From ec7fb8d4a2883b0ddb325e749894ffe8c6e86daf Mon Sep 17 00:00:00 2001 From: Scott Fryer <60462088+steelhead31@users.noreply.github.com> Date: Thu, 11 Jan 2024 09:59:40 +0000 Subject: [PATCH] Add SBOM Compiler Information Into Specific Fields For Windows/Mac (#3606) * Add SBOM Compiler Info Add code to add specific sections for Mac & Windows compilers to SBOM * Linter fixes * Linter fix. * Update Clang version to current. * Include additional windows compiler versions * Add comments --- sbin/build.sh | 46 ++++++++++++++++++++++++++++++---- tooling/validateSBOMcontent.sh | 2 +- 2 files changed, 42 insertions(+), 6 deletions(-) diff --git a/sbin/build.sh b/sbin/build.sh index 2989c0c8e..37387edeb 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -99,7 +99,7 @@ configureReproducibleBuildParameter() { if [ "${BUILD_CONFIG[RELEASE]}" == "true" ] then # Use release date - addConfigureArg "--with-source-date=" "version" + addConfigureArg "--with-source-date=" "version" else # Use BUILD_TIMESTAMP date @@ -141,7 +141,7 @@ configureReproducibleBuildParameter() { configureReproducibleBuildDebugMapping() { # For Linux add -fdebug-prefix-map'ings for root and gcc include paths, # pointing to a common set of folders so that the debug binaries are deterministic: - # + # # root include : /usr/include # gcc include : /usr/local/gcc_include # g++ include : /usr/local/gxx_include @@ -343,7 +343,7 @@ configureVersionStringParameter() { buildTimestamp="${buildTimestamp//Z/}" else # Get current ISO-8601 datetime - buildTimestamp=$(date -u +"%Y-%m-%d %H:%M:%S") + buildTimestamp=$(date -u +"%Y-%m-%d %H:%M:%S") fi BUILD_CONFIG[BUILD_TIMESTAMP]="${buildTimestamp}" @@ -543,7 +543,7 @@ configureFreetypeLocation() { esac fi - if [[ -n "$freetypeDir" ]]; then + if [[ -n "$freetypeDir" ]]; then echo "setting freetype dir to ${freetypeDir}" addConfigureArg "--with-freetype=" "${freetypeDir}" fi @@ -887,6 +887,16 @@ generateSBoM() { addGCC fi + # Add Windows Compiler Version To SBOM + if [[ "$OSTYPE" == "cygwin" ]] || [[ "$OSTYPE" == "msys" ]]; then + addCompilerWindows + fi + + # Add Mac Compiler Version To SBOM + if [ "$(uname)" == "Darwin" ]; then + addCompilerMacOS + fi + addBootJDK # Add ALSA 3rd party @@ -1112,6 +1122,32 @@ addGCC() { addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "GCC" "${gcc_version}" } +addCompilerWindows() { + local inputConfigFile="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/configure.txt" + + ## Extract Windows Compiler Versions + local msvs_version="$(grep -o -P '\* Toolchain:\s+\K[^"]+' "${inputConfigFile}")" + local msvs_c_version="$(grep -o -P '\* C Compiler:\s+\K[^"]+' "${inputConfigFile}" | awk '{print $2}')" + local msvs_cpp_version="$(grep -o -P '\* C\+\+ Compiler:\s+\K[^"]+' "${inputConfigFile}" | awk '{print $2}')" + + echo "Adding Windows Compiler versions to SBOM: ${msvs_version}" + addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "MSVS Windows Compiler Version" "${msvs_version}" + echo "Adding Windows C Compiler version to SBOM: ${msvs_c_version}" + addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "MSVS C Compiler Version" "${msvs_c_version}" + echo "Adding Windows C++ Compiler version to SBOM: ${msvs_cpp_version}" + addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "MSVS C++ Compiler Version" "${msvs_cpp_version}" +} + +addCompilerMacOS() { + local inputConfigFile="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/configure.txt" + + ## local macx_version="$(cat "${inputConfigFile}" | grep "* Toolchain:" | awk -F ':' '{print $2}' | sed -e 's/^[ \t]*//')" + local macx_version="$(grep ".* Toolchain:" "${inputConfigFile}" | awk -F ':' '{print $2}' | sed -e 's/^[ \t]*//')" + + echo "Adding MacOS compiler version to SBOM: ${macx_version}" + addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "MacOS Compiler" "${macx_version}" +} + addBootJDK() { local inputConfigFile="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/configure.txt" @@ -1720,7 +1756,7 @@ getFirstTagFromOpenJDKGitRepo() { if [ -z "$firstMatchingNameFromRepo" ]; then echo "WARNING: Failed to identify latest tag in the repository" 1>&2 # If the ADOPT_BRANCH_SAFETY flag is set, we may be building from an alternate - # repository that doesn't have the same tags, so allow defaults. For a better + # repository that doesn't have the same tags, so allow defaults. For a better # options see https://github.com/adoptium/temurin-build/issues/2671 if [ "${BUILD_CONFIG[DISABLE_ADOPT_BRANCH_SAFETY]}" == "true" ]; then if [ "${BUILD_CONFIG[OPENJDK_FEATURE_NUMBER]}" == "8" ]; then diff --git a/tooling/validateSBOMcontent.sh b/tooling/validateSBOMcontent.sh index ce58167fd..5c3e05e94 100755 --- a/tooling/validateSBOMcontent.sh +++ b/tooling/validateSBOMcontent.sh @@ -69,7 +69,7 @@ elif echo "$SBOMFILE" | grep _x86-32_windows_; then fi elif echo "$SBOMFILE" | grep _mac_; then # NOTE: mac/x64 native builds >=11 were using "clang (clang/LLVM from Xcode 10.3)" - EXPECTED_COMPILER="clang (clang/LLVM from Xcode 12.4)" + EXPECTED_COMPILER="clang (clang/LLVM from Xcode 15.0.1)" # shellcheck disable=SC2166 if [ "${MAJORVERSION}" = "8" -o "${MAJORVERSION}" = "11" ] && echo "$SBOMFILE" | grep _x64_; then EXPECTED_COMPILER="clang (clang/LLVM)"