jami/jami-daemon
1
0
Fork 0
mirror of https://git.jami.net/savoirfairelinux/jami-daemon.git synced 2025-08-12 22:09:25 +08:00
Code Issues Projects Releases Wiki Activity

sbom: add generation for windows packages in SBOM

Browse Source 
When running `make cyclonedx`, it will also try to generate a separate
SBOM for the Windows packages. For this, it require `jq` to be installed
or it will generate only the linux SBOM.
GitLab: #1021

Change-Id: I50dfc23c7e053e4674d2b6816a9c53106414c1d3
This commit is contained in:
Louis Maillard
2024-07-02 09:16:29 -04:00
committed by Adrien Béraud
parent 6d98bac2e8
commit e5afe3c5a1
2 changed files with 48 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
contrib/src/cyclonedx.sh
View File

@ -7,11 +7,33 @@
set -euo pipefail # Enable error checking set -euo pipefail # Enable error checking
function read_package_jsons() {
local SRC="${1:-}"
local win_cpe_list=()
for folder in "${SRC}"/*; do
if [[ -d "${folder}" ]]; then
local package_json="${folder}/package.json"
if [[ -f "${package_json}" ]]; then
local cpe=""
cpe=$(jq -r '.cpe' "${package_json}")
# if cpe string start with "cpe:2.3:" then it's a valid CPE
if [[ "${cpe}" == cpe:2.3:* ]]; then
win_cpe_list+=("${cpe}")
fi
fi
fi
done
echo "${win_cpe_list[@]}"
}
function main() { function main() {
local list_cpe=$1 local list_cpe=$1
local output="common-jami-daemon.cdx.json" local filename="${2:-sbom.cdx.json}"
cat <<EOF > $output cat <<EOF > "$filename"
{ {
"bomFormat": "CycloneDX", "bomFormat": "CycloneDX",
"specVersion": "1.5", "specVersion": "1.5",
@ -35,6 +57,10 @@ EOF
# Split CPE v2.3 string to extract vendor, product, and version # Split CPE v2.3 string to extract vendor, product, and version
IFS=':' read -r -a cpe_parts <<< "$cpe" IFS=':' read -r -a cpe_parts <<< "$cpe"
if (( ${#cpe_parts[@]} < 6 )); then
continue
fi
# Assuming standard CPE v2.3 format: cpe:2.3:a:vendor:product:version:... # Assuming standard CPE v2.3 format: cpe:2.3:a:vendor:product:version:...
vendor="${cpe_parts[3]}" vendor="${cpe_parts[3]}"
product="${cpe_parts[4]}" product="${cpe_parts[4]}"
@ -53,10 +79,10 @@ EOF
esac esac
if (( components_writed >= 1 )); then if (( components_writed >= 1 )); then
echo " }," >> $output echo " }," >> "$filename"
fi fi
cat <<EOF >> $output cat <<EOF >> "$filename"
{ {
"type": "$kind", "type": "$kind",
"bom-ref": "$cpe", "bom-ref": "$cpe",
@ -71,15 +97,28 @@ EOF
done done
if (( components_writed >= 1 )); then if (( components_writed >= 1 )); then
echo " }" >> $output echo " }" >> "$filename"
fi fi
cat <<EOF >> $output cat <<EOF >> "$filename"
] ]
} }
EOF EOF
echo "CycloneDX SBOM file generated: $output (contains $components_writed components)" echo "CycloneDX SBOM file generated: $filename (contains $components_writed components)"
} }
main "$@" if [[ $# -ne 2 ]]; then
echo "Usage: $0 <list of CPE id> <SRC folder>"
exit 1
fi
main "$1" "common-jami-daemon.cdx.json"
if ! command -v jq &> /dev/null; then
echo "jq is not installed, please install it"
exit 1
fi
cpe_windows=$(read_package_jsons "$2")
main "$cpe_windows" "windows-jami-daemon.cdx.json"

2
contrib/src/main.mak
View File

@ -507,7 +507,7 @@ package: install
pprint = @echo ' $(or $(sort $1), None)' | fmt pprint = @echo ' $(or $(sort $1), None)' | fmt
cyclonedx: cyclonedx:
@$(SRC)/cyclonedx.sh "$(PKG_CPE)" @$(SRC)/cyclonedx.sh "$(PKG_CPE)" "$(SRC)"
list: list:
@echo All packages: @echo All packages: