Relentnet/MarineComOS_RPI
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

export-image: generate sbom file if syft is available

Browse Source
This commit is contained in:
Serge Schneider 2024-07-23 13:39:53 +01:00
parent dca93d24c7
commit 21e8e54d22
1 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
export-image/05-finalise/01-run.sh
View File

@ -2,6 +2,7 @@
IMG_FILE="${STAGE_WORK_DIR}/${IMG_FILENAME}${IMG_SUFFIX}.img" IMG_FILE="${STAGE_WORK_DIR}/${IMG_FILENAME}${IMG_SUFFIX}.img"
INFO_FILE="${STAGE_WORK_DIR}/${IMG_FILENAME}${IMG_SUFFIX}.info" INFO_FILE="${STAGE_WORK_DIR}/${IMG_FILENAME}${IMG_SUFFIX}.info"
SBOM_FILE="${STAGE_WORK_DIR}/${IMG_FILENAME}${IMG_SUFFIX}.sbom"
sed -i 's/^update_initramfs=.*/update_initramfs=all/' "${ROOTFS_DIR}/etc/initramfs-tools/update-initramfs.conf" sed -i 's/^update_initramfs=.*/update_initramfs=all/' "${ROOTFS_DIR}/etc/initramfs-tools/update-initramfs.conf"
@ -61,10 +62,8 @@ if ! [ -L "${ROOTFS_DIR}/boot/issue.txt" ]; then
ln -s firmware/issue.txt "${ROOTFS_DIR}/boot/issue.txt" ln -s firmware/issue.txt "${ROOTFS_DIR}/boot/issue.txt"
fi fi
cp "$ROOTFS_DIR/etc/rpi-issue" "$INFO_FILE" cp "$ROOTFS_DIR/etc/rpi-issue" "$INFO_FILE"
{ {
if [ -f "$ROOTFS_DIR/usr/share/doc/raspberrypi-kernel/changelog.Debian.gz" ]; then if [ -f "$ROOTFS_DIR/usr/share/doc/raspberrypi-kernel/changelog.Debian.gz" ]; then
firmware=$(zgrep "firmware as of" \ firmware=$(zgrep "firmware as of" \
@ -83,6 +82,14 @@ cp "$ROOTFS_DIR/etc/rpi-issue" "$INFO_FILE"
dpkg -l --root "$ROOTFS_DIR" dpkg -l --root "$ROOTFS_DIR"
} >> "$INFO_FILE" } >> "$INFO_FILE"
if hash syft 2>/dev/null; then
syft scan dir:"${ROOTFS_DIR}" \
--base-path="${ROOTFS_DIR}" \
--source-name="${IMG_NAME}${IMG_SUFFIX}" \
--source-version="${IMG_DATE}" \
-o spdx-json="${SBOM_FILE}"
fi
ROOT_DEV="$(awk "\$2 == \"${ROOTFS_DIR}\" {print \$1}" /etc/mtab)" ROOT_DEV="$(awk "\$2 == \"${ROOTFS_DIR}\" {print \$1}" /etc/mtab)"
unmount "${ROOTFS_DIR}" unmount "${ROOTFS_DIR}"
@ -115,4 +122,7 @@ none | *)
;; ;;
esac esac
if [ -f "${SBOM_FILE}" ]; then
xz -c "${SBOM_FILE}" > "$DEPLOY_DIR/image_$(basename "${SBOM_FILE}").xz"
fi
cp "$INFO_FILE" "$DEPLOY_DIR/" cp "$INFO_FILE" "$DEPLOY_DIR/"