From nobody Tue Oct 12 11:04:38 2021 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 8E88017E7471; Tue, 12 Oct 2021 11:04:43 +0000 (UTC) (envelope-from se@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4HTCVM3PXYz4qGS; Tue, 12 Oct 2021 11:04:43 +0000 (UTC) (envelope-from se@freebsd.org) Received: from [IPV6:2003:cd:5f26:fa00:a54a:b08:6842:10b3] (p200300cd5f26fa00a54a0b08684210b3.dip0.t-ipconnect.de [IPv6:2003:cd:5f26:fa00:a54a:b08:6842:10b3]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: se/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id B73BCA2F0; Tue, 12 Oct 2021 11:04:42 +0000 (UTC) (envelope-from se@freebsd.org) Message-ID: <255b290b-72fe-45c0-b5bf-6271eb1543ac@freebsd.org> Date: Tue, 12 Oct 2021 13:04:38 +0200 List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.2.0 Subject: Re: git: a90e961f4d19 - main - */*: Avoid extra CPE_VENDOR=kde by properly sorting USES Content-Language: en-US To: =?UTF-8?Q?Bernhard_Fr=c3=b6hlich?= Cc: "ports-committers@freebsd.org" , "dev-commits-ports-all@freebsd.org" , "dev-commits-ports-main@freebsd.org" References: <202110111458.19BEw4xF062545@gitrepo.freebsd.org> <3067458.bT80LyP3VS@mercury> From: Stefan Esser In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------08wJcnlhtPGkEHG2i55qNnrw" X-ThisMailContainsUnwantedMimeParts: N This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------08wJcnlhtPGkEHG2i55qNnrw Content-Type: multipart/mixed; boundary="------------LfNHusc7q0XvwuMXp7DvQAYd"; protected-headers="v1" From: Stefan Esser To: =?UTF-8?Q?Bernhard_Fr=c3=b6hlich?= Cc: "ports-committers@freebsd.org" , "dev-commits-ports-all@freebsd.org" , "dev-commits-ports-main@freebsd.org" Message-ID: <255b290b-72fe-45c0-b5bf-6271eb1543ac@freebsd.org> Subject: Re: git: a90e961f4d19 - main - */*: Avoid extra CPE_VENDOR=kde by properly sorting USES References: <202110111458.19BEw4xF062545@gitrepo.freebsd.org> <3067458.bT80LyP3VS@mercury> In-Reply-To: --------------LfNHusc7q0XvwuMXp7DvQAYd Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Am 11.10.21 um 21:43 schrieb Bernhard Fr=C3=B6hlich: [...] > Doesn't matter much since CPE data is a moving target anyway. To handle= that I > created chkcpe [1] which automatically analyzes the portstree once a da= y and > verifies the CPE data it finds. >=20 > In this particular case it will detect a invalid CPE vendor/product and= will > list the port under "invalid". There are similar cases like port rename= , " > repocopy" etc. which can also easily lead to invalid CPE data. >=20 > =C2=A0[1] https://github.com/decke/chkcpe Hi Bernhard, interesting service, has it ever been announced to port maintainers? One question: what am I supposed to do with ports that are in the "checkneeded" list with wrong information, but do not have a CPE database entry (and probably won't ever get one)? Specifically: I just checked for entries matching ports I maintain, and there are 2 in the "checkneeded" category, both with wrong CPE information. The ports in question are math/gh-bc and deskutils/calendar, and neither of them is in the CPE dictionary and I'm not supposed to make entries up. The entry suggested for gh-bc is: cpe:2.3:a:gnu:bc:*:*:*:*:*:*:*:* which is wrong. This project has no connection to GNU. The calendar port is a slightly modified version of the calendar program in FreeBSD-CURRENT for use with older -STABLE releases that lack quite a number of features of the new version. Neither the WiKi nor any other information I found seems to offer any help for this case. Is it possible to mark a port as: "ignore with regard to CPE"? How do products added to the CPE database (should be possible for gh-bc, which is available for a lot of operating systems)? And how do we deal with base system components that have been converted to a port or have been made available as a port in addition to being present in some base system release? Regards, STefan --------------LfNHusc7q0XvwuMXp7DvQAYd-- --------------08wJcnlhtPGkEHG2i55qNnrw Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wsB5BAABCAAjFiEEo3HqZZwL7MgrcVMTR+u171r99UQFAmFla8YFAwAAAAAACgkQR+u171r99UQn CAf/RCvGdUqBmsTkSJ+1cBlP6bxNJhA/Wz6jq1XydHhYveGB9v/zz+UI3OoVuNF7LNgTeF2YhVDm tLgIf6c5Hh331p7Fbo/pWxiW1T4572jjM4o8QRbwWMXA/dEQRWXjA4kmgruJ6S1EPkF8Z5iVXclM LNHu5V8Zr4/aq9gZAC/tgsf0hg7YMhcgj4rqI2w5G3ta6uViYVH8r0qgLvk8kug7nXLeK8N2qoML oJXhp3PPvsIQXuqIWM10v3Ij2pOMe3gZazUd4esw0YyAWFTBCUPGWtz/i2zpW4ck/rId4my5jJ0f 1UfV5IuuTUrK52rTkhJpmikhA10nhtl7magByYWSkg== =8REn -----END PGP SIGNATURE----- --------------08wJcnlhtPGkEHG2i55qNnrw--