From Fedora Project Wiki
m (Change announced)
m (typo fix)
 
(7 intermediate revisions by 2 users not shown)
Line 9: Line 9:
* Email: jpazdziora@redhat.com
* Email: jpazdziora@redhat.com
* Release notes owner:  
* Release notes owner:  
<!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo)
* FESCo shepherd: [[User:FASAccountName| Shehperd name]] <email address>
-->
<!--- UNCOMMENT only if this Change aims specific product, working group (Cloud, Workstation, Server, Base, Env & Stacks)
* Product:
* Responsible WG:
-->


== Current status ==
== Current status ==
Line 29: Line 21:
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development
-->
-->
* Tracker bug: <will be assigned by the Wrangler>
* Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=1678454 #1678454]
* Release notes tracker: [https://pagure.io/fedora-docs/release-notes/issue/302 #302]
** Release notes pull request: [https://pagure.io/fedora-docs/release-notes/pull-request/329 #329]


== Detailed Description ==
== Detailed Description ==
SWID (ISO/IEC 19770:2-2015) is a portable standard for identifying software installed on a system.  We already have SWID tags in fedora-release to identify the overall release+edition of Fedora. We will add tools to allow users to
SWID (ISO/IEC 19770:2-2015) is a portable standard for identifying software installed on a system.  We already have SWID tags in fedora-release to identify the overall release+edition of Fedora. We will add tools to allow users to
* list installed tags
* list SWID tags present on the system
* create and install individual tags identifying RPMs
* create and deploy individual SWID tags identifying RPMs
* add pre-built tags to repositories
* add pre-built tags to repositories
* automatically update local tags as packages are installed, updated and removed
* automatically update local tags as packages are installed, updated and removed
This will involve standalone tools to query and build SWID tags and to add prebuilt tags to dnf repositories, and plugins for dnf/libdnf to build and download tags.
This will involve standalone tools to query and build SWID tags and to add prebuilt tags to dnf repositories, and plugin for dnf to build and download tags. Plugin for libdnf is not in scope for Fedora 30.


== Benefit to Fedora ==
== Benefit to Fedora ==
Line 44: Line 38:
== Scope ==
== Scope ==
* Proposal owners:
* Proposal owners:
** Add python SWID tools (swidq, rpm2swidtag)
** add python SWID tools (`swidq`, `rpm2swidtag`)
** add SWID metadata awareness to createrepo (but this will not be used in Fedora, only enabled for user use), agreeing metadata format with dnf team
** add ability to extend createrepo_c output repository metadata with SWID information via `rpm2swidtag --repo` (but this will not be used in Fedora, only enabled for user use), agreeing metadata format with dnf team
** add dnf and libdnf plugins (no core dnf/libdnf changes expected)
*** guidance also sought at http://lists.rpm.org/pipermail/rpm-ecosystem/2019-February/000711.html
*** the XML Schema for the metadata is at http://rpm.org/metadata/swidtags.xsd
** add dnf plugin (no core dnf changes are expected)
*** the libdnf plugin is not in scope for Fedora 30.


* Other developers: N/A (not a System Wide Change) <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
* Other developers: N/A (not a System Wide Change) <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
Line 64: Line 61:
<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
N/A (not a System Wide Change)  
N/A (not a System Wide Change)  
Command `rpm2swidtag --primary-only bash` can be used to generate example SWID tag for installed `bash` package.
Command `swidq -a` can be used to list deployed SWID tags. Out of box, only distro-level SWID tag `org.fedoraproject.Fedora-30` and potentially edition SWID tag like `org.fedoraproject.Fedora-30-Container` will be listed.
The subpackage `dnf-plugin-swidtags` is able to deploy SWID tags distributed in yum/dnf repository metadata. Fedora itself does not distribute the SWID tags but it is possible to generate the SWID tags and metadata using `rpm2swidtag --repo /path/to/repository`. It is also possible to uncomment the `rpm2swidtag_command = /usr/bin/rpm2swidtag` line in `/etc/dnf/plugins/swidtags.conf` and in that case, the SWID tags will be locally generated for every rpm package installed or upgraded via `dnf`. The plugin will of course also remove SWID tags for packages that got removed during the dnf transaction, either via package removal or when replaced by different package version during upgrade or downgrade.


