Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Some sbom's missing FreeType version #3493

Closed
andrew-m-leonard opened this issue Oct 3, 2023 · 4 comments · Fixed by #3497
Closed

Some sbom's missing FreeType version #3493

andrew-m-leonard opened this issue Oct 3, 2023 · 4 comments · Fixed by #3497
Assignees

Comments

@andrew-m-leonard
Copy link
Contributor

andrew-m-leonard commented Oct 3, 2023

When temurin-build downloads FreeType because it is not on the System, then that gets logged in the SBOM.
However if there is a "System" freetype that is detected, then its details are not stored in the SBOM, ie.

echo "Skipping FreeType download"

@sxa
Copy link
Member

sxa commented Oct 3, 2023

Definitely sounds like a bug then, so my checks are failing correctly ;-)

@andrew-m-leonard
Copy link
Contributor Author

andrew-m-leonard commented Oct 3, 2023

@sxa
So our inclusion of FreeType is somewhat "mixed" and hard to understand, i've so far concluded:

  • jdk8 will check for existence of installedfreetype directory on the build machine workspace and use that (but it's hard to know what version that lib is..?)
  • jdk8 if installedfreetype does not exist, then it downloads into a folder "freetype" the hard coded version, and builds it and installs it... then copies to directory installedfreetype. This scenario gets stored in SBOM
  • jdk11+ skips checking/downloading "19:06:42 Skipping Freetype", and then default to whatever is the "System" freetype:
19:07:17  checking for FREETYPE... yes
19:07:17  checking for freetype... yes (using pkg-config)
19:07:17  Using freetype: system
  • jdk11+ Mac, Windows and AIX use "Bundled"

@andrew-m-leonard
Copy link
Contributor Author

@sxa Is there any reason we can't just use "Bundled" everywhere?

@sxa
Copy link
Member

sxa commented Oct 4, 2023

@sxa Is there any reason we can't just use "Bundled" everywhere?

I don't know. I haven't really looked into it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
No open projects
Status: Done
2 participants