SWID tag enablement
Summary
Provide tools to allow users and developers to create Software Identity (SWID) tags for Fedora installs and repositories.
Owner
- Name: Jan Pazdziora
- Email: jpazdziora@redhat.com
- Release notes owner:
Current status
- Targeted release: Fedora 30
- Last updated: 2019-02-07
- Tracker bug: <will be assigned by the Wrangler>
Detailed Description
SWID (ISO/IEC 19770:2-2015) is a portable standard for identifying software installed on a system. We already have SWID tags in fedora-release to identify the overall release+edition of Fedora. We will add tools to allow users to
- list installed tags
- create and install individual tags identifying RPMs
- add pre-built tags to repositories
- automatically update local tags as packages are installed, updated and removed
This will involve standalone tools to query and build SWID tags and to add prebuilt tags to dnf repositories, and plugins for dnf/libdnf to build and download tags.
Benefit to Fedora
Fedora will be usable to users and developers interested in the SWID functionality being added to relevant other tools, such as OpenSCAP-1.3.
Scope
- Proposal owners:
- add python SWID tools (swidq, rpm2swidtag)
- add ability to extend createrepo_c output repository metadata with SWID information (but this will not be used in Fedora, only enabled for user use), agreeing metadata format with dnf team
- guidance also sought at http://lists.rpm.org/pipermail/rpm-ecosystem/2019-February/000711.html
- add dnf and libdnf plugins (no core dnf/libdnf changes expected)
- Other developers: N/A (not a System Wide Change)
- Release engineering: #Releng issue number (a check of an impact with Release Engineering is needed)
- List of deliverables: N/A (not a System Wide Change)
- Policies and guidelines: N/A (not a System Wide Change)
- Trademark approval: N/A (not needed for this Change)
Upgrade/compatibility impact
N/A (not a System Wide Change)
How To Test
N/A (not a System Wide Change)
User Experience
No change unless users choose to enable SWID tags. If requested, SWID tags will be either built automatically on demand for installed RPMs, or downloaded from a repository that the user has added SWID tags to, at the user’s choice. swidq will allow the user to see all installed tags and their relationships.
Dependencies
N/A (not a System Wide Change)
Contingency Plan
- Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? N/A (not a System Wide Change), No
- Blocks product? No
Documentation
N/A (not a System Wide Change)
Release Notes
Inform users of new capabilities and how they can be used with the existing tags in fedora-release-*