build: add CycloneDX SBOM JSON support

CycloneDX is an open source standard developed by the OWASP foundation. It supports a wide range of development ecosystems, a comprehensive set of use cases, and focuses on automation, ease of adoption, and progressive enhancement of SBOMs (Software Bill Of Materials) throughout build pipelines. So lets add support for CycloneDX SBOM for packages and images manifests. Signed-off-by: Petr Štetiar <ynezz@true.cz>
author: Petr Štetiar <ynezz@true.cz> 2023-10-24 08:27:13 +0000
committer: Petr Štetiar <ynezz@true.cz> 2023-11-01 11:14:41 +0000
commit: d604a07225c5c82b942cd3374cc113ad676a2519 (patch)
tree: 716b236d86df66ca729fd12bba72b3f2a462d336 /scripts/metadata.pm
parent: 649655f427932fe79b96a41f883c8054b1806191 (diff)
download: openwrt-d604a07225c5c82b942cd3374cc113ad676a2519.tar.gz
openwrt-d604a07225c5c82b942cd3374cc113ad676a2519.tar.bz2
openwrt-d604a07225c5c82b942cd3374cc113ad676a2519.zip
1 files changed, 39 insertions, 1 deletions
diff --git a/scripts/metadata.pm b/scripts/metadata.pm
index a00d19f185..587ce7207d 100644
--- a/scripts/metadata.pm
+++ b/scripts/metadata.pm
@@ -2,7 +2,7 @@ package metadata;
 use base 'Exporter';
 use strict;
 use warnings;
-our @EXPORT = qw(%package %vpackage %srcpackage %category %overrides clear_packages parse_package_metadata parse_target_metadata get_multiline @ignore %usernames %groupnames);
+our @EXPORT = qw(%package %vpackage %srcpackage %category %overrides clear_packages parse_package_metadata parse_package_manifest_metadata parse_target_metadata get_multiline @ignore %usernames %groupnames);
 
 our %package;
 our %vpackage;
@@ -317,4 +317,42 @@ sub parse_package_metadata($) {
 	return 1;
 }
 
+sub parse_package_manifest_metadata($) {
+	my $file = shift;
+	my $pkg;
+	my %pkgs;
+
+	open FILE, "<$file" or do {
+		warn "Cannot open '$file': $!\n";
+		return undef;
+	};
+
+	while (<FILE>) {
+		chomp;
+		/^Package:\s*(.+?)\s*$/ and do {
+			$pkg = {};
+			$pkg->{name} = $1;
+			$pkg->{depends} = [];
+			$pkgs{$1} = $pkg;
+		};
+		/^Version:\s*(.+)\s*$/ and $pkg->{version} = $1;
+		/^Depends:\s*(.+)\s*$/ and $pkg->{depends} = [ split /\s+/, $1 ];
+		/^Source:\s*(.+)\s*$/ and $pkg->{source} = $1;
+		/^SourceName:\s*(.+)\s*$/ and $pkg->{sourcename} = $1;
+		/^License:\s*(.+)\s*$/ and $pkg->{license} = $1;
+		/^LicenseFiles:\s*(.+)\s*$/ and $pkg->{licensefiles} = $1;
+		/^Section:\s*(.+)\s*$/ and $pkg->{section} = $1;
+		/^SourceDateEpoch: \s*(.+)\s*$/ and $pkg->{sourcedateepoch} = $1;
+		/^CPE-ID:\s*(.+)\s*$/ and $pkg->{cpe_id} = $1;
+		/^Architecture:\s*(.+)\s*$/ and $pkg->{architecture} = $1;
+		/^Installed-Size:\s*(.+)\s*$/ and $pkg->{installedsize} = $1;
+		/^Filename:\s*(.+)\s*$/ and $pkg->{filename} = $1;
+		/^Size:\s*(\d+)\s*$/ and $pkg->{size} = $1;
+		/^SHA256sum:\s*(.*)\s*$/ and $pkg->{sha256sum} = $1;
+	}
+
+	close FILE;
+	return %pkgs;
+}
+
 1;
author	Petr Štetiar <ynezz@true.cz>	2023-10-24 08:27:13 +0000
committer	Petr Štetiar <ynezz@true.cz>	2023-11-01 11:14:41 +0000
commit	d604a07225c5c82b942cd3374cc113ad676a2519 (patch)
tree	716b236d86df66ca729fd12bba72b3f2a462d336 /scripts/metadata.pm
parent	649655f427932fe79b96a41f883c8054b1806191 (diff)
download	openwrt-d604a07225c5c82b942cd3374cc113ad676a2519.tar.gz openwrt-d604a07225c5c82b942cd3374cc113ad676a2519.tar.bz2 openwrt-d604a07225c5c82b942cd3374cc113ad676a2519.zip