[ptxdist] [PATCH] doc: ref_make_variables: document new CVE variables

mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed

* [ptxdist] [PATCH] doc: ref_make_variables: document new CVE variables
@ 2025-02-07 13:45 Roland Hieber
  2025-02-07 16:17 ` Michael Olbrich
  0 siblings, 1 reply; 5+ messages in thread
From: Roland Hieber @ 2025-02-07 13:45 UTC (permalink / raw)
  To: ptxdist; +Cc: Roland Hieber

Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
 doc/ref_make_variables.rst | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/doc/ref_make_variables.rst b/doc/ref_make_variables.rst
index 358701aab9e2..1c2f24b0db4d 100644
--- a/doc/ref_make_variables.rst
+++ b/doc/ref_make_variables.rst
@@ -256,6 +256,12 @@ Package Definition
   UTF-8 files the encoding can be specified with ``encoding=<enc>``.
   See the section :ref:`licensing_in_packages` for more information.
 
+``<PKG>_CVE_PRODUCT``, ``<PKG>_CVE_VERSION``
+  The product ID and the version number used in the `CVE Database
+  <https://www.cve.org>`__, used for generating SBoM reports.
+  These variables only need to be set if their values differ from ``<PKG>`` and
+  ``$(<PKG>_VERSION)`` respectively.
+
 For most packages the variables described above are undefined by default.
 However, for cross and host packages these variables default to the value
 of the corresponding target package if it exists.
-- 
2.39.5




^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [ptxdist] [PATCH] doc: ref_make_variables: document new CVE variables
  2025-02-07 13:45 [ptxdist] [PATCH] doc: ref_make_variables: document new CVE variables Roland Hieber
@ 2025-02-07 16:17 ` Michael Olbrich
  2025-02-10 10:06   ` [ptxdist] [PATCH v2] " Roland Hieber
  0 siblings, 1 reply; 5+ messages in thread
From: Michael Olbrich @ 2025-02-07 16:17 UTC (permalink / raw)
  To: Roland Hieber, ptxdist

On Fri, Feb 07, 2025 at 02:45:24PM +0100, Roland Hieber wrote:
> Signed-off-by: Roland Hieber <rhi@pengutronix.de>
> ---
>  doc/ref_make_variables.rst | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/doc/ref_make_variables.rst b/doc/ref_make_variables.rst
> index 358701aab9e2..1c2f24b0db4d 100644
> --- a/doc/ref_make_variables.rst
> +++ b/doc/ref_make_variables.rst
> @@ -256,6 +256,12 @@ Package Definition
>    UTF-8 files the encoding can be specified with ``encoding=<enc>``.
>    See the section :ref:`licensing_in_packages` for more information.
>  
> +``<PKG>_CVE_PRODUCT``, ``<PKG>_CVE_VERSION``
> +  The product ID and the version number used in the `CVE Database
> +  <https://www.cve.org>`__, used for generating SBoM reports.
> +  These variables only need to be set if their values differ from ``<PKG>`` and
> +  ``$(<PKG>_VERSION)`` respectively.

<PKG>_CVE_PRODUCT can be <vendor>:<product> if necessary, and it can be a
list if multiple vendor/product combinations are needed. I think that
should be documented as well :-)...

Michael

> +
>  For most packages the variables described above are undefined by default.
>  However, for cross and host packages these variables default to the value
>  of the corresponding target package if it exists.
> -- 
> 2.39.5
> 
> 
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |



^ permalink raw reply	[flat|nested] 5+ messages in thread

* [ptxdist] [PATCH v2] doc: ref_make_variables: document new CVE variables
  2025-02-07 16:17 ` Michael Olbrich
@ 2025-02-10 10:06   ` Roland Hieber
  2025-02-10 10:11     ` [ptxdist] [PATCH v3] " Roland Hieber
  0 siblings, 1 reply; 5+ messages in thread
From: Roland Hieber @ 2025-02-10 10:06 UTC (permalink / raw)
  To: ptxdist; +Cc: Roland Hieber

Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
v2:
 * separate blocks for each variable
 * mention <vendor>:<product> syntax and multiple values
---
 doc/ref_make_variables.rst | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/doc/ref_make_variables.rst b/doc/ref_make_variables.rst
index 358701aab9e2..bfd01098f517 100644
--- a/doc/ref_make_variables.rst
+++ b/doc/ref_make_variables.rst
@@ -256,6 +256,19 @@ Package Definition
   UTF-8 files the encoding can be specified with ``encoding=<enc>``.
   See the section :ref:`licensing_in_packages` for more information.
 
