+# No SBOM on el-7, which only has Python 2 and will be EOL soon anyway
+
RUN touch /var/lib/rpm/* && \
- if $(grep -q 'release 7' /etc/redhat-release); then \
- yum upgrade -y && yum install -y python2 python2-dnf; \
- else \
+ if ! $(grep -q 'release 7' /etc/redhat-release); then \
yum upgrade -y && yum install -y python3 python3-dnf; \
fi
ADD builder-support/helpers/ /pdns/builder-support/helpers/
RUN cd /pdns/builder-support/helpers/ && \
if ! $(grep -q 'release 7' /etc/redhat-release); then \
python3 generate-sbom-dnf.py /dist/pdns-recursor-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json pdns-recursor rust.json; \
- else \
- python2 generate-sbom-dnf.py /dist/pdns-recursor-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json pdns-recursor rust.json; \
fi
@ENDIF
RUN cd /pdns/builder-support/helpers/; \
if ! $(grep -q 'release 7' /etc/redhat-release); then \
python3 generate-sbom-dnf.py /dist/dnsdist-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json dnsdist rust.json quiche.json h2o.json; \
- else \
- python2 generate-sbom-dnf.py /dist/dnsdist-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json dnsdist h2o.json; \
fi
@ENDIF
@IF [ -n "$M_authoritative$M_all" ]
RUN cd /pdns/builder-support/helpers/ && \
- for pkg in pdns pdns-backend-geoip pdns-backend-ldap pdns-backend-lmdb pdns-backend-lua2 pdns-backend-mysql pdns-backend-odbc pdns-backend-postgresql pdns-backend-remote pdns-backend-sqlite pdns-backend-tinydns pdns-backend-ixfrdist pdns-tools; do \
- if ! $(grep -q 'release 7' /etc/redhat-release); then \
+ if ! $(grep -q 'release 7' /etc/redhat-release); then \
+ for pkg in pdns pdns-backend-geoip pdns-backend-ldap pdns-backend-lmdb pdns-backend-lua2 pdns-backend-mysql pdns-backend-odbc pdns-backend-postgresql pdns-backend-remote pdns-backend-sqlite pdns-backend-tinydns pdns-backend-ixfrdist pdns-tools; do \
python3 generate-sbom-dnf.py /dist/${pkg}-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json ${pkg}; \
- else \
- python2 generate-sbom-dnf.py /dist/${pkg}-${BUILDER_VERSION}-${BUILDER_TARGET}.cyclonedx.json ${pkg}; \
- fi \
- done
+ done ; \
+ fi \
@ENDIF
# If you want to install extra packages or do generic configuration,
# do it before the COPY. Either here, or in the dist-base layer.
+# We NEED these because pdns-builder expects to find /sdist and /dist
+# in the final image
COPY --from=sdist /sdist /sdist
COPY --from=package-builder /dist /dist
def processDependencies(pkgDB, sbom, appInfos, depRelations):
seenDeps = {}
for require in appInfos.requires:
- depName = require.name.split('(')[0]
+ if hasattr(require, 'name'):
+ depName = require.name.split('(')[0]
+ depSpec = require.name
+ else:
+ # hawkey.Reldep, el-8
+ depName = str(require).split('(')[0]
+ depSpec = require
if depName in ['/bin/sh', 'config', 'ld-linux-x86-64.so.2', 'rpmlib', 'rtld']:
continue
if depName in seenDeps:
matches = pkgDB.filter(name=depName).run()
if len(matches) == 0:
flags = []
- matches = pkgDB.filter(*flags, provides__glob=[require.name]).run()
+ matches = pkgDB.filter(*flags, provides__glob=[depSpec]).run()
if len(matches) == 0:
print(f'Unable to find a match for {depName}')
continue