FOO_CPE_ID_VALID really ought to be an internal implementaion detail.
Packages that really want to trigger their CPE defintitions really
should set one of the actual variables to a meaningful value.
There are two CPE-related variables that we could chose to set to
replace FOO_CPE_ID_VALID: FOO_CPE_ID_VENDOR and FOO_CPE_ID_PRODUCT.
Between those two, _VENDOR more often diverges from the default than
_PRODUCT does, so that's what we use.
---8<------8<------8<------8<------8<---
#!/bin/bash
# Replace FOO_CPE_ID_VALID = YES with FOO_CPE_ID_VENDOR = foo_project
for i in $(git grep -l -E '[^)]_CPE_ID_VALID = YES' package support); do
pkg="$(basename "${i%/*}")"
sed -r -i -e "s/_CPE_ID_VALID = YES/_CPE_ID_VENDOR = ${pkg}_project/" "${i}"
done
---8<------8<------8<------8<------8<---
Reported-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Cc: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Cc: Matthew Weber <matthew.weber@rockwellcollins.com>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[Peter: update cpe-test comment to reflect pkg3 change]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
ASN1C_SITE = https://github.com/vlm/asn1c/releases/download/v$(ASN1C_VERSION)
ASN1C_LICENSE = BSD-2-Clause
ASN1C_LICENSE_FILES = LICENSE
-ASN1C_CPE_ID_VALID = YES
+ASN1C_CPE_ID_VENDOR = asn1c_project
$(eval $(host-autotools-package))
ATFTP_SITE = http://sourceforge.net/projects/atftp/files
ATFTP_LICENSE = GPL-2.0+
ATFTP_LICENSE_FILES = LICENSE
-ATFTP_CPE_ID_VALID = YES
+ATFTP_CPE_ID_VENDOR = atftp_project
ATFTP_CONF_OPTS = --disable-libwrap --disable-mtftp
# For static we need to explicitly link against libpthread
ATFTP_LIBS = -lpthread
ATOP_SITE = http://www.atoptool.nl/download
ATOP_LICENSE = GPL-2.0+
ATOP_LICENSE_FILES = COPYING
-ATOP_CPE_ID_VALID = YES
+ATOP_CPE_ID_VENDOR = atop_project
ATOP_DEPENDENCIES = ncurses zlib
ATOP_CFLAGS = $(TARGET_CFLAGS)
ATTR_SITE = http://download.savannah.gnu.org/releases/attr
ATTR_LICENSE = GPL-2.0+ (programs), LGPL-2.1+ (libraries)
ATTR_LICENSE_FILES = doc/COPYING doc/COPYING.LGPL
-ATTR_CPE_ID_VALID = YES
+ATTR_CPE_ID_VENDOR = attr_project
ATTR_INSTALL_STAGING = YES
AXEL_SOURCE = axel-$(AXEL_VERSION).tar.xz
AXEL_LICENSE = GPL-2.0+
AXEL_LICENSE_FILES = COPYING
-AXEL_CPE_ID_VALID = YES
+AXEL_CPE_ID_VENDOR = axel_project
AXEL_DEPENDENCIES = host-pkgconf $(TARGET_NLS_DEPENDENCIES)
# ac_cv_prog_cc_c99 is required for BR2_USE_WCHAR=n because the C99 test
BDWGC_INSTALL_STAGING = YES
BDWGC_LICENSE = bdwgc license
BDWGC_LICENSE_FILES = README.QUICK
-BDWGC_CPE_ID_VALID = YES
+BDWGC_CPE_ID_VENDOR = bdwgc_project
BDWGC_DEPENDENCIES = libatomic_ops host-pkgconf
HOST_BDWGC_DEPENDENCIES = host-libatomic_ops host-pkgconf
BEECRYPT_INSTALL_STAGING = YES
BEECRYPT_LICENSE = LGPL-2.1+
BEECRYPT_LICENSE_FILES = COPYING.LIB
-BEECRYPT_CPE_ID_VALID = YES
+BEECRYPT_CPE_ID_VENDOR = beecrypt_project
BEECRYPT_CONF_OPTS = \
--disable-expert-mode \
BOTAN_SITE = http://botan.randombit.net/releases
BOTAN_LICENSE = BSD-2-Clause
BOTAN_LICENSE_FILES = license.txt
-BOTAN_CPE_ID_VALID = YES
+BOTAN_CPE_ID_VENDOR = botan_project
BOTAN_INSTALL_STAGING = YES
C_ICAP_SITE = http://downloads.sourceforge.net/c-icap
C_ICAP_LICENSE = LGPL-2.1+
C_ICAP_LICENSE_FILES = COPYING
-C_ICAP_CPE_ID_VALID = YES
+C_ICAP_CPE_ID_VENDOR = c-icap_project
C_ICAP_INSTALL_STAGING = YES
C_ICAP_CONFIG_SCRIPTS = c-icap-config c-icap-libicapapi-config
C_ICAP_CONF_OPTS = \
CIVETWEB_SITE = $(call github,civetweb,civetweb,v$(CIVETWEB_VERSION))
CIVETWEB_LICENSE = MIT
CIVETWEB_LICENSE_FILES = LICENSE.md
-CIVETWEB_CPE_ID_VALID = YES
+CIVETWEB_CPE_ID_VENDOR = civetweb_project
CIVETWEB_CONF_OPTS = TARGET_OS=LINUX WITH_IPV6=1 \
$(if $(BR2_INSTALL_LIBSTDCPP),WITH_CPP=1)
CJSON_INSTALL_STAGING = YES
CJSON_LICENSE = MIT
CJSON_LICENSE_FILES = LICENSE
-CJSON_CPE_ID_VALID = YES
+CJSON_CPE_ID_VENDOR = cjson_project
# Set ENABLE_CUSTOM_COMPILER_FLAGS to OFF in particular to disable
# -fstack-protector-strong which depends on BR2_TOOLCHAIN_HAS_SSP
CJSON_CONF_OPTS += \
$(TARGET_NLS_DEPENDENCIES)
CRYPTSETUP_LICENSE = GPL-2.0+ (programs), LGPL-2.1+ (library)
CRYPTSETUP_LICENSE_FILES = COPYING COPYING.LGPL
-CRYPTSETUP_CPE_ID_VALID = YES
+CRYPTSETUP_CPE_ID_VENDOR = cryptsetup_project
CRYPTSETUP_INSTALL_STAGING = YES
CRYPTSETUP_CONF_ENV += LDFLAGS="$(TARGET_LDFLAGS) $(TARGET_NLS_LIBS)"
CRYPTSETUP_CONF_OPTS += --enable-blkid --enable-libargon2
DOSFSTOOLS_SITE = https://github.com/dosfstools/dosfstools/releases/download/v$(DOSFSTOOLS_VERSION)
DOSFSTOOLS_LICENSE = GPL-3.0+
DOSFSTOOLS_LICENSE_FILES = COPYING
-DOSFSTOOLS_CPE_ID_VALID = YES
+DOSFSTOOLS_CPE_ID_VENDOR = dosfstools_project
DOSFSTOOLS_CONF_OPTS = --enable-compat-symlinks --exec-prefix=/
HOST_DOSFSTOOLS_CONF_OPTS = --enable-compat-symlinks
E2FSPROGS_SITE = $(BR2_KERNEL_MIRROR)/linux/kernel/people/tytso/e2fsprogs/v$(E2FSPROGS_VERSION)
E2FSPROGS_LICENSE = GPL-2.0, MIT-like with advertising clause (libss and libet)
E2FSPROGS_LICENSE_FILES = NOTICE lib/ss/mit-sipb-copyright.h lib/et/internal.h
-E2FSPROGS_CPE_ID_VALID = YES
+E2FSPROGS_CPE_ID_VENDOR = e2fsprogs_project
E2FSPROGS_INSTALL_STAGING = YES
# Use libblkid and libuuid from util-linux for host and target packages.
ELFUTILS_INSTALL_STAGING = YES
ELFUTILS_LICENSE = GPL-2.0+ or LGPL-3.0+ (library)
ELFUTILS_LICENSE_FILES = COPYING COPYING-GPLV2 COPYING-LGPLV3
-ELFUTILS_CPE_ID_VALID = YES
+ELFUTILS_CPE_ID_VENDOR = elfutils_project
ELFUTILS_DEPENDENCIES = host-pkgconf zlib $(TARGET_NLS_DEPENDENCIES)
HOST_ELFUTILS_DEPENDENCIES = host-pkgconf host-zlib host-bzip2 host-xz
FILE_INSTALL_STAGING = YES
FILE_LICENSE = BSD-2-Clause, BSD-4-Clause (one file), BSD-3-Clause (one file)
FILE_LICENSE_FILES = COPYING src/mygetopt.h src/vasprintf.c
-FILE_CPE_ID_VALID = YES
+FILE_CPE_ID_VENDOR = file_project
# We're patching configure.ac
FILE_AUTORECONF = YES
HOST_FILE_CONF_OPTS = --disable-libseccomp
FLAC_DEPENDENCIES = $(if $(BR2_PACKAGE_LIBICONV),libiconv)
FLAC_LICENSE = Xiph BSD-like (libFLAC), GPL-2.0+ (tools), LGPL-2.1+ (other libraries)
FLAC_LICENSE_FILES = COPYING.Xiph COPYING.GPL COPYING.LGPL
-FLAC_CPE_ID_VALID = YES
+FLAC_CPE_ID_VENDOR = flac_project
# patch touching configure.ac
FLAC_AUTORECONF = YES
FLEX_INSTALL_STAGING = YES
FLEX_LICENSE = FLEX
FLEX_LICENSE_FILES = COPYING
