diff --git a/README.md b/README.md index 11f38584a..e628bb60e 100644 --- a/README.md +++ b/README.md @@ -185,6 +185,13 @@ the one you are trying to build. -k, --keep if using docker, keep the container after the build. +--local-dependency-cache-dir +specify the location of a local cache of required build dependency jars. If not specified +the following default locations are searched +Windows: c:/dependency_cache +MacOS: ${HOME}/dependency_cache +Unix: /usr/local/dependency_cache + --make-exploded-image creates an exploded image (useful for codesigning jmods). Use --assemble-exploded-image once you have signed the jmods to complete the packaging steps. diff --git a/cyclonedx-lib/build.xml b/cyclonedx-lib/build.xml index 6e3e58f07..f026a2611 100644 --- a/cyclonedx-lib/build.xml +++ b/cyclonedx-lib/build.xml @@ -1,7 +1,7 @@ - - + - + + + + + - - + + - + @@ -35,21 +38,20 @@ - + + - - - + + - - + @@ -65,7 +67,7 @@ - + @@ -85,41 +87,38 @@ - - + - - + - - + - - - + + - - + - - + + + + + - - + - + @@ -479,17 +478,23 @@ - - + + - - - - - + + + + + + + + + + diff --git a/cyclonedx-lib/dependency_data/dependency_data.properties b/cyclonedx-lib/dependency_data/dependency_data.properties new file mode 100644 index 000000000..4b5607d50 --- /dev/null +++ b/cyclonedx-lib/dependency_data/dependency_data.properties @@ -0,0 +1,60 @@ +# ******************************************************************************** +# Copyright (c) 2024 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made +# available under the terms of the Apache Software License 2.0 +# which is available at https://www.apache.org/licenses/LICENSE-2.0. +# +# SPDX-License-Identifier: Apache-2.0 +# ******************************************************************************** + +# Repositories +maven.central.repo=https://repo1.maven.org/maven2 + +# Component versions, SHAs and jar names +commons-codec.version=1.17.1 +commons-codec.sha256=f9f6cb103f2ddc3c99a9d80ada2ae7bf0685111fd6bffccb72033d1da4e6ff23 +commons-codec.jar=commons-codec-${commons-codec.version}.jar +commons-collections4.version=4.4 +commons-collections4.sha256=1df8b9430b5c8ed143d7815e403e33ef5371b2400aadbe9bda0883762e0846d1 +commons-collections4.jar=commons-collections4-${commons-collections4.version}.jar +commons-io.version=2.16.1 +commons-io.sha256=f41f7baacd716896447ace9758621f62c1c6b0a91d89acee488da26fc477c84f +commons-io.jar=commons-io-${commons-io.version}.jar +cyclonedx-core-java.version=9.0.5 +cyclonedx-core-java.sha256=9474c73a81d9be6206367d357a3449e03e70c69bc672d82be04f15806ef170fa +cyclonedx-core-java.jar=cyclonedx-core-java-${cyclonedx-core-java.version}.jar +github-package-url.version=1.5.0 +github-package-url.sha256=e45551727707acc0c56ac62d56964332ea0f138d6cc3656d988b9369150f5247 +github-package-url.jar=packageurl-java-${github-package-url.version}.jar +jackson-annotations.version=2.17.2 +jackson-annotations.sha256=873a606e23507969f9bbbea939d5e19274a88775ea5a169ba7e2d795aa5156e1 +jackson-annotations.jar=jackson-annotations-${jackson-annotations.version}.jar +jackson-core.version=2.17.2 +jackson-core.sha256=721a189241dab0525d9e858e5cb604d3ecc0ede081e2de77d6f34fa5779a5b46 +jackson-core.jar=jackson-core-${jackson-core.version}.jar +jackson-databind.version=2.17.2 +jackson-databind.sha256=c04993f33c0f845342653784f14f38373d005280e6359db5f808701cfae73c0c +jackson-databind.jar=jackson-databind-${jackson-databind.version}.jar +jackson-dataformat-xml.version=2.17.2 +jackson-dataformat-xml.sha256=517add5f3848517894b319a93a7ebfc1c21737b2c17c9acccd38fea97d6adc6f +jackson-dataformat-xml.jar=jackson-dataformat-xml-${jackson-dataformat-xml.version}.jar +json-schema-validator.version=1.5.1 +json-schema-validator.sha256=de015f79d4a63d22c002bad76bb30c039cafa205465eef8770e2c6b85880ded7 +json-schema-validator.jar=json-schema-validator-${json-schema-validator.version}.jar + +# Download URLs +commons-codec.url=${maven.central.repo}/commons-codec/commons-codec/${commons-codec.version}/${commons-codec.jar} +commons-collections4.url=${maven.central.repo}/org/apache/commons/commons-collections4/${commons-collections4.version}/${commons-collections4.jar} +commons-io.url=${maven.central.repo}/commons-io/commons-io/${commons-io.version}/${commons-io.jar} +cyclonedx-core-java.url=${maven.central.repo}/org/cyclonedx/cyclonedx-core-java/${cyclonedx-core-java.version}/${cyclonedx-core-java.jar} +github-package-url.url=${maven.central.repo}/com/github/package-url/packageurl-java/${github-package-url.version}/${github-package-url.jar} +jackson-annotations.url=${maven.central.repo}/com/fasterxml/jackson/core/jackson-annotations/${jackson-annotations.version}/${jackson-annotations.jar} +jackson-core.url=${maven.central.repo}/com/fasterxml/jackson/core/jackson-core/${jackson-core.version}/${jackson-core.jar} +jackson-databind.url=${maven.central.repo}/com/fasterxml/jackson/core/jackson-databind/${jackson-databind.version}/${jackson-databind.jar} +jackson-dataformat-xml.url=${maven.central.repo}/com/fasterxml/jackson/dataformat/jackson-dataformat-xml/${jackson-dataformat-xml.version}/${jackson-dataformat-xml.jar} +json-schema-validator.url=${maven.central.repo}/com/networknt/json-schema-validator/${json-schema-validator.version}/${json-schema-validator.jar} + diff --git a/cyclonedx-lib/dependency_data/shas/commons-codec.jar.sha256 b/cyclonedx-lib/dependency_data/shas/commons-codec.jar.sha256 deleted file mode 100644 index a5f27b9cb..000000000 --- a/cyclonedx-lib/dependency_data/shas/commons-codec.jar.sha256 +++ /dev/null @@ -1 +0,0 @@ -b3e9f6d63a790109bf0d056611fbed1cf69055826defeb9894a71369d246ed63 \ No newline at end of file diff --git a/cyclonedx-lib/dependency_data/shas/commons-io.jar.sha256 b/cyclonedx-lib/dependency_data/shas/commons-io.jar.sha256 deleted file mode 100644 index 854ca3d3e..000000000 --- a/cyclonedx-lib/dependency_data/shas/commons-io.jar.sha256 +++ /dev/null @@ -1 +0,0 @@ -961b2f6d87dbacc5d54abf45ab7a6e2495f89b75598962d8c723cea9bc210908 \ No newline at end of file diff --git a/cyclonedx-lib/dependency_data/shas/cyclonedx-core-java.jar.sha256 b/cyclonedx-lib/dependency_data/shas/cyclonedx-core-java.jar.sha256 deleted file mode 100644 index 44090c667..000000000 --- a/cyclonedx-lib/dependency_data/shas/cyclonedx-core-java.jar.sha256 +++ /dev/null @@ -1 +0,0 @@ -ecc371d12808dfe76047f87f8235665d74dd6cf8ec12c41d052715a3fd79e0b5 \ No newline at end of file diff --git a/cyclonedx-lib/dependency_data/shas/github-package-url.jar.sha256 b/cyclonedx-lib/dependency_data/shas/github-package-url.jar.sha256 deleted file mode 100644 index b9d1f60ef..000000000 --- a/cyclonedx-lib/dependency_data/shas/github-package-url.jar.sha256 +++ /dev/null @@ -1 +0,0 @@ -8e23280221afd1e6561d433dfb133252cd287167acb0eca5a991667118ff10a2 \ No newline at end of file diff --git a/cyclonedx-lib/dependency_data/shas/jackson-annotations.jar.sha256 b/cyclonedx-lib/dependency_data/shas/jackson-annotations.jar.sha256 deleted file mode 100644 index 95f7e9a2e..000000000 --- a/cyclonedx-lib/dependency_data/shas/jackson-annotations.jar.sha256 +++ /dev/null @@ -1 +0,0 @@ -2c6869d505cf60dc066734b7d50339f975bd3adc635e26a78abb71acb4473c0d \ No newline at end of file diff --git a/cyclonedx-lib/dependency_data/shas/jackson-core.jar.sha256 b/cyclonedx-lib/dependency_data/shas/jackson-core.jar.sha256 deleted file mode 100644 index c75a5db5e..000000000 --- a/cyclonedx-lib/dependency_data/shas/jackson-core.jar.sha256 +++ /dev/null @@ -1 +0,0 @@ -b5d37a77c88277b97e3593c8740925216c06df8e4172bbde058528df04ad3e7a \ No newline at end of file diff --git a/cyclonedx-lib/dependency_data/shas/jackson-databind.jar.sha256 b/cyclonedx-lib/dependency_data/shas/jackson-databind.jar.sha256 deleted file mode 100644 index 49bdf8a3a..000000000 --- a/cyclonedx-lib/dependency_data/shas/jackson-databind.jar.sha256 +++ /dev/null @@ -1 +0,0 @@ -501d3abce4d18dcc381058ec593c5b94477906bba6efbac14dae40a642f77424 \ No newline at end of file diff --git a/cyclonedx-lib/dependency_data/shas/jackson-dataformat-xml.jar.sha256 b/cyclonedx-lib/dependency_data/shas/jackson-dataformat-xml.jar.sha256 deleted file mode 100644 index bdf90ce8c..000000000 --- a/cyclonedx-lib/dependency_data/shas/jackson-dataformat-xml.jar.sha256 +++ /dev/null @@ -1 +0,0 @@ -edbda6c775a36049cf0088b111ab958cca0dc70cb9326918d6cf153cb3fa426b \ No newline at end of file diff --git a/cyclonedx-lib/dependency_data/shas/json-schema.jar.sha256 b/cyclonedx-lib/dependency_data/shas/json-schema.jar.sha256 deleted file mode 100644 index 492cd69b8..000000000 --- a/cyclonedx-lib/dependency_data/shas/json-schema.jar.sha256 +++ /dev/null @@ -1 +0,0 @@ -968991e5718520cdd7b224770f790cf2c241cddf64d10a36c21f9f8b4a15e79c \ No newline at end of file diff --git a/cyclonedx-lib/dependency_data/versions/commons-codec.jar.version b/cyclonedx-lib/dependency_data/versions/commons-codec.jar.version deleted file mode 100644 index 07fe6f6c9..000000000 --- a/cyclonedx-lib/dependency_data/versions/commons-codec.jar.version +++ /dev/null @@ -1 +0,0 @@ -1.15 \ No newline at end of file diff --git a/cyclonedx-lib/dependency_data/versions/commons-io.jar.version b/cyclonedx-lib/dependency_data/versions/commons-io.jar.version deleted file mode 100644 index ed0edc885..000000000 --- a/cyclonedx-lib/dependency_data/versions/commons-io.jar.version +++ /dev/null @@ -1 +0,0 @@ -2.11.0 \ No newline at end of file diff --git a/cyclonedx-lib/dependency_data/versions/cyclonedx-core-java.jar.version b/cyclonedx-lib/dependency_data/versions/cyclonedx-core-java.jar.version deleted file mode 100644 index 24afbc91d..000000000 --- a/cyclonedx-lib/dependency_data/versions/cyclonedx-core-java.jar.version +++ /dev/null @@ -1 +0,0 @@ -8.0.3 \ No newline at end of file diff --git a/cyclonedx-lib/dependency_data/versions/github-package-url.jar.version b/cyclonedx-lib/dependency_data/versions/github-package-url.jar.version deleted file mode 100644 index 13175fdc4..000000000 --- a/cyclonedx-lib/dependency_data/versions/github-package-url.jar.version +++ /dev/null @@ -1 +0,0 @@ -1.4.1 \ No newline at end of file diff --git a/cyclonedx-lib/dependency_data/versions/jackson-annotations.jar.version b/cyclonedx-lib/dependency_data/versions/jackson-annotations.jar.version deleted file mode 100644 index fb71e071a..000000000 --- a/cyclonedx-lib/dependency_data/versions/jackson-annotations.jar.version +++ /dev/null @@ -1 +0,0 @@ -2.14.2 \ No newline at end of file diff --git a/cyclonedx-lib/dependency_data/versions/jackson-core.jar.version b/cyclonedx-lib/dependency_data/versions/jackson-core.jar.version deleted file mode 100644 index fb71e071a..000000000 --- a/cyclonedx-lib/dependency_data/versions/jackson-core.jar.version +++ /dev/null @@ -1 +0,0 @@ -2.14.2 \ No newline at end of file diff --git a/cyclonedx-lib/dependency_data/versions/jackson-databind.jar.version b/cyclonedx-lib/dependency_data/versions/jackson-databind.jar.version deleted file mode 100644 index fb71e071a..000000000 --- a/cyclonedx-lib/dependency_data/versions/jackson-databind.jar.version +++ /dev/null @@ -1 +0,0 @@ -2.14.2 \ No newline at end of file diff --git a/cyclonedx-lib/dependency_data/versions/jackson-dataformat-xml.jar.version b/cyclonedx-lib/dependency_data/versions/jackson-dataformat-xml.jar.version deleted file mode 100644 index fb71e071a..000000000 --- a/cyclonedx-lib/dependency_data/versions/jackson-dataformat-xml.jar.version +++ /dev/null @@ -1 +0,0 @@ -2.14.2 \ No newline at end of file diff --git a/cyclonedx-lib/dependency_data/versions/json-schema.jar.version b/cyclonedx-lib/dependency_data/versions/json-schema.jar.version deleted file mode 100644 index 0c59751cf..000000000 --- a/cyclonedx-lib/dependency_data/versions/json-schema.jar.version +++ /dev/null @@ -1 +0,0 @@ -1.0.77 \ No newline at end of file diff --git a/cyclonedx-lib/sign_src/TemurinSignSBOM.java b/cyclonedx-lib/sign_src/TemurinSignSBOM.java index afe584d10..14784fc76 100644 --- a/cyclonedx-lib/sign_src/TemurinSignSBOM.java +++ b/cyclonedx-lib/sign_src/TemurinSignSBOM.java @@ -1,6 +1,6 @@ /* * ******************************************************************************** - * Copyright (c) 2023 Contributors to the Eclipse Foundation + * Copyright (c) 2023, 2024 Contributors to the Eclipse Foundation * * See the NOTICE file(s) with this work for additional * information regarding copyright ownership. @@ -15,11 +15,11 @@ package temurin.sbom; -import org.cyclonedx.BomGeneratorFactory; -import org.cyclonedx.CycloneDxSchema; +import org.cyclonedx.exception.GeneratorException; import org.cyclonedx.generators.json.BomJsonGenerator; import org.cyclonedx.model.Bom; import org.cyclonedx.parsers.JsonParser; +import org.cyclonedx.Version; import org.webpki.json.JSONAsymKeySigner; import org.webpki.json.JSONObjectReader; @@ -113,7 +113,13 @@ static Bom signSBOM(final String jsonFile, final String pemFile) { if (bom == null) { return null; } - String sbomDataToSign = generateBomJson(bom); + String sbomDataToSign; + try { + sbomDataToSign = generateBomJson(bom); + } catch (GeneratorException e) { + LOGGER.log(Level.SEVERE, "Exception generating BOM", e); + return null; + } // Read the private key KeyPair signingKey = PEMDecoder.getKeyPair(Files.readAllBytes(Paths.get(pemFile))); @@ -132,15 +138,22 @@ static