Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add initial support for generating SPDX SBOM documents (COMPOSER-2274) #4359

Merged
merged 21 commits into from
Sep 20, 2024
Merged

Add initial support for generating SPDX SBOM documents (COMPOSER-2274) #4359

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
8635abc
Schutzfile: update osbuild ref
thozza Sep 6, 2024
326cf82
Schutzfile: update el10 / c10s rpmrepo snapshots
thozza Sep 16, 2024
c3b9812
Test/repositories: update el10 / c10s repmrepo snapshots
thozza Sep 16, 2024
4672a0d
Update osbuild/images to v0.88.0
thozza Sep 6, 2024
f90bbc6
SPEC: bump the minimum osbuild version
thozza Sep 13, 2024
c71e5ca
Worker/json: remove redundant comment
thozza Sep 10, 2024
85dae3a
Worker/depsolve: add support for SBOM
thozza Sep 10, 2024
946785c
CloudAPI: request SBOM documents in depsolve jobs
thozza Sep 10, 2024
492a5f2
Worker/osbuild: depend on depsolve job for Koji composes
thozza Sep 10, 2024
a7bf28d
Target/koji: extend the result struct with SBOM docs
thozza Sep 10, 2024
945fa41
Worker/koji-finalize: import uploaded SBOM documents
thozza Sep 10, 2024
2bb6628
Worker/osbuild/koji: upload SBOM documents
thozza Sep 10, 2024
fe06038
Test/koji.sh: adjust for SBOM documents
thozza Sep 11, 2024
a56a2d7
CI/Koji: test RHEL-8 builds on RHEL-9
thozza Sep 11, 2024
6027bc6
CI/Koji: test building of RHEL-10 on RHEL-9
thozza Sep 11, 2024
8ee2408
CI/Koji: run Koji tests only on the latest RHEL-9 GA
thozza Sep 11, 2024
de12214
CloudAPI: extend manifestJobResultsFromJobDeps() to also return JobInfo
thozza Sep 13, 2024
b3eea4a
CloudAPI: add new /composes/{id}/sboms endpoint
thozza Sep 13, 2024
b3f40b9
CloudAPI: test /sboms endpoint for regular composes
thozza Sep 13, 2024
54914dd
CloudAPI: test /sboms endpoint for Koji composes
thozza Sep 13, 2024
f1527b9
Test/repositories: remove the AUX GPG key from RHEL-8 repos
thozza Sep 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 17 additions & 7 deletions .gitlab-ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -399,19 +399,16 @@ koji.sh (cloud upload):
parallel:
matrix:
- RUNNER:
- aws/rhel-8.10-ga-x86_64
- aws/rhel-9.4-ga-x86_64
INTERNAL_NETWORK: ["true"]
CLOUD_TARGET: aws
IMAGE_TYPE: aws-rhui
- RUNNER:
- aws/rhel-8.10-ga-x86_64
- aws/rhel-9.4-ga-x86_64
INTERNAL_NETWORK: ["true"]
CLOUD_TARGET: azure
IMAGE_TYPE: azure-rhui
- RUNNER:
- aws/rhel-8.10-ga-x86_64
- aws/rhel-9.4-ga-x86_64
INTERNAL_NETWORK: ["true"]
CLOUD_TARGET: gcp
Expand All @@ -429,7 +426,6 @@ koji.sh (cloudapi):
matrix:
- *fedora_runners
- RUNNER:
- aws/rhel-8.10-ga-x86_64
- aws/rhel-9.4-ga-x86_64
INTERNAL_NETWORK: ["true"]

Expand Down Expand Up @@ -707,7 +703,7 @@ aws_s3.sh:
variables:
SCRIPT: aws_s3.sh

RHEL 9 on 8:
RHEL 8 on 9 (Koji):
stage: test
extends: .terraform
rules:
Expand All @@ -717,9 +713,23 @@ RHEL 9 on 8:
- schutzbot/deploy.sh
- /usr/libexec/tests/osbuild-composer/koji.sh
variables:
RUNNER: aws/rhel-8.10-ga-x86_64
RUNNER: aws/rhel-9.4-ga-x86_64
INTERNAL_NETWORK: "true"
DISTRO_CODE: rhel-8.10

RHEL 10 on 9 (Koji):
stage: test
extends: .terraform
rules:
- !reference [.upstream_and_ga_rules_all, rules]
- !reference [.ga_rules_all, rules]
script:
- schutzbot/deploy.sh
- /usr/libexec/tests/osbuild-composer/koji.sh
variables:
RUNNER: aws/rhel-9.4-ga-x86_64
INTERNAL_NETWORK: "true"
DISTRO_CODE: rhel-91
DISTRO_CODE: rhel-10.0

