On Wed, 2023-05-03 at 07:19 -0400, Armin Kuster wrote:
> Its time we add the CPE_NAME to os-release.
>
> The vendor field is hardcoded to "openembedded" as it is the base
> framework. We will use "DISTRO" to identify which variation of
> openembedded is being used.
>
> Signed-off-by: Armin Kuster <[email protected]>
> ---
> meta/recipes-core/os-release/os-release.bb | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/meta/recipes-core/os-release/os-release.bb
> b/meta/recipes-core/os-release/os-release.bb
> index 860ee97224..aa37dec7c7 100644
> --- a/meta/recipes-core/os-release/os-release.bb
> +++ b/meta/recipes-core/os-release/os-release.bb
> @@ -16,6 +16,7 @@ do_configure[noexec] = "1"
> # HOME_URL SUPPORT_URL BUG_REPORT_URL
> OS_RELEASE_FIELDS = "\
> ID ID_LIKE NAME VERSION VERSION_ID VERSION_CODENAME PRETTY_NAME \
> + CPE_NAME \
> "
> OS_RELEASE_UNQUOTED_FIELDS = "ID VERSION_ID VARIANT_ID"
>
> @@ -25,6 +26,13 @@ VERSION = "${DISTRO_VERSION}${@' (%s)' % DISTRO_CODENAME
> if 'DISTRO_CODENAME' in
> VERSION_ID = "${DISTRO_VERSION}"
> VERSION_CODENAME = "${DISTRO_CODENAME}"
> PRETTY_NAME = "${DISTRO_NAME} ${VERSION}"
> +
> +# The vendor field is hardcoded to "openembedded" as it is the base
> +# framework for all derivatives Distos.
> +# We use "DISTRO" to identify which variation of openembedded core
> +# is being used.
> +CPE_NAME="cpe:/o:openembedded:${DISTRO}:${VERSION_ID}"
> +
> BUILD_ID ?= "${DATETIME}"
> BUILD_ID[vardepsexclude] = "DATETIME"
>
I know a bit more about the context of this and I don't think it is
clear in the above comment. I'd like to suggest something a little
stronger, how about:
"""
The vendor field is hardcoded to "openembedded" deliberately. We'd
advise developers leave it as this value to clearly identify the
underlying build environment from which the OS was constructed. We
understand people will want to identify themselves as the people who
built the image, we'd suggest using the DISTRO element to do this, so
that is customisable.
This end result combines to mean systems can be traced back to both who
built them and which system was used, which is ultimately the goal of
the CPE.
"""
Perhaps we'd also want to do:
CPE_DISTRO ??= "${DISTRO}"
CPE_NAME="cpe:/o:openembedded:${CPE_DISTRO}:${VERSION_ID}"
to make it clear we're suggesting which bit be customised?
Cheers,
Richard
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180810):
https://lists.openembedded.org/g/openembedded-core/message/180810
Mute This Topic: https://lists.openembedded.org/mt/98659304/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
