From: Remi Gacogne Date: Tue, 26 Mar 2024 09:18:40 +0000 (+0100) Subject: Disable SBOM generation on el-7 (almost EOL), fix it on el-8 X-Git-Tag: rec-5.1.0-alpha1~76^2~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4b54c7db6822c31d70a5661258b4ed70c58ee163;p=thirdparty%2Fpdns.git Disable SBOM generation on el-7 (almost EOL), fix it on el-8 --- diff --git a/builder-support/dockerfiles/Dockerfile.rpmsbom b/builder-support/dockerfiles/Dockerfile.rpmsbom index 6c0cbf12d..5d59b4e73 100644 --- a/builder-support/dockerfiles/Dockerfile.rpmsbom +++ b/builder-support/dockerfiles/Dockerfile.rpmsbom @@ -1,7 +1,7 @@ +# No SBOM on el-7, which only has Python 2 and will be EOL soon anyway + RUN touch /var/lib/rpm/* && \ - if $(grep -q 'release 7' /etc/redhat-release); then \ - yum upgrade -y && yum install -y python2 python2-dnf; \ - else \ + if ! $(grep -q 'release 7' /etc/redhat-release); then \ yum upgrade -y && yum install -y python3 python3-dnf; \ fi ADD builder-support/helpers/ /pdns/builder-support/helpers/ @@ -10,8 +10,6 @@ ADD builder-support/helpers/ /pdns/builder-support/helpers/ RUN cd /pdns/builder-support/helpers/ && \ if ! $(grep -q 'release 7' /etc/redhat-release); then \ python3 generate-sbom-dnf.py /dist/pdns-recursor-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json pdns-recursor rust.json; \ - else \ - python2 generate-sbom-dnf.py /dist/pdns-recursor-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json pdns-recursor rust.json; \ fi @ENDIF @@ -19,18 +17,14 @@ RUN cd /pdns/builder-support/helpers/ && \ RUN cd /pdns/builder-support/helpers/; \ if ! $(grep -q 'release 7' /etc/redhat-release); then \ python3 generate-sbom-dnf.py /dist/dnsdist-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json dnsdist rust.json quiche.json h2o.json; \ - else \ - python2 generate-sbom-dnf.py /dist/dnsdist-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json dnsdist h2o.json; \ fi @ENDIF @IF [ -n "$M_authoritative$M_all" ] RUN cd /pdns/builder-support/helpers/ && \ - for pkg in pdns pdns-backend-geoip pdns-backend-ldap pdns-backend-lmdb pdns-backend-lua2 pdns-backend-mysql pdns-backend-odbc pdns-backend-postgresql pdns-backend-remote pdns-backend-sqlite pdns-backend-tinydns pdns-backend-ixfrdist pdns-tools; do \ - if ! $(grep -q 'release 7' /etc/redhat-release); then \ + if ! $(grep -q 'release 7' /etc/redhat-release); then \ + for pkg in pdns pdns-backend-geoip pdns-backend-ldap pdns-backend-lmdb pdns-backend-lua2 pdns-backend-mysql pdns-backend-odbc pdns-backend-postgresql pdns-backend-remote pdns-backend-sqlite pdns-backend-tinydns pdns-backend-ixfrdist pdns-tools; do \ python3 generate-sbom-dnf.py /dist/${pkg}-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json ${pkg}; \ - else \ - python2 generate-sbom-dnf.py /dist/${pkg}-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json ${pkg}; \ - fi \ - done + done ; \ + fi \ @ENDIF diff --git a/builder-support/dockerfiles/Dockerfile.rpmtest b/builder-support/dockerfiles/Dockerfile.rpmtest index 6dd5975b4..e398ffcf4 100644 --- a/builder-support/dockerfiles/Dockerfile.rpmtest +++ b/builder-support/dockerfiles/Dockerfile.rpmtest @@ -4,6 +4,8 @@ FROM dist-base as dist # If you want to install extra packages or do generic configuration, # do it before the COPY. Either here, or in the dist-base layer. +# We NEED these because pdns-builder expects to find /sdist and /dist +# in the final image COPY --from=sdist /sdist /sdist COPY --from=package-builder /dist /dist diff --git a/builder-support/helpers/generate-sbom-dnf.py b/builder-support/helpers/generate-sbom-dnf.py index 6ba91e5cc..ff6f53809 100755 --- a/builder-support/helpers/generate-sbom-dnf.py +++ b/builder-support/helpers/generate-sbom-dnf.py @@ -65,7 +65,13 @@ def addDependencyToSBOM(sbom, appInfos, pkg): def processDependencies(pkgDB, sbom, appInfos, depRelations): seenDeps = {} for require in appInfos.requires: - depName = require.name.split('(')[0] + if hasattr(require, 'name'): + depName = require.name.split('(')[0] + depSpec = require.name + else: + # hawkey.Reldep, el-8 + depName = str(require).split('(')[0] + depSpec = require if depName in ['/bin/sh', 'config', 'ld-linux-x86-64.so.2', 'rpmlib', 'rtld']: continue if depName in seenDeps: @@ -75,7 +81,7 @@ def processDependencies(pkgDB, sbom, appInfos, depRelations): matches = pkgDB.filter(name=depName).run() if len(matches) == 0: flags = [] - matches = pkgDB.filter(*flags, provides__glob=[require.name]).run() + matches = pkgDB.filter(*flags, provides__glob=[depSpec]).run() if len(matches) == 0: print(f'Unable to find a match for {depName}') continue