diff --git a/docs/meson.build b/docs/meson.build index 15ad4727e..060425f64 100644 --- a/docs/meson.build +++ b/docs/meson.build @@ -82,6 +82,7 @@ as_doc_src = [ 'xml/metainfo-runtime.xml', 'xml/metainfo-service.xml', 'xml/metainfo-webapp.xml', + 'xml/releases-data.xml', 'xml/Miscellaneous.xml', 'xml/misc-vercmp.xml', 'xml/misc-urihandler.xml', diff --git a/docs/xml/MetaInfo.xml b/docs/xml/MetaInfo.xml index cfbfd4fa7..5a4ca6b72 100644 --- a/docs/xml/MetaInfo.xml +++ b/docs/xml/MetaInfo.xml @@ -27,6 +27,8 @@ + + diff --git a/docs/xml/metainfo-addon.xml b/docs/xml/metainfo-addon.xml index 7d2ba22a9..b11e44a84 100644 --- a/docs/xml/metainfo-addon.xml +++ b/docs/xml/metainfo-addon.xml @@ -19,7 +19,7 @@ -
+
Example file A addon metainfo file should look like this: diff --git a/docs/xml/metainfo-component.xml b/docs/xml/metainfo-component.xml index 83fb98e42..714eab9bd 100644 --- a/docs/xml/metainfo-component.xml +++ b/docs/xml/metainfo-component.xml @@ -499,183 +499,11 @@ <releases/> - The ]]> tag contains <release/> child tags which - describe some metainformation about the current release of the described software. - Each release of the software component should have a <release/> tag describing it, - but at least one release child must be present for the current release of the software. - The release children should be sorted in a latest-to-oldest order to simplify reading - the metadata file. + The ]]> tag contains multiple release children that contain + metadata about releases made for this software component. + The release information XML is described in-depth in , + examples for a valid releases tag with artifacts are also provided there. - - A release tag can have the properties version, date and timestamp. - The date property can have any time in ISO 8601 format as its value and - should be present for every release. At least day-level granularity is required, which means that the ISO 8601 string must contain at least a full date (e.g. 2020-08-12). - The timestamp tag contains the release time in the form of a UNIX epoch. This tag should not be used in metainfo files in newly - written metadata, but will still be parsed in case it is present. The timestamp property is mainly used in generated distro-metadata. - In case both release-time tags are present, the timestamp tag will take precedence over date. - - - The algorithm used for comparing version numbers is described at . - - - A release tag may also have a date_eol property that denotes the date when the release stops to receive - support from the software developers (end-of-life). Its value can be any complete date or time in ISO 8601. - - - Optionally, the <release/> tag may also have an urgency property, having one of the following values: - - - low - medium - high - critical - - - The urgency defines how important it is to install the new release as an update. This is especially important for type=firmware - components. - If no urgency is defined, a medium urgency is implicitly assumed. - The urgency defines how the update will be presented to the user, and sometimes if it will be installed automatically and immediately, or delayed. - - - A release tag may have a type property - to classify releases with one of the following values: - - - stable - development - - - By default, if no release type is defined, stable is assumed. - A software displaying a listing of releases should only show stable releases and - discard any development release if the current version is itself stable. It can - show all versions when development versions of the software are also distributed. - - - - Each release tag may have a description tag as child, containing a brief description of what is new in the release. - The description tag is structured as described in . - - - - A release may also have a url tag as child. - The release url should point to detailed release notes that explain the changes made in this particular release. - The url tag may have a type property with details as the only currently - allowed value. If the type is missing, a URL type of details is implicitly assumed. - - - - In order to mention issues that were resolved in a release, and especially reference CVE IDs, - issue tags can be used as children of one issues tag within a release. - The value of an issue tag must be the bug number, ticket name, or CVE ID and is typically displayed to the user, but may also in case of CVE IDs be read by - machines. If the value is a CVE ID, the type property of the issue tag must be set to cve. - If the type property is missing, an issue type of generic is assumed. The url property can be used to provide - a web URL to a details page on the respective issue. It is required for all issue types, except for the cve type, where it is optional. - - - - To denote release artifacts, the artifacts child tag can be used. It itself contains the artifacts as artifact children. - Each artifact tag must have a type property with the value of either binary or source to indicate whether the - artifact is the releases' source-code or a binary distribution. - - - In case of a binary type, an optional platform property may - also be set, containing a platform triplet (also known as normalized GNU triplet), such as x86_64-linux-gnu. Refer to - Debian multiarch tuples for more information on normalized GNU triplets, and - AppStream's platforms.yml for the triplet parts AppStream currently recognizes. - Note that AppStream only supports strictly three-part triplets in the form of arch-oskernel-osenvironment. Parts of the triplets which do not apply can be - replaced with any. - - - Binary artifacts may also have a bundle property to indicate the bundling system the binary distribution is made for. Refer to - the bundle types in for a list of possible values. - Each artifact can have a number of children: - - - - - location - - - Each artifact must have a location child, denoting the web location (HTTP or HTTPS) where it can be downloaded from. - Multiple location tags are allowed to make it possible to have mirror options to download the same artifact from. - - - - - - checksum - - - At least one checksum child must be present to contain the checksum of the released artifact. - The <checksum/> tag has a type attribute, containing the name of the hash function that was used to create it. - Currently aupported values (and hash sums) are: sha1, sha256, blake2b and blake2s. - For most purposes (on 64-bit machines), using BLAKE2b via the b2sum utility from GNU Coreutils is a good choice. - - - - - - size - - - One or multiple size tags may also be present, which define the installed and download size - of this component release artifact. - The size type is defined via a type property on the size tag, and may assume the value download or installed. - The size itself is set as the value and must be given in bytes. - - - - - - filename - - - An artifact may have a filename child, containing a non-absolute filename that the artifact may be stored under. The file name is only a naming hint and - applications are not required to follow it when downloading the file. If no filename tag is present, a file name may be generated from the artifact - location URL. - This tag must only appear once. - - - - - - - - Examples for a valid releases tag with artifacts: - - - - -

This stable release fixes bugs.

- - - https://example.org/releases/version-1.2.html - - - bz#12345 - CVE-2019-123456 - - - - - https://example.com/mytarball.bin.tar.xz - .... - .... - 12345678 - 42424242 - - - https://example.com/mytarball.bin.exe - - - https://example.com/mytarball.tar.xz - .... - - - - - -]]> diff --git a/docs/xml/releases-data.xml b/docs/xml/releases-data.xml new file mode 100644 index 000000000..e4d6ef3bf --- /dev/null +++ b/docs/xml/releases-data.xml @@ -0,0 +1,231 @@ + + +%BOOK_ENTITIES; +]> + +
+ Release Information + +
+ Introduction + + This section documents the tag that can be part of a component to provide + information about releases made for the respective component. + +
+ +
+ Example data + + Release information may look like this: + + + + +

This stable release fixes bugs.

