From d198af53a6a23caffa6c070878b5aaed4e268998 Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Tue, 1 Aug 2023 10:49:21 +0100 Subject: [PATCH 01/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/sbin/build.sh b/sbin/build.sh index 86b15f2a3..3131e884b 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -874,9 +874,13 @@ generateSBoM() { addSBOMComponentPropertyFromFile "${javaHome}" "${classpath}" "${sbomJson}" "Eclipse Temurin" "make_command_args" "${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/makeCommandArg.txt" # Below add build tools into metadata tools - addGLIBCforLinux - addGCC + if [ "${BUILD_CONFIG[OS_KERNEL_NAME]}" == "linux" ]; then + addGLIBCforLinux + addGCC + fi + addBootJDK + # Add ALSA 3rd party addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "ALSA" "$(cat ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/dependency_version_alsa.txt)" # Add FreeType 3rd party (windows + macOS) @@ -912,18 +916,21 @@ checkingToolSummary() { # Below add versions to sbom | Facilitate reproducible builds addGLIBCforLinux() { - export CC=$(grep "^CC :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk) - export SYSROOT_CFLAGS=$(grep "^SYSROOT_CFLAGS :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk) + # Get GLIBC from configured build spec.gmk sysroot and features.h definitions + export CC=$(grep "^CC :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | tr -s " " | cut -d" " -f3) + export SYSROOT_CFLAGS=$(grep "^SYSROOT_CFLAGS :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | tr -s " " | cut -d" " -f3) export GLIBC_MAJOR="$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC__" | cut -d" " -f3)" export GLIBC_MINOR="$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC_MINOR__" | cut -d" " -f3)" export GLIBC_VERSION="${GLIBC_MAJOR}.${GLIBC_MINOR}" + echo "Adding GLIBC version to SBOM: ${GLIBC_VERSION}" addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "GLIBC" "${GLIBC_VERSION}" } addGCC() { - echo "Checking and getting GCC Version:" - inputConfigFile="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/configure.txt" - addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "GCC" "$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | grep "C Compiler:" | tr -s " " | cut -d " " -f5)" + # Get GLIBC from configured build spec.gmk sysroot and features.h definitions + export CC_VERSION_NUMBER=$(grep "^CC_VERSION_NUMBER :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | tr -s " " | cut -d" " -f3) + echo "Adding GCC version to SBOM: ${CC_VERSION_NUMBER}" + addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "GCC" "${CC_VERSION_NUMBER}" } addBootJDK() { From 2681d9361b818dd2d51f26fddb4870a42d1fb1f4 Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Tue, 1 Aug 2023 15:27:58 +0100 Subject: [PATCH 02/28] Ensure SBOM BOOTJDK is full version including build Signed-off-by: Andrew Leonard --- sbin/build.sh | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/sbin/build.sh b/sbin/build.sh index 3131e884b..635ae5594 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -934,9 +934,16 @@ addGCC() { } addBootJDK() { - echo "Checking and getting BootJDK Version:" inputConfigFile="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/configure.txt" - addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "BOOTJDK" "$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | grep "Boot JDK:" | tr -s " " | cut -d " " -f 6)" + + local bootjdk + if [ "${BUILD_CONFIG[OS_KERNEL_NAME]}" == "darwin" ]; then + bootjdk=$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | grep "Boot JDK:" | sed -E "s/^.*build ([^),]+).*/\1/" | sed "s/\-beta//g" | sed "s/\-.*//g") + else + bootjdk=$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | grep "Boot JDK:" | sed "s/^.*build \([^),]\+\).*/\1/" | sed "s/\-beta//g" | sed "s/\-.*//g") + fi + echo "Adding BOOTJDK to SBOM: ${bootjdk}" + addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "BOOTJDK" "${bootjdk}" } getGradleJavaHome() { From b1cfc6b0a4447869c105c7f3e965670b0fde1b5c Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Fri, 4 Aug 2023 11:54:57 +0100 Subject: [PATCH 03/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/sbin/build.sh b/sbin/build.sh index 635ae5594..2f308c219 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -917,24 +917,30 @@ checkingToolSummary() { addGLIBCforLinux() { # Get GLIBC from configured build spec.gmk sysroot and features.h definitions - export CC=$(grep "^CC :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | tr -s " " | cut -d" " -f3) - export SYSROOT_CFLAGS=$(grep "^SYSROOT_CFLAGS :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | tr -s " " | cut -d" " -f3) - export GLIBC_MAJOR="$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC__" | cut -d" " -f3)" - export GLIBC_MINOR="$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC_MINOR__" | cut -d" " -f3)" - export GLIBC_VERSION="${GLIBC_MAJOR}.