Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Delete no-op sbom code #832

Merged
merged 1 commit into from
Nov 7, 2023
Merged

Delete no-op sbom code #832

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 5 additions & 18 deletions pkg/build/build.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1047,14 +1047,6 @@ func (b *Build) BuildPackage(ctx context.Context) error {
linterQueue = append(linterQueue, lintTarget)
}

// Run the SBOM generator
generator, err := sbom.NewGenerator()
if err != nil {
return fmt.Errorf("creating sbom generator: %w", err)
}

// Capture languages declared in pipelines
langs := []string{}
namespace := b.Namespace
if namespace == "" {
namespace = "unknown"
Expand Down Expand Up @@ -1109,24 +1101,25 @@ func (b *Build) BuildPackage(ctx context.Context) error {
linters := lt.checks.GetLinters()

var innerErr error
err = linter.LintBuild(lt.pkgName, path, func(err error) {
if err := linter.LintBuild(lt.pkgName, path, func(err error) {
if b.FailOnLintWarning {
innerErr = err
} else {
b.Logger.Warnf("WARNING: %v", err)
}
}, linters)
if err != nil {
}, linters); err != nil {
return fmt.Errorf("package linter error: %w", err)
} else if innerErr != nil {
return fmt.Errorf("package linter warning: %w", err)
}
}

// Run the SBOM generator.
generator := sbom.NewGenerator()

// generate SBOMs for subpackages
for _, sp := range b.Configuration.Subpackages {
sp := sp
langs := []string{}

if !b.IsBuildLess() {
b.Logger.Printf("generating SBOM for subpackage %s", sp.Name)
Expand All @@ -1139,17 +1132,12 @@ func (b *Build) BuildPackage(ctx context.Context) error {
if !result {
continue
}

for _, p := range sp.Pipeline {
langs = append(langs, p.SBOM.Language)
}
}

if err := generator.GenerateSBOM(ctx, &sbom.Spec{
Path: filepath.Join(b.WorkspaceDir, "melange-out", sp.Name),
PackageName: sp.Name,
PackageVersion: fmt.Sprintf("%s-r%d", b.Configuration.Package.Version, b.Configuration.Package.Epoch),
Languages: langs,
License: b.Configuration.Package.LicenseExpression(),
Copyright: b.Configuration.Package.FullCopyright(),
Namespace: namespace,
Expand All @@ -1163,7 +1151,6 @@ func (b *Build) BuildPackage(ctx context.Context) error {
Path: filepath.Join(b.WorkspaceDir, "melange-out", b.Configuration.Package.Name),
PackageName: b.Configuration.Package.Name,
PackageVersion: fmt.Sprintf("%s-r%d", b.Configuration.Package.Version, b.Configuration.Package.Epoch),
Languages: langs,
License: b.Configuration.Package.LicenseExpression(),
Copyright: b.Configuration.Package.FullCopyright(),
Namespace: namespace,
Expand Down
2 changes: 0 additions & 2 deletions pkg/config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -269,8 +269,6 @@ type Pipeline struct {
//
// This defaults to the guests' build workspace (/home/build)
WorkDir string `json:"working-directory,omitempty" yaml:"working-directory,omitempty"`
// Optional: Configuration for the generated SBOM
SBOM SBOM `json:"sbom,omitempty" yaml:"sbom,omitempty"`
// Optional: environment variables to override the apko environment
Environment map[string]string `json:"environment,omitempty" yaml:"environment,omitempty"`
}
Expand Down
59 changes: 13 additions & 46 deletions pkg/sbom/generator.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,22 +22,10 @@ import (
"go.opentelemetry.io/otel"
)

func NewGenerator() (*Generator, error) {
func NewGenerator() *Generator {
return &Generator{
impl: &defaultGeneratorImplementation{},
logger: log.New(log.Writer(), "melange-sbom: ", log.LstdFlags|log.Lmsgprefix),
Options: defaultOptions,
}, nil
}

var defaultOptions = Options{
ScanLicenses: true,
ScanFiles: true,
}

type Options struct {
ScanLicenses bool
ScanFiles bool
logger: log.New(log.Writer(), "melange-sbom: ", log.LstdFlags|log.Lmsgprefix),
}
}

type Spec struct {
Expand All @@ -48,67 +36,46 @@ type Spec struct {
Copyright string
Namespace string
Arch string
logger *log.Logger
Languages []string
}

type Generator struct {
Options Options
logger *log.Logger
impl generatorImplementation
logger *log.Logger
}

// GenerateSBOM runs the main SBOM generation process
func (g *Generator) GenerateSBOM(ctx context.Context, spec *Spec) error {
_, span := otel.Tracer("melange").Start(ctx, "GenerateSBOM")
defer span.End()

spec.logger = g.logger
shouldRun, err := g.impl.CheckEnvironment(spec)
shouldRun, err := CheckEnvironment(spec)
if err != nil {
return fmt.Errorf("checking SBOM environment: %w", err)
}

if !shouldRun {
// log "Not generating SBOM"
g.logger.Print("Warning: Working directory not found, probably apk is empty")
return nil
}

sbomDoc, err := g.impl.GenerateDocument(spec)
if err != nil {
return fmt.Errorf("initializing new SBOM: %w", err)
sbomDoc := &bom{
Packages: []pkg{},
Files: []file{},
}

pkg, err := g.impl.GenerateAPKPackage(spec)
pkg, err := GenerateAPKPackage(spec)
if err != nil {
return fmt.Errorf("generating main package: %w", err)
}

