SBOM: More gracefully handle incomplete components from external SBOMs

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

diff --git a/builder-support/helpers/generate-sbom-dnf.py b/builder-support/helpers/generate-sbom-dnf.py
index a48f7860a7a3c898cc1a32c9887433422581b7bb..8c8d002f3936bdf70718019a23b8a983d3b35424 100755 (executable)
--- a/builder-support/helpers/generate-sbom-dnf.py
+++ b/builder-support/helpers/generate-sbom-dnf.py
@@ -162,7 +162,7 @@ def mergeLibSBOM(sbom, appInfos, lib_sbom_path, depRelations):
         component = lib_sbom_data['metadata']['component']
         main_component_name = component['name']
         print(component)
-        pkg = StaticLibDep(main_component_name, component['version'], component['description'], component.get('purl'), component.get('externalReferences'), component.get('author'), component['licenses'][0]['expression'], component['hashes'][0]['content'] if 'hashes' in component else None)
+        pkg = StaticLibDep(main_component_name, component['version'], component['description'], component.get('purl'), component.get('externalReferences') or [], component.get('author') or None, component['licenses'][0]['expression'], component['hashes'][0]['content'] if 'hashes' in component else None)
 
         addDependencyToSBOM(sbom, pkg)
         depRef = 'lib:' + pkg.name
@@ -170,7 +170,7 @@ def mergeLibSBOM(sbom, appInfos, lib_sbom_path, depRelations):
 
         sub_components = lib_sbom_data['components']
         for component in sub_components:
-            pkg = StaticLibDep(component['name'], component['version'], None, component.get('purl'), component.get('externalReferences'), component.get('author') or None, component['licenses'][0]['expression'], component['hashes'][0]['content'] if 'hashes' in component else None)
+            pkg = StaticLibDep(component['name'], component['version'], None, component.get('purl'), component.get('externalReferences') or [], component.get('author') or None, component['licenses'][0]['expression'], component['hashes'][0]['content'] if 'hashes' in component else None)
 
             addDependencyToSBOM(sbom, pkg)
             depRef = 'lib:' + pkg.name

diff --git a/pdns/dnsdistdist/dnsdist-rust-lib/rust/Cargo.toml b/pdns/dnsdistdist/dnsdist-rust-lib/rust/Cargo.toml
index f491e9a0a59febe2c18ff86f1c6c1c8968f9b582..dc853815268f422d9504f9586c342052a60c2b4f 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-rust-lib/rust/Cargo.toml
+++ b/pdns/dnsdistdist/dnsdist-rust-lib/rust/Cargo.toml
@@ -1,6 +1,8 @@
 [package]
 name = "dnsdist-rust"
 edition = "2021"
+description = "Rust-based static library for DNSdist"
+license = "GPL-2.0-only"
 # Convention: major/minor is equal to DNSdist's major/minor
 # Note that this line will be automatically updated to the value
 # BUILDER_VERSION when a release tarball is built

diff --git a/pdns/recursordist/rec-rust-lib/rust/Cargo.toml b/pdns/recursordist/rec-rust-lib/rust/Cargo.toml
index e11162e8abff66c8dbd57f12e4f7cae4ef0982f7..b8781b473b3e58260f86be477ebf65b4332dd79d 100644 (file)
--- a/pdns/recursordist/rec-rust-lib/rust/Cargo.toml
+++ b/pdns/recursordist/rec-rust-lib/rust/Cargo.toml
@@ -1,6 +1,8 @@
 [package]
 name = "recrust"
 edition = "2021"
+description = "Rust-based static library for PowerDNS recursor"
+license = "GPL-2.0-only"
 # Convention: major/minor is equal to rec's major/minor
 # Note that this line will be automatically updated to the value
 # BUILDER_VERSION when a release tarball is built