feature: sbom macro to based on debuginfo_template #303
Conversation
macros/shared
Outdated
| %_cross_sbom_package_dir %{_cross_sbom_dir}/%{_uncross_name} | ||
|
|
||
| %cross_generate_sbom \ | ||
| %cross_sbom_files %{_cross_sbom_package_dir}/* |
There was a problem hiding this comment.
nit: might not be worth the extra macro for this.
macros/shared
Outdated
| # Auto-inject SBOM subpackage - set flag then expand template | ||
| %install %{?_enable_sbom_packages:%{?buildsubdir:%{expand:%%global __sbom_package 1}%_sbom_template}}\ | ||
| %%install\ | ||
| %{nil} |
There was a problem hiding this comment.
I don't like messing with %install like this. What does it actually do?
There was a problem hiding this comment.
This is what actually injects the package, causing it to build.
macros/shared
Outdated
| %cross_generate_sbom() \ | ||
| mkdir -p %{_builddir}/sbom-temp \ | ||
| sbomtool generate --name %{name} --out-dir %{_builddir}/sbom-temp --build-dir %{_builddir} --spdx --cyclonedx | ||
| sbomtool generate --name %{?1:%{1}}%{!?1:%{name}} --out-dir %{_builddir}/sbom-temp --build-dir %{?2:%{2}}%{!?2:%{_builddir}} --spdx --cyclonedx |
There was a problem hiding this comment.
Can you give some examples of %cross_generate_sbom invocations? The two argument form vs. no arguments?
rpkelly
force-pushed
the
sbom-macros
branch
2 times, most recently
from
0da91f4 to
56d97cf
Compare
bcressey
left a comment
bcressey
left a comment
There was a problem hiding this comment.
LGTM with a couple nits.
I'd like to align this with the approach I discussed in bottlerocket-os/twoliter#583 (comment) if possible.
macros/shared
Outdated
| %_sbom_template \ | ||
| %package sbom\ | ||
| Summary: SBOM (Software Bill of Materials) for %{name}\ | ||
| Group: Documentation\ |
There was a problem hiding this comment.
RPM groups are pretty useless:
| Group: Documentation\ |
macros/shared
Outdated
|
|
||
| %_enable_sbom_packages 1 | ||
|
|
||
| # Add SBOM spec parts to existing template (append to existing __spec_install_template) |
There was a problem hiding this comment.
This comment seems misleading - we're redefining the macro, not appending to it.
| # Add SBOM spec parts to existing template (append to existing __spec_install_template) |
Added macros so that a $PACKAGE-sbom sub package is always created unless an opt out is used. This package contains the spdx and cyclonedx sbom files generated by sbomtool. Signed-off-by: Richard Kelly <rpkelly@amazon.com>
3 participants
Added macros so that a $PACKAGE-sbom sub package is always created unless an opt out is used. This package contains the spdx and cyclonedx sbom files generated by sbomtool.
Issue number:
#302
Description of changes:
Changes to macro files to ensure that each package generates an SBOM and stores it in a subpackage.
Testing done:
Built a core kit, kernel kit, and AMIs using this change
Terms of contribution:
By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.