StrixOS/build
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge "Add deps tracking for SBOMs"

Browse Source
This commit is contained in:
Ibrahim Kanouche
2023-01-18 16:11:49 +00:00
committed by Gerrit Code Review
parent bed1ff2372 649b4d741c
commit cf066f01f3
3 changed files with 152 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
tools/compliance/cmd/sbom/sbom.go
View File

@@ -271,6 +271,17 @@ func getProjectMetadata(_ *context, pmix *projectmetadata.Index,
return pms[index], nil
}
// inputFiles returns the complete list of files read
func inputFiles(lg *compliance.LicenseGraph, pmix *projectmetadata.Index, licenseTexts []string) []string {
projectMeta := pmix.AllMetadataFiles()
targets := lg.TargetNames()
files := make([]string, 0, len(licenseTexts)+len(targets)+len(projectMeta))
files = append(files, licenseTexts...)
files = append(files, targets...)
files = append(files, projectMeta...)
return files
}
// sbomGenerator implements the spdx bom utility
// SBOM is part of the new government regulation issued to improve national cyber security
@@ -417,6 +428,7 @@ func sbomGenerator(ctx *context, files ...string) ([]string, error) {
fmt.Fprintf(ctx.stdout, "ExtractedText: <text>%v</text>\n", string(text))
}
deps := licenseTexts
deps := inputFiles(lg, pmix, licenseTexts)
sort.Strings(deps)
return deps, nil
}