${GLIBC_MINOR}" + + # Get CC and SYSROOT_CFLAGS from the built build spec.gmk. + local CC=$(grep "^CC :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk) + # Remove env=xx from CC, so we can call from bash to get __GLIBC. + CC=$(echo "$CC" | tr -s " " | cut -d" " -f3- | sed -E "s/[^ ]*=[^ ]*//g") + local SYSROOT_CFLAGS=$(grep "^SYSROOT_CFLAGS :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | tr -s " " | cut -d" " -f3-) + + local GLIBC_MAJOR=$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC__" | cut -d" " -f3) + local GLIBC_MINOR=$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC_MINOR__" | cut -d" " -f3) + local GLIBC_VERSION="${GLIBC_MAJOR}.${GLIBC_MINOR}" + echo "Adding GLIBC version to SBOM: ${GLIBC_VERSION}" addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "GLIBC" "${GLIBC_VERSION}" } addGCC() { # Get GLIBC from configured build spec.gmk sysroot and features.h definitions - export CC_VERSION_NUMBER=$(grep "^CC_VERSION_NUMBER :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | tr -s " " | cut -d" " -f3) + local CC_VERSION_NUMBER=$(grep "^CC_VERSION_NUMBER :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | tr -s " " | cut -d" " -f3) echo "Adding GCC version to SBOM: ${CC_VERSION_NUMBER}" addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "GCC" "${CC_VERSION_NUMBER}" } addBootJDK() { - inputConfigFile="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/configure.txt" + local inputConfigFile="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/configure.txt" local bootjdk if [ "${BUILD_CONFIG[OS_KERNEL_NAME]}" == "darwin" ]; then From 26a2c71ab2ac8899123fc719994a0dcae444410d Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Fri, 4 Aug 2023 12:06:44 +0100 Subject: [PATCH 04/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sbin/build.sh b/sbin/build.sh index 2f308c219..290159add 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -921,8 +921,11 @@ addGLIBCforLinux() { # Get CC and SYSROOT_CFLAGS from the built build spec.gmk. local CC=$(grep "^CC :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk) # Remove env=xx from CC, so we can call from bash to get __GLIBC. +echo $CC CC=$(echo "$CC" | tr -s " " | cut -d" " -f3- | sed -E "s/[^ ]*=[^ ]*//g") +echo $CC local SYSROOT_CFLAGS=$(grep "^SYSROOT_CFLAGS :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | tr -s " " | cut -d" " -f3-) +echo $SYSROOT_CFLAGS local GLIBC_MAJOR=$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC__" | cut -d" " -f3) local GLIBC_MINOR=$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC_MINOR__" | cut -d" " -f3) From 4dc6265191f6c780b438e5986825b09d8837e21e Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Fri, 4 Aug 2023 12:17:26 +0100 Subject: [PATCH 05/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sbin/build.sh b/sbin/build.sh index 290159add..2c38e3a87 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -926,7 +926,7 @@ echo $CC echo $CC local SYSROOT_CFLAGS=$(grep "^SYSROOT_CFLAGS :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | tr -s " " | cut -d" " -f3-) echo $SYSROOT_CFLAGS - + echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 local GLIBC_MAJOR=$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC__" | cut -d" " -f3) local GLIBC_MINOR=$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC_MINOR__" | cut -d" " -f3) local GLIBC_VERSION="${GLIBC_MAJOR}.${GLIBC_MINOR}" From b2bf0b7d860224f64b04c66ad10d96877d50a673 Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Fri, 4 Aug 2023 12:56:43 +0100 Subject: [PATCH 06/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sbin/build.sh b/sbin/build.sh index 2c38e3a87..95d5ae192 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -926,7 +926,8 @@ echo $CC echo $CC local SYSROOT_CFLAGS=$(grep "^SYSROOT_CFLAGS :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | tr -s " " | cut -d" " -f3-) echo $SYSROOT_CFLAGS - echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 +# echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 +"/lib/libc.musl-x86_64.so.1" local GLIBC_MAJOR=$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC__" | cut -d" " -f3) local GLIBC_MINOR=$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC_MINOR__" | cut -d" " -f3) local GLIBC_VERSION="${GLIBC_MAJOR}.