Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
AppStream › Upstream Metadata › Release Information
ContentsContents
AppStream
  1. 1 About AppStream
  2. 2 Upstream Metadata
  3. 3 Catalog Metadata
  4. 4 Miscellaneous
  5. 5 Metadata Quickstart
  6. 6 Data Validation
  7. 7 Manual pages
      appstreamcli 2012-2024Matthias Klumpp AppStream 26 July,2012 appstreamcli1appstreamcliHandle AppStream metadata formats and query AppStream dataappstreamcliCOMMANDDescription This manual page documents briefly the appstreamcli command. appstreamcli is a small helper tool to work with AppStream metadata and access the AppStream component index from the command-line. The AppStream component index contains a list of all available software components for your distribution, matched to their package names. It is generated using AppStream XML or Debian DEP-11 data, which is provided by your distributor. For more information about the AppStream project and the other components which are part of it, take a look at the AppStream pages at Freedesktop.org. Optionsget IDGet a component from the metadata pool by its identifier.ssearch TERMSearch the AppStream component pool for a given search term.what-provides TYPE TERM Return components which provide a given item. An item type can be specified using the TYPE parameter, a value to search for has to be supplied using the TERM parameter. Examples: Get components which handle the "text/xml" mediatype. appstreamcli what-provides mediatype "text/xml" Get component which provides the "libfoo.so.2" library. appstreamcli what-provides lib libfoo.so.2 refreshrefresh-cache Trigger a database refresh, if necessary. In case you want to force the database to be rebuilt, supply the --force flag. This command must be executed with root permission.status Display various information about the installed metadata and the metadata cache. os-info Show information about the current operating system from the metadata index. This requires the operating system to provide a operating-system component for itself. dump ID Dump the complete XML descriptions of components with the given ID that were found in the metadata pool. validate FILES Validate AppStream XML metadata for compliance with the specification. Both XML metadata types, upstream and distro XML, are handled. The format type which should be validated is determined automatically. The --pedantic flag triggers a more pedantic validation of the file, including minor and style issues in the report. validate-tree DIRECTORY Validate AppStream XML metadata found in a file-tree. This performs a standard validation of all found metadata, but also checks for additional errors, like the presence of .desktop files and validity of other additional metadata. check-license LICENSE Test a license string or license expression for validity and display details about it. This will check whether the license string is considered to be valid for AppStream, and return a non-zero exit code if it is not. The command will also display useful information like the canonical ID of a license, whether it is suitable as license for AppStream metadata, and whether the license is considered to be for Free and Open Source software or proprietary software. AppStream will consider any license as Free and Open Source that is marked as suitable by either the Free Software Foundation (FSF), Open Source Initiative (OSI) or explicit license list of the Debian Free Software Guidelines (DFSG). install ID Install a software component by its ID using the package manager or Flatpak. This resolves the AppStream component ID to an installation candidate and then calls either the native package manager or Flatpak (if available) to install the component. remove ID Uninstall a software component by its ID using the package manager or Flatpak. This will uninstall software matching the selected ID using either the native package manager or Flatpak (if available). put FILE Install a metadata file into the right directory on the current machine. compare-versionsvercmp VER1 [CMP] VER2 Compare two version numbers. If two version numbers are given as parameters, the versions will be compared and the comparison result will be printed to stdout. If a version number, a comparison operator and another version number are passed in as parameter, the result of the comparison operation will be printed to stdout, and appstreamcli will exit with a non-zero exit status in case the comparison failed. The comparison operator can be one of the following: eq - Equal tone - Not equal tolt - Less thangt - Greater thanle - Less than or equal toge - Greater than or equal tonew-template TYPE FILE Create a metainfo file template to be used by software projects. The --from-desktop option can be used to use a .desktop file as template for generating the example file. The generated files contain example entries which need to be filed in with the actual desired values by the project author. The first TYPE parameter is the name of an AppStream component type. For a complete list check out the documentation or the help output of appstreamcli for this subcommand. make-desktop-file MI_FILE DESKTOP_FILE Create a XDG desktop-entry file from a metainfo file. If the desktop-entry file specified in DESKTOP_FILE already exists, it will get extended with the new information extracted from the metainfo file. Otherwise a new file will be created. This command will use the first binary mentioned in a provides tag of the component for the Exec= field of the new desktop-entry file. If this is not the desired behavior, the --exec flag can be used to explicitly define a binary to launch. Other methods of launching the application are currently not supported. In order to generate a proper desktop-entry, this command assumes that not only the minimally required tags for an AppStream component are set, but also that it has an <icon/> tag of type "stock" to describe the stock icon that should be used as well as a <categories/> tag containing the categories the application should be placed in. news-to-metainfo NEWS_FILE MI_FILE [OUT_FILE] This command converts a NEWS file as used by many open source projects into the XML used by AppStream. Since NEWS files are free text, a lot of heuristics will be applied to get reasonable results. The converter can also read a YAML version of the AppStream release description and convert it to XML as well. If the metainfo file MI_FILE already exists, it will be augmented with the new release entries, otherwise the release entries will be written without any wrapping component. If [OUT_FILE] is