[backend] Use .cdx.json instead of .cyclonedx.json

This seems to be what the cyclonedx folks prefer.
openSUSE · Feb 15, 2023 · 1c3265b · 1c3265b
1 parent 6d1468f
commit 1c3265b
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 5 deletions.
diff --git a/src/backend/BSPublisher/Container.pm b/src/backend/BSPublisher/Container.pm
@@ -642,7 +642,7 @@ sub upload_to_registry {
     }
     if ($wrote_containerinfo && $containerinfo->{'cyclonedx_file'} && $cosign_attestation) {
       my $cyclonedx_file = $uploadfiles[-1];
-      die unless $cyclonedx_file =~ s/\.[^\.]+$/.cyclonedx.json/;
+      die unless $cyclonedx_file =~ s/\.[^\.]+$/.cdx.json/;
       BSUtil::cp($containerinfo->{'cyclonedx_file'}, $cyclonedx_file) if $containerinfo->{'cyclonedx_file'} ne $cyclonedx_file;
       $do_sbom = 1;
     }

diff --git a/src/backend/BSSched/BuildJob/Aggregate.pm b/src/backend/BSSched/BuildJob/Aggregate.pm
@@ -491,7 +491,7 @@ sub build {
 	    my $extraprefix = $containerinfofile;
 	    $extraprefix =~ s/\.containerinfo//;
 	    $extraprefix =~ s/\.docker// unless -e "$dir/$prefix$extraprefix.packages";
-	    for my $extra ('.basepackages', '.packages', '.report', '.verified', '.spdx.json', '.cyclonedx.json') {
+	    for my $extra ('.basepackages', '.packages', '.report', '.verified', '.spdx.json', '.cdx.json') {
 	      if (-e "$dir/$prefix$extraprefix$extra") {
 		BSUtil::cp("$dir/$prefix$extraprefix$extra", "$jobdatadir/$extraprefix$extra");
 		$jobbins{"$extraprefix$extra"} = 1;

diff --git a/src/backend/bs_publish b/src/backend/bs_publish
@@ -1898,8 +1898,11 @@ sub readcontainermetafiles {
     my $provenance = readstr("$prefix.slsa_provenance.json", 1);
     $containerinfo->{'slsa_provenance'} = $provenance if $provenance;
   }
-  if (-e "$prefix.sbom.json") {
-    $containerinfo->{'sbom_file'} = linkintoblobdir("$prefix.sbom.json", $blobdirref);
+  if (-e "$prefix.spdx.json") {
+    $containerinfo->{'spdx_file'} = linkintoblobdir("$prefix.spdx.json", $blobdirref);
+  }
+  if (-e "$prefix.cdx.json") {
+    $containerinfo->{'cyclonedx_file'} = linkintoblobdir("$prefix.cdx.json", $blobdirref);
   }
   $prefix =~ s/\.docker$// unless -e "$prefix.packages";
   if (-e "$prefix.packages") {

diff --git a/src/backend/bs_regpush b/src/backend/bs_regpush
@@ -720,7 +720,7 @@ for my $tarfile (@tarfiles) {
       $spdx_json = readstr($spdx_file) if -s $spdx_file;
     }
     my $cyclonedx_file = $tarfile;
-    if ($cyclonedx_file =~ s/\.[^\.]*$/.cyclonedx.json/) {
+    if ($cyclonedx_file =~ s/\.[^\.]*$/.cdx.json/) {
       $cyclonedx_json = readstr($cyclonedx_file) if -s $cyclonedx_file;
     }
   }