== User Experience ==
== User Experience ==
No change unless users choose to enable SWID tags.
No change unless users choose to enable SWID tags by installing `dnf-plugin-swidtags` and potentially uncommenting the `rpm2swidtag_command` option. Then at the end of dnf operations, SWID tags will be deployed from the repository metadata, or in the (likely) case that none are available and `rpm2swidtag_command` is set pointing `rpm2swidtag`, the SWID tags will be generated.
If requested, SWID tags will be either built automatically on demand for installed RPMs, or downloaded from a repository that the user has added SWID tags to, at the user’s choice. swidq will allow the user to see all installed tags and their relationships.
 
Command `swidq` allows the user to see all installed tags, their supplement relationship, and their content.


== Dependencies ==
== Dependencies ==
Line 86: Line 90:
Inform users of new capabilities and how they can be used with the existing tags in fedora-release-*
Inform users of new capabilities and how they can be used with the existing tags in fedora-release-*


[[Category:ChangeAnnounced]]
[[Category:ChangeAcceptedF30]]
<!-- The Wrangler announces the Change to the devel-announce list and changes the category to Category:ChangeAnnounced (no action required) -->  
<!-- The Wrangler announces the Change to the devel-announce list and changes the category to Category:ChangeAnnounced (no action required) -->  
<!-- After review, the Wrangler will move your page to Category:ChangeReadyForFesco... if it still needs more work it will move back to Category:ChangePageIncomplete-->
<!-- After review, the Wrangler will move your page to Category:ChangeReadyForFesco... if it still needs more work it will move back to Category:ChangePageIncomplete-->

Latest revision as of 19:44, 7 May 2019

SWID tag enablement

Summary

Provide tools to allow users and developers to create Software Identity (SWID) tags for Fedora installs and repositories.

Owner

  • Name: Jan Pazdziora
  • Email: jpazdziora@redhat.com
  • Release notes owner:

Current status

  • Targeted release: Fedora 30
  • Last updated: 2019-05-07
  • Tracker bug: #1678454
  • Release notes tracker: #302
    • Release notes pull request: #329

Detailed Description

SWID (ISO/IEC 19770:2-2015) is a portable standard for identifying software installed on a system. We already have SWID tags in fedora-release to identify the overall release+edition of Fedora. We will add tools to allow users to

  • list SWID tags present on the system
  • create and deploy individual SWID tags identifying RPMs
  • add pre-built tags to repositories
  • automatically update local tags as packages are installed, updated and removed

This will involve standalone tools to query and build SWID tags and to add prebuilt tags to dnf repositories, and plugin for dnf to build and download tags. Plugin for libdnf is not in scope for Fedora 30.

Benefit to Fedora

Fedora will be usable to users and developers interested in the SWID functionality being added to relevant other tools, such as OpenSCAP-1.3.

Scope

  • Proposal owners:
  • Other developers: N/A (not a System Wide Change)
  • Policies and guidelines: N/A (not a System Wide Change)
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

N/A (not a System Wide Change)

How To Test

N/A (not a System Wide Change)

Command rpm2swidtag --primary-only bash can be used to generate example SWID tag for installed bash package.

Command swidq -a can be used to list deployed SWID tags. Out of box, only distro-level SWID tag org.fedoraproject.Fedora-30 and potentially edition SWID tag like org.fedoraproject.Fedora-30-Container will be listed.

The subpackage dnf-plugin-swidtags is able to deploy SWID tags distributed in yum/dnf repository metadata. Fedora itself does not distribute the SWID tags but it is possible to generate the SWID tags and metadata using rpm2swidtag --repo /path/to/repository. It is also possible to uncomment the rpm2swidtag_command = /usr/bin/rpm2swidtag line in /etc/dnf/plugins/swidtags.conf and in that case, the SWID tags will be locally generated for every rpm package installed or upgraded via dnf. The plugin will of course also remove SWID tags for packages that got removed during the dnf transaction, either via package removal or when replaced by different package version during upgrade or downgrade.

User Experience

No change unless users choose to enable SWID tags by installing dnf-plugin-swidtags and potentially uncommenting the rpm2swidtag_command option. Then at the end of dnf operations, SWID tags will be deployed from the repository metadata, or in the (likely) case that none are available and rpm2swidtag_command is set pointing rpm2swidtag, the SWID tags will be generated.

Command swidq allows the user to see all installed tags, their supplement relationship, and their content.

Dependencies

N/A (not a System Wide Change)

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change), No
  • Blocks product? No

Documentation

N/A (not a System Wide Change)

Release Notes

Inform users of new capabilities and how they can be used with the existing tags in fedora-release-*