specified, instead of acting on MI_FILE the changed data will be written to the particular file. If any of the output filenames is set to "-", the output will instead be written to stdout. The --format option can be used to enforce reading the input file in a specific format ("text" or "yaml") in case the format autodetection fails. The --limit option is used to limit the amount of release entries written (the newest entries will always be first). metainfo-to-news MI_FILE NEWS_FILE This command reverses the news-to-metainfo command and writes a NEWS file as text or YAML using the XML contained in a metainfo file. If NEWS_FILE is set to "-", the resulting data will be written to stdout instead of to a file. The --format option can be used to explicitly specify the output format ("yaml" or "text"). If it is not set, appstreamcli will guess which format is most suitable. convert FILE1 FILE1 Converts AppStream XML metadata into its YAML representation and vice versa. compose Composes an AppStream metadata catalog from a directory tree with metainfo files. This command is only available if the org.freedesktop.appstream.compose component is installed. See appstreamcli-compose1 for more information. --detailsPrint out more information about a found component.--no-colorDon't print colored output.--no-netDo not access the network when validating metadata. The same effect can be achieved by setting the AS_VALIDATE_NONET environment variable before running appstreamcli. --versionDisplay the version number of appstreamcliSee Alsopkcon1.AUTHOR This manual page was written by Matthias Klumpp matthias@tenstral.net. appstreamcli compose 2020-2024Matthias Klumpp AppStream 28 Aug,2020 appstreamcli compose1appstreamcli-composeCompose AppStream metadata catalog from directory treesappstreamcli composeCOMMANDDescription This manual page documents briefly the appstreamcli compose command. The appstreamcli compose tool is used to construct AppStream metadata catalogs from directory trees. The tool will also perform many related metadata generation actions, like resizing icons and screenshots and merging in data from referenced desktop-entry files as well as translation status information. Therefore, the tool provides a fast way to test how the final processed metadata for an application that is shipped to users may look like. It also provides a way to easily generate AppStream data for projects which do not need a more complex data generator like appstream-generator. In order for the appstreamcli compose command to be available, you may need to install the optional compose module for appstreamcli first. For more information about the AppStream project and the other components which are part of it, take a look at the AppStream pages at Freedesktop.org. OptionsSOURCE-DIRECTORIES A list of directories to process needs to be provided as positional parameters. Data from all directories will be combined into one output namespace. --origin NAME Set the AppStream data origin identifier. This can be a value like "debian-unstable-main" or "flathub". --result-root DIR Sets the directory where all generated output that is deployed to a user's machine is exported to. If this parameter is not set and we only have one directory to process, we use that directory as default output path. If both --data-dir and --icons-dir are set, --result-root is not necessary and no data will be written to that directory. --data-dir DIR Override the directory where the generated AppStream metadata catalog will be written to. Data will be written directly to this directory, and no supdirectories will be created (unlike when using --result-root to set an output location). --icons-dir DIR Override the directory where the cached icons are exported to. --hints-dir DIR Set a directory where hints reported generated during metadata processing are saved to. If this parameter is not set, no HTML/YAML hint reports will be saved. --media-dir DIR If set, creates a directory with media content (icons, screenshots, ...) that can be served via a webserver. The metadata will be extended to include information about these remote media. --media-baseurl URL The URL under which the contents of a directory set via --media-dir will be served. This value must be set if a media directory is created. --prefix DIR Set the default prefix that is used in the processed directories. If none is set explicitly, /usr is assumed. --print-report MODE Print the issue hints report (that gets exported as HTML and YAML document when --hints-dir was set) to the console in text form. Various print modes are supported: on-error only prints a short report if the run failed (default), short generates an abridged report that is always printed and full results in a detailed report to be printed. --no-partial-urls If set, all URLs in the generated data will be absolute and media_baseurl will not be used. This makes changing the media mirror harder without regenerating all data and is generally not recommended, to increase flexibility. --icon-policy POLICY-STRING Override the existing icon policy with a custom one. The icon policy sets how icons of different sizes should be dealt with. They can be in the icon cache only, be a remote icon in the media location or be both cached and available in the remote location. The icon-policy string is comprised of comma-separated %{size}x%{size}@%{scale}=%{state} statements. The size and scale are that of the respective icon, with the scale being allowed to be omitted if it is 1. The state can be one of remote, cached or cached-remote. By default, a policy of 48x48=cached,48x48@2=cached,64x64=cached,64x64@2=cached,128x128=cached-remote,128x128@2=cached-remote is selected. --allow-custom CUSTOM-KEY-NAMES By default, all custom entries set in MetaInfo input data are removed. This flag allows to whitelist custom keys to be propagated to the final catalog output data. The custom-key names should be provided as a comma-separated list. --components COMPONENT-IDs Set a comma-separated list of AppStream component IDs that should be considered for the generated metadata. All components that exist in the input data but are not mentioned in this list will be ignored for the generated output. --no-colorDon't print colored output.--verboseDisplay extra debugging information--versionDisplay the version number of appstreamcli composeSee Also appstreamcli1, appstream-generator1. AUTHOR This manual page was written by Matthias Klumpp matthias@tenstral.net.
  8. 8 AppStream API Reference
  9. Index
Navigation
AppStream › Upstream Metadata › Release Information
Top

