[Buildroot] [PATCH 1/1] package/libteam: drop LIBTEAM_CPE_ID

All of lore.kernel.org
 help / color / mirror / Atom feed

* [Buildroot] [PATCH 1/1] package/libteam: drop LIBTEAM_CPE_ID_VENDOR
@ 2021-11-05 21:31 Fabrice Fontaine
  2021-11-05 21:41 ` Yann E. MORIN
  0 siblings, 1 reply; 4+ messages in thread
From: Fabrice Fontaine @ 2021-11-05 21:31 UTC (permalink / raw)
  To: buildroot; +Cc: Joachim Wiberg, Fabrice Fontaine

LIBTEAM_CPE_ID_VENDOR was wrongly set since the addition of the package
in commit 7485f5be0c460649e7406699cde82bb492aa23f1 as
cpe:2.3:a:libteam:libteam is not a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibteam%3Alibteam

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/libteam/libteam.mk | 1 -
 1 file changed, 1 deletion(-)

diff --git a/package/libteam/libteam.mk b/package/libteam/libteam.mk
index 99454a03e5..8bd83aa20d 100644
--- a/package/libteam/libteam.mk
+++ b/package/libteam/libteam.mk
@@ -6,7 +6,6 @@
 
 LIBTEAM_VERSION = 1.31
 LIBTEAM_SITE = $(call github,jpirko,libteam,v$(LIBTEAM_VERSION))
-LIBTEAM_CPE_ID_VENDOR = libteam
 LIBTEAM_LICENSE = LGPL-2.1+
 LIBTEAM_LICENSE_FILES = COPYING
 LIBTEAM_DEPENDENCIES = host-pkgconf jansson libdaemon libnl
-- 
2.33.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [Buildroot] [PATCH 1/1] package/libteam: drop LIBTEAM_CPE_ID_VENDOR
  2021-11-05 21:31 [Buildroot] [PATCH 1/1] package/libteam: drop LIBTEAM_CPE_ID_VENDOR Fabrice Fontaine
@ 2021-11-05 21:41 ` Yann E. MORIN
  2021-11-05 21:50   ` Joachim Wiberg
  2021-11-06  9:57   ` Fabrice Fontaine
  0 siblings, 2 replies; 4+ messages in thread
From: Yann E. MORIN @ 2021-11-05 21:41 UTC (permalink / raw)
  To: Fabrice Fontaine; +Cc: Joachim Wiberg, buildroot

Fabrice, All,

On 2021-11-05 22:31 +0100, Fabrice Fontaine spake thusly:
> LIBTEAM_CPE_ID_VENDOR was wrongly set since the addition of the package
> in commit 7485f5be0c460649e7406699cde82bb492aa23f1 as
> cpe:2.3:a:libteam:libteam is not a valid CPE identifier for this
> package:
>   https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibteam%3Alibteam

I hadn't pushed that for more than 30 minutes that you already
noticed. Woo... Scray! ;-)

How did you catch this?

How can we easily validate that a CPE is indeed valid (short of running
the full pkg-stats)?

Joachim, what made you think libteam was appropriate?

> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Applied to master, thanks.

Regards,
Yann E. MORIN.

> ---
>  package/libteam/libteam.mk | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/package/libteam/libteam.mk b/package/libteam/libteam.mk
> index 99454a03e5..8bd83aa20d 100644
> --- a/package/libteam/libteam.mk
> +++ b/package/libteam/libteam.mk
> @@ -6,7 +6,6 @@
>  
>  LIBTEAM_VERSION = 1.31
>  LIBTEAM_SITE = $(call github,jpirko,libteam,v$(LIBTEAM_VERSION))
> -LIBTEAM_CPE_ID_VENDOR = libteam
>  LIBTEAM_LICENSE = LGPL-2.1+
>  LIBTEAM_LICENSE_FILES = COPYING
>  LIBTEAM_DEPENDENCIES = host-pkgconf jansson libdaemon libnl
> -- 
> 2.33.0
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Buildroot] [PATCH 1/1] package/libteam: drop LIBTEAM_CPE_ID_VENDOR
  2021-11-05 21:41 ` Yann E. MORIN
@ 2021-11-05 21:50   ` Joachim Wiberg
  2021-11-06  9:57   ` Fabrice Fontaine
  1 sibling, 0 replies; 4+ messages in thread
From: Joachim Wiberg @ 2021-11-05 21:50 UTC (permalink / raw)
  To: Yann E. MORIN, Fabrice Fontaine; +Cc: buildroot


[-- Attachment #1.1.1: Type: text/plain, Size: 534 bytes --]

Hi,

On 11/5/21 10:41 PM, Yann E. MORIN wrote:
> On 2021-11-05 22:31 +0100, Fabrice Fontaine spake thusly:
>> LIBTEAM_CPE_ID_VENDOR was wrongly set since the addition of the package
>> cpe:2.3:a:libteam:libteam is not a valid CPE identifier for this
> Joachim, what made you think libteam was appropriate?

