "url:" "${pkg_url}"
> do_echo "md5:" "${pkg_md5}"
> do_echo "source:" "${pkg_src}"
