Page MenuHomeFreeBSD

[NEW PORT] security/go-cve-dictionary: Local CVE database
ClosedPublic

Authored by ultima on Jul 27 2017, 12:54 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, May 21, 6:50 AM
Unknown Object (File)
Sat, May 18, 11:15 AM
Unknown Object (File)
Sat, May 4, 5:05 PM
Unknown Object (File)
Apr 23 2024, 11:11 PM
Unknown Object (File)
Apr 23 2024, 11:11 PM
Unknown Object (File)
Apr 23 2024, 11:11 PM
Unknown Object (File)
Apr 23 2024, 11:11 PM
Unknown Object (File)
Apr 23 2024, 11:11 PM

Details

Summary

This is tool to build a local copy of the National Vulnerabilities Database(NVD)
and the Japan Vulnerability Notes (JVN). NVD and JVN contain security
vulnerabilities according to their CVE identifiers, including exhaustive
information and a risk score. The local copy is generated in sqlite format, and
the tool has a server mode for easy querying.

WWW: https://github.com/kotakanbe/go-cve-dictionary/

PR\: 220561
Sumitted by\: Alexandru Ciobanu <iscandr@gmail.com> (maintainer)
Reviewed by\: lifanov (mentor), matthew (mentor), koobs
Approved by\: lifanov (mentor), matthew (mentor)
Differential Revision\: https://reviews.freebsd.org/DXXXXX

Test Plan

portlint:
WARN: Makefile: possible use of absolute pathname "/var/db/vuls".
WARN: Makefile: possible use of absolute pathname "/var/log/vuls".
0 fatal errors and 2 warnings found.

poudriere:
103i386
103amd64
110i386
110amd64
12i386
12amd64

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

security/go-cve-dictionary/Makefile
56 ↗(On Diff #31237)

remove quotes.

60 ↗(On Diff #31237)

As this is not overridable, is there any point to having it here and everywhere in the rc file ?

security/go-cve-dictionary/Makefile
56 ↗(On Diff #31237)

Also, what does it do exactly ? The port defines a do-build and a do-install target, so the software's makefile is never used.

security/go-cve-dictionary/Makefile
21 ↗(On Diff #31237)

This is not the v0.1.1 tag it is before, so this port should not have this version.

$ git describe --tags 0724974
v0.1.0-76-g0724974

You should probably remove the GH_TAGNAME and change the top block to:

DISTVERSIONPREFIX= v
DISTVERSION= 0.1.0-76
DISTVERSIONSUFFIX= -g0724974

Yeah, unfortunately, GH_TUPLE + USES=go is a mess right now.
Maybe some motivated person can come along and add an extract dir to GH_TUPLE regex....

I think it's fine to hardcode these all over the place:
DB_DIR= /var/db/vuls
LOG_DIR= /var/log/vuls
RC_NAME= go_cve_dictionary

security/go-cve-dictionary/Makefile
60 ↗(On Diff #31237)

I hardcoded it here and in the rc file.

  • Updated with suggestions

I think the suggestion with DIST* should be

DISTVERSION= ${PORTVERSION}-76
DISTVERSIONSUFFIX= -g0724974

or

DISTVERSIONSUFFIX= 76-g0724974

and leave out DISTVERSION, is this acceptable? or does it need to be the first?

As for the hardcoding, I suggested not to hardcoding all those entries but, revert those if you think it should be ok.

  • Updated with suggestions

I think the suggestion with DIST* should be

DISTVERSION= ${PORTVERSION}-76
DISTVERSIONSUFFIX= -g0724974

or

DISTVERSIONSUFFIX= 76-g0724974

and leave out DISTVERSION, is this acceptable? or does it need to be the first?

As for the hardcoding, I suggested not to hardcoding all those entries but, revert those if you think it should be ok.

No.

It should be as I said:

DISTVERSIONPREFIX= v
DISTVERSION= 0.1.0-76
DISTVERSIONSUFFIX= -g0724974

The "version" is not 0.1.0, it is 0.1.0-76, which in this case means is 76 commits after 0.1.0.

Also, you do not use PORTVERSION and DISTVERSION at the same time, ever.

(as a side note everybody should always be using DISTVERSION and not PORTVERSION, using PORTVERSION only when DISTVERSION gets it wrong.)
(I still have to rewrite the PHB's section about it, yes.)

In D11745#243725, @mat wrote:

(as a side note everybody should always be using DISTVERSION and not PORTVERSION, using PORTVERSION only when DISTVERSION gets it wrong.)
(I still have to rewrite the PHB's section about it, yes.)

Are you possibly suggesting PORTVERSION will be depreciated in the near future? If memory served me correctly, I recall PORTVERSION being a required variable for all ports. Looking at handbook now, it does say use one or the other. (maybe recent change, or somewhat recent?) Have a few ports myself using PORTVERSION with DISTVERSIONPREFIX/SUFFIX.

Removed PORTVERSION, Added DISTVERSION

Are you possibly suggesting PORTVERSION will be depreciated in the near future? If memory served me correctly, I recall PORTVERSION being a required variable for all ports. Looking at handbook now, it does say use one or the other. (maybe recent change, or somewhat recent?) Have a few ports myself using PORTVERSION with DISTVERSIONPREFIX/SUFFIX.

No. A port can either use DISTVERSION or PORTVERSION. The general case is that DISTVERSION should be used. DISTVERSION uses some magic to translate what you give it into a PORTVERSION the ports framework can cope with. (Replacing - and _ by . for instance.) In some cases though, the magic gets it wrong and generates a PORTVERSION that, while valid, is not correct. See 5.4.1. DISTVERSION/DISTNAME.

I still have to replace most Makefile examples with PORTVERSION to DISTVERSION, and rewrite 5.2.1. PORTNAME and PORTVERSION . Which I may happen while in Cambridge next week.

This revision is now accepted and ready to land.Jul 28 2017, 4:36 PM
This revision was automatically updated to reflect the committed changes.