Date: Tue, 12 Oct 2021 13:04:38 +0200 From: Stefan Esser <se@freebsd.org> To: =?UTF-8?Q?Bernhard_Fr=c3=b6hlich?= <decke@freebsd.org> Cc: "ports-committers@freebsd.org" <ports-committers@freebsd.org>, "dev-commits-ports-all@freebsd.org" <dev-commits-ports-all@freebsd.org>, "dev-commits-ports-main@freebsd.org" <dev-commits-ports-main@freebsd.org> Subject: Re: git: a90e961f4d19 - main - */*: Avoid extra CPE_VENDOR=kde by properly sorting USES Message-ID: <255b290b-72fe-45c0-b5bf-6271eb1543ac@freebsd.org> In-Reply-To: <CAE-m3X2o-nDLrvK4g8w0Mqsy5fXF2Pix1YR-TK=m-yrL2Du8JQ@mail.gmail.com> References: <202110111458.19BEw4xF062545@gitrepo.freebsd.org> <3067458.bT80LyP3VS@mercury> <CAE-m3X2o-nDLrvK4g8w0Mqsy5fXF2Pix1YR-TK=m-yrL2Du8JQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------08wJcnlhtPGkEHG2i55qNnrw Content-Type: multipart/mixed; boundary="------------LfNHusc7q0XvwuMXp7DvQAYd"; protected-headers="v1" From: Stefan Esser <se@freebsd.org> To: =?UTF-8?Q?Bernhard_Fr=c3=b6hlich?= <decke@freebsd.org> Cc: "ports-committers@freebsd.org" <ports-committers@freebsd.org>, "dev-commits-ports-all@freebsd.org" <dev-commits-ports-all@freebsd.org>, "dev-commits-ports-main@freebsd.org" <dev-commits-ports-main@freebsd.org> Message-ID: <255b290b-72fe-45c0-b5bf-6271eb1543ac@freebsd.org> Subject: Re: git: a90e961f4d19 - main - */*: Avoid extra CPE_VENDOR=kde by properly sorting USES References: <202110111458.19BEw4xF062545@gitrepo.freebsd.org> <3067458.bT80LyP3VS@mercury> <CAE-m3X2o-nDLrvK4g8w0Mqsy5fXF2Pix1YR-TK=m-yrL2Du8JQ@mail.gmail.com> In-Reply-To: <CAE-m3X2o-nDLrvK4g8w0Mqsy5fXF2Pix1YR-TK=m-yrL2Du8JQ@mail.gmail.com> --------------LfNHusc7q0XvwuMXp7DvQAYd Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Am 11.10.21 um 21:43 schrieb Bernhard Fr=C3=B6hlich: [...] > Doesn't matter much since CPE data is a moving target anyway. To handle= that I > created chkcpe [1] which automatically analyzes the portstree once a da= y and > verifies the CPE data it finds. >=20 > In this particular case it will detect a invalid CPE vendor/product and= will > list the port under "invalid". There are similar cases like port rename= , " > repocopy" etc. which can also easily lead to invalid CPE data. >=20 > =C2=A0[1] https://github.com/decke/chkcpe <https://github.com/decke/chk= cpe> Hi Bernhard, interesting service, has it ever been announced to port maintainers? One question: what am I supposed to do with ports that are in the "checkneeded" list with wrong information, but do not have a CPE database entry (and probably won't ever get one)? Specifically: I just checked for entries matching ports I maintain, and there are 2 in the "checkneeded" category, both with wrong CPE information. The ports in question are math/gh-bc and deskutils/calendar, and neither of them is in the CPE dictionary and I'm not supposed to make entries up. The entry suggested for gh-bc is: cpe:2.3:a:gnu:bc:*:*:*:*:*:*:*:* which is wrong. This project has no connection to GNU. The calendar port is a slightly modified version of the calendar program in FreeBSD-CURRENT for use with older -STABLE releases that lack quite a number of features of the new version. Neither the WiKi nor any other information I found seems to offer any help for this case. Is it possible to mark a port as: "ignore with regard to CPE"? How do products added to the CPE database (should be possible for gh-bc, which is available for a lot of operating systems)? And how do we deal with base system components that have been converted to a port or have been made available as a port in addition to being present in some base system release? Regards, STefan --------------LfNHusc7q0XvwuMXp7DvQAYd-- --------------08wJcnlhtPGkEHG2i55qNnrw Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsB5BAABCAAjFiEEo3HqZZwL7MgrcVMTR+u171r99UQFAmFla8YFAwAAAAAACgkQR+u171r99UQn CAf/RCvGdUqBmsTkSJ+1cBlP6bxNJhA/Wz6jq1XydHhYveGB9v/zz+UI3OoVuNF7LNgTeF2YhVDm tLgIf6c5Hh331p7Fbo/pWxiW1T4572jjM4o8QRbwWMXA/dEQRWXjA4kmgruJ6S1EPkF8Z5iVXclM LNHu5V8Zr4/aq9gZAC/tgsf0hg7YMhcgj4rqI2w5G3ta6uViYVH8r0qgLvk8kug7nXLeK8N2qoML oJXhp3PPvsIQXuqIWM10v3Ij2pOMe3gZazUd4esw0YyAWFTBCUPGWtz/i2zpW4ck/rId4my5jJ0f 1UfV5IuuTUrK52rTkhJpmikhA10nhtl7magByYWSkg== =8REn -----END PGP SIGNATURE----- --------------08wJcnlhtPGkEHG2i55qNnrw--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?255b290b-72fe-45c0-b5bf-6271eb1543ac>