Bom signSBOM(final String jsonFile, final String pemFile) { } } - static String generateBomJson(final Bom bom) { - BomJsonGenerator bomGen = BomGeneratorFactory.createJson(CycloneDxSchema.Version.VERSION_14, bom); + static String generateBomJson(final Bom bom) throws GeneratorException { + BomJsonGenerator bomGen = new BomJsonGenerator(bom, Version.VERSION_16); String json = bomGen.toJsonString(); return json; } static boolean writeJSONfile(final Bom bom, final String fileName) { // Creates testJson.json file - String json = generateBomJson(bom); + String json; + try { + json = generateBomJson(bom); + } catch (GeneratorException e) { + LOGGER.log(Level.SEVERE, "Exception generating BOM", e); + return false; + } + try (FileWriter file = new FileWriter(fileName)) { file.write(json); return true; @@ -164,7 +177,13 @@ static boolean verifySignature(final String jsonFile, final String publicKeyFile try { // Read the JSON file to be verified Bom bom = readJSONfile(jsonFile); - String signedSbomData = generateBomJson(bom); + String signedSbomData; + try { + signedSbomData = generateBomJson(bom); + } catch (GeneratorException e) { + LOGGER.log(Level.SEVERE, "Exception generating BOM", e); + return false; + } // Parse JSON JSONObjectReader reader = JSONParser.parse(signedSbomData); diff --git a/cyclonedx-lib/src/temurin/sbom/TemurinGenSBOM.java b/cyclonedx-lib/src/temurin/sbom/TemurinGenSBOM.java index 36a60cc0a..639ed6737 100644 --- a/cyclonedx-lib/src/temurin/sbom/TemurinGenSBOM.java +++ b/cyclonedx-lib/src/temurin/sbom/TemurinGenSBOM.java @@ -1,6 +1,6 @@ /* * ******************************************************************************** - * Copyright (c) 2021 Contributors to the Eclipse Foundation + * Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation * * See the NOTICE file(s) with this work for additional * information regarding copyright ownership. @@ -15,8 +15,7 @@ package temurin.sbom; -import org.cyclonedx.BomGeneratorFactory; -import org.cyclonedx.CycloneDxSchema; +import org.cyclonedx.exception.GeneratorException; import org.cyclonedx.generators.json.BomJsonGenerator; import org.cyclonedx.model.Bom; import org.cyclonedx.model.Component; @@ -29,6 +28,7 @@ import org.cyclonedx.model.Property; import org.cyclonedx.model.Tool; import org.cyclonedx.parsers.JsonParser; +import org.cyclonedx.Version; import java.io.FileReader; import java.io.FileWriter; import java.util.Collections; @@ -410,9 +410,9 @@ static Bom addFormulationCompProp(final String fileName, final String formulaNam return bom; } - static String generateBomJson(final Bom bom) { - // Use schema v15: https://cyclonedx.org/schema/bom-1.5.schema.json - BomJsonGenerator bomGen = BomGeneratorFactory.createJson(CycloneDxSchema.Version.VERSION_15, bom); + static String generateBomJson(final Bom bom) throws GeneratorException { + // Use schema v16: https://cyclonedx.org/schema/bom-1.6.schema.json + BomJsonGenerator bomGen = new BomJsonGenerator(bom, Version.VERSION_16); String json = bomGen.toJsonString(); return json; } @@ -420,13 +420,15 @@ static String generateBomJson(final Bom bom) { // Writes the BOM object to the specified file. static void writeJSONfile(final Bom bom, final String fileName) { FileWriter file; - String json = generateBomJson(bom); try { + String json = generateBomJson(bom); + file = new FileWriter(fileName); file.write(json); file.close(); } catch (Exception e) { e.printStackTrace(); + System.exit(1); } } @@ -439,6 +441,7 @@ static Bom readJSONfile(final String fileName) { bom = parser.parse(reader); } catch (Exception e) { e.printStackTrace(); + System.exit(1); } finally { return bom; } diff --git a/sbin/build.sh b/sbin/build.sh index 6149bae5e..27a314f9f 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -1,7 +1,7 @@ #!