diff options
author | Petr Štetiar <ynezz@true.cz> | 2023-10-24 08:27:13 +0000 |
---|---|---|
committer | Petr Štetiar <ynezz@true.cz> | 2023-11-01 11:14:41 +0000 |
commit | d604a07225c5c82b942cd3374cc113ad676a2519 (patch) | |
tree | 716b236d86df66ca729fd12bba72b3f2a462d336 /scripts/metadata.pm | |
parent | 649655f427932fe79b96a41f883c8054b1806191 (diff) | |
download | openwrt-d604a07225c5c82b942cd3374cc113ad676a2519.tar.gz openwrt-d604a07225c5c82b942cd3374cc113ad676a2519.tar.bz2 openwrt-d604a07225c5c82b942cd3374cc113ad676a2519.zip |
build: add CycloneDX SBOM JSON support
CycloneDX is an open source standard developed by the OWASP foundation.
It supports a wide range of development ecosystems, a comprehensive set
of use cases, and focuses on automation, ease of adoption, and
progressive enhancement of SBOMs (Software Bill Of Materials) throughout
build pipelines.
So lets add support for CycloneDX SBOM for packages and images
manifests.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Diffstat (limited to 'scripts/metadata.pm')
-rw-r--r-- | scripts/metadata.pm | 40 |
1 files changed, 39 insertions, 1 deletions
diff --git a/scripts/metadata.pm b/scripts/metadata.pm index a00d19f185..587ce7207d 100644 --- a/scripts/metadata.pm +++ b/scripts/metadata.pm @@ -2,7 +2,7 @@ package metadata; use base 'Exporter'; use strict; use warnings; -our @EXPORT = qw(%package %vpackage %srcpackage %category %overrides clear_packages parse_package_metadata parse_target_metadata get_multiline @ignore %usernames %groupnames); +our @EXPORT = qw(%package %vpackage %srcpackage %category %overrides clear_packages parse_package_metadata parse_package_manifest_metadata parse_target_metadata get_multiline @ignore %usernames %groupnames); our %package; our %vpackage; @@ -317,4 +317,42 @@ sub parse_package_metadata($) { return 1; } +sub parse_package_manifest_metadata($) { + my $file = shift; + my $pkg; + my %pkgs; + + open FILE, "<$file" or do { + warn "Cannot open '$file': $!\n"; + return undef; + }; + + while (<FILE>) { + chomp; + /^Package:\s*(.+?)\s*$/ and do { + $pkg = {}; + $pkg->{name} = $1; + $pkg->{depends} = []; + $pkgs{$1} = $pkg; + }; + /^Version:\s*(.+)\s*$/ and $pkg->{version} = $1; + /^Depends:\s*(.+)\s*$/ and $pkg->{depends} = [ split /\s+/, $1 ]; + /^Source:\s*(.+)\s*$/ and $pkg->{source} = $1; + /^SourceName:\s*(.+)\s*$/ and $pkg->{sourcename} = $1; + /^License:\s*(.+)\s*$/ and $pkg->{license} = $1; + /^LicenseFiles:\s*(.+)\s*$/ and $pkg->{licensefiles} = $1; + /^Section:\s*(.+)\s*$/ and $pkg->{section} = $1; + /^SourceDateEpoch: \s*(.+)\s*$/ and $pkg->{sourcedateepoch} = $1; + /^CPE-ID:\s*(.+)\s*$/ and $pkg->{cpe_id} = $1; + /^Architecture:\s*(.+)\s*$/ and $pkg->{architecture} = $1; + /^Installed-Size:\s*(.+)\s*$/ and $pkg->{installedsize} = $1; + /^Filename:\s*(.+)\s*$/ and $pkg->{filename} = $1; + /^Size:\s*(\d+)\s*$/ and $pkg->{size} = $1; + /^SHA256sum:\s*(.*)\s*$/ and $pkg->{sha256sum} = $1; + } + + close FILE; + return %pkgs; +} + 1; |