// Add file inventory to packages
if g.Options.ScanFiles {
if err := g.impl.ScanFiles(spec, &pkg); err != nil {
return fmt.Errorf("reading SBOM file inventory: %w", err)
}
if err := ScanFiles(spec, &pkg); err != nil {
return fmt.Errorf("reading SBOM file inventory: %w", err)
}

sbomDoc.Packages = append(sbomDoc.Packages, pkg)

// Scan files for licensing data
if g.Options.ScanLicenses {
if err := g.impl.ScanLicenses(spec, sbomDoc); err != nil {
return fmt.Errorf("reading SBOM file inventory: %w", err)
}
}

// Generate dependency data from each language specified in the opts
for _, lang := range spec.Languages {
if err := g.impl.ReadDependencyData(spec, sbomDoc, lang); err != nil {
return fmt.Errorf("reading %s dependecy data: %w", lang, err)
}
}

// Finally, write the SBOM data to disk
if err := g.impl.WriteSBOM(spec, sbomDoc); err != nil {
if err := WriteSBOM(spec, sbomDoc); err != nil {
return fmt.Errorf("writing sbom to disk: %w", err)
}

Expand Down
36 changes: 4 additions & 32 deletions pkg/sbom/implementation.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,18 +41,6 @@ import (
"chainguard.dev/melange/pkg/util"
)

type generatorImplementation interface {
CheckEnvironment(*Spec) (bool, error)
GenerateDocument(*Spec) (*bom, error)
GenerateAPKPackage(*Spec) (pkg, error)
ScanFiles(*Spec, *pkg) error
ScanLicenses(*Spec, *bom) error
ReadDependencyData(*Spec, *bom, string) error
WriteSBOM(*Spec, *bom) error
}

type defaultGeneratorImplementation struct{}

var validIDCharsRe = regexp.MustCompile(`[^a-zA-Z0-9-.]+`)

func stringToIdentifier(in string) (out string) {
Expand All @@ -68,7 +56,7 @@ func stringToIdentifier(in string) (out string) {
})
}

func (di *defaultGeneratorImplementation) CheckEnvironment(spec *Spec) (bool, error) {
func CheckEnvironment(spec *Spec) (bool, error) {
dirPath, err := filepath.Abs(spec.Path)
if err != nil {
return false, fmt.Errorf("getting absolute directory path: %w", err)
Expand All @@ -77,7 +65,6 @@ func (di *defaultGeneratorImplementation) CheckEnvironment(spec *Spec) (bool, er
// Check if directory exists
if _, err := os.Stat(dirPath); err != nil {
if os.IsNotExist(err) {
spec.logger.Print("Warning: Working directory not found, probably apk is empty")
return false, nil
}
return false, fmt.Errorf("checking if workind directory exists: %w", err)
Expand All @@ -86,15 +73,8 @@ func (di *defaultGeneratorImplementation) CheckEnvironment(spec *Spec) (bool, er
return true, nil
}

func (di *defaultGeneratorImplementation) GenerateDocument(spec *Spec) (*bom, error) {
return &bom{
Packages: []pkg{},
Files: []file{},
}, nil
}

// GenerateAPKPackage generates the sbom package representing the apk
func (di *defaultGeneratorImplementation) GenerateAPKPackage(spec *Spec) (pkg, error) {
func GenerateAPKPackage(spec *Spec) (pkg, error) {
if spec.PackageName == "" {
return pkg{}, errors.New("unable to generate package, name not specified")
}
Expand All @@ -121,7 +101,7 @@ func (di *defaultGeneratorImplementation) GenerateAPKPackage(spec *Spec) (pkg, e

// ScanFiles reads the files to be packaged in the apk and
// extracts the required data for the SBOM.
func (di *defaultGeneratorImplementation) ScanFiles(spec *Spec, dirPackage *pkg) error {
func ScanFiles(spec *Spec, dirPackage *pkg) error {
dirPath, err := filepath.Abs(spec.Path)
if err != nil {
return fmt.Errorf("getting absolute directory path: %w", err)
Expand Down Expand Up @@ -207,14 +187,6 @@ func (di *defaultGeneratorImplementation) ScanFiles(spec *Spec, dirPackage *pkg)
return nil
}

func (di *defaultGeneratorImplementation) ScanLicenses(spec *Spec, doc *bom) error {
return nil
}

func (di *defaultGeneratorImplementation) ReadDependencyData(spec *Spec, doc *bom, language string) error {
return nil
}

func computeVerificationCode(hashList []string) string {
// Sort the strings:
sort.Strings(hashList)
Expand Down Expand Up @@ -411,7 +383,7 @@ func buildDocumentSPDX(spec *Spec, doc *bom) (*spdx.Document, error) {
}

// WriteSBOM writes the SBOM to the apk filesystem
func (di *defaultGeneratorImplementation) WriteSBOM(spec *Spec, doc *bom) error {
func WriteSBOM(spec *Spec, doc *bom) error {
spdxDoc, err := buildDocumentSPDX(spec, doc)
if err != nil {
return fmt.Errorf("building SPDX document: %w", err)
Expand Down
Loading