From Fedora Project Wiki

Revision as of 16:32, 7 February 2019 by Adelton (talk | contribs) (Clarify relationship with createrepo.)

SWID tag enablement

Summary

Provide tools to allow users and developers to create Software Identity (SWID) tags for Fedora installs and repositories.

Owner

  • Name: Jan Pazdziora
  • Email: jpazdziora@redhat.com
  • Release notes owner:


Current status

  • Targeted release: Fedora 30
  • Last updated: 2019-02-07
  • Tracker bug: <will be assigned by the Wrangler>

Detailed Description

SWID (ISO/IEC 19770:2-2015) is a portable standard for identifying software installed on a system. We already have SWID tags in fedora-release to identify the overall release+edition of Fedora. We will add tools to allow users to

  • list installed tags
  • create and install individual tags identifying RPMs
  • add pre-built tags to repositories
  • automatically update local tags as packages are installed, updated and removed

This will involve standalone tools to query and build SWID tags and to add prebuilt tags to dnf repositories, and plugins for dnf/libdnf to build and download tags.

Benefit to Fedora

Fedora will be usable to users and developers interested in the SWID functionality being added to relevant other tools, such as OpenSCAP-1.3.

Scope

  • Proposal owners:
    • add python SWID tools (swidq, rpm2swidtag)
    • add ability to extend createrepo_c output repository metadata with SWID information (but this will not be used in Fedora, only enabled for user use), agreeing metadata format with dnf team
    • add dnf and libdnf plugins (no core dnf/libdnf changes expected)
  • Other developers: N/A (not a System Wide Change)
  • Policies and guidelines: N/A (not a System Wide Change)
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

N/A (not a System Wide Change)

How To Test

N/A (not a System Wide Change)

User Experience

No change unless users choose to enable SWID tags. If requested, SWID tags will be either built automatically on demand for installed RPMs, or downloaded from a repository that the user has added SWID tags to, at the user’s choice. swidq will allow the user to see all installed tags and their relationships.

Dependencies

N/A (not a System Wide Change)

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change), No
  • Blocks product? No

Documentation

N/A (not a System Wide Change)

Release Notes

Inform users of new capabilities and how they can be used with the existing tags in fedora-release-*