From: Arnout Vandecappelle via buildroot <buildroot@buildroot.org>
To: Christian Hitz <christian@klarinett.li>, buildroot@buildroot.org
Cc: Christian Hitz <christian.hitz@bbv.ch>,
Sergey Matyukevich <geomatsi@gmail.com>
Subject: Re: [Buildroot] [PATCH] package/arm-trusted-firmware: add ARM_TRUSTED_FIRMWARE_CPE_ID_*
Date: Sun, 3 Mar 2024 18:07:56 +0100 [thread overview]
Message-ID: <ce5a5a43-c09a-4870-a64c-603fc5fcdaae@mind.be> (raw)
In-Reply-To: <20240228145129.416828-1-christian@klarinett.li>
On 28/02/2024 15:51, Christian Hitz via buildroot wrote:
> From: Christian Hitz <christian.hitz@bbv.ch>
>
> cpe:2.3:o:arm:arm-trusted-firmware:2.4:-:*:*:*:*:*:* is a valid CPE
> identifier for this package:
>
> https://nvd.nist.gov/products/cpe/detail/78601535-610A-45A5-A5F0-AFC6A27A7F83
This entry is from 2021, and they haven't added any entries for later versions
(it's now at version 2.10).
So I think this CPE entry is not relevant for any current version. If we add
the CPE ID now, we will not notice if later they in fact name it e.g.
trusted-firmware-arm. Note that the upstream repository is called
trustedfirmware-a, and that there is a CPE entry for trusted_firmware-m [1]
although that one also hasn't been updated for recent releases...
So I don't think we should merge this.
Regards,
Arnout
[1] https://nvd.nist.gov/products/cpe/detail/2AF395D6-6367-4EFF-A0D0-C0CB6CA99E3E
>
> Signed-off-by: Christian Hitz <christian.hitz@bbv.ch>
> ---
> boot/arm-trusted-firmware/arm-trusted-firmware.mk | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/boot/arm-trusted-firmware/arm-trusted-firmware.mk b/boot/arm-trusted-firmware/arm-trusted-firmware.mk
> index 2d554c1da8..ebb9b8e9f6 100644
> --- a/boot/arm-trusted-firmware/arm-trusted-firmware.mk
> +++ b/boot/arm-trusted-firmware/arm-trusted-firmware.mk
> @@ -24,6 +24,8 @@ ARM_TRUSTED_FIRMWARE_LICENSE = BSD-3-Clause
> ARM_TRUSTED_FIRMWARE_LICENSE_FILES = docs/license.rst
> endif
> endif
> +ARM_TRUSTED_FIRMWARE_CPE_ID_VENDOR = arm
> +ARM_TRUSTED_FIRMWARE_CPE_ID_PREFIX = cpe:2.3:o
>
> ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE):$(BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_VERSION)$(BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_TARBALL)$(BR2_TARGET_ARM_TRUSTED_FIRMWARE_CUSTOM_GIT),y:y)
> BR_NO_CHECK_HASH_FOR += $(ARM_TRUSTED_FIRMWARE_SOURCE)
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2024-03-03 17:08 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-28 14:51 [Buildroot] [PATCH] package/arm-trusted-firmware: add ARM_TRUSTED_FIRMWARE_CPE_ID_* Christian Hitz via buildroot
2024-03-03 17:07 ` Arnout Vandecappelle via buildroot [this message]
-- strict thread matches above, loose matches on Subject: below --
2026-03-25 15:03 Heiko Stuebner via buildroot
2026-03-25 16:11 ` Quentin Schulz via buildroot
2026-03-25 18:12 ` Quentin Schulz via buildroot
2026-03-26 10:14 ` Heiko Stuebner via buildroot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ce5a5a43-c09a-4870-a64c-603fc5fcdaae@mind.be \
--to=buildroot@buildroot.org \
--cc=arnout@mind.be \
--cc=christian.hitz@bbv.ch \
--cc=christian@klarinett.li \
--cc=geomatsi@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox