diff --git a/core/main.mk b/core/main.mk index 0f09387120..09616d08dc 100644 --- a/core/main.mk +++ b/core/main.mk @@ -2196,12 +2196,19 @@ $(PRODUCT_OUT)/sbom.spdx: $(PRODUCT_OUT)/sbom-metadata.csv $(GEN_SBOM) $(call dist-for-goals,droid,$(PRODUCT_OUT)/sbom.spdx.json:sbom/sbom.spdx.json) else -apps_only_sbom_files := $(sort $(patsubst %,%.spdx,$(apps_only_installed_files))) +apps_only_sbom_files := $(sort $(patsubst %,%.spdx.json,$(filter %.apk,$(apps_only_installed_files)))) $(apps_only_sbom_files): $(PRODUCT_OUT)/sbom-metadata.csv $(GEN_SBOM) rm -rf $@ $(GEN_SBOM) --output_file $@ --metadata $(PRODUCT_OUT)/sbom-metadata.csv --product_out_dir=$(PRODUCT_OUT) --build_version $(BUILD_FINGERPRINT_FROM_FILE) --product_mfr="$(PRODUCT_MANUFACTURER)" --unbundled sbom: $(apps_only_sbom_files) + +$(foreach f,$(apps_only_sbom_files),$(eval $(patsubst %.spdx.json,%-fragment.spdx,$f): $f)) +apps_only_fragment_files := $(patsubst %.spdx.json,%-fragment.spdx,$(apps_only_sbom_files)) +$(foreach f,$(apps_only_fragment_files),$(eval apps_only_fragment_dist_files += :sbom/$(notdir $f))) + +$(foreach f,$(apps_only_sbom_files),$(eval apps_only_sbom_dist_files += :sbom/$(notdir $f))) +$(call dist-for-goals,apps_only,$(join $(apps_only_sbom_files),$(apps_only_sbom_dist_files)) $(join $(apps_only_fragment_files),$(apps_only_fragment_dist_files))) endif $(call dist-write-file,$(KATI_PACKAGE_MK_DIR)/dist.mk) diff --git a/tools/sbom/generate-sbom.py b/tools/sbom/generate-sbom.py index 192061ea4e..d2992c58d7 100755 --- a/tools/sbom/generate-sbom.py +++ b/tools/sbom/generate-sbom.py @@ -397,7 +397,7 @@ def generate_sbom_for_unbundled(): creators=['Organization: ' + args.product_mfr]) for installed_file_metadata in reader: installed_file = installed_file_metadata['installed_file'] - if args.output_file != args.product_out_dir + installed_file + ".spdx": + if args.output_file != args.product_out_dir + installed_file + '.spdx.json': continue module_path = installed_file_metadata['module_path'] @@ -418,7 +418,10 @@ def generate_sbom_for_unbundled(): doc.created = datetime.datetime.now(tz=datetime.timezone.utc).strftime('%Y-%m-%dT%H:%M:%SZ') break - with open(args.output_file, 'w', encoding="utf-8") as file: + with open(args.output_file, 'w', encoding='utf-8') as file: + sbom_writers.JSONWriter.write(doc, file) + fragment_file = args.output_file.removesuffix('.spdx.json') + '-fragment.spdx' + with open(fragment_file, 'w', encoding='utf-8') as file: sbom_writers.TagValueWriter.write(doc, file, fragment=True)