-FLEX_CPE_ID_VALID = YES
+FLEX_CPE_ID_VENDOR = flex_project
FLEX_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES) host-m4
HOST_FLEX_DEPENDENCIES = host-m4
host-freetype host-expat host-pkgconf host-gperf host-util-linux
FONTCONFIG_LICENSE = fontconfig license
FONTCONFIG_LICENSE_FILES = COPYING
-FONTCONFIG_CPE_ID_VALID = YES
+FONTCONFIG_CPE_ID_VENDOR = fontconfig_project
FONTCONFIG_CONF_OPTS = \
--with-arch=$(GNU_TARGET_NAME) \
GIFLIB_INSTALL_STAGING = YES
GIFLIB_LICENSE = MIT
GIFLIB_LICENSE_FILES = COPYING
-GIFLIB_CPE_ID_VALID = YES
+GIFLIB_CPE_ID_VENDOR = giflib_project
ifeq ($(BR2_STATIC_LIBS),y)
GIFLIB_BUILD_LIBS = static-lib
GNUPLOT_SITE = http://downloads.sourceforge.net/project/gnuplot/gnuplot/$(GNUPLOT_VERSION)
GNUPLOT_LICENSE = gnuplot license (open source)
GNUPLOT_LICENSE_FILES = Copyright
-GNUPLOT_CPE_ID_VALID = YES
+GNUPLOT_CPE_ID_VENDOR = gnuplot_project
GNUPLOT_AUTORECONF = YES
HARFBUZZ_SOURCE = harfbuzz-$(HARFBUZZ_VERSION).tar.xz
HARFBUZZ_LICENSE = MIT, ISC (ucdn library)
HARFBUZZ_LICENSE_FILES = COPYING
-HARFBUZZ_CPE_ID_VALID = YES
+HARFBUZZ_CPE_ID_VENDOR = harfbuzz_project
HARFBUZZ_INSTALL_STAGING = YES
HARFBUZZ_CONF_OPTS = \
-Dfontconfig=disabled \
HOST_HEIMDAL_CONF_ENV = MAKEINFO=true
HEIMDAL_LICENSE = BSD-3-Clause
HEIMDAL_LICENSE_FILES = LICENSE
-HEIMDAL_CPE_ID_VALID = YES
+HEIMDAL_CPE_ID_VENDOR = heimdal_project
# We need asn1_compile in the PATH for samba4
define HOST_HEIMDAL_MAKE_SYMLINK
IPMITOOL_SITE = http://downloads.sourceforge.net/project/ipmitool/ipmitool/$(IPMITOOL_VERSION)
IPMITOOL_LICENSE = BSD-3-Clause
IPMITOOL_LICENSE_FILES = COPYING
-IPMITOOL_CPE_ID_VALID = YES
+IPMITOOL_CPE_ID_VENDOR = ipmitool_project
# 0008-fru-Fix-buffer-overflow-vulnerabilities.patch
# 0009-fru-Fix-buffer-overflow-in-ipmi_spd_print_fru.patch
endif
IUCODE_TOOL_LICENSE = GPL-2.0+
IUCODE_TOOL_LICENSE_FILES = COPYING
-IUCODE_TOOL_CPE_ID_VALID = YES
+IUCODE_TOOL_CPE_ID_VENDOR = iucode-tool_project
define IUCODE_TOOL_INSTALL_INIT_SYSV
$(INSTALL) -D -m 0755 package/iucode-tool/S00iucode-tool \
JANSSON_SITE = http://www.digip.org/jansson/releases
JANSSON_LICENSE = MIT
JANSSON_LICENSE_FILES = LICENSE
-JANSSON_CPE_ID_VALID = YES
+JANSSON_CPE_ID_VENDOR = jansson_project
JANSSON_INSTALL_STAGING = YES
JANSSON_CONF_ENV = LIBS="-lm"
JASPER_INSTALL_STAGING = YES
JASPER_LICENSE = JasPer-2.0
JASPER_LICENSE_FILES = LICENSE
-JASPER_CPE_ID_VALID = YES
+JASPER_CPE_ID_VENDOR = jasper_project
JASPER_SUPPORTS_IN_SOURCE_BUILD = NO
JASPER_CONF_OPTS = \
-DCMAKE_DISABLE_FIND_PACKAGE_DOXYGEN=TRUE \
JHEAD_SITE = http://www.sentex.net/~mwandel/jhead
JHEAD_LICENSE = Public Domain
JHEAD_LICENSE_FILES = readme.txt
-JHEAD_CPE_ID_VALID = YES
+JHEAD_CPE_ID_VENDOR = jhead_project
define JHEAD_BUILD_CMDS
$(TARGET_MAKE_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) -C $(@D)
JQ_SITE = $(call github,stedolan,jq,$(JQ_VERSION))
JQ_LICENSE = MIT (code), ICU (decNumber), CC-BY-3.0 (documentation)
JQ_LICENSE_FILES = COPYING
-JQ_CPE_ID_VALID = YES
+JQ_CPE_ID_VENDOR = jq_project
JQ_INSTALL_STAGING = YES
# currently using git version directly
JSON_C_INSTALL_STAGING = YES
