Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
+++ This bug was initially created as a clone of Bug #404361 +++
CPE (Common Platform Enumeration) is a structured naming scheme for platforms
proposed by Mitre.
CPE is used by the National Vulnerability Database and is part of SCAP and is
designed to be a way of providing a formal way to uniquely identify a platform.
Whilst security tools can guess our platform by reading
/etc/[fedora|redhat|system]-release, parsing the marketing names is not
consistent. We're already using CPE names to identify platforms and metrics
when releasing Red Hat Enterprise Linux advisories.
So the proposal is to have fedora-release provide the CPE name for the release
in such a way that third party system tools can make use of it, and also to
convince other distributions to do the same.
For example, the formal name for the OS platform Fedora 8 is
"cpe://o:fedora_project:fedora:8" (ignore the incorrect name used in the
dictionary on the NVD site, it's due for update shortly)
This is a common platform name, regardless of what individual applications
(packages) are provided. Therefore spins can use the same name.
So perhaps provide a /etc/system-release-cpe (/etc/system-cpe?) file containing
cpe://o:fedora_project:fedora:%{version}
Contact me for the specific RHEL names, but they're of the form like:
cpe://o:redhat:enterprise_linux:6:GA:Server
cpe://o:redhat:enterprise_linux:6:Update1:Client
Hi Dennis, I noticed that the format of the CPE name wasn't updated to match the latest CPE spec which only uses one slash after cpe: and a lowercase product variant. So can you update it to something like this?
echo "cpe:/o:redhat:enterprise_linux:%{version}:%{?beta: %{beta}}%{!?beta: GA}" > $RPM_BUILD_ROOT/etc/system-release-cpe
Thanks, Mark
Alan, for RHEV you need to use the official RHEV CPE name, this can be found in the master product file (product.xml), where it is:
cpe:/o:redhat:enterprise_virtualization_hypervisor:2.1
Do you want me to file a bz for this? (I assume against ovirt-node pkg)
Comment 9Dennis Gregorovic
2009-09-18 11:46:45 UTC
CPE text updated to match the latest spec. redhat-release-6-6.0.0.13
Comment 13releng-rhel@redhat.com
2009-10-28 15:51:07 UTC
Fixed in 'redhat-release-6-6.0.0.14'. 'redhat-release-6-6.0.0.15' included in compose 'RHEL6.0-20091027.3'.
Moving to ON_QA.
Comment 14Alexander Todorov
2010-05-14 11:42:30 UTC
redhat-release-server-6-6.0.0.27.el6.x86_64
# cat /etc/system-release-cpe
cpe:/o:redhat:enterprise_linux:6:beta:server
Moving to VERIFIED.
Comment 15releng-rhel@redhat.com
2010-11-11 14:54:55 UTC
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.