metadata_file.proto - OpenGrok cross reference for /build/make/tools/protos/metadata

Lines Matching refs:package
17 package metadata_file;
21   // Name of the package.
24   // A short description (a few lines) of the package.
33   // URL(s) associated with the package.
37   // a package should contain only a single URL from these types.  Occasionally,
38   // a package may be broken across multiple archive files for whatever reason,
44   // The package version.  In order of preference, this should contain:
45   //  - If the package comes from Git or another source control system,
48   //  - a released package version such as "1.0", "2.3-beta", etc.
49   //  - the date the package was retrieved, formatted as "As of YYYY-MM-DD".
52   // The date of the change in which the package was last upgraded from
54   // This should only identify package upgrades from upstream, not local
58   // Note: this is NOT the date that this version of the package was released
62   // License type that identifies how the package may be used.
65   // An additional note explaining the licensing of this package.  This is most
69   // Description of local changes that have been made to the package.  This does
79   // instructions for using the package, as determined by an ISE-TPS review.
85   // The homepage for the package. This will eventually replace
89   // SBOM information of the package. It is mandatory for prebuilt packages.
95   // Identifiers for the package.
99 // URL associated with a third-party package.
102     // The homepage for the package. For example, "https://bazel.io/". This URL
104     // or to get more information about the package. This is especially helpful
109     // The URL of the archive containing the source code for the package, for
113     // The URL of the upstream git repository this package is retrieved from.
118     // Use of a git URL requires that the package "version" value must specify a
122     // The URL of the upstream SVN repository this package is retrieved from.
126     // Use of an SVN URL requires that the package "version" value must specify
130     // The URL of the upstream mercurial repository this package is retrieved
134     // Use of a mercurial URL requires that the package "version" value must
138     // The URL of the upstream darcs repository this package is retrieved
142     // Use of a DARCS URL requires that the package "version" value must
155     // The URL identifying where the local copy of the package source code can
158     // Typically, the metadata files describing a package reside in the same
159     // directory as the source code for the package. In a few rare cases where
163     // package was retrieved from.
190 // instructions for using the package.
192   // Security risk category for a package, as determined by an ISE-TPS review.
209   // Identifies the security risk category for the package.  This will be
211   // package.
214   // An additional security note for the package.
217   // Text tag to categorize the package. It's currently used by security to:
233   // This directory represents a package.
268 // Reference to external SBOM document and element corresponding to the package.
271   // The URL that points to the SBOM document of the upstream package of this
272   // third_party package.
278   // SPDXID of the upstream package/file defined in the SBOM document the url field points to.
280   // https://spdx.github.io/spdx-spec/v2.3/package-information/#72-package-spdx-identifier-field or
285 // Identifier for a third-party package.
295   //  package is retrieved from.
300   //  Use of a git URL requires that the package "version" value must specify a
304   //  package is retrieved from.
308   //  Use of an SVN URL requires that the package "version" value must specify
312   //  this package is retrieved from.
316   //  Use of a mercurial URL requires that the package "version" value must
320   //  this package is retrieved from.
324   //  Use of a Darcs URL requires that the package "version" value must
328   //  This is primarily used when a package is being migrated into third_party
329   //  from elsewhere in Piper, or when a package is being newly developed in
336   //  source code for the package, for example a zip or tgz file.
342   //  the relative path of the artifact to the root of a package.
356   //  copy of the package source code can be found.
360   //  Typically, the metadata files describing a package reside in the same
361   //  directory as the source code for the package. In a few rare cases where
365   //  package was retrieved from.
374   // A human readable string to indicate why a third-package package does not
383   // The value of the package identifier as defined by the "type".
392   // The version associated with this package as defined by the "type".
401   // The closest version associated with this package as defined by the "type".
403   // heuristics, such as the closest git tag or package version from a package
420   // code for this package was originally obtained. This should only be set for
421   // *one* Identifier in a third_party package's METADATA.
424   // with the version control system or package manager that was used to