Skip to content

Commit

Permalink
generate_spdx_sbom Read /etc/os-release from unpacked files
Browse files Browse the repository at this point in the history 
Also refactor purl generation code
  • Loading branch information
@mlschroe
mlschroe committed Feb 6, 2023
1 parent 948cec9 commit be28bc4
Showing 1 changed file with 21 additions and 12 deletions.
33 changes: 21 additions & 12 deletions generate_spdx_sbom
View file
Original file line number Diff line number Diff line change
Expand Up @@ -300,7 +300,7 @@ sub read_dist {
my ($dir) = @_;
my %dist;
my $fd;
if (open($fd, '<', '/etc/os-release') || open($fd, '<', '/usr/lib/os-release')) {
if (open($fd, '<', "$dir/etc/os-release") || open($fd, '<', "$dir/usr/lib/os-release")) {
while(<$fd>) {
chomp;
next unless /\s*(\S+)=(.*)/;
Expand All @@ -319,6 +319,25 @@ sub read_dist {
return \%dist;
}

sub gen_purl_rpm {
my ($p, $dist) = @_;

my $vr = $p->{'VERSION'};
$vr = "$vr-$p->{'RELEASE'}" if defined $p->{'RELEASE'};
my $dist_id = $dist->{'id'};
my $dist_str = $dist_id;
$dist_str .= "-$dist->{'version_id'}" if defined($dist->{'version_id'}) && $dist->{'version_id'} ne '';
$dist_str .= "-$dist->{'build_id'}" if defined($dist->{'build_id'}) && $dist->{'build_id'} ne '';
my $purlurl = "pkg:".urlencode("rpm/$dist_id/$p->{'NAME'}\@$vr").'?';
$purlurl .= '&epoch='.urlencode($p->{'EPOCH'}) if $p->{'EPOCH'};
$purlurl .= '&arch='.urlencode($p->{'ARCH'}) if $p->{'ARCH'};
$purlurl .= '&upstream='.urlencode($p->{'SOURCERPM'}) if $p->{'SOURCERPM'};
$purlurl .= '&distro='.urlencode($dist_str) if $dist_str;
$purlurl =~ s/\?\&/\?/;
$purlurl =~ s/\?$//;
return $purlurl;
}

my $wrap_intoto;

if (@ARGV && $ARGV[0] eq '--intoto') {
Expand Down Expand Up @@ -375,17 +394,7 @@ for my $p (@$pkgs) {
$spdxpkg->{'licenseDeclared'} = $license;
}
$spdxpkg->{'copyrightText'} = 'NOASSERTION';
my $dist_id = $dist->{'id'};
my $dist_str = $dist_id;
$dist_str .= "-$dist->{'version_id'}" if defined($dist->{'version_id'}) && $dist->{'version_id'} ne '';
$dist_str .= "-$dist->{'build_id'}" if defined($dist->{'build_id'}) && $dist->{'build_id'} ne '';
my $purlurl = "pkg:".urlencode("rpm/$dist_id/$p->{'NAME'}\@$vr").'?';
$purlurl .= '&epoch='.urlencode($p->{'EPOCH'}) if $p->{'EPOCH'};
$purlurl .= '&arch='.urlencode($p->{'ARCH'}) if $p->{'ARCH'};
$purlurl .= '&upstream='.urlencode($p->{'SOURCERPM'}) if $p->{'SOURCERPM'};
$purlurl .= '&distro='.urlencode($dist_str) if $dist_str;
$purlurl =~ s/\?\&/\?/;
$purlurl =~ s/\?$//;
my $purlurl = gen_purl_rpm($p, $dist);
my @xref;
push @xref, { 'referenceCategory' => 'PACKAGE-MANAGER', 'referenceType' => 'purl', 'referenceLocator', $purlurl } if $purlurl;
$spdxpkg->{'externalRefs'} = \@xref if @xref;
Expand Down

0 comments on commit be28bc4

Please sign in to comment.