+``<PKG>_CVE_PRODUCT``
+  The product ID in the `CVE Database <https://www.cve.org>`__, used for
+  generating SBoM reports.
+  It can be of the form ``<vendor>:<product>`` and contain multiple values
+  separated by spaces if necessary.
+  If not set, it defaults to ``<PKG>``.
+
+``<PKG>_CVE_VERSION``
+  The version number in the `CVE Database <https://www.cve.org>`__, used for
+  generating SBoM reports.
+  If not set, it defaults to ``$(<PKG>_VERSION)``.
+  
+
 For most packages the variables described above are undefined by default.
 However, for cross and host packages these variables default to the value
 of the corresponding target package if it exists.
-- 
2.39.5




^ permalink raw reply	[flat|nested] 5+ messages in thread

* [ptxdist] [PATCH v3] doc: ref_make_variables: document new CVE variables
  2025-02-10 10:06   ` [ptxdist] [PATCH v2] " Roland Hieber
@ 2025-02-10 10:11     ` Roland Hieber
  2025-02-17  7:24       ` [ptxdist] [APPLIED] " Michael Olbrich
  0 siblings, 1 reply; 5+ messages in thread
From: Roland Hieber @ 2025-02-10 10:11 UTC (permalink / raw)
  To: ptxdist; +Cc: Roland Hieber

Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
v3:
 * where did that extra empty line come from?

v2:
 * separate blocks for each variable
 * mention <vendor>:<product> syntax and multiple values
---
 doc/ref_make_variables.rst | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/doc/ref_make_variables.rst b/doc/ref_make_variables.rst
index 358701aab9e2..37748b09820e 100644
--- a/doc/ref_make_variables.rst
+++ b/doc/ref_make_variables.rst
@@ -256,6 +256,18 @@ Package Definition
   UTF-8 files the encoding can be specified with ``encoding=<enc>``.
   See the section :ref:`licensing_in_packages` for more information.
 
+``<PKG>_CVE_PRODUCT``
+  The product ID in the `CVE Database <https://www.cve.org>`__, used for
+  generating SBoM reports.
+  It can be of the form ``<vendor>:<product>`` and contain multiple values
+  separated by spaces if necessary.
+  If not set, it defaults to ``<PKG>``.
+
+``<PKG>_CVE_VERSION``
+  The version number in the `CVE Database <https://www.cve.org>`__, used for
+  generating SBoM reports.
+  If not set, it defaults to ``$(<PKG>_VERSION)``.
+
 For most packages the variables described above are undefined by default.
 However, for cross and host packages these variables default to the value
 of the corresponding target package if it exists.
-- 
2.39.5




^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [ptxdist] [APPLIED] doc: ref_make_variables: document new CVE variables
  2025-02-10 10:11     ` [ptxdist] [PATCH v3] " Roland Hieber
@ 2025-02-17  7:24       ` Michael Olbrich
  0 siblings, 0 replies; 5+ messages in thread
From: Michael Olbrich @ 2025-02-17  7:24 UTC (permalink / raw)
  To: ptxdist; +Cc: Roland Hieber

Thanks, applied as 304a45f58b04a931fb9e688b8ced3d8ae39587fc.

Michael

[sent from post-receive hook]

On Mon, 17 Feb 2025 08:24:27 +0100, Roland Hieber <rhi@pengutronix.de> wrote:
> Signed-off-by: Roland Hieber <rhi@pengutronix.de>
> Message-Id: <20250210101102.363875-1-rhi@pengutronix.de>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
> 
> diff --git a/doc/ref_make_variables.rst b/doc/ref_make_variables.rst
> index 358701aab9e2..37748b09820e 100644
> --- a/doc/ref_make_variables.rst
> +++ b/doc/ref_make_variables.rst
> @@ -256,6 +256,18 @@ Package Definition
>    UTF-8 files the encoding can be specified with ``encoding=<enc>``.
>    See the section :ref:`licensing_in_packages` for more information.
>  
> +``<PKG>_CVE_PRODUCT``
> +  The product ID in the `CVE Database <https://www.cve.org>`__, used for
> +  generating SBoM reports.
> +  It can be of the form ``<vendor>:<product>`` and contain multiple values
> +  separated by spaces if necessary.
> +  If not set, it defaults to ``<PKG>``.
> +
> +``<PKG>_CVE_VERSION``
> +  The version number in the `CVE Database <https://www.cve.org>`__, used for
> +  generating SBoM reports.
> +  If not set, it defaults to ``$(<PKG>_VERSION)``.
> +
>  For most packages the variables described above are undefined by default.
>  However, for cross and host packages these variables default to the value
>  of the corresponding target package if it exists.



^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2025-02-17  7:25 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-02-07 13:45 [ptxdist] [PATCH] doc: ref_make_variables: document new CVE variables Roland Hieber
2025-02-07 16:17 ` Michael Olbrich
2025-02-10 10:06   ` [ptxdist] [PATCH v2] " Roland Hieber
2025-02-10 10:11     ` [ptxdist] [PATCH v3] " Roland Hieber
2025-02-17  7:24       ` [ptxdist] [APPLIED] " Michael Olbrich

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox