New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cpe-info reporting and maintenance script #32
Closed
rc-matthew-l-weber
wants to merge
74
commits into
buildroot:master
from
rc-matthew-l-weber:cpe-info-github
Closed
cpe-info reporting and maintenance script #32
rc-matthew-l-weber
wants to merge
74
commits into
buildroot:master
from
rc-matthew-l-weber:cpe-info-github
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Similar to make legal-info, produce a csv delimited file containing all selected packages CPE identification. Have the pkg infra define CPE_ID_* defaults using the package name for the vendor and name as most CPE IDs seem to align with that assumption. Also use the pkg version as the CPE ID's version field. Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com> --- Changes v2 [Thomas P - Moved comment on conditionals back to this patchset where the conditional is created vs later v3 [Thomas P - Merged infra define CPE_ID_* into this patch - Report all packages vs restricting to just allowing based on if the VENDOR was set (v2). This now represents Thomas P's original idea to report everything. At first I felt I should restrict the reporting to those CPE IDs we had made sure were correct. Turns out we should have actually let the script handle fixing the CPEs and just make a complete design of this up front. [Matt - Moved to using the _project on all vendors instead of just name
There are two types of software cpe prefixes, one for applications and one for operating systems. Note: There is a third type for hardware. This patchset determines which should be used and stores that information with the package for later use when assembling the CPE report. There is also a suffix which we just default to wildcards at this point. Refs: https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7695.pdf https://cpe.mitre.org/specification/ Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> --- Changes v1 -> v2 [Thomas P - Change to using a filter on pkg name value vs ifelse v3 [Arnout - Moved CPE prefix and suffix defines to package/Makefile.in
The reporting of host packages causes some duplication and complicates what is really in the targets configuration. For the purpose of the first version of this patchset, its assumed that host packages aren't relevant for the configuration and we only report the target's contents. Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> --- Changes v1 -> v2 [Thomas P - select if target vs selecting not host v3 - Fixed host build error because cpe-info wasn't defined
Provide guidance on setting up the *_CPE_* and *_CVE_* variables. Signed-off-by: Matt Weber <matthew.weber@rockwellcollins.com> --- Changes v2 [Thomas P - Reworded LIBFOO_CVE_PATCHED description [Matt W - Added definition for new preset variables to auto-gen the CPE ID - Added example LIBFOO_CPE_ID_VENDOR to LIBFOO v3 - Updated to make *_CPE_VENDOR optional - Changed wording around _CPE_ID as there is only one defined now
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> --- Changes v1 -> v2 [Thomas P - Updated how the ID is generated.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> --- Changes v1 -> v2 [Thomas P - Updated how the ID is generated.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> --- Changes v1 -> v2 [Thomas P - Updated how the ID is generated.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> --- Changes v1 -> v2 [Thomas P - Updated how the ID is generated.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> --- Changes v1 -> v2 [Thomas P - Updated how the ID is generated.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> --- Changes v1 -> v2 [Matt W - Added second CPE ID v3 - Removed second ID and updated definitions
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> --- Changes v1 -> v2 [Thomas P - Updated how the ID is generated.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> --- Changes v1 -> v2 [Thomas P - Updated how the ID is generated.
This package will report with the same CPE as the linux package. As such, depending on the toolchain approach, there will be a duplicate record with the same information. Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> --- Changes v1 -> v2 [Thomas P - Updated how the ID is generated.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> --- Changes v1 -> v2 [Thomas P - Updated how the ID is generated. v3 - removed new line
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> --- Changes v1 -> v2 [Thomas P - Updated how the ID is generated.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
rc-matthew-l-weber
force-pushed
the
cpe-info-github
branch
from
March 25, 2018 03:08
b992805
to
e0acf7e
Compare
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> Conflicts: package/audit/audit.mk
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Clayton Shotwell <clayton.shotwell@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
rc-matthew-l-weber
force-pushed
the
cpe-info-github
branch
from
March 25, 2018 03:15
e0acf7e
to
34eaf31
Compare
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Oops, shouldn't have been associated as a pull. |
ebertland
pushed a commit
to ebertland/buildroot
that referenced
this pull request
Jun 8, 2019
This change adds a README that describes basic procedures for using and maintaining buildroot. testing: none issue: buildroot#20
lubosz
pushed a commit
to lubosz/buildroot
that referenced
this pull request
Jun 14, 2020
* Update ncurses from upstream * ncurses: Update for old buildroot compatibility * ncurses: Add st-256color terminfo Used by the ST-SDL application
lubosz
pushed a commit
to lubosz/buildroot
that referenced
this pull request
Jun 14, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.