Multi-tenancy:
stage: test
Expand Down
2 changes: 2 additions & 0 deletions .golangci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ linters-settings:

gomoddirectives:
replace-local: false
replace-allow-list:
- "github.com/osbuild/images"

linters:
enable:
Expand Down
54 changes: 27 additions & 27 deletions Schutzfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
"fedora-39": {
"dependencies": {
"osbuild": {
"commit": "69625505cfdb569d46adf912128d22485ce3595b"
"commit": "3df75de65a5414866fa43133309c1fc67490a373"
}
},
"repos": [
Expand Down Expand Up @@ -45,7 +45,7 @@
"fedora-40": {
"dependencies": {
"osbuild": {
"commit": "69625505cfdb569d46adf912128d22485ce3595b"
"commit": "3df75de65a5414866fa43133309c1fc67490a373"
}
},
"repos": [
Expand Down Expand Up @@ -88,56 +88,56 @@
"rhel-8.4": {
"dependencies": {
"osbuild": {
"commit": "69625505cfdb569d46adf912128d22485ce3595b"
"commit": "3df75de65a5414866fa43133309c1fc67490a373"
}
}
},
"rhel-8.8": {
"dependencies": {
"osbuild": {
"commit": "69625505cfdb569d46adf912128d22485ce3595b"
"commit": "3df75de65a5414866fa43133309c1fc67490a373"
}
}
},
"rhel-8.9": {
"dependencies": {
"osbuild": {
"commit": "69625505cfdb569d46adf912128d22485ce3595b"
"commit": "3df75de65a5414866fa43133309c1fc67490a373"
}
}
},
"rhel-8.10": {
"dependencies": {
"osbuild": {
"commit": "69625505cfdb569d46adf912128d22485ce3595b"
"commit": "3df75de65a5414866fa43133309c1fc67490a373"
}
}
},
"rhel-9.2": {
"dependencies": {
"osbuild": {
"commit": "69625505cfdb569d46adf912128d22485ce3595b"
"commit": "3df75de65a5414866fa43133309c1fc67490a373"
}
}
},
"rhel-9.3": {
"dependencies": {
"osbuild": {
"commit": "69625505cfdb569d46adf912128d22485ce3595b"
"commit": "3df75de65a5414866fa43133309c1fc67490a373"
}
}
},
"rhel-9.4": {
"dependencies": {
"osbuild": {
"commit": "69625505cfdb569d46adf912128d22485ce3595b"
"commit": "3df75de65a5414866fa43133309c1fc67490a373"
}
}
},
"rhel-9.5": {
"dependencies": {
"osbuild": {
"commit": "69625505cfdb569d46adf912128d22485ce3595b"
"commit": "3df75de65a5414866fa43133309c1fc67490a373"
}
},
"repos": [
Expand Down Expand Up @@ -183,7 +183,7 @@
"rhel-10.0": {
"dependencies": {
"osbuild": {
"commit": "69625505cfdb569d46adf912128d22485ce3595b"
"commit": "3df75de65a5414866fa43133309c1fc67490a373"
}
},
"repos": [
Expand All @@ -193,34 +193,34 @@
{
"title": "RHEL-10-RPMREPO-NIGHTLY-BaseOS",
"name": "baseos",
"baseurl": "https://rpmrepo.osbuild.org/v2/mirror/rhvpn/el10/el10-x86_64-baseos-n10.0-20240822"
"baseurl": "https://rpmrepo.osbuild.org/v2/mirror/rhvpn/el10/el10-x86_64-baseos-n10.0-20240901"
},
{
"title": "RHEL-10-RPMREPO-NIGHTLY-AppStream",
"name": "appstream",
"baseurl": "https://rpmrepo.osbuild.org/v2/mirror/rhvpn/el10/el10-x86_64-appstream-n10.0-20240822"
"baseurl": "https://rpmrepo.osbuild.org/v2/mirror/rhvpn/el10/el10-x86_64-appstream-n10.0-20240901"
},
{
"title": "RHEL-10-RPMREPO-NIGHTLY-CRB",
"name": "crb",
"baseurl": "https://rpmrepo.osbuild.org/v2/mirror/rhvpn/el10/el10-x86_64-crb-n10.0-20240822"
"baseurl": "https://rpmrepo.osbuild.org/v2/mirror/rhvpn/el10/el10-x86_64-crb-n10.0-20240901"
}
],
"aarch64": [
{
"title": "RHEL-10-RPMREPO-NIGHTLY-BaseOS",
"name": "baseos",
"baseurl": "https://rpmrepo.osbuild.org/v2/mirror/rhvpn/el10/el10-aarch64-baseos-n10.0-20240822"
