From 48bfc660485d80e3ffe6fb14960a89fc293e4c59 Mon Sep 17 00:00:00 2001 From: Khushboo Vashi Date: Thu, 3 Aug 2023 16:08:59 +0530 Subject: [PATCH] Generate software bill of materials as part of the package builds. #3702 --- Make.bat | 4 ++++ docs/en_US/release_notes_7_6.rst | 1 + pkg/debian/build.sh | 1 + pkg/linux/build-functions.sh | 8 ++++++++ pkg/mac/build-functions.sh | 7 ++++++- pkg/mac/build.sh | 1 + pkg/redhat/build.sh | 1 + 7 files changed, 22 insertions(+), 1 deletion(-) diff --git a/Make.bat b/Make.bat index 57308ccc638..8302a7d3747 100644 --- a/Make.bat +++ b/Make.bat @@ -27,6 +27,7 @@ CALL :CREATE_VIRTUAL_ENV || EXIT /B 1 CALL :CREATE_PYTHON_ENV || EXIT /B 1 CALL :CREATE_RUNTIME_ENV || EXIT /B 1 CALL :CREATE_INSTALLER || EXIT /B 1 +CALL :GENERATE_SBOM || EXIT /B 1 CALL :SIGN_INSTALLER || EXIT /B 1 EXIT /B %ERRORLEVEL% @@ -355,6 +356,9 @@ REM Main build sequence Ends CD %WD% EXIT /B 0 +:GENERATE_SBOM + ECHO Generating SBOM... + syft "%DISTROOT%\" -o cyclonedx-json > "%DISTROOT%\cyclonedx.json" :SIGN_INSTALLER ECHO Attempting to sign the installer... diff --git a/docs/en_US/release_notes_7_6.rst b/docs/en_US/release_notes_7_6.rst index eff3b9821b0..ccae2d88cf2 100644 --- a/docs/en_US/release_notes_7_6.rst +++ b/docs/en_US/release_notes_7_6.rst @@ -33,6 +33,7 @@ Housekeeping ************ | `Issue #6588 `_ - Added support for PostgreSQL and EPAS 16 to ensure it works without any errors. + | `Issue #3702 `_ - Generate software bill of materials as part of the package builds. Bug fixes ********* diff --git a/pkg/debian/build.sh b/pkg/debian/build.sh index f8acd9bbef1..98c3155c84f 100755 --- a/pkg/debian/build.sh +++ b/pkg/debian/build.sh @@ -22,6 +22,7 @@ _create_python_virtualenv "debian" _build_runtime _build_docs "debian" _copy_code +_generate_sbom # # Server package diff --git a/pkg/linux/build-functions.sh b/pkg/linux/build-functions.sh index d7392037141..ab5356673f7 100644 --- a/pkg/linux/build-functions.sh +++ b/pkg/linux/build-functions.sh @@ -244,3 +244,11 @@ _copy_code() { rm python3 && ln -s "${PYTHON_INTERPRETER}" python3 } + +_generate_sbom() { + echo "Generating SBOMs..." + # Note that we don't generate an SBOM for the Meta package as it doesn't contain any files. + syft "${SERVERROOT}/" -o cyclonedx-json > "${SERVERROOT}/usr/${APP_NAME}/sbom-server.json" + syft "${DESKTOPROOT}/" -o cyclonedx-json > "${DESKTOPROOT}/usr/${APP_NAME}/sbom-desktop.json" + syft "${WEBROOT}/" -o cyclonedx-json > "${WEBROOT}/usr/${APP_NAME}/sbom-web.json" +} \ No newline at end of file diff --git a/pkg/mac/build-functions.sh b/pkg/mac/build-functions.sh index 921237ac578..3256d8d30ef 100644 --- a/pkg/mac/build-functions.sh +++ b/pkg/mac/build-functions.sh @@ -320,6 +320,11 @@ _complete_bundle() { chmod -R og-w "${BUNDLE_DIR}" } +_generate_sbom() { + echo "Generating SBOM..." + syft "${BUNDLE_DIR}/Contents/" -o cyclonedx-json > "${BUNDLE_DIR}/Contents/cyclonedx.json" +} + _codesign_binaries() { if [ "${CODESIGN}" -eq 0 ]; then return @@ -485,4 +490,4 @@ _notarize_pkg() { fi echo "Notarization completed successfully." -} +} \ No newline at end of file diff --git a/pkg/mac/build.sh b/pkg/mac/build.sh index 35db03a5f89..ef0df97f2bf 100755 --- a/pkg/mac/build.sh +++ b/pkg/mac/build.sh @@ -66,6 +66,7 @@ _build_runtime _create_python_env _build_docs _complete_bundle +_generate_sbom _codesign_binaries _codesign_bundle _create_dmg diff --git a/pkg/redhat/build.sh b/pkg/redhat/build.sh index 5c2726bf23e..81d577cc787 100755 --- a/pkg/redhat/build.sh +++ b/pkg/redhat/build.sh @@ -26,6 +26,7 @@ _create_python_virtualenv "redhat" _build_runtime _build_docs "redhat" _copy_code +_generate_sbom # Get an RPM-compatible version number RPM_VERSION=${APP_RELEASE}.${APP_REVISION}