JSON_C_LICENSE = MIT
JSON_C_LICENSE_FILES = COPYING
-JSON_C_CPE_ID_VALID = YES
+JSON_C_CPE_ID_VENDOR = json-c_project
$(eval $(cmake-package))
$(eval $(host-cmake-package))
JSONCPP_SITE = $(call github,open-source-parsers,jsoncpp,$(JSONCPP_VERSION))
JSONCPP_LICENSE = Public Domain or MIT
JSONCPP_LICENSE_FILES = LICENSE
-JSONCPP_CPE_ID_VALID = YES
+JSONCPP_CPE_ID_VENDOR = jsoncpp_project
JSONCPP_INSTALL_STAGING = YES
JSONCPP_CONF_OPTS = -Dtests=false
LAME_CONF_OPTS = --enable-dynamic-frontends
LAME_LICENSE = LGPL-2.0+
LAME_LICENSE_FILES = COPYING
-LAME_CPE_ID_VALID = YES
+LAME_CPE_ID_VENDOR = lame_project
ifeq ($(BR2_PACKAGE_LIBSNDFILE),y)
LAME_DEPENDENCIES += libsndfile
LFTP_SITE = http://lftp.yar.ru/ftp
LFTP_LICENSE = GPL-3.0+
LFTP_LICENSE_FILES = COPYING
-LFTP_CPE_ID_VALID = YES
+LFTP_CPE_ID_VENDOR = lftp_project
LFTP_DEPENDENCIES = readline zlib host-pkgconf
# Help lftp finding readline and zlib
LIBASS_INSTALL_STAGING = YES
LIBASS_LICENSE = ISC
LIBASS_LICENSE_FILES = COPYING
-LIBASS_CPE_ID_VALID = YES
+LIBASS_CPE_ID_VENDOR = libass_project
LIBASS_DEPENDENCIES = \
host-pkgconf \
freetype \
LIBCAP_NG_SITE = http://people.redhat.com/sgrubb/libcap-ng
LIBCAP_NG_LICENSE = GPL-2.0+ (programs), LGPL-2.1+ (library)
LIBCAP_NG_LICENSE_FILES = COPYING COPYING.LIB
-LIBCAP_NG_CPE_ID_VALID = YES
+LIBCAP_NG_CPE_ID_VENDOR = libcap-ng_project
LIBCAP_NG_INSTALL_STAGING = YES
LIBCAP_NG_CONF_ENV = ac_cv_prog_swig_found=no
LIBCONFUSE_CONF_OPTS = --disable-rpath
LIBCONFUSE_LICENSE = ISC
LIBCONFUSE_LICENSE_FILES = LICENSE
-LIBCONFUSE_CPE_ID_VALID = YES
+LIBCONFUSE_CPE_ID_VENDOR = libconfuse_project
LIBCONFUSE_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES)
$(eval $(autotools-package))
LIBESMTP_DEPENDENCIES = $(if $(BR2_PACKAGE_OPENSSL),openssl)
LIBESMTP_LICENSE = GPL-2.0+ (examples), LGPL-2.1+ (library)
LIBESMTP_LICENSE_FILES = COPYING COPYING.LIB
-LIBESMTP_CPE_ID_VALID = YES
+LIBESMTP_CPE_ID_VENDOR = libesmtp_project
$(eval $(autotools-package))
LIBEVENT_INSTALL_STAGING = YES
LIBEVENT_LICENSE = BSD-3-Clause, OpenBSD
LIBEVENT_LICENSE_FILES = LICENSE
-LIBEVENT_CPE_ID_VALID = YES
+LIBEVENT_CPE_ID_VENDOR = libevent_project
LIBEVENT_CONF_OPTS = \
--disable-libevent-regress \
--disable-samples
LIBEXIF_DEPENDENCIES = host-pkgconf
LIBEXIF_LICENSE = LGPL-2.1+
LIBEXIF_LICENSE_FILES = COPYING
-LIBEXIF_CPE_ID_VALID = YES
+LIBEXIF_CPE_ID_VENDOR = libexif_project
# 0001-fixed-another-unsigned-integer-overflow.patch
LIBEXIF_IGNORE_CVES += CVE-2020-0198
# 0002-fixed-a-incorrect-overflow-check.patch
LIBGIT2_SITE = https://github.com/libgit2/libgit2/releases/download/v$(LIBGIT2_VERSION)
LIBGIT2_LICENSE = GPL-2.0 with linking exception, MIT (sha1), wildmatch license (wildmatch)
LIBGIT2_LICENSE_FILES = COPYING
-LIBGIT2_CPE_ID_VALID = YES
+LIBGIT2_CPE_ID_VENDOR = libgit2_project
LIBGIT2_INSTALL_STAGING = YES
LIBGIT2_CONF_OPTS = \
LIBKSBA_SITE = ftp://ftp.gnupg.org/gcrypt/libksba
LIBKSBA_LICENSE = LGPL-3.0+ or GPL-2.0+ (library, headers), GPL-3.0+ (manual, tests, build system)
LIBKSBA_LICENSE_FILES = AUTHORS COPYING COPYING.GPLv2 COPYING.GPLv3 COPYING.LGPLv3
-LIBKSBA_CPE_ID_VALID = YES
+LIBKSBA_CPE_ID_VENDOR = libksba_project
LIBKSBA_INSTALL_STAGING = YES
LIBKSBA_DEPENDENCIES = libgpg-error
LIBKSBA_CONF_OPTS = --with-gpg-error-prefix=$(STAGING_DIR)/usr
LIBRSYNC_SITE = $(call github,librsync,librsync,v$(LIBRSYNC_VERSION))
LIBRSYNC_LICENSE = LGPL-2.1+
LIBRSYNC_LICENSE_FILES = COPYING
-LIBRSYNC_CPE_ID_VALID = YES
+LIBRSYNC_CPE_ID_VENDOR = librsync_project
LIBRSYNC_INSTALL_STAGING = YES
LIBRSYNC_DEPENDENCIES = host-pkgconf zlib bzip2 popt
LIBSECCOMP_SITE = https://github.com/seccomp/libseccomp/releases/download/v$(LIBSECCOMP_VERSION)
LIBSECCOMP_LICENSE = LGPL-2.1
LIBSECCOMP_LICENSE_FILES = LICENSE
-LIBSECCOMP_CPE_ID_VALID = YES
+LIBSECCOMP_CPE_ID_VENDOR = libseccomp_project
LIBSECCOMP_INSTALL_STAGING = YES
$(eval $(autotools-package))
LIBSNDFILE_INSTALL_STAGING = YES
LIBSNDFILE_LICENSE = LGPL-2.1+
LIBSNDFILE_LICENSE_FILES = COPYING
-LIBSNDFILE_CPE_ID_VALID = YES
+LIBSNDFILE_CPE_ID_VENDOR = libsndfile_project
# 0001-double64_init-Check-psf-sf.channels-against-upper-bo.patch
LIBSNDFILE_IGNORE_CVES += CVE-2017-14634
LIBTIRPC_SITE = http://downloads.sourceforge.net/project/libtirpc/libtirpc/$(LIBTIRPC_VERSION)
LIBTIRPC_LICENSE = BSD-3-Clause
LIBTIRPC_LICENSE_FILES = COPYING
-LIBTIRPC_CPE_ID_VALID = YES
+LIBTIRPC_CPE_ID_VENDOR = libtirpc_project
LIBTIRPC_DEPENDENCIES = host-nfs-utils
LIBTIRPC_INSTALL_STAGING = YES
LIBUPNP_INSTALL_STAGING = YES
LIBUPNP_LICENSE = BSD-3-Clause
LIBUPNP_LICENSE_FILES = COPYING
-LIBUPNP_CPE_ID_VALID = YES
+LIBUPNP_CPE_ID_VENDOR = libupnp_project
LIBUPNP_DEPENDENCIES = host-pkgconf
# Bind the internal miniserver socket with reuseaddr to allow clean restarts.
LIBVNCSERVER_SITE = https://github.com/LibVNC/libvncserver/archive
LIBVNCSERVER_LICENSE = GPL-2.0+
LIBVNCSERVER_LICENSE_FILES = COPYING
-LIBVNCSERVER_CPE_ID_VALID = YES
+LIBVNCSERVER_CPE_ID_VENDOR = libvncserver_project
LIBVNCSERVER_INSTALL_STAGING = YES
LIBVNCSERVER_DEPENDENCIES = host-pkgconf lzo
LIBVNCSERVER_CONF_OPTS = -DWITH_LZO=ON
LOGROTATE_SITE = https://github.com/logrotate/logrotate/releases/download/$(LOGROTATE_VERSION)
LOGROTATE_LICENSE = GPL-2.0+
LOGROTATE_LICENSE_FILES = COPYING
-LOGROTATE_CPE_ID_VALID = YES
+LOGROTATE_CPE_ID_VENDOR = logrotate_project
LOGROTATE_DEPENDENCIES = popt host-pkgconf
LOGROTATE_CONF_ENV = LIBS="`$(PKG_CONFIG_HOST_BINARY) --libs popt`"
LZO_SITE = http://www.oberhumer.com/opensource/lzo/download
LZO_LICENSE = GPL-2.0+
LZO_LICENSE_FILES = COPYING
-LZO_CPE_ID_VALID = YES
+LZO_CPE_ID_VENDOR = lzo_project
LZO_INSTALL_STAGING = YES
LZO_SUPPORTS_IN_SOURCE_BUILD = NO
MATIO_SITE = http://downloads.sourceforge.net/project/matio/matio/$(MATIO_VERSION)
MATIO_LICENSE = BSD-2-Clause
MATIO_LICENSE_FILES = COPYING
-MATIO_CPE_ID_VALID = YES
+MATIO_CPE_ID_VENDOR = matio_project
MATIO_DEPENDENCIES = zlib
MATIO_INSTALL_STAGING = YES
https://salsa.debian.org/minicom-team/minicom/-/archive/$(MINICOM_VERSION)
MINICOM_LICENSE = GPL-2.0+
MINICOM_LICENSE_FILES = COPYING
-MINICOM_CPE_ID_VALID = YES
+MINICOM_CPE_ID_VENDOR = minicom_project
MINICOM_AUTORECONF = YES
MINICOM_DEPENDENCIES = ncurses $(if $(BR2_ENABLE_LOCALE),,libiconv) \
$(TARGET_NLS_DEPENDENCIES)
NCMPC_LICENSE = GPL-2.0+
NCMPC_LICENSE_FILES = COPYING
-NCMPC_CPE_ID_VALID = YES
+NCMPC_CPE_ID_VENDOR = ncmpc_project
NCMPC_CONF_OPTS = \
-Dcurses=ncurses \
libevent
NETATALK_LICENSE = GPL-2.0+, LGPL-3.0+, MIT-like
NETATALK_LICENSE_FILES = COPYING COPYRIGHT
-NETATALK_CPE_ID_VALID = YES
+NETATALK_CPE_ID_VENDOR = netatalk_project
# Don't run ldconfig!
NETATALK_CONF_ENV += CC="$(TARGET_CC) -std=gnu99" \
NETCAT_SITE = http://downloads.sourceforge.net/project/netcat/netcat/$(NETCAT_VERSION)
NETCAT_LICENSE = GPL-2.0+
NETCAT_LICENSE_FILES = COPYING
-NETCAT_CPE_ID_VALID = YES
+NETCAT_CPE_ID_VENDOR = netcat_project
$(eval $(autotools-package))
NETTLE_INSTALL_STAGING = YES
NETTLE_LICENSE = Dual GPL-2.0+/LGPL-3.0+
NETTLE_LICENSE_FILES = COPYING.LESSERv3 COPYINGv2
-NETTLE_CPE_ID_VALID = YES
+NETTLE_CPE_ID_VENDOR = nettle_project
# don't include openssl support for (unused) examples as it has problems
# with static linking
NETTLE_CONF_OPTS = --disable-openssl
ONIGURUMA_SOURCE = onig-$(ONIGURUMA_VERSION).tar.gz
ONIGURUMA_LICENSE = BSD-2-Clause
ONIGURUMA_LICENSE_FILES = COPYING
-ONIGURUMA_CPE_ID_VALID = YES
+ONIGURUMA_CPE_ID_VENDOR = oniguruma_project
ONIGURUMA_INSTALL_STAGING = YES
$(eval $(autotools-package))
OPENRC_SITE = $(call github,OpenRC,openrc,$(OPENRC_VERSION))
OPENRC_LICENSE = BSD-2-Clause
OPENRC_LICENSE_FILES = LICENSE
-OPENRC_CPE_ID_VALID = YES
+OPENRC_CPE_ID_VENDOR = openrc_project
# 0007-checkpath-fix-CVE-2018-21269.patch
OPENRC_IGNORE_CVES += CVE-2018-21269
ac_cv_have_decl___progname=no
P11_KIT_LICENSE = BSD-3-Clause
P11_KIT_LICENSE_FILES = COPYING
-P11_KIT_CPE_ID_VALID = YES
+P11_KIT_CPE_ID_VENDOR = p11-kit_project
ifeq ($(BR2_PACKAGE_LIBFFI),y)
P11_KIT_DEPENDENCIES += host-pkgconf libffi
POLKIT_SITE = http://www.freedesktop.org/software/polkit/releases
POLKIT_LICENSE = GPL-2.0
POLKIT_LICENSE_FILES = COPYING
-POLKIT_CPE_ID_VALID = YES
+POLKIT_CPE_ID_VENDOR = polkit_project
POLKIT_AUTORECONF = YES
POLKIT_INSTALL_STAGING = YES
POWERPC_UTILS_AUTORECONF = YES
POWERPC_UTILS_LICENSE = GPL-2.0+
POWERPC_UTILS_LICENSE_FILES = COPYING
-POWERPC_UTILS_CPE_ID_VALID = YES
+POWERPC_UTILS_CPE_ID_VENDOR = powerpc-utils_project
POWERPC_UTILS_CONF_ENV = \
ax_cv_check_cflags___fstack_protector_all=$(if $(BR2_TOOLCHAIN_HAS_SSP),yes,no)
PROCPS_NG_SITE = http://downloads.sourceforge.net/project/procps-ng/Production
PROCPS_NG_LICENSE = GPL-2.0+, LGPL-2.0+ (libproc and libps)
PROCPS_NG_LICENSE_FILES = COPYING COPYING.LIB
-PROCPS_NG_CPE_ID_VALID = YES
+PROCPS_NG_CPE_ID_VENDOR = procps-ng_project
PROCPS_NG_INSTALL_STAGING = YES
PROCPS_NG_DEPENDENCIES = ncurses host-pkgconf $(TARGET_NLS_DEPENDENCIES)
PROCPS_NG_CONF_OPTS = LIBS=$(TARGET_NLS_LIBS)
RABBITMQ_C_SITE = $(call github,alanxz,rabbitmq-c,v$(RABBITMQ_C_VERSION))
RABBITMQ_C_LICENSE = MIT
RABBITMQ_C_LICENSE_FILES = LICENSE-MIT
-RABBITMQ_C_CPE_ID_VALID = YES
+RABBITMQ_C_CPE_ID_VENDOR = rabbitmq-c_project
RABBITMQ_C_INSTALL_STAGING = YES
RABBITMQ_C_CONF_OPTS = \
-DBUILD_API_DOCS=OFF \
RHASH_SITE = https://sourceforge.net/projects/rhash/files/rhash/$(RHASH_VERSION)
RHASH_LICENSE = 0BSD
RHASH_LICENSE_FILES = COPYING
-RHASH_CPE_ID_VALID = YES
+RHASH_CPE_ID_VENDOR = rhash_project
RHASH_INSTALL_STAGING = YES
RHASH_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES)
RHASH_ADDLDFLAGS = $(TARGET_NLS_LIBS)
RPCBIND_SOURCE = rpcbind-$(RPCBIND_VERSION).tar.bz2
RPCBIND_LICENSE = BSD-3-Clause
RPCBIND_LICENSE_FILES = COPYING
-RPCBIND_CPE_ID_VALID = YES
+RPCBIND_CPE_ID_VENDOR = rpcbind_project
RPCBIND_CONF_ENV += \
CFLAGS="$(TARGET_CFLAGS) `$(PKG_CONFIG_HOST_BINARY) --cflags libtirpc`"
# care about librtmp, it's LGPL-2.1+
RTMPDUMP_LICENSE = LGPL-2.1+
RTMPDUMP_LICENSE_FILES = librtmp/COPYING
-RTMPDUMP_CPE_ID_VALID = YES
+RTMPDUMP_CPE_ID_VENDOR = rtmpdump_project
RTMPDUMP_DEPENDENCIES = zlib
ifeq ($(BR2_PACKAGE_GNUTLS),y)
SANE_BACKENDS_CONFIG_SCRIPTS = sane-config
SANE_BACKENDS_LICENSE = GPL-2.0+
SANE_BACKENDS_LICENSE_FILES = COPYING
-SANE_BACKENDS_CPE_ID_VALID = YES
+SANE_BACKENDS_CPE_ID_VENDOR = sane-backends_project
SANE_BACKENDS_INSTALL_STAGING = YES
SANE_BACKENDS_CONF_OPTS = \
SPICE_SITE = http://www.spice-space.org/download/releases/spice-server
SPICE_LICENSE = LGPL-2.1+
SPICE_LICENSE_FILES = COPYING
-SPICE_CPE_ID_VALID = YES
+SPICE_CPE_ID_VENDOR = spice_project
SPICE_INSTALL_STAGING = YES
SPICE_DEPENDENCIES = \
host-pkgconf \
SQUASHFS_SITE = $(call github,plougher,squashfs-tools,$(SQUASHFS_VERSION))
SQUASHFS_LICENSE = GPL-2.0+
SQUASHFS_LICENSE_FILES = COPYING
-SQUASHFS_CPE_ID_VALID = YES
+SQUASHFS_CPE_ID_VENDOR = squashfs_project
SQUASHFS_MAKE_ARGS = XATTR_SUPPORT=1
ifeq ($(BR2_PACKAGE_SQUASHFS_LZ4),y)
STRACE_SITE = https://strace.io/files/$(STRACE_VERSION)
STRACE_LICENSE = LGPL-2.1+
STRACE_LICENSE_FILES = COPYING LGPL-2.1-or-later
-STRACE_CPE_ID_VALID = YES
+STRACE_CPE_ID_VENDOR = strace_project
STRACE_CONF_OPTS = --enable-mpers=no
ifeq ($(BR2_PACKAGE_LIBUNWIND),y)
SYSKLOGD_SITE = https://github.com/troglobit/sysklogd/releases/download/v$(SYSKLOGD_VERSION)