/bin/bash # shellcheck disable=SC2155,SC2153,SC2038,SC1091,SC2116,SC2086 # ******************************************************************************** -# Copyright (c) 2017 Contributors to the Eclipse Foundation +# Copyright (c) 2017, 2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) with this work for additional # information regarding copyright ownership. @@ -887,8 +887,28 @@ buildCyclonedxLib() { else ANTBUILDFILE="${CYCLONEDB_DIR}/build.xml" fi + + # Has the user specified their own local cache for the dependency jars? + local localJarCacheOption="" + if [[ -n "${BUILD_CONFIG[LOCAL_DEPENDENCY_CACHE_DIR]}" ]]; then + localJarCacheOption="-Dlocal.deps.cache.dir=${BUILD_CONFIG[LOCAL_DEPENDENCY_CACHE_DIR]}" + else + # Select a suitable default location that users may use + if [[ "$OSTYPE" == "cygwin" ]] || [[ "$OSTYPE" == "msys" ]]; then + # Windows + localJarCacheOption="-Dlocal.deps.cache.dir=c:/dependency_cache" + elif [[ "${BUILD_CONFIG[OS_KERNEL_NAME]}" == "darwin" ]]; then + # MacOS + localJarCacheOption="-Dlocal.deps.cache.dir=${HOME}/dependency_cache" + else + # Assume unix based path + localJarCacheOption="-Dlocal.deps.cache.dir=/usr/local/dependency_cache" + fi + fi + echo "Using CycloneDX local jar cache build option: ${localJarCacheOption}" + JAVA_HOME=${javaHome} ant -f "${ANTBUILDFILE}" clean - JAVA_HOME=${javaHome} ant -f "${ANTBUILDFILE}" build + JAVA_HOME=${javaHome} ant -f "${ANTBUILDFILE}" build "${localJarCacheOption}" } # get the classpath to run the CycloneDX java app TemurinGenSBOM @@ -896,14 +916,14 @@ getCyclonedxClasspath() { local CYCLONEDB_JAR_DIR="${CYCLONEDB_DIR}/build/jar" - local classpath="${CYCLONEDB_JAR_DIR}/temurin-gen-sbom.jar:${CYCLONEDB_JAR_DIR}/cyclonedx-core-java.jar:${CYCLONEDB_JAR_DIR}/jackson-core.jar:${CYCLONEDB_JAR_DIR}/jackson-dataformat-xml.jar:${CYCLONEDB_JAR_DIR}/jackson-databind.jar:${CYCLONEDB_JAR_DIR}/jackson-annotations.jar:${CYCLONEDB_JAR_DIR}/json-schema.jar:${CYCLONEDB_JAR_DIR}/commons-codec.jar:${CYCLONEDB_JAR_DIR}/commons-io.jar:${CYCLONEDB_JAR_DIR}/github-package-url.jar" + local classpath="${CYCLONEDB_JAR_DIR}/temurin-gen-sbom.jar:${CYCLONEDB_JAR_DIR}/cyclonedx-core-java.jar:${CYCLONEDB_JAR_DIR}/jackson-core.jar:${CYCLONEDB_JAR_DIR}/jackson-dataformat-xml.jar:${CYCLONEDB_JAR_DIR}/jackson-databind.jar:${CYCLONEDB_JAR_DIR}/jackson-annotations.jar:${CYCLONEDB_JAR_DIR}/json-schema-validator.jar:${CYCLONEDB_JAR_DIR}/commons-codec.jar:${CYCLONEDB_JAR_DIR}/commons-io.jar:${CYCLONEDB_JAR_DIR}/github-package-url.jar:${CYCLONEDB_JAR_DIR}/commons-collections4.jar" if [[ "$OSTYPE" == "cygwin" ]] || [[ "$OSTYPE" == "msys" ]]; then classpath="" for jarfile in "${CYCLONEDB_JAR_DIR}/temurin-gen-sbom.jar" "${CYCLONEDB_JAR_DIR}/cyclonedx-core-java.jar" \ "${CYCLONEDB_JAR_DIR}/jackson-core.jar" "${CYCLONEDB_JAR_DIR}/jackson-dataformat-xml.jar" \ "${CYCLONEDB_JAR_DIR}/jackson-databind.jar" "${CYCLONEDB_JAR_DIR}/jackson-annotations.jar" \ - "${CYCLONEDB_JAR_DIR}/json-schema.jar" "${CYCLONEDB_JAR_DIR}/commons-codec.jar" "${CYCLONEDB_JAR_DIR}/commons-io.jar" \ - "${CYCLONEDB_JAR_DIR}/github-package-url.jar" ; + "${CYCLONEDB_JAR_DIR}/json-schema-validator.jar" "${CYCLONEDB_JAR_DIR}/commons-codec.jar" "${CYCLONEDB_JAR_DIR}/commons-io.jar" \ + "${CYCLONEDB_JAR_DIR}/github-package-url.jar" "${CYCLONEDB_JAR_DIR}/commons-collections4.jar"; do classpath+=$(cygpath -w "${jarfile}")";" done @@ -1211,21 +1231,20 @@ addCycloneDXVersions() { else # Should we do something special if the sha256sum fails? for JAR in "${CYCLONEDB_DIR}/build/jar"/*.jar; do - JarName=$(basename "$JAR") + JarName=$(basename "$JAR" | cut -d'.' -f1) if [ "$(uname)" = "Darwin" ]; then JarSha=$(shasum -a 256 "$JAR" | cut -d' ' -f1) else JarSha=$(sha256sum "$JAR" | cut -d' ' -f1) fi - addSBOMFormulationComponentProperty "${javaHome}" "${classpath}" "${sbomJson}" "CycloneDX" "CycloneDX jar SHAs" "${JarName}" "${JarSha}" + addSBOMFormulationComponentProperty "${javaHome}" "${classpath}" "${sbomJson}" "CycloneDX" "CycloneDX jar SHAs" "${JarName}.jar" "${JarSha}" # Now the jar's SHA has been added, we add the version string. - JarVersionFile="$(joinPath ${CYCLONEDB_DIR} dependency_data versions ${JarName}.version)" - if [ -f "${JarVersionFile}" ]; then - JarVersionString=$(cat "${JarVersionFile}") - addSBOMFormulationComponentProperty "${javaHome}" "${classpath}" "${sbomJson}" "CycloneDX" "CycloneDX jar versions" "${JarName}" "${JarVersionString}" - elif [ "${JarName}" != "temurin-gen-sbom.jar" ]; then - echo "ERROR: Cannot find jar version file for SBOM creation dependency ${JarName}." - echo "ERROR: Expected location: ${JarVersionFile}" + JarDepsFile="$(joinPath ${CYCLONEDB_DIR} dependency_data/dependency_data.properties)" + JarVersionString=$(grep "${JarName}\.version=" "${JarDepsFile}" | cut -d'=' -f2) + if [ -n "${JarVersionString}" ]; then + addSBOMFormulationComponentProperty "${javaHome}" "${classpath}" "${sbomJson}" "CycloneDX" "CycloneDX jar versions" "${JarName}.jar" "${JarVersionString}" + elif [ "${JarName}" != "temurin-gen-sbom" ]; then + echo "ERROR: Cannot determine jar version from ${JarDepsFile} for SBOM creation dependency ${JarName}.jar." fi done fi diff --git a/sbin/common/config_init.sh b/sbin/common/config_init.sh index d2bccb4b8..1a649a805 100755 --- a/sbin/common/config_init.sh +++ b/sbin/common/config_init.sh @@ -75,6 +75,7 @@ JRE_PATH TEST_IMAGE_PATH STATIC_LIBS_IMAGE_PATH JVM_VARIANT +LOCAL_DEPENDENCY_CACHE_DIR MACOSX_CODESIGN_IDENTITY MAKE_ARGS_FOR_ANY_PLATFORM MAKE_EXPLODED @@ -381,6 +382,9 @@ function parseConfigurationArguments() { "--use-adoptium-devkit") BUILD_CONFIG[USE_ADOPTIUM_DEVKIT]="$1"; shift;; + "--local-dependency-cache-dir") + BUILD_CONFIG[LOCAL_DEPENDENCY_CACHE_DIR]="$1"; shift;; + "--user-openjdk-build-root-directory" ) BUILD_CONFIG[USER_OPENJDK_BUILD_ROOT_DIRECTORY]="$1"; shift;; @@ -651,6 +655,9 @@ function configDefaults() { BUILD_CONFIG[USE_ADOPTIUM_DEVKIT]="" BUILD_CONFIG[ADOPTIUM_DEVKIT_LOCATION]="" + # Default to no local dependency cache + BUILD_CONFIG[LOCAL_DEPENDENCY_CACHE_DIR]="" + # By default dont backport JEP318 certs to < Java 10 BUILD_CONFIG[USE_JEP319_CERTS]=false