138
tools/compliance/cmd/sbom/sbom_test.go
View File

@@ -129,7 +129,16 @@ func Test(t *testing.T) {
spdxExtractedText{"&&&First Party License&&&"},
spdxExtractedClosingText{},
},
expectedDeps: []string{"testdata/firstparty/FIRST_PARTY_LICENSE"},
expectedDeps: []string{
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/firstparty/bin/bin1.meta_lic",
"testdata/firstparty/bin/bin2.meta_lic",
"testdata/firstparty/highest.apex.meta_lic",
"testdata/firstparty/lib/liba.so.meta_lic",
"testdata/firstparty/lib/libb.so.meta_lic",
"testdata/firstparty/lib/libc.a.meta_lic",
"testdata/firstparty/lib/libd.so.meta_lic",
},
},
{
condition: "firstparty",
@@ -172,7 +181,13 @@ func Test(t *testing.T) {
spdxExtractedText{"&&&First Party License&&&"},
spdxExtractedClosingText{},
},
expectedDeps: []string{"testdata/firstparty/FIRST_PARTY_LICENSE"},
expectedDeps: []string{
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/firstparty/application.meta_lic",
"testdata/firstparty/bin/bin3.meta_lic",
"testdata/firstparty/lib/liba.so.meta_lic",
"testdata/firstparty/lib/libb.so.meta_lic",
},
},
{
condition: "firstparty",
@@ -235,7 +250,16 @@ func Test(t *testing.T) {
spdxExtractedText{"&&&First Party License&&&"},
spdxExtractedClosingText{},
},
expectedDeps: []string{"testdata/firstparty/FIRST_PARTY_LICENSE"},
expectedDeps: []string{
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/firstparty/bin/bin1.meta_lic",
"testdata/firstparty/bin/bin2.meta_lic",
"testdata/firstparty/container.zip.meta_lic",
"testdata/firstparty/lib/liba.so.meta_lic",
"testdata/firstparty/lib/libb.so.meta_lic",
"testdata/firstparty/lib/libc.a.meta_lic",
"testdata/firstparty/lib/libd.so.meta_lic",
},
},
{
condition: "firstparty",
@@ -272,7 +296,12 @@ func Test(t *testing.T) {
spdxExtractedText{"&&&First Party License&&&"},
spdxExtractedClosingText{},
},
expectedDeps: []string{"testdata/firstparty/FIRST_PARTY_LICENSE"},
expectedDeps: []string{
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/firstparty/bin/bin1.meta_lic",
"testdata/firstparty/lib/liba.so.meta_lic",
"testdata/firstparty/lib/libc.a.meta_lic",
},
},
{
condition: "firstparty",
@@ -297,7 +326,10 @@ func Test(t *testing.T) {
spdxExtractedText{"&&&First Party License&&&"},
spdxExtractedClosingText{},
},
expectedDeps: []string{"testdata/firstparty/FIRST_PARTY_LICENSE"},
expectedDeps: []string{
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/firstparty/lib/libd.so.meta_lic",
},
},
{
condition: "notice",
@@ -366,6 +398,13 @@ func Test(t *testing.T) {
expectedDeps: []string{
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/notice/NOTICE_LICENSE",
"testdata/notice/bin/bin1.meta_lic",
"testdata/notice/bin/bin2.meta_lic",
"testdata/notice/highest.apex.meta_lic",
"testdata/notice/lib/liba.so.meta_lic",
"testdata/notice/lib/libb.so.meta_lic",
"testdata/notice/lib/libc.a.meta_lic",
"testdata/notice/lib/libd.so.meta_lic",
},
},
{
@@ -435,6 +474,13 @@ func Test(t *testing.T) {
expectedDeps: []string{
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/notice/NOTICE_LICENSE",
"testdata/notice/bin/bin1.meta_lic",
"testdata/notice/bin/bin2.meta_lic",
"testdata/notice/container.zip.meta_lic",
"testdata/notice/lib/liba.so.meta_lic",
"testdata/notice/lib/libb.so.meta_lic",
"testdata/notice/lib/libc.a.meta_lic",
"testdata/notice/lib/libd.so.meta_lic",
},
},
{
@@ -484,6 +530,10 @@ func Test(t *testing.T) {
expectedDeps: []string{
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/notice/NOTICE_LICENSE",
"testdata/notice/application.meta_lic",
"testdata/notice/bin/bin3.meta_lic",
"testdata/notice/lib/liba.so.meta_lic",
"testdata/notice/lib/libb.so.meta_lic",
},
},
{
@@ -527,6 +577,9 @@ func Test(t *testing.T) {
expectedDeps: []string{
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/notice/NOTICE_LICENSE",
"testdata/notice/bin/bin1.meta_lic",
"testdata/notice/lib/liba.so.meta_lic",
"testdata/notice/lib/libc.a.meta_lic",
},
},
{
@@ -552,7 +605,10 @@ func Test(t *testing.T) {
spdxExtractedText{"%%%Notice License%%%"},
spdxExtractedClosingText{},
},
expectedDeps: []string{"testdata/notice/NOTICE_LICENSE"},
expectedDeps: []string{
"testdata/notice/NOTICE_LICENSE",
"testdata/notice/lib/libd.so.meta_lic",
},
},
{
condition: "reciprocal",
@@ -625,6 +681,13 @@ func Test(t *testing.T) {
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/notice/NOTICE_LICENSE",
"testdata/reciprocal/RECIPROCAL_LICENSE",
"testdata/reciprocal/bin/bin1.meta_lic",
"testdata/reciprocal/bin/bin2.meta_lic",
"testdata/reciprocal/highest.apex.meta_lic",
"testdata/reciprocal/lib/liba.so.meta_lic",
"testdata/reciprocal/lib/libb.so.meta_lic",
"testdata/reciprocal/lib/libc.a.meta_lic",
"testdata/reciprocal/lib/libd.so.meta_lic",
},
},
{
@@ -698,6 +761,13 @@ func Test(t *testing.T) {
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/notice/NOTICE_LICENSE",
"testdata/reciprocal/RECIPROCAL_LICENSE",
"testdata/reciprocal/bin/bin1.meta_lic",
"testdata/reciprocal/bin/bin2.meta_lic",
"testdata/reciprocal/container.zip.meta_lic",
"testdata/reciprocal/lib/liba.so.meta_lic",
