openwrt/package/Makefile
Petr Štetiar 21e5db97c4
build: add CycloneDX SBOM JSON support
CycloneDX is an open source standard developed by the OWASP foundation.
It supports a wide range of development ecosystems, a comprehensive set
of use cases, and focuses on automation, ease of adoption, and
progressive enhancement of SBOMs (Software Bill Of Materials) throughout
build pipelines.

So lets add support for CycloneDX SBOM for packages and images
manifests.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit d604a07225c5c82b942cd3374cc113ad676a2519)
2023-11-02 14:44:47 +00:00

127 lines
4.6 KiB
Makefile

#
# Copyright (C) 2006-2010 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
curdir:=package
include $(INCLUDE_DIR)/feeds.mk
include $(INCLUDE_DIR)/rootfs.mk
-include $(TMP_DIR)/.packagedeps
package-y += kernel/linux
$(curdir)/autoremove:=1
$(curdir)/builddirs:=$(sort $(package-) $(package-y) $(package-m))
$(curdir)/builddirs-default:=. $(sort $(package-y) $(package-m))
$(curdir)/builddirs-prereq:=. $(sort $(prereq-y) $(prereq-m))
ifdef CHECK_ALL
$(curdir)/builddirs-check:=$($(curdir)/builddirs)
$(curdir)/builddirs-download:=$($(curdir)/builddirs)
endif
ifneq ($(IGNORE_ERRORS),)
package-y-filter := $(package-y)
package-m-filter := $(filter-out $(package-y),$(package-m))
package-n-filter := $(filter-out $(package-y) $(package-m),$(package-))
package-ignore-errors := $(filter n m y,$(IGNORE_ERRORS))
package-ignore-errors := $(if $(package-ignore-errors),$(package-ignore-errors),n m)
package-ignore-subdirs := $(sort $(foreach m,$(package-ignore-errors),$(package-$(m)-filter)))
$(curdir)/builddirs-ignore-download := $(package-ignore-subdirs)
$(curdir)/builddirs-ignore-compile := $(package-ignore-subdirs)
$(curdir)/builddirs-ignore-host-download := $(package-ignore-subdirs)
$(curdir)/builddirs-ignore-host-compile := $(package-ignore-subdirs)
endif
PACKAGE_INSTALL_FILES:= \
$(foreach pkg,$(sort $(package-y)), \
$(foreach variant, \
$(if $(strip $(package/$(pkg)/variants)), \
$(package/$(pkg)/variants), \
$(if $(package/$(pkg)/default-variant), \
$(package/$(pkg)/default-variant), \
default \
) \
), \
$(PKG_INFO_DIR)/$(lastword $(subst /,$(space),$(pkg))).$(variant).install \
) \
)
$(curdir)/cleanup: $(TMP_DIR)/.build
rm -rf $(STAGING_DIR_ROOT)
$(curdir)/merge:
rm -rf $(PACKAGE_DIR_ALL)
mkdir -p $(PACKAGE_DIR_ALL)
-$(foreach pdir,$(PACKAGE_SUBDIRS),$(if $(wildcard $(pdir)/*.ipk),ln -s $(pdir)/*.ipk $(PACKAGE_DIR_ALL);))
$(curdir)/merge-index: $(curdir)/merge
(cd $(PACKAGE_DIR_ALL) && $(SCRIPT_DIR)/ipkg-make-index.sh . 2>&1 > Packages; )
ifndef SDK
$(curdir)/compile: $(curdir)/system/opkg/host/compile
endif
$(curdir)/install: $(TMP_DIR)/.build $(curdir)/merge $(if $(CONFIG_TARGET_PER_DEVICE_ROOTFS),$(curdir)/merge-index)
- find $(STAGING_DIR_ROOT) -type d | $(XARGS) chmod 0755
rm -rf $(TARGET_DIR) $(TARGET_DIR_ORIG)
mkdir -p $(TARGET_DIR)/tmp
$(file >$(TMP_DIR)/opkg_install_list,\
$(call opkg_package_files,\
$(foreach pkg,$(shell cat $(PACKAGE_INSTALL_FILES) 2>/dev/null),$(pkg)$(call GetABISuffix,$(pkg)))))
$(call opkg,$(TARGET_DIR)) install $$(cat $(TMP_DIR)/opkg_install_list)
@for file in $(PACKAGE_INSTALL_FILES); do \
[ -s $$file.flags ] || continue; \
for flag in `cat $$file.flags`; do \
$(call opkg,$(TARGET_DIR)) flag $$flag `cat $$file`; \
done; \
done || true
$(CP) $(TARGET_DIR) $(TARGET_DIR_ORIG)
$(call prepare_rootfs,$(TARGET_DIR),$(TOPDIR)/files)
$(curdir)/index: FORCE
@echo Generating package index...
@for d in $(PACKAGE_SUBDIRS); do ( \
mkdir -p $$d; \
cd $$d || continue; \
$(SCRIPT_DIR)/ipkg-make-index.sh . 2>&1 > Packages.manifest; \
grep -vE '^(Maintainer|LicenseFiles|Source|SourceName|Require|SourceDateEpoch)' Packages.manifest > Packages; \
case "$$(((64 + $$(stat -L -c%s Packages)) % 128))" in 110|111) \
$(call ERROR_MESSAGE,WARNING: Applying padding in $$d/Packages to workaround usign SHA-512 bug!); \
{ echo ""; echo ""; } >> Packages;; \
esac; \
echo -n '{"architecture": "$(ARCH_PACKAGES)", "packages":{' > index.json; \
sed -n -e 's/^Package: \(.*\)$$/"\1":/p' -e 's/^Version: \(.*\)$$/"\1",/p' Packages | tr '\n' ' ' >> index.json; \
echo '}}' >> index.json; \
sed -i 's/, }}/}}/' index.json; \
gzip -9nc Packages > Packages.gz; \
); done
ifdef CONFIG_SIGNED_PACKAGES
@echo Signing package index...
@for d in $(PACKAGE_SUBDIRS); do ( \
[ -d $$d ] && \
cd $$d || continue; \
$(STAGING_DIR_HOST)/bin/usign -S -m Packages -s $(BUILD_KEY); \
); done
endif
ifdef CONFIG_JSON_CYCLONEDX_SBOM
@echo Creating CycloneDX package SBOMs...
@for d in $(PACKAGE_SUBDIRS); do ( \
[ -d $$d ] && \
cd $$d || continue; \
$(SCRIPT_DIR)/package-metadata.pl pkgcyclonedxsbom Packages.manifest > Packages.bom.cdx.json || true; \
); done
endif
$(curdir)/flags-install:= -j1
$(eval $(call stampfile,$(curdir),package,prereq,.config))
$(eval $(call stampfile,$(curdir),package,cleanup,$(TMP_DIR)/.build))
$(eval $(call stampfile,$(curdir),package,compile,$(TMP_DIR)/.build))
$(eval $(call stampfile,$(curdir),package,install,$(TMP_DIR)/.build))
$(eval $(call stampfile,$(curdir),package,check,$(TMP_DIR)/.build))
$(eval $(call subdir,$(curdir)))