fix bundling metadata
This should help ProdSec accurately detect versions of bundled components in pcs. Security analysts usually filter the database based on ecosystem. The ecosystem detection has been done from RPM metadata for some time and that is when ProdSec stopped creating trackers accurately. The problem is that we didn't follow the Fedora Packaging Guidelines and didn't name the bundled components with package names as if they were entering Fedora. The ecosystem detection in Deptopia (the tool that ProdSec uses) expects "rubygem-" prefix for rubygems and "python[X]-" prefix for Python ecosystem. See PSDEVOPS-4408 for more details. This commit also changes metadata for bundling JavaScript libraries. The Packaging guidelines suggest the `js-` prefix. While Deptopia doesn't handle JS filtering, the tool that ProdSec uses doesn't require a strict match, so searching for jquery should also return js-jquery unless a strict flag is specified.
This commit is contained in:
Michal Pospíšil
parent
44784b3bb9
commit
552ef44f2f
49
pcs.spec
49
pcs.spec
@ -205,31 +205,32 @@ Requires: redhat-logos
|
||||
# needs logrotate for /etc/logrotate.d/pcsd
|
||||
Requires: logrotate
|
||||
|
||||
Provides: bundled(tornado) = %{tornado_version}
|
||||
Provides: bundled(dataclasses) = %{dataclasses_version}
|
||||
Provides: bundled(dacite) = %{dacite_version}
|
||||
Provides: bundled(dateutil) = %{dateutil_version}
|
||||
Provides: bundled(backports) = %{version_rubygem_backports}
|
||||
Provides: bundled(ethon) = %{version_rubygem_ethon}
|
||||
Provides: bundled(ffi) = %{version_rubygem_ffi}
|
||||
Provides: bundled(json) = %{version_rubygem_json}
|
||||
Provides: bundled(mustermann) = %{version_rubygem_mustermann}
|
||||
Provides: bundled(nio4r) = %{version_rubygem_nio4r}
|
||||
Provides: bundled(open4) = %{version_rubygem_open4}
|
||||
Provides: bundled(puma) = %{version_rubygem_puma}
|
||||
Provides: bundled(rack) = %{version_rubygem_rack}
|
||||
Provides: bundled(rack_protection) = %{version_rubygem_rack_protection}
|
||||
Provides: bundled(rack_test) = %{version_rubygem_rack_test}
|
||||
Provides: bundled(rexml) = %{version_rubygem_rexml}
|
||||
Provides: bundled(ruby2_keywords) = %{version_rubygem_ruby2_keywords}
|
||||
Provides: bundled(sinatra) = %{version_rubygem_sinatra}
|
||||
Provides: bundled(tilt) = %{version_rubygem_tilt}
|
||||
Provides: bundled(python3-tornado) = %{tornado_version}
|
||||
Provides: bundled(python3-dataclasses) = %{dataclasses_version}
|
||||
Provides: bundled(python3-dacite) = %{dacite_version}
|
||||
Provides: bundled(python3-dateutil) = %{dateutil_version}
|
||||
|
||||
Provides: bundled(rubygem-backports) = %{version_rubygem_backports}
|
||||
Provides: bundled(rubygem-ethon) = %{version_rubygem_ethon}
|
||||
Provides: bundled(rubygem-ffi) = %{version_rubygem_ffi}
|
||||
Provides: bundled(rubygem-json) = %{version_rubygem_json}
|
||||
Provides: bundled(rubygem-mustermann) = %{version_rubygem_mustermann}
|
||||
Provides: bundled(rubygem-nio4r) = %{version_rubygem_nio4r}
|
||||
Provides: bundled(rubygem-open4) = %{version_rubygem_open4}
|
||||
Provides: bundled(rubygem-puma) = %{version_rubygem_puma}
|
||||
Provides: bundled(rubygem-rack) = %{version_rubygem_rack}
|
||||
Provides: bundled(rubygem-rack-protection) = %{version_rubygem_rack_protection}
|
||||
Provides: bundled(rubygem-rack-test) = %{version_rubygem_rack_test}
|
||||
Provides: bundled(rubygem-rexml) = %{version_rubygem_rexml}
|
||||
Provides: bundled(rubygem-ruby2_keywords) = %{version_rubygem_ruby2_keywords}
|
||||
Provides: bundled(rubygem-sinatra) = %{version_rubygem_sinatra}
|
||||
Provides: bundled(rubygem-tilt) = %{version_rubygem_tilt}
|
||||
|
||||
# javascript bundled libraries for old web-ui
|
||||
Provides: bundled(ember) = %{ember_version}
|
||||
Provides: bundled(handlebars) = %{handlebars_version}
|
||||
Provides: bundled(jquery) = %{jquery_version}
|
||||
Provides: bundled(jquery-ui) = %{jquery_ui_version}
|
||||
Provides: bundled(js-ember) = %{ember_version}
|
||||
Provides: bundled(js-handlebars) = %{handlebars_version}
|
||||
Provides: bundled(js-jquery) = %{jquery_version}
|
||||
Provides: bundled(js-jquery-ui) = %{jquery_ui_version}
|
||||
|
||||
%description
|
||||
pcs is a corosync and pacemaker configuration tool. It permits users to
|
||||
@ -252,7 +253,7 @@ Requires: pcs = %{version}-%{release}
|
||||
Requires: pacemaker
|
||||
Requires: net-snmp
|
||||
|
||||
Provides: bundled(pyagentx) = %{pyagentx_version}
|
||||
Provides: bundled(python3-pyagentx) = %{pyagentx_version}
|
||||
|
||||
%description -n %{pcs_snmp_pkg_name}
|
||||
SNMP agent that provides information about pacemaker cluster to the master agent (snmpd)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user