[NEW PORT] security/go-cve-dictionary: Local CVE database
ClosedPublic
Actions

Authored by ultima on Jul 27 2017, 12:54 AM.

Details

Reviewers

lifanov
matthew

Commits

rP446843: This is tool to build a local copy of the National Vulnerabilities Database(NVD)

Summary

This is tool to build a local copy of the National Vulnerabilities Database(NVD)
and the Japan Vulnerability Notes (JVN). NVD and JVN contain security
vulnerabilities according to their CVE identifiers, including exhaustive
information and a risk score. The local copy is generated in sqlite format, and
the tool has a server mode for easy querying.

WWW: https://github.com/kotakanbe/go-cve-dictionary/

PR\: 220561
Sumitted by\: Alexandru Ciobanu <iscandr@gmail.com> (maintainer)
Reviewed by\: lifanov (mentor), matthew (mentor), koobs
Approved by\: lifanov (mentor), matthew (mentor)
Differential Revision\: https://reviews.freebsd.org/DXXXXX

Test Plan

portlint:
WARN: Makefile: possible use of absolute pathname "/var/db/vuls".
WARN: Makefile: possible use of absolute pathname "/var/log/vuls".
0 fatal errors and 2 warnings found.

poudriere:
103i386
103amd64
110i386
110amd64
12i386
12amd64

Diff Detail

Repository

rP FreeBSD ports repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

ultima created this revision.Jul 27 2017, 12:54 AM

Herald added a subscriber: mat. · View Herald TranscriptJul 27 2017, 12:54 AM

mat added inline comments.Jul 27 2017, 7:52 AM

security/go-cve-dictionary/Makefile
56 ↗	(On Diff #31237)	remove quotes.
60 ↗	(On Diff #31237)	As this is not overridable, is there any point to having it here and everywhere in the rc file ?

mat added inline comments.Jul 27 2017, 7:53 AM

security/go-cve-dictionary/Makefile
56 ↗	(On Diff #31237)	Also, what does it do exactly ? The port defines a do-build and a do-install target, so the software's makefile is never used.

mat added inline comments.Jul 27 2017, 8:01 AM

security/go-cve-dictionary/Makefile
21 ↗	(On Diff #31237)	This is not the v0.1.1 tag it is before, so this port should not have this version. $ git describe --tags 0724974 v0.1.0-76-g0724974 You should probably remove the GH_TAGNAME and change the top block to: DISTVERSIONPREFIX= v DISTVERSION= 0.1.0-76 DISTVERSIONSUFFIX= -g0724974

iscandr_gmail.com added a subscriber: iscandr_gmail.com.Jul 27 2017, 10:01 AM

Yeah, unfortunately, GH_TUPLE + USES=go is a mess right now.
Maybe some motivated person can come along and add an extract dir to GH_TUPLE regex....

I think it's fine to hardcode these all over the place:
DB_DIR= /var/db/vuls
LOG_DIR= /var/log/vuls
RC_NAME= go_cve_dictionary

iscandr_gmail.com added inline comments.Jul 27 2017, 2:30 PM

security/go-cve-dictionary/Makefile
60 ↗	(On Diff #31237)	I hardcoded it here and in the rc file.

Updated with suggestions

I think the suggestion with DIST* should be

DISTVERSION= ${PORTVERSION}-76
DISTVERSIONSUFFIX= -g0724974

DISTVERSIONSUFFIX= 76-g0724974

and leave out DISTVERSION, is this acceptable? or does it need to be the first?

As for the hardcoding, I suggested not to hardcoding all those entries but, revert those if you think it should be ok.

Harbormaster completed remote builds in B10700: Diff 31263.Jul 27 2017, 6:58 PM

In D11745#243642, @ultima wrote:

Updated with suggestions

I think the suggestion with DIST* should be

DISTVERSION= ${PORTVERSION}-76
DISTVERSIONSUFFIX= -g0724974

or

DISTVERSIONSUFFIX= 76-g0724974

and leave out DISTVERSION, is this acceptable? or does it need to be the first?

As for the hardcoding, I suggested not to hardcoding all those entries but, revert those if you think it should be ok.

No.

It should be as I said:

DISTVERSIONPREFIX= v
DISTVERSION= 0.1.0-76
DISTVERSIONSUFFIX= -g0724974

The "version" is not 0.1.0, it is 0.1.0-76, which in this case means is 76 commits after 0.1.0.

Also, you do not use PORTVERSION and DISTVERSION at the same time, ever.

(as a side note everybody should always be using DISTVERSION and not PORTVERSION, using PORTVERSION only when DISTVERSION gets it wrong.)
(I still have to rewrite the PHB's section about it, yes.)

In D11745#243725, @mat wrote:

(as a side note everybody should always be using DISTVERSION and not PORTVERSION, using PORTVERSION only when DISTVERSION gets it wrong.)
(I still have to rewrite the PHB's section about it, yes.)

Are you possibly suggesting PORTVERSION will be depreciated in the near future? If memory served me correctly, I recall PORTVERSION being a required variable for all ports. Looking at handbook now, it does say use one or the other. (maybe recent change, or somewhat recent?) Have a few ports myself using PORTVERSION with DISTVERSIONPREFIX/SUFFIX.

Removed PORTVERSION, Added DISTVERSION

Harbormaster completed remote builds in B10714: Diff 31287.Jul 28 2017, 12:39 AM

In D11745#243768, @ultima wrote:

Are you possibly suggesting PORTVERSION will be depreciated in the near future? If memory served me correctly, I recall PORTVERSION being a required variable for all ports. Looking at handbook now, it does say use one or the other. (maybe recent change, or somewhat recent?) Have a few ports myself using PORTVERSION with DISTVERSIONPREFIX/SUFFIX.

No. A port can either use DISTVERSION or PORTVERSION. The general case is that DISTVERSION should be used. DISTVERSION uses some magic to translate what you give it into a PORTVERSION the ports framework can cope with. (Replacing - and _ by . for instance.) In some cases though, the magic gets it wrong and generates a PORTVERSION that, while valid, is not correct. See 5.4.1. DISTVERSION/DISTNAME.

I still have to replace most Makefile examples with PORTVERSION to DISTVERSION, and rewrite 5.2.1. PORTNAME and PORTVERSION . Which I may happen while in Cambridge next week.

lgtm