Add SBOM Compiler Information Into Specific Fields For Windows/Mac (#…

…3606) * Add SBOM Compiler Info Add code to add specific sections for Mac & Windows compilers to SBOM * Linter fixes * Linter fix. * Update Clang version to current. * Include additional windows compiler versions * Add comments
adoptium · Jan 11, 2024 · ec7fb8d · ec7fb8d
1 parent 928b569
commit ec7fb8d
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 6 deletions.
diff --git a/sbin/build.sh b/sbin/build.sh
@@ -99,7 +99,7 @@ configureReproducibleBuildParameter() {
       if [ "${BUILD_CONFIG[RELEASE]}" == "true" ]
       then
           # Use release date
-          addConfigureArg "--with-source-date=" "version" 
+          addConfigureArg "--with-source-date=" "version"
       else
           # Use BUILD_TIMESTAMP date
 
@@ -141,7 +141,7 @@ configureReproducibleBuildParameter() {
 configureReproducibleBuildDebugMapping() {
   # For Linux add -fdebug-prefix-map'ings for root and gcc include paths,
   # pointing to a common set of folders so that the debug binaries are deterministic:
-  # 
+  #
   #  root include : /usr/include
   #  gcc include  : /usr/local/gcc_include
   #  g++ include  : /usr/local/gxx_include
@@ -343,7 +343,7 @@ configureVersionStringParameter() {
     buildTimestamp="${buildTimestamp//Z/}"
   else
     # Get current ISO-8601 datetime
-    buildTimestamp=$(date -u +"%Y-%m-%d %H:%M:%S") 
+    buildTimestamp=$(date -u +"%Y-%m-%d %H:%M:%S")
   fi
   BUILD_CONFIG[BUILD_TIMESTAMP]="${buildTimestamp}"
 
@@ -543,7 +543,7 @@ configureFreetypeLocation() {
         esac
       fi
 
-      if [[ -n "$freetypeDir" ]]; then 
+      if [[ -n "$freetypeDir" ]]; then
         echo "setting freetype dir to ${freetypeDir}"
         addConfigureArg "--with-freetype=" "${freetypeDir}"
       fi
@@ -887,6 +887,16 @@ generateSBoM() {
     addGCC
   fi
 
+  # Add Windows Compiler Version To SBOM
+  if [[ "$OSTYPE" == "cygwin" ]] || [[ "$OSTYPE" == "msys" ]]; then
+    addCompilerWindows
+  fi
+
+  # Add Mac Compiler Version To SBOM
+  if [ "$(uname)" == "Darwin" ]; then
+    addCompilerMacOS
+  fi
+
   addBootJDK
 
   # Add ALSA 3rd party
@@ -1112,6 +1122,32 @@ addGCC() {
    addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "GCC" "${gcc_version}"
 }
 
+addCompilerWindows() {
+  local inputConfigFile="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/configure.txt"
+
+  ## Extract Windows Compiler Versions
+  local msvs_version="$(grep -o -P '\* Toolchain:\s+\K[^"]+' "${inputConfigFile}")"
+  local msvs_c_version="$(grep -o -P '\* C Compiler:\s+\K[^"]+' "${inputConfigFile}" | awk '{print $2}')"
+  local msvs_cpp_version="$(grep -o -P '\* C\+\+ Compiler:\s+\K[^"]+' "${inputConfigFile}" | awk '{print $2}')"
+
+  echo "Adding Windows Compiler versions to SBOM: ${msvs_version}"
+  addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "MSVS Windows Compiler Version" "${msvs_version}"
+  echo "Adding Windows C Compiler version to SBOM: ${msvs_c_version}"
+  addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "MSVS C Compiler Version" "${msvs_c_version}"
+  echo "Adding Windows C++ Compiler version to SBOM: ${msvs_cpp_version}"
+  addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "MSVS C++ Compiler Version" "${msvs_cpp_version}"
+}
+
+addCompilerMacOS() {
+  local inputConfigFile="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/configure.txt"
+
+  ## local macx_version="$(cat "${inputConfigFile}" | grep "* Toolchain:" | awk -F ':' '{print $2}' | sed -e 's/^[ \t]*//')"
+  local macx_version="$(grep ".* Toolchain:" "${inputConfigFile}" | awk -F ':' '{print $2}' | sed -e 's/^[ \t]*//')"
+
+  echo "Adding MacOS compiler version to SBOM: ${macx_version}"
+  addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "MacOS Compiler" "${macx_version}"
+}
+
 addBootJDK() {
    local inputConfigFile="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/configure.txt"
 
@@ -1720,7 +1756,7 @@ getFirstTagFromOpenJDKGitRepo() {
   if [ -z "$firstMatchingNameFromRepo" ]; then
     echo "WARNING: Failed to identify latest tag in the repository" 1>&2
     # If the ADOPT_BRANCH_SAFETY flag is set, we may be building from an alternate
-    # repository that doesn't have the same tags, so allow defaults. For a better 
+    # repository that doesn't have the same tags, so allow defaults. For a better
     # options see https://github.com/adoptium/temurin-build/issues/2671
     if [ "${BUILD_CONFIG[DISABLE_ADOPT_BRANCH_SAFETY]}" == "true" ]; then
       if [ "${BUILD_CONFIG[OPENJDK_FEATURE_NUMBER]}" == "8" ]; then

diff --git a/tooling/validateSBOMcontent.sh b/tooling/validateSBOMcontent.sh
@@ -69,7 +69,7 @@ elif echo "$SBOMFILE" | grep _x86-32_windows_; then
   fi
 elif echo "$SBOMFILE" | grep _mac_; then
   # NOTE: mac/x64 native builds >=11 were using "clang (clang/LLVM from Xcode 10.3)"
-  EXPECTED_COMPILER="clang (clang/LLVM from Xcode 12.4)"
+  EXPECTED_COMPILER="clang (clang/LLVM from Xcode 15.0.1)"
   # shellcheck disable=SC2166
   if [ "${MAJORVERSION}" = "8" -o "${MAJORVERSION}" = "11" ] && echo "$SBOMFILE" | grep _x64_; then
     EXPECTED_COMPILER="clang (clang/LLVM)"