packaging v2: add a 'CPE' field in upstream section
This commit is contained in:
parent
0749b9fd6f
commit
6d8e8df390
1 changed files with 3 additions and 0 deletions
|
@ -26,6 +26,8 @@ def _convert_v1_manifest_to_v2(app_path):
|
||||||
if "url" in manifest and "website" not in manifest["upstream"]:
|
if "url" in manifest and "website" not in manifest["upstream"]:
|
||||||
manifest["upstream"]["website"] = manifest["url"]
|
manifest["upstream"]["website"] = manifest["url"]
|
||||||
|
|
||||||
|
manifest["upstream"]["cpe"] = "???"
|
||||||
|
|
||||||
manifest["integration"] = {
|
manifest["integration"] = {
|
||||||
"yunohost": manifest.get("requirements", {}).get("yunohost"),
|
"yunohost": manifest.get("requirements", {}).get("yunohost"),
|
||||||
"architectures": "all",
|
"architectures": "all",
|
||||||
|
@ -158,6 +160,7 @@ def _dump_v2_manifest_as_toml(manifest):
|
||||||
upstream = table()
|
upstream = table()
|
||||||
for key, value in manifest["upstream"].items():
|
for key, value in manifest["upstream"].items():
|
||||||
upstream[key] = value
|
upstream[key] = value
|
||||||
|
upstream["cpe"].comment("FIXME: optional but recommended if relevant, this is meant to contain the Common Platform Enumeration, which is sort of a standard id for applications defined by the NIST. In particular, Yunohost may use this is in the future to easily track CVE (=security reports) related to apps. The CPE may be obtained by searching here: https://nvd.nist.gov/products/cpe/search. For example, for Nextcloud, the CPE is 'cpe:2.3:a:nextcloud:nextcloud' (no need to include the version number)")
|
||||||
toml_manifest["upstream"] = upstream
|
toml_manifest["upstream"] = upstream
|
||||||
|
|
||||||
integration = table()
|
integration = table()
|
||||||
|
|
Loading…
Reference in a new issue