I really have no answer for that, cut-and-paste+replace mistake,
maybe.  I was sure I checked it before submitting, but it must
have been some other package.

Sorry about the messup!

Best regards
 /Joachim



[-- Attachment #1.2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 495 bytes --]

[-- Attachment #2: Type: text/plain, Size: 150 bytes --]

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [Buildroot] [PATCH 1/1] package/libteam: drop LIBTEAM_CPE_ID_VENDOR
  2021-11-05 21:41 ` Yann E. MORIN
  2021-11-05 21:50   ` Joachim Wiberg
@ 2021-11-06  9:57   ` Fabrice Fontaine
  1 sibling, 0 replies; 4+ messages in thread
From: Fabrice Fontaine @ 2021-11-06  9:57 UTC (permalink / raw)
  To: Yann E. MORIN; +Cc: Joachim Wiberg, Matthew Weber, Buildroot Mailing List

Hi,

Le ven. 5 nov. 2021 à 22:41, Yann E. MORIN <yann.morin.1998@free.fr> a écrit :
>
> Fabrice, All,
>
> On 2021-11-05 22:31 +0100, Fabrice Fontaine spake thusly:
> > LIBTEAM_CPE_ID_VENDOR was wrongly set since the addition of the package
> > in commit 7485f5be0c460649e7406699cde82bb492aa23f1 as
> > cpe:2.3:a:libteam:libteam is not a valid CPE identifier for this
> > package:
> >   https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alibteam%3Alibteam
>
> I hadn't pushed that for more than 30 minutes that you already
> noticed. Woo... Scray! ;-)
>
> How did you catch this?
I'm manually checking the CPE of each new package.
>
> How can we easily validate that a CPE is indeed valid (short of running
> the full pkg-stats)?
We could update check-package, the simplest option would be to add a call to
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=3ACPE_ID_PREFIX:CPE_ID_VENDOR:CPE_ID_PRODUCT

If this call returns no entries, we can be confident that the CPE
variables are invalid (because the user made an error or because the
NVD NIST database was updated).
However, an HTTP request will be sent for every package with a
user-given CPE variable ...
The other option would be to mutualize the functions used by pkg-stats
to download the full CPE dictionary.
>
> Joachim, what made you think libteam was appropriate?
>
> > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
>
> Applied to master, thanks.
>
> Regards,
> Yann E. MORIN.
>
> > ---
> >  package/libteam/libteam.mk | 1 -
> >  1 file changed, 1 deletion(-)
> >
> > diff --git a/package/libteam/libteam.mk b/package/libteam/libteam.mk
> > index 99454a03e5..8bd83aa20d 100644
> > --- a/package/libteam/libteam.mk
> > +++ b/package/libteam/libteam.mk
> > @@ -6,7 +6,6 @@
> >
> >  LIBTEAM_VERSION = 1.31
> >  LIBTEAM_SITE = $(call github,jpirko,libteam,v$(LIBTEAM_VERSION))
> > -LIBTEAM_CPE_ID_VENDOR = libteam
> >  LIBTEAM_LICENSE = LGPL-2.1+
> >  LIBTEAM_LICENSE_FILES = COPYING
> >  LIBTEAM_DEPENDENCIES = host-pkgconf jansson libdaemon libnl
> > --
> > 2.33.0
> >
> > _______________________________________________
> > buildroot mailing list
> > buildroot@buildroot.org
> > https://lists.buildroot.org/mailman/listinfo/buildroot
>
> --
> .-----------------.--------------------.------------------.--------------------.
> |  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
> | +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
> | +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
> | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
> '------------------------------^-------^------------------^--------------------'
Best Regards,

Fabrice
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2021-11-06  9:59 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-05 21:31 [Buildroot] [PATCH 1/1] package/libteam: drop LIBTEAM_CPE_ID_VENDOR Fabrice Fontaine
2021-11-05 21:41 ` Yann E. MORIN
2021-11-05 21:50   ` Joachim Wiberg
2021-11-06  9:57   ` Fabrice Fontaine

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.