From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Mon, 18 Sep 2023 16:30:43 +0200 Received: from metis.whiteo.stw.pengutronix.de ([2a0a:edc0:2:b01:1d::104]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1qiFGu-0026go-A1 for lore@lore.pengutronix.de; Mon, 18 Sep 2023 16:30:43 +0200 Received: from localhost ([127.0.0.1] helo=metis.whiteo.stw.pengutronix.de) by metis.whiteo.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1qiFGs-0007eY-LH; Mon, 18 Sep 2023 16:30:42 +0200 Received: from mail-zr0che01on2061.outbound.protection.outlook.com ([40.107.24.61] helo=CHE01-ZR0-obe.outbound.protection.outlook.com) by metis.whiteo.stw.pengutronix.de with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1qiFGl-0007Xm-IU for ptxdist@pengutronix.de; Mon, 18 Sep 2023 16:30:36 +0200 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Wxl0NqTPm0EBzWMFqXr+eUhVmlABxkUKFFJRe48VYIRKGeDwa4gwKZZISA7f7TboyqplucypliY2MicASqVYDakgdC3LM9oZAOZC5T4xbMNmzxlAe4F5bowBdqaFJ8PvOrCwVy78I4O/Z9v5VKo5snNi0/A3G6/p9ITzN71V4i3UaLB7+eYrIKg1Eu6YYqfYgBmow8kL23+Naim5ZsSoXjU9xo2QXOsIRKteUge+MfR8dJUG5KLkJx2NcHjKm5sMMLBaZHIrsTF/E9n3jpVYMGTrkIKIi3ii4tk0hSDc0vlTFWV9Zj2pylPkXbdFLJe9aR9NLE5lijS6Bi1U723mbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Fa1n+QqZYsYyFC6VYHslSU9JIIBqfTRrC5HeCQ9PWYw=; b=jsW7Tz7wDs4B2AJEDZ2F+ojLKz9N8zui3mvcfQia5xMSipf5vUf+DQiVErPWrkyAN8CFuk9ylovAOkR/i9F9j/WRFbFCds9ySHiHlfy80Oo8q7KYWsBl3AHp9UmZW2P09QAEWU+R11jp2gflP/frBSCi9gtt9H9N4woZPkZ1a+kA//pSsmQPjJMaX1PqZWEoVTG886AzSFZ5mmvWj3WdFDfyQ4ux8DqNOW+OCw5/Ua+znz47EflTlPPn9lIIcXcglVpQtJzQKmrjMW/IpkugD3ogE0IQdnjvC+TX3O2dOKwcOmQ1u68uMdYY7l5yg5nYdNs+BXkbw+RTei1q+Uwfhw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=verity.net; dmarc=pass action=none header.from=verity.net; dkim=pass header.d=verity.net; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=verity.net; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Fa1n+QqZYsYyFC6VYHslSU9JIIBqfTRrC5HeCQ9PWYw=; b=0Qb3anRQgrvj/KUPpdyJvfI2j8CZvEVXPR7eyO1yUV4G6WA9+kBsQBbk1Zi+7l7/vNluyyiPqwsGkck/5nBuqZqNVVdzvCqTKAlKbgS2mXbSmzH25FFMsg9m5cjPFVNfe1dMcl/Se+ZA3FP/79nefDhQUxZdMzJJ7Tv9iq9+A6krF0OCxpBjEj5jwLalQlKnW7NMdCM8VLgsnk3nSyi9B6hC74zU0PAB34n+A5C/2MM8SBOU6WYe/ftwVC6IGUf8vTOJxE70zOrSbPCm0tl597MX+tzgmnIXG2U/Vskt06apoRcWpUBUjTxRRzO0TLha01yYat54khvBEm8Z5Kh2cQ== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=verity.net; Received: from GV0P278MB0784.CHEP278.PROD.OUTLOOK.COM (2603:10a6:710:53::9) by GV0P278MB0116.CHEP278.PROD.OUTLOOK.COM (2603:10a6:710:1e::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6792.27; Mon, 18 Sep 2023 14:30:32 +0000 Received: from GV0P278MB0784.CHEP278.PROD.OUTLOOK.COM ([fe80::a5a5:a491:679b:42e]) by GV0P278MB0784.CHEP278.PROD.OUTLOOK.COM ([fe80::a5a5:a491:679b:42e%6]) with mapi id 15.20.6792.026; Mon, 18 Sep 2023 14:30:32 +0000 From: Simon Falsig To: ptxdist@pengutronix.de Date: Mon, 18 Sep 2023 16:29:33 +0200 Message-Id: <20230918142933.3660-1-sfalsig@verity.net> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: ZR0P278CA0189.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:44::6) To GV0P278MB0784.CHEP278.PROD.OUTLOOK.COM (2603:10a6:710:53::9) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: GV0P278MB0784:EE_|GV0P278MB0116:EE_ X-MS-Office365-Filtering-Correlation-Id: 38d50c9e-0e8e-467d-191f-08dbb853d0b3 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: JtZqHZ3Nieba9LZAPWItgxwnxn1OyNWe/RDL9+LhBw4Sp6w8PaHoMcDb+s9rMl2hUDoA+ckzGSqPYJlDyVG3IzdfeScXOw0SRuLY1HTfoQ7zvngrcl7V7LsRb9kzajDghoxxCb1avoGs0CGtk+1VWkgijmiIkKjkk4S6ubLkL+9QeqV6m8K0/56rbJdUsy0UnMWakh3VqdUztPBRL8oOkzXxOB854f/esaxvIhh02Bj3Cm8ZrOWRiYqKyBVX1BvITXIZBdT0nbxODnH985iga0rJiPFpWmWmM7C7fOKVESB38CbJNl+sIYQRZygDPTY2rbG7TRWSGLtMuANzvZeCHXIGz9bSmnLGuIh8FbBqhPXJ1MqcXW6kMqR6HWMLmf4/2Vqg3YQUCS5FEHsmtVe1YeKYnb8wsZNFFToSbFnVM1y/oreLX3dafj0jblhgbtDbGJKUn2O1KZbnD1Gr3NwcHxaZs2trxy0WlC9A+t0R0Ko3nsfP9JThH02lv3h0r+jf41FS//DZ6rvZobn+vTGQ9k4uDed6IQxU4TBA4ESACLfmwBhNSIMWfVKq/FDuA1j1Dv3/H4XkxxrclmICT72FwXEruE/qPZ74jy05dBJ8jqi1hCU1qHtWJ3Y7DUPV8gbI X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:GV0P278MB0784.CHEP278.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230031)(396003)(346002)(39840400004)(136003)(376002)(366004)(1800799009)(451199024)(186009)(86362001)(36756003)(6486002)(6512007)(6506007)(478600001)(5660300002)(52116002)(316002)(8676002)(4326008)(8936002)(6916009)(107886003)(2616005)(1076003)(26005)(41300700001)(66476007)(66556008)(66946007)(38350700002)(38100700002)(2906002)(83380400001); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?FfNyPWYYFp768HNk9d/zf9YMq4e9HaXzlb9fTeytLlEg8WXX9Xo93ucl3R3C?= =?us-ascii?Q?rnXik3hZ08W1AVm3lRwZLuJmO1NhA2To76Cz6mG+xGNQ7cN2H5IGb1/dapj3?= =?us-ascii?Q?O2hrm+Yl6AA3zAwEeMkelvnSEey7pTwymGloyXeHHI4wJDzT2ieiWeWBgoeS?= =?us-ascii?Q?PA1RQk2sURW6AbMnprTVMQVbmtOYGDJXtkc5J6CejEXkeK9Mq0s38wR5k/jn?= =?us-ascii?Q?joSr+uWLtLRxjrHmdnqmgty83u3hbLlhrr8UOtRnzlOlIfwhM5eK8SH2jaau?= =?us-ascii?Q?K1D58K0S5nawgybKcwDMJiOf3PKC3ACJFlevaQIbgwWcnb4eRrMR2l0R/7iY?= =?us-ascii?Q?h/tfqFQk3wR1kk1jN8QyS7k5X+TGSqB438rPeZYpHHvfs8Hvio/NWw2fja6v?= =?us-ascii?Q?VznklEfO9UL0FsSnyDZl9vynhuQxDjOhJiv2ZrEsxmzW/w+9O0cM7OH6bQBb?= =?us-ascii?Q?c6coUZVsQNwqToTPY9gXiN9CGmCyW2ZaEZ8jAlk2/k8Sd5+aasB/eyAxqRbe?= =?us-ascii?Q?CkgHKXio2jo4ZOcBSl2WoVLLWbyQtcH2mWY8ttHCzEq4ofErEOG2Ij14CH/8?= =?us-ascii?Q?Tg6zRzRPzPrZCTo8HgXDVfBY4Nm5HG3kONnN5MOT18pPKYelKh73lb97V+h3?= =?us-ascii?Q?XCmeqBpWyzlIZByV9durFpwT1Ly+celEqcPi/my9fLa06iGIvASb3KQvq0on?= =?us-ascii?Q?eY7MgiwP6R/77xMcZLnC+6yGxECgcrySg0GnRUj6rmLEoUE5JICfRNYWFjQo?= =?us-ascii?Q?3z/EZ5UTyG/q+/7MqyJmpqsdFNzTgbn+HS176I/9W1I0u6xGx92WqeXfswTQ?= =?us-ascii?Q?UCpbNkOx3YGL7qaDp3n3FrincLJ/Wml4VUfKEJeOVvMS8cSrfXaFZFnuxFLE?= =?us-ascii?Q?P7OGSBm7QIHuFxw/juOMi7QQdJM2tB+EYagedSgRP+EbIxCWReYlIYsvyVTy?= =?us-ascii?Q?YItAm+PEpuAlAgqkeg8HndHMTZ3Bf2XEB4a1qpkf4C07auURx91QKfKBZrW6?= =?us-ascii?Q?1IGzbYCC+STHVDBtUC26THv1+Ag5r/kKUbNuoMTl2h6SedyU3Zi04UagVEl0?= =?us-ascii?Q?tOaLJb2b+9L6ALDJP4zCXmgpLYKkSkiH4PmokvSgZ26/lGQoZkhy366j3gkG?= =?us-ascii?Q?qrzphAulGBUig/ql4U0BiQSkWpj9O/u8w8sNcrv0sg93mSmtPugC/Gp8V99A?= =?us-ascii?Q?JXEDcl88eBuzdoVeI1TnCiYEJEsCreBaBP2TKCgSojrFoocCdo3Fh8SzAuvk?= =?us-ascii?Q?JOUhXMpBFs3U2+4BoP39/KzFVH3X2daKJ+8aUdA3Rqrq9MLECYTFCNa6hxNf?= =?us-ascii?Q?Y5Njh+Q4R81DQnLhfhVqXj3nMlbYUW69MTQc3hF7eHjL7lzV0MImCVFpmKFL?= =?us-ascii?Q?lS/xywCJ5YiCRE+F/krdqT+DnquCp+R3UAI2SLMvHSucLpv3ctxzPquaxwYn?= =?us-ascii?Q?1LETx3Ota/EySaqkFfvmCv+8CrIHWXTdYyxOlsmwnJ1lzKp3EBa8wNb/evGo?= =?us-ascii?Q?rPdMJfaHAySLLDEJ7y6XkGDmf7BRutyWuspAW4+g5KIqdY6rsNVVPL2qq0tt?= =?us-ascii?Q?bHQtdBB/X5vqKgBXEIkrXToDsCF56L+aAKA5T2No?= X-OriginatorOrg: verity.net X-MS-Exchange-CrossTenant-Network-Message-Id: 38d50c9e-0e8e-467d-191f-08dbb853d0b3 X-MS-Exchange-CrossTenant-AuthSource: GV0P278MB0784.CHEP278.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Sep 2023 14:30:32.8143 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 06487c72-7d88-4632-bf56-071603defa0a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: A8UjXBFwUveRwfGjXrHbBC65DdIx94IoAy8tp77vQ2j0mip2VnSZ/S5ZQpZWF17/UZXYqofhyYgUV/6qkwfPPw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV0P278MB0116 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on metis.whiteo.stw.pengutronix.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=4.