collect_manifest plugin¶
Collect Manifest Element
A buildstream plugin used to produce a manifest file containing a list of elements for a given dependency.
- The manifest contains useful information such as:
- CPE data, such as CVE patches
- Package name
- Version
- Sources
- Source locations
- SHAs
- Patch files
The manifest file is exported as a json file to the path provided under the “path” variable defined in the .bst file.
Dependency elements can manually declare CPE data in their public section. For example:
public:
cpe:
product: gnutls
vendor: gnu
version: '1.0'
This data will be set in the x-cpe
field of the entry.
If not present, product
will be automatically be inferred from the
name of the element.
If not present, version
will be taken from first git
,
git_tag
, tar
or zip
source which filename (for tar
and
zip
) or reference (for git
and git_tag
) contains a
substring matching a version regular expression. That matched
substring will be the version
.
The default version regular expression is \d+\.\d+(?:\.\d+)?
(2 or 3
numerical components separated by dots). It is possible to
change the version regular expression with field version-match
.
The version regular exression must follow Python regular expression
syntax. A version regular expression with no group will match exactly
the version. A version regular expression with groups will match
components of the version with each groups. The components will then
be concatenated using .
(dot) as a separator.
version-match
in the cpe
public data will never be exported in
the x-cpe
field of the manifest.
Here is an example of version-match
where the filename is
openssl1_1_1d.tar.gz
, the result version will be 1.1.1d
.
public:
cpe:
version-match: '(\d+)_(\d+)_(\d+[a-z]?)'