SYSKLOGD_LICENSE = BSD-3-Clause
SYSKLOGD_LICENSE_FILES = LICENSE
-SYSKLOGD_CPE_ID_VALID = YES
+SYSKLOGD_CPE_ID_VENDOR = sysklogd_project
# Busybox install logger in /usr/bin, and syslogd in /sbin, so install in
# the same locations so that busybox does not install its applets in there.
TMUX_SITE = https://github.com/tmux/tmux/releases/download/$(TMUX_VERSION)
TMUX_LICENSE = ISC
TMUX_LICENSE_FILES = COPYING
-TMUX_CPE_ID_VALID = YES
+TMUX_CPE_ID_VENDOR = tmux_project
TMUX_DEPENDENCIES = libevent ncurses host-pkgconf
# Add /usr/bin/tmux to /etc/shells otherwise some login tools like dropbear
UNZIP_SITE = https://snapshot.debian.org/archive/debian/20210110T204103Z/pool/main/u/unzip
UNZIP_LICENSE = Info-ZIP
UNZIP_LICENSE_FILES = LICENSE
-UNZIP_CPE_ID_VALID = YES
+UNZIP_CPE_ID_VENDOR = unzip_project
# unzip_$(UNZIP_VERSION)-26.debian.tar.xz has patches to fix:
UNZIP_IGNORE_CVES = \
UPX_SOURCE = upx-$(UPX_VERSION)-src.tar.xz
UPX_LICENSE = GPL-2.0+
UPX_LICENSE_FILES = COPYING
-UPX_CPE_ID_VALID = YES
+UPX_CPE_ID_VENDOR = upx_project
HOST_UPX_DEPENDENCIES = host-ucl host-zlib
VALIJSON_SITE = $(call github,tristanpenman,valijson,v$(VALIJSON_VERSION))
VALIJSON_LICENSE = BSD-2-Clause
VALIJSON_LICENSE_FILES = LICENSE
-VALIJSON_CPE_ID_VALID = YES
+VALIJSON_CPE_ID_VENDOR = valijson_project
VALIJSON_INSTALL_STAGING = YES
VALIJSON_INSTALL_TARGET = NO
VALIJSON_DEPENDENCIES = boost
VSFTPD_LIBS = -lcrypt
VSFTPD_LICENSE = GPL-2.0
VSFTPD_LICENSE_FILES = COPYING
-VSFTPD_CPE_ID_VALID = YES
+VSFTPD_CPE_ID_VENDOR = vsftpd_project
define VSFTPD_DISABLE_UTMPX
$(SED) 's/.*VSF_BUILD_UTMPX/#undef VSF_BUILD_UTMPX/' $(@D)/builddefs.h
X11VNC_DEPENDENCIES = xlib_libXt xlib_libXext xlib_libXtst libvncserver
X11VNC_LICENSE = GPL-2.0+
X11VNC_LICENSE_FILES = COPYING
-X11VNC_CPE_ID_VALID = YES
+X11VNC_CPE_ID_VENDOR = x11vnc_project
# 0002-scan-limit-access-to-shared-memory-segments-to-current-user.patch
X11VNC_IGNORE_CVES += CVE-2020-29074
# N.B. GPL-2.0+ code (in the hacks/glx subdirectory) is not currently built.
XSCREENSAVER_LICENSE = MIT-like, GPL-2.0+
XSCREENSAVER_LICENSE_FILES = hacks/screenhack.h hacks/glx/chessmodels.h
-XSCREENSAVER_CPE_ID_VALID = YES
+XSCREENSAVER_CPE_ID_VENDOR = xscreensaver_project
XSCREENSAVER_DEPENDENCIES = \
gdk-pixbuf \
YAML_CPP_INSTALL_STAGING = YES
YAML_CPP_LICENSE = MIT
YAML_CPP_LICENSE_FILES = LICENSE
-YAML_CPP_CPE_ID_VALID = YES
+YAML_CPP_CPE_ID_VENDOR = yaml-cpp_project
# Disable testing and parse tools
YAML_CPP_CONF_OPTS += \
ZZIPLIB_SITE = $(call github,gdraheim,zziplib,v$(ZZIPLIB_VERSION))
ZZIPLIB_LICENSE = LGPL-2.0+ or MPL-1.1
ZZIPLIB_LICENSE_FILES = docs/COPYING.LIB docs/COPYING.MPL docs/copying.htm
-ZZIPLIB_CPE_ID_VALID = YES
+ZZIPLIB_CPE_ID_VENDOR = zziplib_project
ZZIPLIB_INSTALL_STAGING = YES
ZZIPLIB_CONF_OPTS += \
-DZZIPDOCS=OFF \
CPE_ID_PKG3_VERSION = 67
-CPE_ID_PKG3_CPE_ID_VALID = YES
+CPE_ID_PKG3_CPE_ID_VENDOR = cpe-id-pkg3_project
$(eval $(generic-package))
$(eval $(host-generic-package))
self.assertNotIn("cpe-id", pkg_json['host-cpe-id-pkg2'])
def test_pkg3(self):
- # this package has just <pkg>_CPE_ID_VALID defined, so verify
+ # this package has just <pkg>_CPE_ID_VENDOR defined, so verify
# it has the default CPE_ID value, and that inheritance of the
# values for the host package is working
pkg_vars = self.get_vars("CPE_ID_PKG3_CPE_ID")
projects / buildroot.git / commitdiff