Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add SBOM Compiler Information Into Specific Fields For Windows/Mac #3606

Merged
merged 7 commits into from
Jan 11, 2024
Merged
Show file tree
Hide file tree
Changes from 5 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 35 additions & 5 deletions sbin/build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ configureReproducibleBuildParameter() {
if [ "${BUILD_CONFIG[RELEASE]}" == "true" ]
then
# Use release date
addConfigureArg "--with-source-date=" "version"
addConfigureArg "--with-source-date=" "version"
else
# Use BUILD_TIMESTAMP date

Expand Down Expand Up @@ -141,7 +141,7 @@ configureReproducibleBuildParameter() {
configureReproducibleBuildDebugMapping() {
# For Linux add -fdebug-prefix-map'ings for root and gcc include paths,
# pointing to a common set of folders so that the debug binaries are deterministic:
#
#
# root include : /usr/include
# gcc include : /usr/local/gcc_include
# g++ include : /usr/local/gxx_include
Expand Down Expand Up @@ -343,7 +343,7 @@ configureVersionStringParameter() {
buildTimestamp="${buildTimestamp//Z/}"
else
# Get current ISO-8601 datetime
buildTimestamp=$(date -u +"%Y-%m-%d %H:%M:%S")
buildTimestamp=$(date -u +"%Y-%m-%d %H:%M:%S")
fi
BUILD_CONFIG[BUILD_TIMESTAMP]="${buildTimestamp}"

Expand Down Expand Up @@ -543,7 +543,7 @@ configureFreetypeLocation() {
esac
fi

if [[ -n "$freetypeDir" ]]; then
if [[ -n "$freetypeDir" ]]; then
echo "setting freetype dir to ${freetypeDir}"
addConfigureArg "--with-freetype=" "${freetypeDir}"
fi
Expand Down Expand Up @@ -887,6 +887,16 @@ generateSBoM() {
addGCC
fi

# Add Windows Compiler Version To SBOM
if [[ "$OSTYPE" == "cygwin" ]] || [[ "$OSTYPE" == "msys" ]]; then
addCompilerWindows
fi

# Add Mac Compiler Version To SBOM
if [ "$(uname)" == "Darwin" ]; then
addCompilerMacOS
fi

addBootJDK

# Add ALSA 3rd party
Expand Down Expand Up @@ -1112,6 +1122,26 @@ addGCC() {
addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "GCC" "${gcc_version}"
}

addCompilerWindows() {
local inputConfigFile="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/configure.txt"

## local msvs_version="$(cat "${inputConfigFile}" | grep -o -P '\* Toolchain:\s+\K[^"]+')"
local msvs_version="$(grep -o -P '\* Toolchain:\s+\K[^"]+' "${inputConfigFile}")"

echo "Adding Windows Compiler version to SBOM: ${msvs_version}"
addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "MS Windows Compiler" "${msvs_version}"
}

addCompilerMacOS() {
local inputConfigFile="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/configure.txt"

## local macx_version="$(cat "${inputConfigFile}" | grep "* Toolchain:" | awk -F ':' '{print $2}' | sed -e 's/^[ \t]*//')"
local macx_version="$(grep ".* Toolchain:" "${inputConfigFile}" | awk -F ':' '{print $2}' | sed -e 's/^[ \t]*//')"

echo "Adding MacOS compiler version to SBOM: ${macx_version}"
addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "MacOS Compiler" "${macx_version}"
}

addBootJDK() {
local inputConfigFile="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/configure.txt"

Expand Down Expand Up @@ -1720,7 +1750,7 @@ getFirstTagFromOpenJDKGitRepo() {
if [ -z "$firstMatchingNameFromRepo" ]; then
echo "WARNING: Failed to identify latest tag in the repository" 1>&2
# If the ADOPT_BRANCH_SAFETY flag is set, we may be building from an alternate
# repository that doesn't have the same tags, so allow defaults. For a better
# repository that doesn't have the same tags, so allow defaults. For a better
# options see https://github.com/adoptium/temurin-build/issues/2671
if [ "${BUILD_CONFIG[DISABLE_ADOPT_BRANCH_SAFETY]}" == "true" ]; then
if [ "${BUILD_CONFIG[OPENJDK_FEATURE_NUMBER]}" == "8" ]; then
Expand Down
2 changes: 1 addition & 1 deletion tooling/validateSBOMcontent.sh
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ elif echo "$SBOMFILE" | grep _x86-32_windows_; then
fi
elif echo "$SBOMFILE" | grep _mac_; then
# NOTE: mac/x64 native builds >=11 were using "clang (clang/LLVM from Xcode 10.3)"
EXPECTED_COMPILER="clang (clang/LLVM from Xcode 12.4)"
EXPECTED_COMPILER="clang (clang/LLVM from Xcode 15.0.1)"
# shellcheck disable=SC2166
if [ "${MAJORVERSION}" = "8" -o "${MAJORVERSION}" = "11" ] && echo "$SBOMFILE" | grep _x64_; then
EXPECTED_COMPILER="clang (clang/LLVM)"
Expand Down
Loading