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.2 Subject: [ptxdist] [PATCH] RFC: ptxd_make_world: Extract CPE for packages X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: Simon Falsig Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.whiteo.stw.pengutronix.de); SAEximRunCond expanded to false From: Simon Falsig If a package specifies a CPE or CPE_VENDOR and CPE_PRODUCT, this is extracted into the fast report for that package. If no CPE is specified, or not both of CPE_VENDOR and CPE_PRODUCT, then no value is added. By default, the existing VERSION is used, but can be overridden with CPE_VERSION. Constructed CPEs are validated against the official CPE regex. The CPE (Common Platform Enumerator) allows matching CVEs to specific packages, and see if these apply to a specific deployment. --- rules/post/ptxd_make_world_common.make | 4 ++++ scripts/lib/ptxd_make_world_report.sh | 9 +++++++++ 2 files changed, 13 insertions(+) diff --git a/rules/post/ptxd_make_world_common.make b/rules/post/ptxd_make_world_common.make index 08120607a..0804f0b81 100644 --- a/rules/post/ptxd_make_world_common.make +++ b/rules/post/ptxd_make_world_common.make @@ -78,6 +78,10 @@ world/env/impl = \ pkg_PKG="$(call ptx/escape,$(1))" \ pkg_pkg="$(call ptx/escape,$($(1)))" \ pkg_version="$(call ptx/escape,$($(1)_VERSION))" \ + pkg_cpe_vendor="$(call ptx/escape,$($(1)_CPE_VENDOR))" \ + pkg_cpe_product="$(call ptx/escape,$($(1)_CPE_PRODUCT))" \ + pkg_cpe_version="$(call ptx/escape,$($(1)_CPE_VERSION))" \ + pkg_cpe="$(call ptx/escape,$($(1)_CPE))" \ pkg_config="$(call ptx/escape,$($(1)_CONFIG))" \ pkg_ref_config="$(call ptx/escape,$($(1)_REF_CONFIG))" \ pkg_path="$(call ptx/escape,$($(1)_PATH))" \ diff --git a/scripts/lib/ptxd_make_world_report.sh b/scripts/lib/ptxd_make_world_report.sh index dbdae5736..dea25635b 100644 --- a/scripts/lib/ptxd_make_world_report.sh +++ b/scripts/lib/ptxd_make_world_report.sh @@ -39,6 +39,15 @@ ptxd_make_world_report_yaml() { do_list "rundeps:" "${pkg_run_deps}" do_echo "config:" "${pkg_config}" do_echo "version:" "${pkg_version}" + if [ ! -n "${pkg_cpe_version}" -a ! -n "${pkg_cpe}" ]; then + # Default to using pkg_version for the CPE string, unless _CPE_VERSION or _CPE are explicitly + # specified. In the case of the latter, there's no need to keep track of the version separately. + pkg_cpe_version="${pkg_version}" + fi + do_echo "cpe:" "${pkg_cpe}" + do_echo "cpe_vendor:" "${pkg_cpe_vendor}" + do_echo "cpe_product:" "${pkg_cpe_product}" + do_echo "cpe_version:" "${pkg_cpe_version}" do_list "url:" "${pkg_url}" do_echo "md5:" "${pkg_md5}" do_echo "source:" "${pkg_src}" -- 2.25.1