various: add meta.identifier.cpeParts to a batch of packages

[0xf09f95b4]

This PR adds CPE identifiers to various packages using the new CPE tools added in #439074.

The idea is to test how well all this works and get at least some of these tags off the ground.

I started with a few packages that seemed central to me and went from there to also tag dependencies. I stopped at a round 40 files changed.

I also used the go-cpe-dictionary project to download a local copy of the cpe database and compare these entries. I tried to start with software that seemed to have relatively recent entries/versions in the CPE database.

All of these were simple additions of vendor names.

These CPEs are added:

cpe:2.3:a:google:brotli:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:netfilter:conntrack-tools:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:cryptsetup_project:cryptsetup:2.8.3:*:*:*:*:*:*:*
cpe:2.3:a:haxx:curl:8.17.0:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:dbus:1.14.10:*:*:*:*:*:*:*
cpe:2.3:a:elfutils_project:elfutils:0.194:*:*:*:*:*:*:*
cpe:2.3:a:git-scm:git:2.52.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:gnutls:3.8.11:*:*:*:*:*:*:*
cpe:2.3:a:libarchive:libarchive:3.8.4:*:*:*:*:*:*:*
cpe:2.3:a:libcap_project:libcap:2.77:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:libgcrypt:1.11.2:*:*:*:*:*:*:*
cpe:2.3:a:libnl_project:libnl:3.12.0:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:libressl:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:libseccomp_project:libseccomp:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:libuv:libuv:1.51.0:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxslt:1.1.45:*:*:*:*:*:*:*
cpe:2.3:a:linux-pam:linux-pam:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:lz4_project:lz4:1.10.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:networkmanager:1.54.3:*:*:*:*:*:*:*
cpe:2.3:a:p11-kit_project:p11-kit:0.25.10:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.42.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:libidn2:2.3.8:*:*:*:*:*:*:*
cpe:2.3:a:xmlsoft:libxml2:2.15.1:*:*:*:*:*:*:*
cpe:2.3:a:ncurses_project:ncurses:6.6:*:*:*:*:*:*:*
cpe:2.3:a:nettle_project:nettle:3.10.2:*:*:*:*:*:*:*
cpe:2.3:a:openssl:openssl:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:pcre:pcre2:10.46:*:*:*:*:*:*:*
cpe:2.3:a:sqlite:sqlite:3.51.2:*:*:*:*:*:*:*
cpe:2.3:a:zlib:zlib:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:netfilter:iptables:1.8.11:*:*:*:*:*:*:*
cpe:2.3:a:kernel:kmod:31:*:*:*:*:*:*:*
cpe:2.3:a:libbpf_project:libbpf:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:systemd_project:systemd:258.3:*:*:*:*:*:*:*
cpe:2.3:a:w1.fi:wpa_supplicant:2.11:*:*:*:*:*:*:*
cpe:2.3:a:tukaani:xz:5.8.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:coreutils:9.9:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:10.2p1:*:*:*:*:*:*:*
cpe:2.3:a:gnupg:gnupg:2.4.8:*:*:*:*:*:*:*
cpe:2.3:a:docker:docker:29.1.5:*:*:*:*:*:*:*
cpe:2.3:a:mobyproject:moby:29.1.5:*:*:*:*:*:*:*

@YorikSar: I tried to use your shiny new tools for the first time. Maybe you're interested :).

Things done

• Built on platform:
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• Tested, as applicable:
  • NixOS tests in nixos/tests.
  • Package tests at passthru.tests.
  • Tests in lib/tests or pkgs/test for functions and "core" functionality.
• Ran nixpkgs-review on this PR. See nixpkgs-review usage.
• Tested basic functionality of all binary files, usually in ./result/bin/.
• Nixpkgs Release Notes
  • Package update: when the change is major or breaking.
• NixOS Release Notes
  • Module addition: when adding a new NixOS module.
  • Module update: when the change is significant.
• Fits CONTRIBUTING.md, pkgs/README.md, maintainers/README.md and other READMEs.

[infinisil]

Manually verified, but some weren't quite right

[qweered]

Also pr and commit title should be various: add meta.identifier.cpeParts cause its not a treewide change

[0xf09f95b4]

Thanks for your thorough reviews!

@infinisil: You caught 3 CPEs that were deprecated :( Seems like a search in a local copy of the CPE database is not enough, or at least one always also needs to check for deprecation status or in the online search when multiple CPEs/vendors match...

[jopejoe1]

Another source for finding what CPE a package has is Repology's problems page.