Update Android ecosystem package name definition. #191
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
oliverchang
reviewed
Aug 4, 2023
docs/schema.md
Outdated
| @@ -567,7 +567,7 @@ The defined ecosystems are: | |||
| | `Debian` | The Debian package ecosystem; the `name` is the name of the source package. The ecosystem string might optionally have a `:<RELEASE>` suffix to scope the package to a particular Debian release. `<RELEASE>` is a numeric version specified in the [Debian distro-info-data](https://debian.pages.debian.net/distro-info-data/debian.csv). For example, the ecosystem string "Debian:7" refers to the Debian 7 (wheezy) release. | | |||
| | `Alpine` | The Alpine package ecosystem; the `name` is the name of the source package. The ecosystem string must have a `:v<RELEASE-NUMBER>` suffix to scope the package to a particular Alpine release branch (the `v` prefix is required). E.g. `v3.16`. | | |||
| | `Hex` | The package manager for the Erlang ecosystem; the `name` is a Hex package name. | | |||
| | `Android` | The Android ecosystem; the `name` field is the Android component name that the patch applies to, as shown in the [Android Security Bulletins](https://source.android.com/security/bulletin) such as `Framework`, `Media Framework` and `Kernel Component`. The exhaustive list of components can be found at the [Appendix](#android-ecosystem-components). | | |||
| | `Android` | The Android ecosystem; the `name` field is the affected git project name that should be patched, or `:linux_kernel:`. Linux kernel affected package names can be followed by an optional SoC vendor name e.g. `:linux_kernel:Qualcomm`. | | |||
There was a problem hiding this comment.
Is there some documentation around the definitions of "git project name" and what it means for Android? i.e. expected format, meaning etc.
Also same for SoCs -- is there a definitive list for these?
There was a problem hiding this comment.
I have added some clarifying information on Android terminologies hopefully will make it clear what the name field means. Also added the list of supported SoC vendors.
oliverchang
reviewed
Aug 7, 2023
docs/schema.md
Outdated
| @@ -578,7 +578,7 @@ The defined ecosystems are: | |||
| | `Debian` | The Debian package ecosystem; the `name` is the name of the source package. The ecosystem string might optionally have a `:<RELEASE>` suffix to scope the package to a particular Debian release. `<RELEASE>` is a numeric version specified in the [Debian distro-info-data](https://debian.pages.debian.net/distro-info-data/debian.csv). For example, the ecosystem string "Debian:7" refers to the Debian 7 (wheezy) release. | | |||
| | `Alpine` | The Alpine package ecosystem; the `name` is the name of the source package. The ecosystem string must have a `:v<RELEASE-NUMBER>` suffix to scope the package to a particular Alpine release branch (the `v` prefix is required). E.g. `v3.16`. | | |||
| | `Hex` | The package manager for the Erlang ecosystem; the `name` is a Hex package name. | | |||
| | `Android` | The Android ecosystem; the `name` field is the Android component name that the patch applies to, as shown in the [Android Security Bulletins](https://source.android.com/security/bulletin) such as `Framework`, `Media Framework` and `Kernel Component`. The exhaustive list of components can be found at the [Appendix](#android-ecosystem-components). | | |||
| | `Android` | The Android ecosystem. Android organizes code using `repo` tool, which manages multiple git projects under one or more remote git servers, either via a repo manifest XML file (the legacy way) or using git submodules, where each project is identified by its name in repo configuration. The `name` field should contain the name of that affected git project/submodule. One exception is when the project contains the Linux kernel source code, in which case `name` field will be `:linux_kernel:`, followed by an optional SoC vendor name e.g. `:linux_kernel:Qualcomm`. The list of recognized SoC vendors is listed in the [Appendix](#android-soc-vendors) | | |||
There was a problem hiding this comment.
Can you give an example after "the name of the affected git project/submodule" ?
docs/schema.md
Outdated
| @@ -578,7 +578,7 @@ The defined ecosystems are: | |||
| | `Debian` | The Debian package ecosystem; the `name` is the name of the source package. The ecosystem string might optionally have a `:<RELEASE>` suffix to scope the package to a particular Debian release. `<RELEASE>` is a numeric version specified in the [Debian distro-info-data](https://debian.pages.debian.net/distro-info-data/debian.csv). For example, the ecosystem string "Debian:7" refers to the Debian 7 (wheezy) release. | | |||
| | `Alpine` | The Alpine package ecosystem; the `name` is the name of the source package. The ecosystem string must have a `:v<RELEASE-NUMBER>` suffix to scope the package to a particular Alpine release branch (the `v` prefix is required). E.g. `v3.16`. | | |||
| | `Hex` | The package manager for the Erlang ecosystem; the `name` is a Hex package name. | | |||
| | `Android` | The Android ecosystem; the `name` field is the Android component name that the patch applies to, as shown in the [Android Security Bulletins](https://source.android.com/security/bulletin) such as `Framework`, `Media Framework` and `Kernel Component`. The exhaustive list of components can be found at the [Appendix](#android-ecosystem-components). | | |||
| | `Android` | The Android ecosystem. Android organizes code using `repo` tool, which manages multiple git projects under one or more remote git servers, either via a repo manifest XML file (the legacy way) or using git submodules, where each project is identified by its name in repo configuration. The `name` field should contain the name of that affected git project/submodule. One exception is when the project contains the Linux kernel source code, in which case `name` field will be `:linux_kernel:`, followed by an optional SoC vendor name e.g. `:linux_kernel:Qualcomm`. The list of recognized SoC vendors is listed in the [Appendix](#android-soc-vendors) | | |||
There was a problem hiding this comment.
Are there any reference links you can point to for "manifest XML file", repo etc.
Android package name definition now points to the git project affected and where the patches should be applied to instead of bulletin components. Remove the Android Ecosystem Components appendix. Signed-off-by: Dory <dory@dory.moe>
oliverchang
approved these changes
Aug 22, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Android package name definition now points to the git project affected and where the patches should be applied to instead of bulletin components.
Remove the Android Ecosystem Components appendix.