Collect Manifest Element
A buildstream plugin used to produce a manifest file containing a list of elements for a given dependency.
- The manifest contains useful information such as:
CPE data, such as CVE patches
The manifest file is exported as a json file to the path provided under the “path” variable defined in the .bst file.
Dependency elements can manually declare CPE data in their public section. For example:
public: cpe: product: gnutls vendor: gnu version: '1.0'
This data will be set in the
x-cpe field of the entry.
If not present,
product will be automatically be inferred from the
name of the element.
If not present,
version will be taken from first
zip source which filename (for
zip) or reference (for
git_tag) contains a
substring matching a version regular expression. That matched
substring will be the
The default version regular expression is
\d+\.\d+(?:\.\d+)? (2 or 3
numerical components separated by dots). It is possible to
change the version regular expression with field
The version regular exression must follow Python regular expression
syntax. A version regular expression with no group will match exactly
the version. A version regular expression with groups will match
components of the version with each groups. The components will then
be concatenated using
. (dot) as a separator.
version-match in the
cpe public data will never be exported in
x-cpe field of the manifest.
Here is an example of
version-match where the filename is
openssl1_1_1d.tar.gz, the result version will be
public: cpe: version-match: '(\d+)_(\d+)_(\d+[a-z]?)'