The PKG_CPE_ID links to NIST CPE version 2.2.
Assign PKG_CPE_ID to all remaining tools which have a CPE ID.
Not every tool has CPE id.
Related: https://github.com/openwrt/packages/issues/8534
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Zip always try to generate new encryption header depending on execution
time and process id, which is far from being reproducible. This commit
changes the zip srand() seed to a predictable value to generate
reproducible random bytes for the encryption header. This will compromise
the goal of secure archive encryption, but it would not be a big problem
for our purpose.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Remove "--mtime" option introduced in commit 18c9faa032 ("tools: zip:
add option for reproducible archives") and instead fetch SOURCE_DATE_EPOCH
environment variable directly in the code.
Ref: https://sourceforge.net/p/infozip/patches/25/
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Add the option -mt/--mtime to pass a timestamp which is used as filedate
for the containing files.
So far, it isn't used for anything written to the extra fields,
therefore requires the -X (eXclude eXtra file attributes) parameter to
be effective.
Signed-off-by: Mathias Kresin <dev@kresin.me>
One image requires a zip compressed image, so add the zip util found in
the packages feed, and extend it with some useful debian patches.
Signed-off-by: Mathias Kresin <dev@kresin.me>