2.2 Release Information

2.2.1 Introduction

This section documents the <releases/> tag that can be part of a component to provide information about releases made for the respective component.

Alternatively to being embedded in a component metainfo file, the data may also be split into a dedicated XML file to be updated separately.

2.2.2 Locations

Release data may be present directly in a component metainfo file, but also optionally be split out into an external metadata file.

If the releases XML is part of a metainfo file, it is embedded into it following the semantics described in the document.

If the releases XML is external, the metainfo file must contain a <releases/> tag with the type property set to external as described for component XML. The data described in this section is placed in a separate XML file with releases being its root node. The file must be installed as /usr/share/metainfo/releases/%{cid}.releases.xml, where cid is the component ID of the component the release information belongs to.

2.2.3 Example data

Release information may look like this: 

<releases>
  <release version="1.2" date="2014-04-12" urgency="high">
    <description>
      <p>This stable release fixes bugs.</p>
    </description>

    <url>https://example.org/releases/version-1.2.html</url>

    <issues>
      <issue url="https://example.com/bugzilla/12345">bz#12345</issue>
      <issue type="cve">CVE-2019-123456</issue>
    </issues>

    <artifacts>
      <artifact type="binary" platform="x86_64-linux-gnu">
        <location>https://example.com/mytarball.bin.tar.xz</location>
        <checksum type="sha256">....</checksum>
        <checksum type="blake2b">....</checksum>
        <size type="download">12345678</size>
        <size type="installed">42424242</size>
      </artifact>
      <artifact type="binary" platform="x86_64-windows-msvc">
        <location>https://example.com/mytarball.bin.exe</location>
      </artifact>
      <artifact type="source">
        <location>https://example.com/mytarball.tar.xz</location>
        <checksum type="sha256">....</checksum>
      </artifact>
    </artifacts>
  </release>
  <release version="1.1" type="development" date="2013-10-20" />
  <release version="1.0" date="2012-08-26" />
</releases>

2.2.4 Releases tag specification

The <releases> tag contains <release/> children which contain metadata about individual releases of a component. Each release of the software component should ideally have a <release/> tag describing it, but at least one release child is recommended to be present for the current release of the software. The release children must be sorted in a latest-to-oldest order to simplify reading the metadata file.

A release tag can have the properties version, date and timestamp. The date property can have any time in ISO 8601 (https://en.wikipedia.org/wiki/ISO_8601) format as its value and should be present for every release. At least day-level granularity is required, which means that the ISO 8601 string must contain at least a full date (e.g. 2020-08-12). The timestamp tag contains the release time in the form of a UNIX epoch. This tag should not be used in metainfo files in newly written metadata, but will still be parsed in case it is present. The timestamp property is mainly used in generated distro-metadata. In case both release-time tags are present, the timestamp tag will take precedence over date.

The algorithm used for comparing release version numbers is described at Section 4.1, “Version Comparison Algorithm”.

A release tag may also have a date_eol property that denotes the date when the release stops to receive support from the software developers (end-of-life). Its value can be any complete date or time in ISO 8601 (https://en.wikipedia.org/wiki/ISO_8601).

Optionally, the <release/> tag may also have an urgency property, having one of the following values:

  • low

  • medium

  • high

  • critical

The urgency defines how important it is to install the new release as an update. This is especially important for type=firmware components. If no urgency is defined, a medium urgency is implicitly assumed. The urgency defines how the update will be presented to the user, and sometimes if it will be installed automatically and immediately, or delayed.