${GLIBC_MINOR}" From bc5e8ec2631af15c469bb59b15244f127d8fe906 Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Fri, 4 Aug 2023 14:10:13 +0100 Subject: [PATCH 07/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/sbin/build.sh b/sbin/build.sh index 95d5ae192..310dd2970 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -916,24 +916,26 @@ checkingToolSummary() { # Below add versions to sbom | Facilitate reproducible builds addGLIBCforLinux() { - # Get GLIBC from configured build spec.gmk sysroot and features.h definitions - - # Get CC and SYSROOT_CFLAGS from the built build spec.gmk. - local CC=$(grep "^CC :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk) - # Remove env=xx from CC, so we can call from bash to get __GLIBC. -echo $CC - CC=$(echo "$CC" | tr -s " " | cut -d" " -f3- | sed -E "s/[^ ]*=[^ ]*//g") -echo $CC - local SYSROOT_CFLAGS=$(grep "^SYSROOT_CFLAGS :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | tr -s " " | cut -d" " -f3-) -echo $SYSROOT_CFLAGS -# echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 -"/lib/libc.musl-x86_64.so.1" - local GLIBC_MAJOR=$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC__" | cut -d" " -f3) - local GLIBC_MINOR=$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC_MINOR__" | cut -d" " -f3) - local GLIBC_VERSION="${GLIBC_MAJOR}.${GLIBC_MINOR}" - - echo "Adding GLIBC version to SBOM: ${GLIBC_VERSION}" - addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "GLIBC" "${GLIBC_VERSION}" + # Alpine uses "musl" rather than "glibc" + if [[ "${BUILD_CONFIG[OS_FULL_VERSION]}" == *"Alpine"* ]]; then + local MUSL_VERSION=$("/lib/libc.musl-x86_64.so.1" 2>&1 | grep "Version" | tr -s " " | cut -d" " -f2) + echo "Adding MUSL version to SBOM: ${MUSL_VERSION}" + addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "MUSL" "${MUSL_VERSION}" + else + # Get GLIBC from configured build spec.gmk sysroot and features.h definitions + + # Get CC and SYSROOT_CFLAGS from the built build spec.gmk. + local CC=$(grep "^CC :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk) + # Remove env=xx from CC, so we can call from bash to get __GLIBC. + CC=$(echo "$CC" | tr -s " " | cut -d" " -f3- | sed -E "s/[^ ]*=[^ ]*//g") + local SYSROOT_CFLAGS=$(grep "^SYSROOT_CFLAGS :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | tr -s " " | cut -d" " -f3-) + local GLIBC_MAJOR=$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC__" | cut -d" " -f3) + local GLIBC_MINOR=$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC_MINOR__" | cut -d" " -f3) + local GLIBC_VERSION="${GLIBC_MAJOR}.${GLIBC_MINOR}" + + echo "Adding GLIBC version to SBOM: ${GLIBC_VERSION}" + addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "GLIBC" "${GLIBC_VERSION}" + fi } addGCC() { From 686757269fc8cd4349d64b642d6863228e5e8484 Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Fri, 4 Aug 2023 14:21:02 +0100 Subject: [PATCH 08/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/sbin/build.sh b/sbin/build.sh index 310dd2970..bb1729916 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -949,10 +949,19 @@ addBootJDK() { local inputConfigFile="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/configure.txt" local bootjdk - if [ "${BUILD_CONFIG[OS_KERNEL_NAME]}" == "darwin" ]; then - bootjdk=$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | grep "Boot JDK:" | sed -E "s/^.*build ([^),]+).*/\1/" | sed "s/\-beta//g" | sed "s/\-.*//g") + # JDK8 BootJDK build versions(jdk7?) vary in format compared to jdk-11+ + if [ "${BUILD_CONFIG[OPENJDK_CORE_VERSION]}" == "${JDK8_CORE_VERSION}" ]; then + if [ "${BUILD_CONFIG[OS_KERNEL_NAME]}" == "darwin" ]; then + bootjdk=$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | grep "Boot JDK:" | sed -E "s/^.*build ([^),]+).*/\1/") + else + bootjdk=$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | grep "Boot JDK:" | sed "s/^.*build \([^),]\+\).*/\1/") + fi else + if [ "${BUILD_CONFIG[OS_KERNEL_NAME]}" == "darwin" ]; then + bootjdk=$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | grep "Boot JDK:" | sed -E "s/^.*build ([^),]+).*/\1/" | sed "s/\-beta//g" | sed "s/\-.*//g") + else bootjdk=$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | grep "Boot JDK:" | sed "s/^.*build \([^),]\+\).*/\1/" | sed "s/\-beta//g" | sed "s/\-.*//g") + fi fi echo "Adding BOOTJDK to SBOM: ${bootjdk}" addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "BOOTJDK" "${bootjdk}" From 7b1068820145fb581dd2dde9a666a3684455bff0 Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Fri, 4 Aug 2023 14:23:58 +0100 Subject: [PATCH 09/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sbin/build.sh b/sbin/build.sh index bb1729916..3237b7d9b 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -923,7 +923,7 @@ addGLIBCforLinux() { addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "MUSL" "${MUSL_VERSION}" else # Get GLIBC from configured build spec.gmk sysroot and features.h definitions - +cat /home/jenkins/workspace/build-scripts/jobs/jdk8u/jdk8u-linux-x64-temurin/workspace/build/src/build/linux-x86_64-normal-server-release/spec.gmk # Get CC and SYSROOT_CFLAGS from the built build spec.gmk. local CC=$(grep "^CC :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk) # Remove env=xx from CC, so we can call from bash to get __GLIBC. From b4400d0087dba74c8459a1984f1d9b1831b72aba Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Fri, 4 Aug 2023 14:35:19 +0100 Subject: [PATCH 10/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sbin/build.sh b/sbin/build.sh index 3237b7d9b..b9eaf923c 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -928,7 +928,9 @@ cat /home/jenkins/workspace/build-scripts/jobs/jdk8u/jdk8u-linux-x64-temurin/wor local CC=$(grep "^CC :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk) # Remove env=xx from CC, so we can call from bash to get __GLIBC. CC=$(echo "$CC" | tr -s " " | cut -d" " -f3- | sed -E "s/[^ ]*=[^ ]*//g") +echo "$CC" local SYSROOT_CFLAGS=$(grep "^SYSROOT_CFLAGS :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | tr -s " " | cut -d" " -f3-) +echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 local GLIBC_MAJOR=$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC__" | cut -d" " -f3) local GLIBC_MINOR=$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC_MINOR__" | cut -d" " -f3) local GLIBC_VERSION="${GLIBC_MAJOR}.${GLIBC_MINOR}" From aa3c5fa65e728f7ef6b492410e20da22f6db442d Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Fri, 4 Aug 2023 15:26:59 +0100 Subject: [PATCH 11/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sbin/build.sh b/sbin/build.sh index b9eaf923c..1f66900c3 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -953,6 +953,8 @@ addBootJDK() { local bootjdk # JDK8 BootJDK build versions(jdk7?) vary in format compared to jdk-11+ if [ "${BUILD_CONFIG[OPENJDK_CORE_VERSION]}" == "${JDK8_CORE_VERSION}" ]; then + bootjdk=$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | grep "Boot JDK:" | sed 's/.*(at \([^)]*\)).*/\1/') + echo "JDK: ${bootjdk}" if [ "${BUILD_CONFIG[OS_KERNEL_NAME]}" == "darwin" ]; then bootjdk=$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | grep "Boot JDK:" | sed -E "s/^.*build ([^),]+).*/\1/") else From 8ffcab73677ab0c05e3fecab6e83d31850961c51 Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Fri, 4 Aug 2023 15:49:06 +0100 Subject: [PATCH 12/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 23 +++++++---------------- 1 file changed, 7 insertions(+), 16 deletions(-) diff --git a/sbin/build.sh b/sbin/build.sh index 1f66900c3..586492981 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -950,23 +950,14 @@ addGCC() { addBootJDK() { local inputConfigFile="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/configure.txt" - local bootjdk - # JDK8 BootJDK build versions(jdk7?) vary in format compared to jdk-11+ - if [ "${BUILD_CONFIG[OPENJDK_CORE_VERSION]}" == "${JDK8_CORE_VERSION}" ]; then - bootjdk=$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | grep "Boot JDK:" | sed 's/.*(at \([^)]*\)).*/\1/') - echo "JDK: ${bootjdk}" - if [ "${BUILD_CONFIG[OS_KERNEL_NAME]}" == "darwin" ]; then - bootjdk=$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | grep "Boot JDK:" | sed -E "s/^.*build ([^),]+).*/\1/") - else - bootjdk=$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | grep "Boot JDK:" | sed "s/^.*build \([^),]\+\).*/\1/") - fi - else - if [ "${BUILD_CONFIG[OS_KERNEL_NAME]}" == "darwin" ]; then - bootjdk=$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | grep "Boot JDK:" | sed -E "s/^.*build ([^),]+).*/\1/" | sed "s/\-beta//g" | sed "s/\-.*//g") - else - bootjdk=$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | grep "Boot JDK:" | sed "s/^.*build \([^),]\+\).*/\1/" | sed "s/\-beta//g" | sed "s/\-.*//g") - fi + local bootjava + bootjava="$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | grep "Boot JDK:" | sed 's/.*(at \([^)]*\)).*/\1/')/bin/java" + if [[ "${BUILD_CONFIG[OS_KERNEL_NAME]}" == *"cygwin"* ]]; then + bootjava="${bootjava}.exe" fi + echo "BootJDK java : ${bootjava}" + local bootjdk=$("${bootjava}" -XshowSettings 2>&1 | grep "java\.runtime\.version" | tr -s " " | cut -d" " -f4) + echo "Adding BOOTJDK to SBOM: ${bootjdk}" addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "BOOTJDK" "${bootjdk}" } From 1d376ebc913e98e6c9dc09100d3834ff33ba59c1 Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Fri, 4 Aug 2023 16:01:22 +0100 Subject: [PATCH 13/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/sbin/build.sh b/sbin/build.sh index 586492981..8d5e34300 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -923,14 +923,11 @@ addGLIBCforLinux() { addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "MUSL" "${MUSL_VERSION}" else # Get GLIBC from configured build spec.gmk sysroot and features.h definitions -cat /home/jenkins/workspace/build-scripts/jobs/jdk8u/jdk8u-linux-x64-temurin/workspace/build/src/build/linux-x86_64-normal-server-release/spec.gmk # Get CC and SYSROOT_CFLAGS from the built build spec.gmk. local CC=$(grep "^CC :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk) # Remove env=xx from CC, so we can call from bash to get __GLIBC. CC=$(echo "$CC" | tr -s " " | cut -d" " -f3- | sed -E "s/[^ ]*=[^ ]*//g") -echo "$CC" local SYSROOT_CFLAGS=$(grep "^SYSROOT_CFLAGS :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | tr -s " " | cut -d" " -f3-) -echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 local GLIBC_MAJOR=$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC__" | cut -d" " -f3) local GLIBC_MINOR=$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC_MINOR__" | cut -d" " -f3) local GLIBC_VERSION="${GLIBC_MAJOR}.${GLIBC_MINOR}" From b95d6ac4c4b0de68155dbef384c43d43f7f57f74 Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Fri, 4 Aug 2023 16:15:28 +0100 Subject: [PATCH 14/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sbin/build.sh b/sbin/build.sh index 8d5e34300..0ce4c153d 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -924,10 +924,10 @@ addGLIBCforLinux() { else # Get GLIBC from configured build spec.gmk sysroot and features.h definitions # Get CC and SYSROOT_CFLAGS from the built build spec.gmk. - local CC=$(grep "^CC :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk) + local CC=$(grep "^CC[ ]*:=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk) # Remove env=xx from CC, so we can call from bash to get __GLIBC. CC=$(echo "$CC" | tr -s " " | cut -d" " -f3- | sed -E "s/[^ ]*=[^ ]*//g") - local SYSROOT_CFLAGS=$(grep "^SYSROOT_CFLAGS :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | tr -s " " | cut -d" " -f3-) + local SYSROOT_CFLAGS=$(grep "^SYSROOT_CFLAGS[ ]*:=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | tr -s " " | cut -d" " -f3-) local GLIBC_MAJOR=$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC__" | cut -d" " -f3) local GLIBC_MINOR=$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC_MINOR__" | cut -d" " -f3) local GLIBC_VERSION="${GLIBC_MAJOR}.${GLIBC_MINOR}" From af70b8118e57bf96165faf973bd790553bfde9bf Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Fri, 4 Aug 2023 16:28:02 +0100 Subject: [PATCH 15/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sbin/build.sh b/sbin/build.sh index 0ce4c153d..dc20d79ca 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -928,6 +928,8 @@ addGLIBCforLinux() { # Remove env=xx from CC, so we can call from bash to get __GLIBC. CC=$(echo "$CC" | tr -s " " | cut -d" " -f3- | sed -E "s/[^ ]*=[^ ]*//g") local SYSROOT_CFLAGS=$(grep "^SYSROOT_CFLAGS[ ]*:=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | tr -s " " | cut -d" " -f3-) +echo "CC=$CC" +echo "SYSROOT=$SYSROOT_CFLAGS" local GLIBC_MAJOR=$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC__" | cut -d" " -f3) local GLIBC_MINOR=$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC_MINOR__" | cut -d" " -f3) local GLIBC_VERSION="${GLIBC_MAJOR}.${GLIBC_MINOR}" From 059934fe4bd513afbf9107aa89b0b8f23011afd3 Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Fri, 4 Aug 2023 16:41:17 +0100 Subject: [PATCH 16/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sbin/build.sh b/sbin/build.sh index dc20d79ca..e962df759 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -924,7 +924,9 @@ addGLIBCforLinux() { else # Get GLIBC from configured build spec.gmk sysroot and features.h definitions # Get CC and SYSROOT_CFLAGS from the built build spec.gmk. +cat ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/linux-x86_64-normal-server-release/spec.gmk local CC=$(grep "^CC[ ]*:=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk) +echo "CC=$CC" # Remove env=xx from CC, so we can call from bash to get __GLIBC. CC=$(echo "$CC" | tr -s " " | cut -d" " -f3- | sed -E "s/[^ ]*=[^ ]*//g") local SYSROOT_CFLAGS=$(grep "^SYSROOT_CFLAGS[ ]*:=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | tr -s " " | cut -d" " -f3-) From 0c8ea5e035edae5db43b9f616a66d8826ab7717b Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Mon, 7 Aug 2023 11:08:21 +0100 Subject: [PATCH 17/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/sbin/build.sh b/sbin/build.sh index e962df759..f589abf58 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -916,19 +916,30 @@ checkingToolSummary() { # Below add versions to sbom | Facilitate reproducible builds addGLIBCforLinux() { - # Alpine uses "musl" rather than "glibc" - if [[ "${BUILD_CONFIG[OS_FULL_VERSION]}" == *"Alpine"* ]]; then - local MUSL_VERSION=$("/lib/libc.musl-x86_64.so.1" 2>&1 | grep "Version" | tr -s " " | cut -d" " -f2) +cat ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/linux-x86_64-normal-server-release/spec.gmk + + # Determine target build LIBC from configure log "target system type" which is consistent for jdk8+ + local inputConfigFile="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/configure.txt" + # eg: checking openjdk-target C library... musl + local libc_type="$(grep "checking openjdk-target C library\.\.\." "${inputConfigFile}" | cut -d" " -f5)" + if [[ "$libc_type" == "default" ]]; then + # Default libc for linux is gnu gcc + libc_type = "gnu" + fi + + if [[ "$libc_type" == "musl" ]]; then + # This is the only way to print the musl version + #local MUSL_VERSION=$("/lib/libc.musl-x86_64.so.1" 2>&1 | grep "Version" | tr -s " " | cut -d" " -f2) + local MUSL_VERSION=$(ldd --version) echo "Adding MUSL version to SBOM: ${MUSL_VERSION}" addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "MUSL" "${MUSL_VERSION}" else # Get GLIBC from configured build spec.gmk sysroot and features.h definitions # Get CC and SYSROOT_CFLAGS from the built build spec.gmk. -cat ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/linux-x86_64-normal-server-release/spec.gmk - local CC=$(grep "^CC[ ]*:=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk) + local CC=$(grep "^CC[ ]*:=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | sed "s/^CC[ ]*:=[ ]*//") echo "CC=$CC" # Remove env=xx from CC, so we can call from bash to get __GLIBC. - CC=$(echo "$CC" | tr -s " " | cut -d" " -f3- | sed -E "s/[^ ]*=[^ ]*//g") + CC=$(echo "$CC" | tr -s " " | sed -E "s/[^ ]*=[^ ]*//g") local SYSROOT_CFLAGS=$(grep "^SYSROOT_CFLAGS[ ]*:=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | tr -s " " | cut -d" " -f3-) echo "CC=$CC" echo "SYSROOT=$SYSROOT_CFLAGS" From 43e8380707436359a79c5d397b79694ff73a062a Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Mon, 7 Aug 2023 11:21:28 +0100 Subject: [PATCH 18/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sbin/build.sh b/sbin/build.sh index f589abf58..8fbb2a4d9 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -916,7 +916,7 @@ checkingToolSummary() { # Below add versions to sbom | Facilitate reproducible builds addGLIBCforLinux() { -cat ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/linux-x86_64-normal-server-release/spec.gmk +cat ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk # Determine target build LIBC from configure log "target system type" which is consistent for jdk8+ local inputConfigFile="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/configure.txt" From 4450a583e691569f33316d615dd3a07c57b2df07 Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Mon, 7 Aug 2023 11:35:00 +0100 Subject: [PATCH 19/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/sbin/build.sh b/sbin/build.sh index 8fbb2a4d9..698c5ac27 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -935,14 +935,13 @@ cat ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[O addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "MUSL" "${MUSL_VERSION}" else # Get GLIBC from configured build spec.gmk sysroot and features.h definitions + # Get CC and SYSROOT_CFLAGS from the built build spec.gmk. local CC=$(grep "^CC[ ]*:=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | sed "s/^CC[ ]*:=[ ]*//") -echo "CC=$CC" # Remove env=xx from CC, so we can call from bash to get __GLIBC. CC=$(echo "$CC" | tr -s " " | sed -E "s/[^ ]*=[^ ]*//g") local SYSROOT_CFLAGS=$(grep "^SYSROOT_CFLAGS[ ]*:=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | tr -s " " | cut -d" " -f3-) -echo "CC=$CC" -echo "SYSROOT=$SYSROOT_CFLAGS" + local GLIBC_MAJOR=$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC__" | cut -d" " -f3) local GLIBC_MINOR=$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC_MINOR__" | cut -d" " -f3) local GLIBC_VERSION="${GLIBC_MAJOR}.${GLIBC_MINOR}" @@ -953,9 +952,11 @@ echo "SYSROOT=$SYSROOT_CFLAGS" } addGCC() { - # Get GLIBC from configured build spec.gmk sysroot and features.h definitions - local CC_VERSION_NUMBER=$(grep "^CC_VERSION_NUMBER :=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | tr -s " " | cut -d" " -f3) - echo "Adding GCC version to SBOM: ${CC_VERSION_NUMBER}" + local inputConfigFile="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/configure.txt" + + local gcc_version="$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | grep "C Compiler: Version" | tr -s" " | cut -d" " -f4)" + + echo "Adding GCC version to SBOM: ${gcc_version}" addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "GCC" "${CC_VERSION_NUMBER}" } From 7f89b8141dbbf4977356dbb7193c5f59739b4258 Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Mon, 7 Aug 2023 11:38:13 +0100 Subject: [PATCH 20/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/sbin/build.sh