diff --git a/.travis.yml b/.travis.yml index d82a994..10fa5a6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,28 +10,25 @@ services: mysql before_install: -- sudo apt-get install -y rpm build-essential debhelper dh-make fakeroot +- sudo apt-get install -y rpm build-essential debhelper dh-make fakeroot zip - mysql -e 'CREATE DATABASE vulndb;' env: - MYSQL_TEST_DSN=root@/vulndb script: -- go get -v -u ./... +- go get -v -u -d ./... - go test -v ./... before_deploy: -- export VERSION=${TRAVIS_TAG:1} -- chmod +x build_tarballs.sh && ./build_tarballs.sh -- make -C rpm/ -- dpkg-buildpackage -rfakeroot -uc -us && mv ../*.deb release +- make release VERSION=${TRAVIS_TAG:1} deploy: provider: releases api_key: secure: hnofbIf34EiluDy1u288ZVu1CM7f8MxKY8T40Tkj6dj6CBJAtEscm6AQiXP2v2TVLK0mOAtpZ8gK6oGRE6jVmKxrLZNKhuL1E3XNfi5poED8kW0hjjXBCWMG5tLrXCXk7d5qYMMVTD8/eB5XBJMrfiC8GcjuD0QgzqhkQiJdpBnMZj5NamL0JR6Tht2turSglwWAQ9E0GdIaHYpHwN4IJ2wkh0kBoR7uJrIU9F5STOO0OqgJ8LZ9YwCtljgz9XvJt3W6Xds+AH0w/MtfhZucJXG20vCYaTMxdFKoQxitol/YISIOD/P4MhFBzmf2O2Cw5X517owAb++wkfYL+E2NEhVilZlKkTTHBNzCRzO85GGsDCBv91MSDTykZwu047/VWvxxIpGPTC7bQnYFcgWTc3d93pBERRL1ppfzNlU/CPIebLj5KPCCkSzb1RTEy8gOL2aoKzqImv/428P+FVaaibbM0M87OM3iWOe1yGRXUVQtc2CMNdNukr7/p4HFaptPyBu9OjnNsqjsI+yS1flqrDpFbkBV5ZDUhy0tPyu59m9l34qrrGJ1nJdiZvcNgAaC8VEeZ42OUuvNtl/77Wx1X7cYU8Iqz/zz/QWLqkwljQCjoXPEqIBvVyqzn+eeeRNzGDpzbxFf3MMhx7zE7QVk8M+M//SIGFMeyTHswriMkZk= file_glob: true - file: release/**/* + file: release/* skip_cleanup: true on: tags: true diff --git a/Makefile b/Makefile index ff003b4..a10cfd8 100644 --- a/Makefile +++ b/Makefile @@ -1,38 +1,154 @@ -# Go parameters -GOCMD=go -GOBUILD=$(GOCMD) build -GOCLEAN=$(GOCMD) clean -GOGET=$(GOCMD) get -CPE2CVE=cpe2cve -CSV2CPE=csv2cpe -NVDSYNC=nvdsync -RPM2CPE=rpm2cpe - -NAME=nvdtools -PKG=$(NAME)-$(VERSION) -TGZ=$(PKG).tar.gz - -all: build -build: - $(GOBUILD) -o $(CPE2CVE) ./cmd/$(CPE2CVE)/cpe2cve.go - $(GOBUILD) -o $(CSV2CPE) ./cmd/$(CSV2CPE)/csv2cpe.go - $(GOBUILD) -o $(NVDSYNC) ./cmd/$(NVDSYNC)/main.go - $(GOBUILD) -o $(RPM2CPE) ./cmd/$(RPM2CPE)/rpm2cpe.go - -clean: - $(GOCLEAN) - rm -f $(CPE2CVE) - rm -f $(CSV2CPE) - rm -f $(NVDSYNC) - rm -f $(RPM2CPE) - +# Copyright (c) Facebook, Inc. and its affiliates. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +NAME = nvdtools +VERSION = tip + +TOOLS = \ + cpe2cve \ + csv2cpe \ + fireeye2nvd \ + flexera2nvd \ + nvdsync \ + rpm2cpe \ + rustsec2nvd \ + vulndb + +DOCS = \ + CODE_OF_CONDUCT.md \ + CONTRIBUTING.md \ + HOWTO.md \ + LICENSE \ + README.md + +GO = go +GOOS = $(shell $(GO) env GOOS) +GOARCH = $(shell $(GO) env GOARCH) + +TAR = tar +ZIP = zip +INSTALL = install + +# Compile all tools. +all: $(TOOLS) + +# Compile TOOLS to ./build/bin/$tool using GOOS and GOARCH. +$(TOOLS): + GOOS=$(GOOS) GOARCH=$(GOARCH) $(GO) build $(GOFLAGS) -o ./build/bin/$@ ./cmd/$@ + +# Check/fetch all dependencies. +deps: + GOOS=$(GOOS) GOARCH=$(GOARCH) $(GO) get -v -d ./... + +# install installs tools and documentation. +# The install target is used by rpm and deb builders. install: - install -d $(DESTDIR)/usr/bin - install -p -m 0755 ./cpe2cve $(DESTDIR)/usr/bin/cpe2cve - install -p -m 0755 ./csv2cpe $(DESTDIR)/usr/bin/csv2cpe - install -p -m 0755 ./nvdsync $(DESTDIR)/usr/bin/nvdsync - install -p -m 0755 ./rpm2cpe $(DESTDIR)/usr/bin/rpm2cpe - -archive: - touch $(TGZ) - tar czf $(TGZ) --exclude=$(TGZ) --transform s/$(NAME)/$(PKG)/ ../$(NAME) + # tools + $(INSTALL) -d $(DESTDIR)/usr/bin + for tool in $(TOOLS); do $(INSTALL) -p -m 0755 ./build/bin/$$tool $(DESTDIR)/usr/bin/$$tool; done + # docs + $(INSTALL) -d $(DESTDIR)/usr/share/doc/nvdtools + for doc in $(DOCS); do $(INSTALL) -p -m 0644 $$doc $(DESTDIR)/usr/share/doc/nvdtools/$$doc; done + +DIST_NAME = $(NAME)-$(VERSION) +DIST_DIR = build/$(DIST_NAME) + +# binary_dist creates a local binary distribution in DIST_DIR. +binary_dist: $(TOOLS) + mkdir -p $(DIST_DIR)/doc + cp $(DOCS) $(DIST_DIR)/doc + mv build/bin $(DIST_DIR)/bin + +# binary_tar creates tarball of binary distribution. +binary_tar: binary_dist + mkdir -p build/tgz + cd build && $(TAR) czf tgz/$(DIST_NAME)-$(GOOS)-$(GOARCH).tar.gz $(DIST_NAME) + rm -rf $(DIST_DIR) + +# binary_zip creates zip of binary distribution. +binary_zip: binary_dist + mkdir -p build/zip + cd build && $(ZIP) -r zip/$(DIST_NAME)-$(GOOS)-$(GOARCH).zip $(DIST_NAME) + rm -rf $(DIST_DIR) + +# binary_deb creates debian package. +# +# Requires GOPATH and dependencies available to compile nvdtools. +# Must set version to build: make binary_deb VERSION=1.0 +binary_deb: + VERSION=$(VERSION) dpkg-buildpackage -rfakeroot -uc -us + mkdir -p build/deb + mv ../$(NAME)*.deb build/deb/ + +# archive_tar creates tarball of the source code. +archive_tar: + mkdir -p build/tgz + $(TAR) czf build/tgz/$(DIST_NAME).tar.gz \ + --exclude=build \ + --exclude=release \ + --exclude=.git \ + --exclude=.travis.yml \ + --transform s/./$(DIST_NAME)/ \ + . + +# binary_rpm creates rpm package. +# +# Requires GOPATH and dependencies available to compile nvdtools. +# Must set version to build: make binary_rpm VERSION=1.0 +binary_rpm: archive_tar + mkdir -p build/rpm/SOURCES + mv build/tgz/$(DIST_NAME).tar.gz build/rpm/SOURCES/ + rpmbuild -ba \ + --define="_topdir $(PWD)/build/rpm" \ + --define="_version $(VERSION)" \ + rpm/nvdtools.spec + +# release_tar creates tarball releases. +release_tar: + mkdir -p release + make deps binary_tar GOOS=darwin GOARCH=amd64 + make deps binary_tar GOOS=freebsd GOARCH=amd64 + make deps binary_tar GOOS=linux GOARCH=amd64 + make deps binary_tar GOOS=linux GOARCH=arm64 + mv build/tgz/*.tar.gz release + +# release_zip creates zip releases. +release_zip: + mkdir -p release + make deps binary_zip GOOS=windows GOARCH=386 + make deps binary_zip GOOS=windows GOARCH=amd64 + mv build/zip/*.zip release + +# release_deb creates debian releases. +release_deb: binary_deb + mkdir -p release + mv build/deb/*.deb release + +# release_rpm creates rpm releases. +release_rpm: binary_rpm + mkdir -p release + mv build/rpm/RPMS/*/*.rpm release + +# release creates all release packages. +# Example: make distclean release VERSION=1.0 +release: release_deb release_rpm release_tar release_zip + +# Removes build related files. +clean: + rm -rf build + +distclean: clean + rm -rf release + +.PHONY: $(TOOLS) \ No newline at end of file diff --git a/build_tarballs.sh b/build_tarballs.sh deleted file mode 100755 index 239a7e2..0000000 --- a/build_tarballs.sh +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash -# Copyright (c) Facebook, Inc. and its affiliates. All Rights Reserved - -CPE2CVE=cpe2cve -CSV2CPE=csv2cpe -NVDSYNC=nvdsync -RPM2CPE=rpm2cpe -NAME=nvdtools - -function build_binaries_and_tars(){ - GOOS=$1; shift - ARCHS=("$@") - for GOARCH in ${ARCHS[@]}; do - for BINARY in $CPE2CVE $CSV2CPE $NVDSYNC $RPM2CPE; do - env GOOS=$GOOS GOARCH=$GOARCH go build -o $BINARY ./cmd/$BINARY - done - tar -zcvf release/$NAME-$VERSION-$GOOS-$GOARCH.tar.gz \ - {$CPE2CVE,$CSV2CPE,$NVDSYNC,$RPM2CPE} - make clean - done -} - -mkdir -p {binaries,release} - -# create tarballs for different architectures -archs=(arm64 amd64) -build_binaries_and_tars linux ${archs[@]} - -archs=(amd64 arm) -build_binaries_and_tars freebsd ${archs[@]} - -archs=(amd64 386) -build_binaries_and_tars windows ${archs[@]} - -archs=(amd64) -build_binaries_and_tars darwin ${archs[@]} - -# cleanup -rm -rf binaries diff --git a/debian/README.Debian b/debian/README.Debian index cecd532..cc0988d 