pyrox.dev
+15
doc/redirects.json
+15
doc/redirects.json
······
+71
doc/stdenv/meta.chapter.md
+71
doc/stdenv/meta.chapter.md
···Code to run on a VM interpreter or JIT compiled into bytecode by a third party. This includes packages which download Java `.jar` files from another source.+Package's `meta.identifiers` attribute specifies information about software identifiers associated with this package. Software identifiers are used, for example:+* to generate Software Bill of Materials (SBOM) that lists all components used to build the software, which can later be used to perform vulnerability or license analysis of the resulting software;+* to lookup software in different vulnerability databases or report new vulnerabilities to them.+Overriding the default `meta.identifiers` attribute is optional, but it is recommended to fill in pieces to help tools mentioned above get precise data.+For example, we could get automatic notifications about potential vulnerabilities for users in the future.+`meta.identifiers` contains `v1` attribute which is an attribute set that guarantees backward compatibility of its constituents. Right now it contains copies of all other attributes in `meta.identifiers`.+Common Platform Enumeration (CPE) is a specification maintained by NIST as part of the Security Content Automation Protocol (SCAP). It is used to identify software in National Vulnerabilities Database (NVD, https://nvd.nist.gov) and other vulnerability databases.+cpe:2.3:a:<vendor>:<product>:<version>:<update>:<edition>:<language>:<sw_edition>:<target_sw>:<target_hw>:<other>+* *part* - usually in Nixpkgs `a` for "application", can also be `o` for "operating system" or `h` for "hardware"+* *update* - name of the latest update, can be a patch version for semantically versioned packages+You can find information about all of these attributes in the [official specification](https://csrc.nist.gov/projects/security-content-automation-protocol/specifications/cpe/naming) (heading 5.3.3, pages 11-13).+Any fields that don't have a value are set to either `-` if the value is not available or `*` when the field can match any value.+This attribute contains an attribute set of all parts of the CPE for this package. Most of the parts default to `*` (match any value), with some exceptions:+* `part` defaults to `a` (application), can also be set to `o` for operating systems, for example, Linux kernel, or to `h` for hardware+* `vendor` cannot be deduced from other sources, so it must be specified by the package author+* `product` defaults to provided derivation's `pname` attribute and must be provided explicitly if `pname` is missing+* `version` and `update` have no defaults and should be specified explicitly or using helper functions, when missing, `cpe` attribute will be empty, and all possible guesses using helper functions will be in `possibleCPEs` attribute.+It is up to the package author to make sure all parts are correct and match expected values in [NVD dictionary](https://nvd.nist.gov/products/cpe). Unknown values can be skipped, which would leave them with the default value of `*`.+* [`lib.meta.cpePatchVersionInUpdateWithVendor`](#function-library-lib.meta.cpePatchVersionInUpdateWithVendor)+A readonly attribute containing the list of guesses for what CPE for this package can look like. It includes all variants of version handling mentioned above. Each item is an attrset with attributes `cpeParts` and `cpe` for each guess.
+188
-1
lib/meta.nix
+188
-1
lib/meta.nix
······"lib.meta.getExe': The second argument \"${y}\" is a nested path with a \"/\" character, but it should just be the name of the executable instead.";+Generate [CPE parts](#var-meta-identifiers-cpeParts) from inputs. Copies `vendor` and `version` to the output, and sets `update` to `*`.+Alternate version of [`lib.meta.cpePatchVersionInUpdateWithVendor`](#function-library-lib.meta.cpePatchVersionInUpdateWithVendor).+If `cpePatchVersionInUpdateWithVendor` succeeds, returns an attribute set with `success` set to `true` and `value` set to the result.+Otherwise, `success` is set to `false` and `error` is set to the string representation of the error.+Generate [CPE parts](#var-meta-identifiers-cpeParts) from inputs. Copies `vendor` to the result. When `version` matches `X.Y.Z` where all parts are numerical, sets `version` and `update` fields to `X.Y` and `Z`. Throws an error if the version doesn't match the expected template.
+5
pkgs/applications/networking/sync/rsync/default.nix
+5
pkgs/applications/networking/sync/rsync/default.nix
+1
pkgs/by-name/he/hello/package.nix
+1
pkgs/by-name/he/hello/package.nix
+1
pkgs/development/compilers/gcc/common/meta.nix
+1
pkgs/development/compilers/gcc/common/meta.nix
+1
pkgs/development/compilers/gcc/default.nix
+1
pkgs/development/compilers/gcc/default.nix
+2
pkgs/development/compilers/llvm/common/common-let.nix
+2
pkgs/development/compilers/llvm/common/common-let.nix
+7
pkgs/os-specific/linux/kernel/manual-config.nix
+7
pkgs/os-specific/linux/kernel/manual-config.nix
···
+10
pkgs/shells/bash/5.nix
+10
pkgs/shells/bash/5.nix
···
+63
pkgs/stdenv/generic/check-meta.nix
+63
pkgs/stdenv/generic/check-meta.nix
·········# Used for the original location of the maintainer and team attributes to assist with pings.···+"cpe:2.3:${cpeParts.part}:${cpeParts.vendor}:${cpeParts.product}:${cpeParts.version}:${cpeParts.update}:${cpeParts.edition}:${cpeParts.sw_edition}:${cpeParts.target_sw}:${cpeParts.target_hw}:${cpeParts.language}:${cpeParts.other}";···# if you add a new maintainer or team attribute please ensure that this expectation is still met.attrs.meta.maintainers or [ ] ++ concatMap (team: team.members or [ ]) attrs.meta.teams or [ ];+else if attrs.meta.identifiers.cpeParts.vendor or null == null || attrs.version or null == null then+# Note that attrs.meta.identifiers.cpeParts at this point can include defaults with user overrides.