ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2024-12-20 06:08:08 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity
cc0527b362
openwrt/scripts
History
Roman Azarenko cc0527b362
build: add explicit timezone in CycloneDX SBOM 
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Per the CycloneDX 1.4 spec, the `metadata.timestamp` field contains
the date/time when the BOM was created [1].

Before the change, the value generated by the package-metadata.pl
script would look like this:

	2024-06-03T15:51:10

CycloneDX 1.4 relies on the JSON Schema specification version draft-07,
which defines the `date-time` format [2] as derived from RFC 3339,
section 5.6 [3]. In this format, the `time-offset` component is required,
however in the original version of package-metadata.pl it is omitted.

This is causing problems with OWASP Dependency-Track version 4.11.0 or
newer, where it now validates submitted SBOMs against the JSON schema
by default [4]. SBOMs with incorrect timestamp values are rejected with
the following error:

	{
	    "detail": "Schema validation failed",
	    "errors": [
	        "$.metadata.timestamp: 2024-06-03T15:51:10 is an invalid date-time"
	    ],
	    "status": 400,
	    "title": "The uploaded BOM is invalid"
	}

Add explicit `Z` (UTC) timezone offset in the `timestamp` field
to satisfy the CycloneDX schema.

[1]: https://github.com/CycloneDX/specification/blob/1.4/schema/bom-1.4.schema.json#L116-L121
[2]: https://json-schema.org/draft-07/draft-handrews-json-schema-validation-01#rfc.section.7.3.1
[3]: https://datatracker.ietf.org/doc/html/rfc3339#section-5.6
[4]: https://github.com/DependencyTrack/dependency-track/pull/3522

Signed-off-by: Roman Azarenko <roman.azarenko@iopsys.eu>
(cherry picked from commit 2ded629864)
Link: https://github.com/openwrt/openwrt/pull/15693
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-06-20 14:58:17 +02:00
..
config build: scripts/config - update to kconfig-v5.14 2022-02-19 13:10:01 +01:00
flashing scripts: eva_ramboot.py: remove unused import 2021-10-30 15:00:22 +02:00
arm-magic.sh scripts/arm-magic.sh: switch to /bin/sh 2020-01-02 23:59:20 +01:00
brcmImage.pl merge: targets: update image generation and targets 2017-12-08 19:41:18 +01:00
bundle-libraries.sh scripts: bundle-libraries.sh: fix broken SDK compiler 2020-11-02 08:39:49 +01:00
cameo-imghdr.py scripts: add cameo image header generator 2022-06-28 22:20:09 +02:00
cameo-tag.py scripts: fix CAMEO tag generator 2022-07-05 10:18:06 +02:00
cfe-bin-header.py scripts: cfe-bin-header: fix shebang 2020-05-19 08:05:22 +02:00
cfe-partition-tag.py scripts: format to black 2022-04-16 14:53:17 +02:00
cfe-wfi-tag.py scripts: format to black 2022-04-16 14:53:17 +02:00
check-toolchain-clean.sh check-toolchain-clean.sh: workaround stray rebuilds 2022-02-28 15:17:11 +01:00
checkpatch.pl scripts: fix various typos 2021-10-31 21:24:47 +01:00
clean-package.sh build: Fix directory symlinks not removed when cleaning STAGING_DIR 2020-03-01 21:35:59 +01:00
cleanfile build: remove absolute path to perl and replace with /usr/bin/env perl 2017-05-02 14:33:58 +02:00
cleanpatch build: remove absolute path to perl and replace with /usr/bin/env perl 2017-05-02 14:33:58 +02:00
combined-ext-image.sh build: introduce $(MKHASH) 2021-05-13 15:13:15 +02:00
combined-image.sh build: introduce $(MKHASH) 2021-05-13 15:13:15 +02:00
command_all.sh treewide: drop use of which 2022-01-17 09:14:26 +01:00
config.guess scripts: config.guess: update to 2021-05-24 2021-05-29 13:03:07 +02:00
config.rpath add config.rpath and link it in autotools.mk if missing, some packages might need it, especially users of lib-link.m4 or iconv.m4 2011-02-27 15:39:27 +00:00
config.sub scripts: config.guess: update to 2021-05-24 2021-05-29 13:03:07 +02:00
const_structs.checkpatch scripts: add const_structs.checkpatch for checkpatch.pl 2020-11-18 21:50:58 +01:00
deptest.sh scripts: avoid hard-coded paths in scripts 2016-04-28 16:43:28 +02:00
diffconfig.sh scripts/diffconfig.sh: ensure config/conf is built 2022-02-26 13:36:30 +01:00
dl_cleanup.py scripts: fix dl_cleanup.py argument handling 2022-11-15 14:45:50 +01:00
dl_github_archive.py scripts/dl_github_archieve.py: fix generating unreproducible tar 2023-01-12 14:59:07 +01:00
download.pl scripts: add Apache fastly mirror 2023-01-07 01:32:58 +01:00
dump-target-info.pl scripts/dump-target-info.pl: add new function to DUMP devices 2023-11-15 11:00:19 +01:00
env scripts/env: fix env for git conf init.defaultBranch not set to "master" 2021-11-13 10:29:41 -10:00
ext-toolchain.sh scripts: ext-toolchain: add support for musl 2022-07-24 19:53:45 +02:00
ext-tools.sh scripts: ext-tools: add option to only refresh timestamps 2023-01-23 19:18:05 +01:00
feeds feeds: use git-src-full to allow Git versioning 2022-02-15 00:24:24 +01:00
fixup-makefile.pl fixup-makefile.pl: fixup when PKG_SOURCE is defined elsewhere 2018-07-05 01:30:57 +08:00
functions.sh images: Fix sysupgrade.tar for devices with NOR flash 2020-12-22 19:11:50 +01:00
gen_image_generic.sh scripts: gen_image_generic: allow the partition types to be set 2023-06-13 14:12:27 +02:00
gen-dependencies.sh scripts/gen-dependencies.sh: use /bin/sh 2020-01-01 17:01:02 +01:00
get_source_date_epoch.sh build: add explicit --no-show-signature for git 2024-02-20 20:58:41 +01:00
getver.sh scripts/getver.sh: prevent asking for negative rev-parse 2023-11-12 16:19:39 +01:00
ipkg-build build: use numeric-owner in ipkg-build 2022-04-19 22:59:50 +02:00
ipkg-make-index.sh Revert "scripts: run ipkg-make-index through shellcheck" 2023-05-09 21:32:26 +02:00
ipkg-remove scripts: ipkg-remove: handle existing .ipk files without SourceName field 2019-01-21 16:35:40 +01:00
json_add_image_info.py build: fix generation of large .vdi images 2023-07-15 22:24:50 +02:00
json_overview_image_info.py scripts: fix various typos 2021-10-31 21:24:47 +01:00
kconfig.pl scripts/kconfig.pl: allow regex syntax in filtering out config entries 2020-11-13 13:17:53 +01:00
linksys-image.sh scripts: remove redundant character '0x0a' from Linksys image signature 2022-11-27 13:18:29 +01:00
make-ipkg-dir.sh branding: add LEDE branding 2016-03-24 22:40:13 +01:00
md5sum improve support for building on mac os x by improving detection of missing components 2009-01-25 19:00:43 +00:00
metadata.pm build: add CycloneDX SBOM JSON support 2023-11-02 14:44:47 +00:00
mkhash.c mkhash: fix build errors on FreeBSD 13.0 2022-03-05 18:01:04 +01:00
mkits-qsdk-ipq-image.sh build: add helpers for generating QSDK sysupgrade compatible images 2019-02-25 17:36:16 +01:00
mkits-zyxel-fit-filogic.sh mediatek: add support for ZyXEL NWA50AX Pro 2023-07-23 16:10:08 +02:00
mkits-zyxel-fit.sh ramips: add support for ZyXEL NWA50AX / NWA55AXE 2022-07-20 21:52:06 +02:00
mkits.sh scripts: use sep-char for hash nodes 2023-07-26 15:39:24 +02:00
netgear-encrypted-factory.py image: add additional fields to Netgear encrypted image 2023-07-13 12:05:28 +01:00
om-fwupgradecfg-gen.sh build: introduce $(MKHASH) 2021-05-13 15:13:15 +02:00
package-metadata.pl build: add explicit timezone in CycloneDX SBOM 2024-06-20 14:58:17 +02:00
pad_image scripts: fix various typos 2021-10-31 21:24:47 +01:00
patch-kernel.sh scripts/patch-kernel.sh: remove -E flag to preserve empty files touched by patches 2015-08-25 07:46:32 +00:00
patch-specs.sh toolchain: Add GCC 9.1.0 release 2019-06-16 16:40:08 +02:00
portable_date.sh scripts: fix GNU data invocation 2016-02-01 10:43:27 +00:00
qemustart scripts: qemustart: Fix x86/legacy bootup 2023-08-15 17:19:05 +02:00
redboot-script.pl scripts: avoid hard-coded paths in scripts 2016-04-28 16:43:28 +02:00
relink-lib.sh base-files: relink uclibc and libgcc libraries to remove leftovers of the statically linked initial libgcc saves a few kb and gets rid of unused not exported functions as well should also improve the reliability of mklibs 2011-03-01 05:40:38 +00:00
remote-gdb Fix handling of BUILD_SUFFIX in remote-gdb script 2019-09-01 18:38:05 +02:00
rstrip.sh scripts/rstrip.sh: do not strip .o files with STRIP_KMOD 2021-10-11 11:49:14 +02:00
sercomm-crypto.py scripts: support Sercomm crypto 2020-06-02 08:37:54 +02:00
sercomm-kernel-header.py scripts: sercomm-kernel-header.py: improve compatibility 2023-06-17 12:59:37 +02:00
sercomm-partition-tag.py scripts: support Sercomm partition tags 2020-06-02 08:33:11 +02:00
sercomm-payload.py scripts: sercomm-payload: add PID file support 2023-04-09 09:55:57 +02:00
sercomm-pid.py scripts: sercomm-pid.py: use uppercase hwid in pid 2023-11-27 02:02:35 +01:00
sign_images.sh scripts: fix various typos 2021-10-31 21:24:47 +01:00
size_compare.sh scripts: size_compare: print a grand total 2023-02-03 21:22:49 +01:00
slugimage.pl scripts: fix various typos 2021-10-31 21:24:47 +01:00
spelling.txt scripts: add spelling.txt for checkpatch.pl 2020-11-12 18:21:55 +01:00
srecimage.pl treewide: replace jow@openwrt.org with jo@mein.io 2016-06-07 11:42:52 +02:00
strip-kmod.sh scripts/strip-kmod.sh: harmonize leading whitespaces 2019-12-31 11:41:07 +01:00
symlink-tree.sh scripts/symlink-tree.sh: use /bin/sh 2019-12-31 11:43:15 +01:00
sysupgrade-tar.sh images: fix boot failures on NAND with small sub pages 2019-09-14 11:43:19 +02:00
target-metadata.pl base-files: add eMMC sysupgrade support 2021-12-02 20:42:58 +00:00
time.pl scripts: time.pl: Don't print the time on stderr 2019-07-03 07:45:00 +02:00
timestamp.pl fix timestamp checks for build system paths which have '.svn' in their directory name 2010-04-14 22:21:15 +00:00
ubinize-image.sh treewide: drop use of which 2022-01-17 09:14:26 +01:00
xxdi.pl scripts: xxdi.pl: add xxd -i compat mode 2022-09-06 08:04:53 +02:00