100644 --- a/debian/README.Debian +++ b/debian/README.Debian @@ -1 +1 @@ -A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD) +A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD). diff --git a/debian/control b/debian/control index 3326300..f16c136 100644 --- a/debian/control +++ b/debian/control @@ -1,7 +1,7 @@ Source: nvdtools Section: utils Priority: extra -Maintainer: Alexandre Fiori +Maintainer: Alexandre Fiori Build-Depends: debhelper (>=9) Standards-Version: 3.9.6 Homepage: https://github.com/facebookincubator/nvdtools/ @@ -10,4 +10,4 @@ Package: nvdtools Architecture: any Multi-Arch: foreign Depends: ${misc:Depends}, ${shlibs:Depends} -Description: A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD) +Description: A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD). diff --git a/debian/copyright b/debian/copyright deleted file mode 100644 index 1a5f8de..0000000 --- a/debian/copyright +++ /dev/null @@ -1,287 +0,0 @@ -Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: nvdtools -Source: - -Files: cmd/cpe2cve/cpe2cve.go - cmd/cpe2cve/cpe2cve_test.go - cmd/csv2cpe/csv2cpe.go - cmd/csv2cpe/csv2cpe_test.go - cmd/nvdsync/datafeed/cpe.go - cmd/nvdsync/datafeed/cpe_test.go - cmd/nvdsync/datafeed/cve.go - cmd/nvdsync/datafeed/cve_test.go - cmd/nvdsync/datafeed/doc.go - cmd/nvdsync/datafeed/e2e_test.go - cmd/nvdsync/datafeed/http.go - cmd/nvdsync/datafeed/http_test.go - cmd/nvdsync/datafeed/src.go - cmd/nvdsync/datafeed/sync.go - cmd/nvdsync/datafeed/xrename.go - cmd/nvdsync/main.go - cmd/rpm2cpe/rpm2cpe.go - cmd/rpm2cpe/rpm2cpe_test.go - cpedict/cpedict.go - cpedict/cpedict_test.go - cpedict/lookup.go - cpedict/lookup_test.go - cpeparse/rpmname.go - cpeparse/rpmname_test.go - cvefeed/cvecache.go - cvefeed/cvefeed.go - cvefeed/dictionary.go - cvefeed/eviction_test.go - cvefeed/evictionqueue.go - cvefeed/evictionqueue_test.go - cvefeed/internal/iface/iface.go - cvefeed/internal/nvdjson/interfaces.go - cvefeed/internal/nvdjson/nvdjson.go - cvefeed/internal/nvdjson/schema.go - cvefeed/internal/nvdxml/interfaces.go - cvefeed/internal/nvdxml/nvdxml.go - cvefeed/internal/nvdxml/schema.go - cvefeed/matching_json_test.go - cvefeed/matching_xml_test.go - wfn/doc.go - wfn/fsb.go - wfn/fsb_test.go - wfn/matching.go - wfn/matching_test.go - wfn/uri.go - wfn/uri_test.go - wfn/wfn.go - wfn/wfn_test.go -Copyright: Facebook, Inc. and its affiliates. -License: Apache-2.0 - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - . - http://www.apache.org/licenses/LICENSE-2.0 - . - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - . - On Debian systems, the complete text of the Apache License Version 2.0 - can be found in `/usr/share/common-licenses/Apache-2.0'. - -Files: .travis.yml - CODE_OF_CONDUCT.md - CONTRIBUTING.md - Makefile - README.md - cmd/nvdsync/README.md - rpm/Makefile - rpm/nvdtools.spec -Copyright: __NO_COPYRIGHT_NOR_LICENSE__ -License: __UNKNOWN__ - -#---------------------------------------------------------------------------- -# Files marked as NO_LICENSE_TEXT_FOUND may be covered by the following -# license/copyright files. - -#---------------------------------------------------------------------------- -# License file: LICENSE - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - . - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - . - 1. Definitions. - . - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - . - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - . - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - . - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - . - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - . - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - . - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - . - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - . - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - . - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - . - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - . - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - . - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - . - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - . - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - . - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - . - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - . - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - . - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - . - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - . - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - . - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - . - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - . - END OF TERMS AND CONDITIONS - . - APPENDIX: How to apply the Apache License to your work. - . - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - . - Copyright [yyyy] [name of copyright owner] - . - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - . - http://www.apache.org/licenses/LICENSE-2.0 - . - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/debian/rules b/debian/rules index ae620d8..7ef0493 100755 --- a/debian/rules +++ b/debian/rules @@ -1,8 +1,7 @@ #!/usr/bin/make -f %: - dh $@ + dh $@ override_dh_gencontrol: - dh_gencontrol -- -v$(VERSION) - + dh_gencontrol -- -v$(VERSION) \ No newline at end of file diff --git a/rpm/Makefile b/rpm/Makefile deleted file mode 100644 index 7ae4e86..0000000 --- a/rpm/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# /bin/sh uses dash and fails to expand curly braces otherwise -SHELL=/bin/bash - -all: - mkdir -p $(HOME)/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS} - echo '%_topdir $(HOME)/rpmbuild' > ~/.rpmmacros - make -C .. archive - mv ../nvdtools-*.gz $(HOME)/rpmbuild/SOURCES - cp nvdtools.spec $(HOME)/rpmbuild/SPECS - cd $(HOME)/rpmbuild/SPECS - rpmbuild -ba --define="_tag $(VERSION)" nvdtools.spec diff --git a/rpm/nvdtools.spec b/rpm/nvdtools.spec index 9379ace..2d08ba1 100644 --- a/rpm/nvdtools.spec +++ b/rpm/nvdtools.spec @@ -1,36 +1,28 @@ # Copyright (c) Facebook, Inc. and its affiliates. All Rights Reserved -Name: nvdtools -Summary: A collection of tools for working with National Vulnerability Database feeds. - -Version: %{_tag} -Release: 1 -License: Apache License 2.0 -URL: https://github.com/facebookincubator/nvdtools -Source0: %{name}-%{version}.tar.gz - -BuildRoot: %{_tmpdir}/%{name}-%{version} - -%define _rpmdir ../release -%define _rpmfilename %%{NAME}-%%{VERSION}.%%{ARCH}.rpm +Name: nvdtools +Summary: A collection of tools for working with National Vulnerability Database feeds. +Version: %{_version} +Release: 1 +License: Apache License 2.0 +URL: https://github.com/facebookincubator/nvdtools +Source0: %{name}-%{version}.tar.gz %description -A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD) +A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD). %prep %setup -q %build -make build +make GOFLAGS="-ldflags=-linkmode=external" %install -make DESTDIR=%{buildroot} install +make install DESTDIR=$RPM_BUILD_ROOT %files %license LICENSE -%{_bindir}/cpe2cve -%{_bindir}/csv2cpe -%{_bindir}/nvdsync -%{_bindir}/rpm2cpe +%{_bindir}/* +/usr/share/doc/nvdtools %changelog diff --git a/vulndb/schema.go b/vulndb/schema.go index 1454070..14e28dd 100644 --- a/vulndb/schema.go +++ b/vulndb/schema.go @@ -1,3 +1,17 @@ +// Copyright (c) Facebook, Inc. and its affiliates. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + package vulndb import (