From 6d8e8df390da924bfa2245ebf8053a3110f73161 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Fri, 5 Aug 2022 14:56:52 +0200 Subject: [PATCH] packaging v2: add a 'CPE' field in upstream section --- packaging_v2/convert_app_to_packaging_v2.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/packaging_v2/convert_app_to_packaging_v2.py b/packaging_v2/convert_app_to_packaging_v2.py index b2a11c3..ba00153 100644 --- a/packaging_v2/convert_app_to_packaging_v2.py +++ b/packaging_v2/convert_app_to_packaging_v2.py @@ -26,6 +26,8 @@ def _convert_v1_manifest_to_v2(app_path): if "url" in manifest and "website" not in manifest["upstream"]: manifest["upstream"]["website"] = manifest["url"] + manifest["upstream"]["cpe"] = "???" + manifest["integration"] = { "yunohost": manifest.get("requirements", {}).get("yunohost"), "architectures": "all", @@ -158,6 +160,7 @@ def _dump_v2_manifest_as_toml(manifest): upstream = table() for key, value in manifest["upstream"].items(): upstream[key] = value + upstream["cpe"].comment("FIXME: optional but recommended if relevant, this is meant to contain the Common Platform Enumeration, which is sort of a standard id for applications defined by the NIST. In particular, Yunohost may use this is in the future to easily track CVE (=security reports) related to apps. The CPE may be obtained by searching here: https://nvd.nist.gov/products/cpe/search. For example, for Nextcloud, the CPE is 'cpe:2.3:a:nextcloud:nextcloud' (no need to include the version number)") toml_manifest["upstream"] = upstream integration = table()