"testdata/reciprocal/lib/libb.so.meta_lic",
"testdata/reciprocal/lib/libc.a.meta_lic",
"testdata/reciprocal/lib/libd.so.meta_lic",
},
},
{
@@ -751,6 +821,10 @@ func Test(t *testing.T) {
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/notice/NOTICE_LICENSE",
"testdata/reciprocal/RECIPROCAL_LICENSE",
"testdata/reciprocal/application.meta_lic",
"testdata/reciprocal/bin/bin3.meta_lic",
"testdata/reciprocal/lib/liba.so.meta_lic",
"testdata/reciprocal/lib/libb.so.meta_lic",
},
},
{
@@ -794,6 +868,9 @@ func Test(t *testing.T) {
expectedDeps: []string{
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/reciprocal/RECIPROCAL_LICENSE",
"testdata/reciprocal/bin/bin1.meta_lic",
"testdata/reciprocal/lib/liba.so.meta_lic",
"testdata/reciprocal/lib/libc.a.meta_lic",
},
},
{
@@ -821,6 +898,7 @@ func Test(t *testing.T) {
},
expectedDeps: []string{
"testdata/notice/NOTICE_LICENSE",
"testdata/reciprocal/lib/libd.so.meta_lic",
},
},
{
@@ -899,6 +977,13 @@ func Test(t *testing.T) {
"testdata/notice/NOTICE_LICENSE",
"testdata/reciprocal/RECIPROCAL_LICENSE",
"testdata/restricted/RESTRICTED_LICENSE",
"testdata/restricted/bin/bin1.meta_lic",
"testdata/restricted/bin/bin2.meta_lic",
"testdata/restricted/highest.apex.meta_lic",
"testdata/restricted/lib/liba.so.meta_lic",
"testdata/restricted/lib/libb.so.meta_lic",
"testdata/restricted/lib/libc.a.meta_lic",
"testdata/restricted/lib/libd.so.meta_lic",
},
},
{
@@ -977,6 +1062,13 @@ func Test(t *testing.T) {
"testdata/notice/NOTICE_LICENSE",
"testdata/reciprocal/RECIPROCAL_LICENSE",
"testdata/restricted/RESTRICTED_LICENSE",
"testdata/restricted/bin/bin1.meta_lic",
"testdata/restricted/bin/bin2.meta_lic",
"testdata/restricted/container.zip.meta_lic",
"testdata/restricted/lib/liba.so.meta_lic",
"testdata/restricted/lib/libb.so.meta_lic",
"testdata/restricted/lib/libc.a.meta_lic",
"testdata/restricted/lib/libd.so.meta_lic",
},
},
{
@@ -1024,6 +1116,9 @@ func Test(t *testing.T) {
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/reciprocal/RECIPROCAL_LICENSE",
"testdata/restricted/RESTRICTED_LICENSE",
"testdata/restricted/bin/bin1.meta_lic",
"testdata/restricted/lib/liba.so.meta_lic",
"testdata/restricted/lib/libc.a.meta_lic",
},
},
{
@@ -1049,7 +1144,10 @@ func Test(t *testing.T) {
spdxExtractedText{"%%%Notice License%%%"},
spdxExtractedClosingText{},
},
expectedDeps: []string{"testdata/notice/NOTICE_LICENSE"},
expectedDeps: []string{
"testdata/notice/NOTICE_LICENSE",
"testdata/restricted/lib/libd.so.meta_lic",
},
},
{
condition: "proprietary",
@@ -1125,6 +1223,13 @@ func Test(t *testing.T) {
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/notice/NOTICE_LICENSE",
"testdata/proprietary/PROPRIETARY_LICENSE",
"testdata/proprietary/bin/bin1.meta_lic",
"testdata/proprietary/bin/bin2.meta_lic",
"testdata/proprietary/highest.apex.meta_lic",
"testdata/proprietary/lib/liba.so.meta_lic",
"testdata/proprietary/lib/libb.so.meta_lic",
"testdata/proprietary/lib/libc.a.meta_lic",
"testdata/proprietary/lib/libd.so.meta_lic",
"testdata/restricted/RESTRICTED_LICENSE",
},
},
@@ -1202,6 +1307,13 @@ func Test(t *testing.T) {
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/notice/NOTICE_LICENSE",
"testdata/proprietary/PROPRIETARY_LICENSE",
"testdata/proprietary/bin/bin1.meta_lic",
"testdata/proprietary/bin/bin2.meta_lic",
"testdata/proprietary/container.zip.meta_lic",
"testdata/proprietary/lib/liba.so.meta_lic",
"testdata/proprietary/lib/libb.so.meta_lic",
"testdata/proprietary/lib/libc.a.meta_lic",
"testdata/proprietary/lib/libd.so.meta_lic",
"testdata/restricted/RESTRICTED_LICENSE",
},
},
@@ -1255,6 +1367,10 @@ func Test(t *testing.T) {
expectedDeps: []string{
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/proprietary/PROPRIETARY_LICENSE",
"testdata/proprietary/application.meta_lic",
"testdata/proprietary/bin/bin3.meta_lic",
"testdata/proprietary/lib/liba.so.meta_lic",
"testdata/proprietary/lib/libb.so.meta_lic",
"testdata/restricted/RESTRICTED_LICENSE",
},
},
@@ -1299,6 +1415,9 @@ func Test(t *testing.T) {
expectedDeps: []string{
"testdata/firstparty/FIRST_PARTY_LICENSE",
"testdata/proprietary/PROPRIETARY_LICENSE",
"testdata/proprietary/bin/bin1.meta_lic",
"testdata/proprietary/lib/liba.so.meta_lic",
"testdata/proprietary/lib/libc.a.meta_lic",
},
},
{
@@ -1324,7 +1443,10 @@ func Test(t *testing.T) {
spdxExtractedText{"%%%Notice License%%%"},
spdxExtractedClosingText{},
},
expectedDeps: []string{"testdata/notice/NOTICE_LICENSE"},
expectedDeps: []string{
"testdata/notice/NOTICE_LICENSE",
"testdata/proprietary/lib/libd.so.meta_lic",
},
},
}
for _, tt := range tests {

9
tools/compliance/graph.go
View File

@@ -88,6 +88,15 @@ func (lg *LicenseGraph) Targets() TargetNodeList {
return targets
}
// TargetNames returns the list of target node names in the graph. (unordered)
func (lg *LicenseGraph) TargetNames() []string {
targets := make([]string, 0, len(lg.targets))
for target := range lg.targets {
targets = append(targets, target)
}
return targets
}
// compliance-only LicenseGraph methods
// newLicenseGraph constructs a new, empty instance of LicenseGraph.