lint: Honor 'cpe-name' and 'cpe-version' package properties.

* guix/scripts/lint.scm (package-name->cpe-name): Remove.
(package-vulnerabilities): Honor 'cpe-name' and 'cpe-version'
properties.
* gnu/packages/grub.scm (grub)[properties]: New field.
* gnu/packages/gnuzilla.scm (icecat)[properties]: Add 'cpe-name' and
'cpe-version'.
* doc/guix.texi (Invoking guix lint): Mention 'cpe-name'.

1 files changed, 13 insertions, 0 deletions

diff --git a/doc/guix.texi b/doc/guix.texi
index 0e63ecadfd..3f0106be02 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -4961,6 +4961,19 @@ To view information about a particular vulnerability, visit pages such as:
 where @code{CVE-YYYY-ABCD} is the CVE identifier---e.g.,
 @code{CVE-2015-7554}.
 
+Package developers can specify in package recipes the
+@uref{https://nvd.nist.gov/cpe.cfm,Common Platform Enumeration (CPE)}
+name and version of the package when they differ from the name that Guix
+uses, as in this example:
+
+@example
+(package
+  (name "grub")
+  ;; @dots{}
+  ;; CPE calls this package "grub2".
+  (properties '((cpe-name . "grub2"))))
+@end example
+
 @item formatting
 Warn about obvious source code formatting issues: trailing white space,
 use of tabulations, etc.