1
0
Fork 0

packaging v2: add a 'CPE' field in upstream section

This commit is contained in:
Alexandre Aubin 2022-08-05 14:56:52 +02:00
parent 0749b9fd6f
commit 6d8e8df390

View file

@ -26,6 +26,8 @@ def _convert_v1_manifest_to_v2(app_path):
if "url" in manifest and "website" not in manifest["upstream"]: if "url" in manifest and "website" not in manifest["upstream"]:
manifest["upstream"]["website"] = manifest["url"] manifest["upstream"]["website"] = manifest["url"]
manifest["upstream"]["cpe"] = "???"
manifest["integration"] = { manifest["integration"] = {
"yunohost": manifest.get("requirements", {}).get("yunohost"), "yunohost": manifest.get("requirements", {}).get("yunohost"),
"architectures": "all", "architectures": "all",
@ -158,6 +160,7 @@ def _dump_v2_manifest_as_toml(manifest):
upstream = table() upstream = table()
for key, value in manifest["upstream"].items(): for key, value in manifest["upstream"].items():
upstream[key] = value upstream[key] = value
upstream["cpe"].comment("FIXME: optional but recommended if relevant, this is meant to contain the Common Platform Enumeration, which is sort of a standard id for applications defined by the NIST. In particular, Yunohost may use this is in the future to easily track CVE (=security reports) related to apps. The CPE may be obtained by searching here: https://nvd.nist.gov/products/cpe/search. For example, for Nextcloud, the CPE is 'cpe:2.3:a:nextcloud:nextcloud' (no need to include the version number)")
toml_manifest["upstream"] = upstream toml_manifest["upstream"] = upstream
integration = table() integration = table()