+ + + https://example.org/releases/version-1.2.html + + + bz#12345 + CVE-2019-123456 + + + + + https://example.com/mytarball.bin.tar.xz + .... + .... + 12345678 + 42424242 + + + https://example.com/mytarball.bin.exe + + + https://example.com/mytarball.tar.xz + .... + + + + + +]]> +
+ +
+ Releases tag specification + + The ]]> tag contains <release/> children which + contain metadata about individual releases of a component. + Each release of the software component should ideally have a <release/> tag describing it, + but at least one release child is recommended to be present for the current release of the software. + The release children must be sorted in a latest-to-oldest order to simplify reading + the metadata file. + + + A release tag can have the properties version, date and timestamp. + The date property can have any time in ISO 8601 format as its value and + should be present for every release. At least day-level granularity is required, which means that the ISO 8601 string must contain at least a full date (e.g. 2020-08-12). + The timestamp tag contains the release time in the form of a UNIX epoch. This tag should not be used in metainfo files in newly + written metadata, but will still be parsed in case it is present. The timestamp property is mainly used in generated distro-metadata. + In case both release-time tags are present, the timestamp tag will take precedence over date. + + + The algorithm used for comparing release version numbers is described at . + + + A release tag may also have a date_eol property that denotes the date when the release stops to receive + support from the software developers (end-of-life). Its value can be any complete date or time in ISO 8601. + + + Optionally, the <release/> tag may also have an urgency property, having one of the following values: + + + low + medium + high + critical + + + The urgency defines how important it is to install the new release as an update. This is especially important for type=firmware + components. + If no urgency is defined, a medium urgency is implicitly assumed. + The urgency defines how the update will be presented to the user, and sometimes if it will be installed automatically and immediately, or delayed. + + + A release tag may have a type property + to classify releases with one of the following values: + + + stable + development + + + By default, if no release type is defined, stable is assumed. + A software displaying a listing of releases should only show stable releases and + discard any development release if the current version is itself stable. It can + show all versions when development versions of the software are also distributed. + + + + The release itself may have the following children: + + + + <description/> + + + A description tag contains a brief description of what is new in the release. + The description tag is structured as described in . + + + + + + <url/> + + + The url tag must point to a web location containing additional information (usually + detailed release notes) about this particular release. + The url tag may have a type property with details as the only currently + allowed value. If the type is missing, a URL type of details is implicitly assumed. + + + + + + <issues/> + + + The issues tag contains issue children defining issues resolved by this release. + It is used most commonly to mention CVE IDs, + + + The value of an issue tag must be the bug number, ticket name, or CVE ID and is typically displayed to the user, but may also in case of CVE IDs be read by + machines. If the value is a CVE ID, the type property of the issue tag must be set to cve. + If the type property is missing, an issue type of generic is assumed. The url property can be used to provide + a web URL to a details page on the respective issue. It is required for all issue types, except for the cve type, where it is optional. + + + + + + <artifacts/> + + + The artifacts child tag contains information about downloadable release artifacts. + It itself contains the artifacts as artifact children. + Each artifact tag must have a type property with the value of either binary or source to indicate whether the + artifact is the releases' source-code or a binary distribution. + + + In case of a binary type, an optional platform property may + also be set, containing a platform triplet (also known as normalized GNU triplet), such as x86_64-linux-gnu. Refer to + Debian multiarch tuples for more information on normalized GNU triplets, and + AppStream's platforms.yml for the triplet parts AppStream currently recognizes. + Note that AppStream only supports strictly three-part triplets in the form of arch-oskernel-osenvironment. Parts of the triplets which do not apply can be + replaced with any. + + + Binary artifacts may also have a bundle property to indicate the bundling system the binary distribution is made for. Refer to + the bundle types in for a list of possible values. + Each artifact can have a number of children: + + + + + location + + + Each artifact must have a location child, denoting the web location (HTTP or HTTPS) where it can be downloaded from. + Multiple location tags are allowed to make it possible to have mirror options to download the same artifact from. + + + + + + checksum + + + At least one checksum child must be present to contain the checksum of the released artifact. + The <checksum/> tag has a type attribute, containing the name of the hash function that was used to create it. + Currently aupported values (and hash sums) are: sha1, sha256, blake2b and blake2s. + For most purposes (on 64-bit machines), using BLAKE2b via the b2sum utility from GNU Coreutils is a good choice. + + + + + + size + + + One or multiple size tags may also be present, which define the installed and download size + of this component release artifact. + The size type is defined via a type property on the size tag, and may assume the value download or installed. + The size itself is set as the value and must be given in bytes. + + + + + + filename + + + An artifact may have a filename child, containing a non-absolute filename that the artifact may be stored under. The file name is only a naming hint and + applications are not required to follow it when downloading the file. If no filename tag is present, a file name may be generated from the artifact + location URL. + This tag must only appear once. + + + + + + + + + +
+