docs: add SBOM for more extensions

Partial for #10940

Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>

Author: shanduur

guest-agents/metal-agent/pkg.yaml

@@ -24,6 +24,11 @@ steps:
         cp -r /rootfs/ /extensions-validator-rootfs/rootfs
         cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
         /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/metal-agent.spdx.json
+      version: {{ .VERSION }}
+      licenses:
+        - MPL-2.0
 finalize:
   - from: /rootfs
     to: /rootfs

guest-agents/qemu-guest-agent/pkg.yaml

@@ -64,6 +64,14 @@ steps:
         cp -r /rootfs/ /extensions-validator-rootfs/rootfs
         cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
         /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/qemu-guest-agent.spdx.json
+      version: {{ .QEMU_VERSION }}
+      cpes:
+        - cpe:2.3:a:qemu:qemu:{{ .QEMU_VERSION }}:*:*:*:*:*:*:*
+      licenses:
+        - GPL-2.0
+        - LGPL-2.1
 finalize:
   - from: /rootfs
     to: /rootfs

guest-agents/xen-guest-agent/pkg.yaml

@@ -46,6 +46,11 @@ steps:
         cp -r /rootfs/ /extensions-validator-rootfs/rootfs
         cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
         /base-rootfs/extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/xen-guest-agent.spdx.json
+      version: {{ .XEN_GUEST_AGENT_VERSION }}
+      licenses:
+        - AGPL-3.0
 finalize:
   - from: /rootfs
     to: /rootfs

misc/glibc/pkg.yaml

@@ -64,6 +64,13 @@ steps:
         rm -rf /rootfs/usr/local/glibc/include
         rm -rf /rootfs/usr/local/glibc/share
         rm -rf /rootfs/usr/local/glibc/var
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/glibc.spdx.json
+      version: {{ .GLIBC_VERSION }}
+      cpes:
+        - cpe:2.3:a:gnu:glibc:{{ .GLIBC_VERSION }}:*:*:*:*:*:*:*
+      licenses:
+        - LGPL-2.1-or-later
 finalize:
   - from: /rootfs
     to: /rootfs

network/cloudflared/pkg.yaml

@@ -35,9 +35,15 @@ steps:
         /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
       - |
         [[ $(/rootfs/usr/local/lib/containers/cloudflared/usr/local/bin/cloudflared version) == *{{ .CLOUDFLARED_VERSION }}* ]]
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/cloudflared.spdx.json
+      version: {{ .CLOUDFLARED_VERSION }}
+      cpes:
+        - cpe:2.3:a:cloudflare:cloudflared:{{ .CLOUDFLARED_VERSION }}:*:*:*:*:*:*:*
+      licenses:
+        - Apache-2.0
 finalize:
   - from: /rootfs
     to: /rootfs
   - from: /pkg/manifest.yaml
     to: /
-    

network/lldpd/pkg.yaml

@@ -52,6 +52,13 @@ steps:
         cp -r /rootfs/ /extensions-validator-rootfs/rootfs
         cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
         /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/lldpd.spdx.json
+      version: {{ .LLDPD_VERSION }}
+      cpes:
+        - cpe:2.3:a:lldpd_project:lldpd:{{ .LLDPD_VERSION }}:*:*:*:*:*:*:*
+      licenses:
+        - ISC
 finalize:
   - from: /rootfs
     to: /rootfs

network/nebula/pkg.yaml

@@ -42,6 +42,13 @@ steps:
         cp -r /rootfs/ /extensions-validator-rootfs/rootfs
         cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
         /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/nebula.spdx.json
+      version: {{ .NEBULA_VERSION }}
+      cpes:
+        - cpe:2.3:a:slack:nebula:{{ .NEBULA_VERSION }}:*:*:*:*:*:*:*
+      licenses:
+        - MIT
 finalize:
   - from: /rootfs
     to: /rootfs

network/newt/pkg.yaml

@@ -47,6 +47,11 @@ steps:
         /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
       - |
         [[ $(/rootfs/usr/local/lib/containers/newt/usr/local/bin/newt --version) == *{{ .NEWT_VERSION }}* ]]
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/newt.spdx.json
+      version: {{ .NEWT_VERSION }}
+      licenses:
+        - AGPL-3.0
 finalize:
   - from: /rootfs
     to: /rootfs

network/zerotier/pkg.yaml

@@ -40,6 +40,13 @@ steps:
         /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
       - |
         [[ $(/rootfs/usr/local/lib/containers/zerotier/usr/local/bin/zerotier-one -v) == *{{ .ZEROTIER_VERSION }}* ]]
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/zerotier.spdx.json
+      version: {{ .ZEROTIER_VERSION }}
+      cpes:
+        - cpe:2.3:a:zerotier:zerotierone:{{ .ZEROTIER_VERSION }}:*:*:*:*:*:*:*
+      licenses:
+        - BUSL-1.1
 finalize:
   - from: /rootfs
     to: /rootfs

storage/fuse3/pkg.yaml

@@ -34,6 +34,12 @@ steps:
         cp -r /rootfs/ /extensions-validator-rootfs/rootfs
         cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
         /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/fuse3.spdx.json
+      version: {{ .FUSE3_VERSION }}
+      licenses:
+        - GPL-2.0
+        - LGPL-2.1
 finalize:
   - from: /rootfs
     to: /rootfs