b/sbin/build.sh index 698c5ac27..938957d08 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -928,9 +928,8 @@ cat ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[O fi if [[ "$libc_type" == "musl" ]]; then - # This is the only way to print the musl version - #local MUSL_VERSION=$("/lib/libc.musl-x86_64.so.1" 2>&1 | grep "Version" | tr -s " " | cut -d" " -f2) - local MUSL_VERSION=$(ldd --version) + # Get musl build ldd version + local MUSL_VERSION=$(ldd --version | grep "Version" | tr -s " " | cut -d" " -f2) echo "Adding MUSL version to SBOM: ${MUSL_VERSION}" addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "MUSL" "${MUSL_VERSION}" else From b38d1aefd496d6d35a550c14824e3db8cb1b96a6 Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Mon, 7 Aug 2023 14:27:12 +0100 Subject: [PATCH 21/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sbin/build.sh b/sbin/build.sh index 938957d08..c45cb7b26 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -953,10 +953,10 @@ cat ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[O addGCC() { local inputConfigFile="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/configure.txt" - local gcc_version="$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | grep "C Compiler: Version" | tr -s" " | cut -d" " -f4)" + local gcc_version="$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | grep "C Compiler: Version" | tr -s " " | cut -d" " -f4)" echo "Adding GCC version to SBOM: ${gcc_version}" - addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "GCC" "${CC_VERSION_NUMBER}" + addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "GCC" "${gcc_version}" } addBootJDK() { From 6c7a3bd4a2faddfd631ff4b780cda104727b615e Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Mon, 7 Aug 2023 14:28:32 +0100 Subject: [PATCH 22/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sbin/build.sh b/sbin/build.sh index c45cb7b26..c3c4ae820 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -924,7 +924,7 @@ cat ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[O local libc_type="$(grep "checking openjdk-target C library\.\.\." "${inputConfigFile}" | cut -d" " -f5)" if [[ "$libc_type" == "default" ]]; then # Default libc for linux is gnu gcc - libc_type = "gnu" + libc_type="gnu" fi if [[ "$libc_type" == "musl" ]]; then From 7dcb0a1466674756c58d70b255464e85eb1a24c8 Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Mon, 7 Aug 2023 15:06:40 +0100 Subject: [PATCH 23/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sbin/build.sh b/sbin/build.sh index c3c4ae820..bb303b657 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -953,7 +953,7 @@ cat ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[O addGCC() { local inputConfigFile="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/configure.txt" - local gcc_version="$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | grep "C Compiler: Version" | tr -s " " | cut -d" " -f4)" + local gcc_version="$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | tr -s " " | grep "C Compiler: Version" | cut -d" " -f4)" echo "Adding GCC version to SBOM: ${gcc_version}" addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "GCC" "${gcc_version}" From 09f933584b859d9889911c5523c7663ae586870e Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Tue, 8 Aug 2023 09:10:21 +0100 Subject: [PATCH 24/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sbin/build.sh b/sbin/build.sh index bb303b657..64c3f59f8 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -953,7 +953,7 @@ cat ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[O addGCC() { local inputConfigFile="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/configure.txt" - local gcc_version="$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | tr -s " " | grep "C Compiler: Version" | cut -d" " -f4)" + local gcc_version="$(sed -n '/^Tools summary:$/,$p' "${inputConfigFile}" | tr -s " " | grep "C Compiler: Version" | cut -d" " -f5)" echo "Adding GCC version to SBOM: ${gcc_version}" addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "GCC" "${gcc_version}" From 5ed912f64c0f81a7dacf9345dcbc6355167c7564 Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Tue, 8 Aug 2023 09:15:47 +0100 Subject: [PATCH 25/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sbin/build.sh b/sbin/build.sh index 64c3f59f8..6bf61f321 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -968,7 +968,7 @@ addBootJDK() { bootjava="${bootjava}.exe" fi echo "BootJDK java : ${bootjava}" - local bootjdk=$("${bootjava}" -XshowSettings 2>&1 | grep "java\.runtime\.version" | tr -s " " | cut -d" " -f4) + local bootjdk=$("${bootjava}" -XshowSettings 2>&1 | grep "java\.runtime\.version" | tr -s " " | cut -d" " -f4 | sed "s/\"//g") echo "Adding BOOTJDK to SBOM: ${bootjdk}" addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "BOOTJDK" "${bootjdk}" From 9fbc441802fe54f5f5b31dff706f3fcdf4cdc93e Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Tue, 8 Aug 2023 10:54:44 +0100 Subject: [PATCH 26/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/sbin/build.sh b/sbin/build.sh index 6bf61f321..3f40852bc 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -929,20 +929,21 @@ cat ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[O if [[ "$libc_type" == "musl" ]]; then # Get musl build ldd version - local MUSL_VERSION=$(ldd --version | grep "Version" | tr -s " " | cut -d" " -f2) +echo "CHECKING MUSL" + local MUSL_VERSION="$(ldd --version | grep "Version" | tr -s " " | cut -d" " -f2)" echo "Adding MUSL version to SBOM: ${MUSL_VERSION}" addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "MUSL" "${MUSL_VERSION}" else # Get GLIBC from configured build spec.gmk sysroot and features.h definitions # Get CC and SYSROOT_CFLAGS from the built build spec.gmk. - local CC=$(grep "^CC[ ]*:=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | sed "s/^CC[ ]*:=[ ]*//") + local CC="$(grep "^CC[ ]*:=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | sed "s/^CC[ ]*:=[ ]*//")" # Remove env=xx from CC, so we can call from bash to get __GLIBC. CC=$(echo "$CC" | tr -s " " | sed -E "s/[^ ]*=[^ ]*//g") - local SYSROOT_CFLAGS=$(grep "^SYSROOT_CFLAGS[ ]*:=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | tr -s " " | cut -d" " -f3-) + local SYSROOT_CFLAGS="$(grep "^SYSROOT_CFLAGS[ ]*:=" ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk | tr -s " " | cut -d" " -f3-)" - local GLIBC_MAJOR=$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC__" | cut -d" " -f3) - local GLIBC_MINOR=$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC_MINOR__" | cut -d" " -f3) + local GLIBC_MAJOR="$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC__" | cut -d" " -f3)" + local GLIBC_MINOR="$(echo "#include " | $CC $SYSROOT_CFLAGS -dM -E - 2>&1 | tr -s " " | grep "#define __GLIBC_MINOR__" | cut -d" " -f3)" local GLIBC_VERSION="${GLIBC_MAJOR}.${GLIBC_MINOR}" echo "Adding GLIBC version to SBOM: ${GLIBC_VERSION}" @@ -968,7 +969,7 @@ addBootJDK() { bootjava="${bootjava}.exe" fi echo "BootJDK java : ${bootjava}" - local bootjdk=$("${bootjava}" -XshowSettings 2>&1 | grep "java\.runtime\.version" | tr -s " " | cut -d" " -f4 | sed "s/\"//g") + local bootjdk="$("${bootjava}" -XshowSettings 2>&1 | grep "java\.runtime\.version" | tr -s " " | cut -d" " -f4 | sed "s/\"//g")" echo "Adding BOOTJDK to SBOM: ${bootjdk}" addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "BOOTJDK" "${bootjdk}" From dca42e7ebdc33a59606c20b689c7e3793097a21c Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Tue, 8 Aug 2023 11:07:40 +0100 Subject: [PATCH 27/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sbin/build.sh b/sbin/build.sh index 3f40852bc..178ce904e 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -930,7 +930,7 @@ cat ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[O if [[ "$libc_type" == "musl" ]]; then # Get musl build ldd version echo "CHECKING MUSL" - local MUSL_VERSION="$(ldd --version | grep "Version" | tr -s " " | cut -d" " -f2)" + local MUSL_VERSION="$(ldd --version 2>&1 | grep "Version" | tr -s " " | cut -d" " -f2)" echo "Adding MUSL version to SBOM: ${MUSL_VERSION}" addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "MUSL" "${MUSL_VERSION}" else From 386242394c11338462317a80ba634f6bad7bd170 Mon Sep 17 00:00:00 2001 From: Andrew Leonard Date: Tue, 8 Aug 2023 11:16:29 +0100 Subject: [PATCH 28/28] Fix SBOM glibc and gcc version info Signed-off-by: Andrew Leonard --- sbin/build.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/sbin/build.sh b/sbin/build.sh index 178ce904e..be885fc6e 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -916,8 +916,6 @@ checkingToolSummary() { # Below add versions to sbom | Facilitate reproducible builds addGLIBCforLinux() { -cat ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]}/build/*/spec.gmk - # Determine target build LIBC from configure log "target system type" which is consistent for jdk8+ local inputConfigFile="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[TARGET_DIR]}/metadata/configure.txt" # eg: checking openjdk-target C library... musl @@ -929,7 +927,6 @@ cat ${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/${BUILD_CONFIG[O if [[ "$libc_type" == "musl" ]]; then # Get musl build ldd version -echo "CHECKING MUSL" local MUSL_VERSION="$(ldd --version 2>&1 | grep "Version" | tr -s " " | cut -d" " -f2)" echo "Adding MUSL version to SBOM: ${MUSL_VERSION}" addSBOMMetadataTools "${javaHome}" "${classpath}" "${sbomJson}" "MUSL" "${MUSL_VERSION}"