A release tag may have a type property to classify releases with one of the following values:

  • stable

  • development

  • snapshot

By default, if no release type is defined, stable is assumed. A software displaying a listing of releases should only show stable releases and discard any development release if the current version is itself stable. It can show both stable and development versions when development versions of the software are also distributed. Instead, a snapshot release identifies an automated snapshot of the current development status. It should not be shown unless instructed to.

The release itself may have the following children:

<description/> 

A description tag contains a brief description of what is new in the release. The intended audience of the description are the users of the component (who are typically not developers), and so the description should mention only the user visible changes in the release. The description tag supports child tags as described in <description/>.

Descriptions must not contain embedded web links to issue trackers or bug reports, as these typically make no sense to users. If particular issues need to be highlighted (for example, CVEs fixed in this release), they should be listed in the issues tag.

<url/> 

The url tag must point to a web location containing additional information (usually detailed release notes) about this particular release. The url tag may have a type property with details as the only currently allowed value. If the type is missing, a URL type of details is implicitly assumed.

<issues/> 

The issues tag contains issue children defining issues resolved by this release. It is used most commonly to mention CVE (https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures) IDs. Software which is interpreting the release notes for the component should present the list of issues separately from the release description. They should not be thought of as a bullet-point list of issues which follow straight on in prose from the description element’s value.

The value of an issue tag must be the bug number, ticket name, or CVE ID and is typically displayed to the user, but may also in case of CVE IDs be read by machines. The content of an issue element is not translatable, but can be a string appropriate for the project's bug tracker.

The issue tag may have a type property, which should have a value of generic or cve. If the type property is missing, a type of generic is assumed.

It may also have a url property, which should be a URL for a details page on the respective issue.

If type is cve, the element’s value must be a CVE ID in the format defined by MITRE (https://www.cve.org/About/Process#cve-id). For example, CVE-2023-12345. Software consuming the release data of a component should be able to append the element’s value to https://nvd.nist.gov/vuln/detail/ to get a page of information about the CVE. If a url property is given, its value overrides any URL constructed from the CVE identifier. The url property is optional if type is cve.

For example: 

<issue url="https://example.com/bugzilla/12345">bz#12345</issue>

If type is generic or unspecified, the element’s value is a free-form issue identifier, and the url property must be specified. The issue identifier should be shorthand for an issue in the project’s bug tracker, and it does not have to be globally unique. It should be human readable, but does not have to be appropriate for non-technical audiences.

For example: 

<issues>
  <issue type="cve">CVE-2021-28153</issue>
  <issue url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27218">CVE-2021-27218</issue>
</issues>
<artifacts/> 

The artifacts child tag contains information about downloadable release artifacts. It itself contains the artifacts as artifact children. Each artifact tag must have a type property with the value of either binary or source to indicate whether the artifact is the releases' source-code or a binary distribution.

In case of a binary type, an optional platform property may also be set, containing a platform triplet (also known as normalized GNU triplet), such as x86_64-linux-gnu. Refer to Debian multiarch tuples (https://wiki.debian.org/Multiarch/Tuples#Used_solution) for more information on normalized GNU triplets, and AppStream's platforms.yml (https://github.com/ximion/appstream/blob/master/data/platforms.yml) for the triplet parts AppStream currently recognizes. Note that AppStream only supports strictly three-part triplets in the form of arch-oskernel-osenvironment. Parts of the triplets which do not apply can be replaced with any.

Binary artifacts may also have a bundle property to indicate the bundling system the binary distribution is made for. Refer to the bundle types in <bundle/> for a list of possible values. Each artifact can have a number of children:

location

Each artifact must have a location child, denoting the web location (HTTP or HTTPS) where it can be downloaded from. Multiple location tags are allowed to make it possible to have mirror options to download the same artifact from.

checksum

At least one checksum child must be present to contain the checksum of the released artifact. The <checksum/> tag has a type attribute, containing the name of the hash function that was used to create it. Currently aupported values (and hash sums) are: sha1, sha256, sha512, blake2b and blake3. For most purposes (on 64-bit machines), using BLAKE2b (https://blake2.net) via cksum -ablake2b [FILE] from GNU Coreutils is a good choice.

size

One or multiple size tags may also be present, which define the installed and download size of this component release artifact. The size type is defined via a type property on the size tag, and may assume the value download or installed. The size itself is set as the value and must be given in bytes.

filename

An artifact may have a filename child, containing a non-absolute filename that the artifact may be stored under. The file name is only a naming hint and applications are not required to follow it when downloading the file. If no filename tag is present, a file name may be generated from the artifact location URL. This tag must only appear once.

<tags/> 

The tags element can be used to tag releases with user-defined tags. It follows the same semantics as the one for components, as described in <tags/>.

Desktop ApplicationsChapter 2 Upstream Metadata

© 2024 Freedesktop.org, the AppStream Project