Populate sbom with minimal properties | reproducible builds (#3385)

chandrashritii · web-flow · commit bceb92cb2b1d · 2023-07-03T11:19:41.000+01:00
* populate sbom with  gcc and glibc versions

Signed-off-by: Shriti Chandra &lt;shchandr@redhat.com&gt;

* Add gcc, glibc and bootjdk versions to build script

Signed-off-by: Shriti Chandra &lt;shchandr@redhat.com&gt;

* shift to dpkg for sourcing glibc version

Signed-off-by: Shriti Chandra &lt;shchandr@redhat.com&gt;

* add function calls

Signed-off-by: Shriti Chandra &lt;shchandr@redhat.com&gt;

* Fix syntax error for grep commands

Signed-off-by: Shriti Chandra &lt;shchandr@redhat.com&gt;

* Fix function call name

Signed-off-by: Shriti Chandra &lt;shchandr@redhat.com&gt;

---------

Signed-off-by: Shriti Chandra &lt;shchandr@redhat.com&gt;
diff --git a/sbin/build.sh b/sbin/build.sh
@@ -874,6 +874,9 @@ generateSBoM() {
   addSBOMComponentPropertyFromFile "${javaHome}" "${classpath}" "${sbomJson}" "Eclipse Temurin" "make_command_args" "${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/makeCommandArg.txt"
 
   # Below add build tools into metadata tools
+  addGLIBCforLinux
+  addGCC
+  addBootJDK
   # Add ALSA 3rd party
   addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "ALSA" "$(cat ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/dependency_version_alsa.txt)"
   # Add FreeType 3rd party (windows + macOS)
@@ -906,6 +909,29 @@ checkingToolSummary() {
    sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" > "${outputConfigFile}"
 }
 
+# Below add versions to sbom | Facilitate reproducible builds
+
+addGLIBCforLinux() {
+   export CC=$(grep "^CC :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk)
+   export SYSROOT_CFLAGS=$(grep "^SYSROOT_CFLAGS :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk)
+   export GLIBC_MAJOR="$(echo "#include <features.h>" | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC__" | cut -d" " -f3)"
+   export GLIBC_MINOR="$(echo "#include <features.h>" | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC_MINOR__" | cut -d" " -f3)"
+   export GLIBC_VERSION="${GLIBC_MAJOR}.${GLIBC_MINOR}"
+   addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "GLIBC" "${GLIBC_VERSION}"
+}
+
+addGCC() {
+   echo "Checking and getting GCC Version:"
+   inputConfigFile="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/configure.txt"
+   addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "GCC" "$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | grep "C Compiler:" | tr -s " " | cut -d " " -f5)"
+}
+
+addBootJDK() {
+   echo "Checking and getting BootJDK Version:"
+   inputConfigFile="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/configure.txt"
+   addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "BOOTJDK" "$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | grep "Boot JDK:" | tr -s " " | cut -d " " -f 6)"
+}
+
 getGradleJavaHome() {
   local gradleJavaHome=""
 