"baseurl": "https://rpmrepo.osbuild.org/v2/mirror/rhvpn/el10/el10-aarch64-baseos-n10.0-20240901"
},
{
"title": "RHEL-10-RPMREPO-NIGHTLY-AppStream",
"name": "appstream",
"baseurl": "https://rpmrepo.osbuild.org/v2/mirror/rhvpn/el10/el10-aarch64-appstream-n10.0-20240822"
"baseurl": "https://rpmrepo.osbuild.org/v2/mirror/rhvpn/el10/el10-aarch64-appstream-n10.0-20240901"
},
{
"title": "RHEL-10-RPMREPO-NIGHTLY-CRB",
"name": "crb",
"baseurl": "https://rpmrepo.osbuild.org/v2/mirror/rhvpn/el10/el10-aarch64-crb-n10.0-20240822"
"baseurl": "https://rpmrepo.osbuild.org/v2/mirror/rhvpn/el10/el10-aarch64-crb-n10.0-20240901"
}
]
}
Expand All @@ -229,14 +229,14 @@
"centos-9": {
"dependencies": {
"osbuild": {
"commit": "69625505cfdb569d46adf912128d22485ce3595b"
"commit": "3df75de65a5414866fa43133309c1fc67490a373"
}
}
},
"centos-stream-9": {
"dependencies": {
"osbuild": {
"commit": "69625505cfdb569d46adf912128d22485ce3595b"
"commit": "3df75de65a5414866fa43133309c1fc67490a373"
}
},
"repos": [
Expand Down Expand Up @@ -282,14 +282,14 @@
"centos-10": {
"dependencies": {
"osbuild": {
"commit": "69625505cfdb569d46adf912128d22485ce3595b"
"commit": "3df75de65a5414866fa43133309c1fc67490a373"
}
}
},
"centos-stream-10": {
"dependencies": {
"osbuild": {
"commit": "69625505cfdb569d46adf912128d22485ce3595b"
"commit": "3df75de65a5414866fa43133309c1fc67490a373"
}
},
"repos": [
Expand All @@ -299,34 +299,34 @@
{
"title": "baseos",
"name": "baseos",
"baseurl": "https://rpmrepo.osbuild.org/v2/mirror/public/el10/cs10-x86_64-baseos-20240822"
"baseurl": "https://rpmrepo.osbuild.org/v2/mirror/public/el10/cs10-x86_64-baseos-20240901"
},
{
"title": "appstream",
"name": "appstream",
"baseurl": "https://rpmrepo.osbuild.org/v2/mirror/public/el10/cs10-x86_64-appstream-20240822"
"baseurl": "https://rpmrepo.osbuild.org/v2/mirror/public/el10/cs10-x86_64-appstream-20240901"
},
{
"title": "crb",
"name": "crb",
"baseurl": "https://rpmrepo.osbuild.org/v2/mirror/public/el10/cs10-x86_64-crb-20240822"
"baseurl": "https://rpmrepo.osbuild.org/v2/mirror/public/el10/cs10-x86_64-crb-20240901"
}
],
"aarch64": [
{
"title": "baseos",
"name": "baseos",
"baseurl": "https://rpmrepo.osbuild.org/v2/mirror/public/el10/cs10-aarch64-baseos-20240822"
"baseurl": "https://rpmrepo.osbuild.org/v2/mirror/public/el10/cs10-aarch64-baseos-20240901"
},
{
"title": "appstream",
"name": "appstream",
"baseurl": "https://rpmrepo.osbuild.org/v2/mirror/public/el10/cs10-aarch64-appstream-20240822"
"baseurl": "https://rpmrepo.osbuild.org/v2/mirror/public/el10/cs10-aarch64-appstream-20240901"
},
{
"title": "crb",
"name": "crb",
"baseurl": "https://rpmrepo.osbuild.org/v2/mirror/public/el10/cs10-aarch64-crb-20240822"
"baseurl": "https://rpmrepo.osbuild.org/v2/mirror/public/el10/cs10-aarch64-crb-20240901"
}
]
}
Expand Down
7 changes: 4 additions & 3 deletions cmd/gen-manifests/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import (
"github.com/osbuild/images/pkg/ostree"
"github.com/osbuild/images/pkg/rhsm/facts"
"github.com/osbuild/images/pkg/rpmmd"
"github.com/osbuild/images/pkg/sbom"

"github.com/osbuild/images/pkg/dnfjson"
)
Expand Down Expand Up @@ -326,12 +327,12 @@ func depsolve(cacheDir string, packageSets map[string][]rpmmd.PackageSet, d dist
depsolvedSets := make(map[string][]rpmmd.PackageSpec)
repoConfigs := make(map[string][]rpmmd.RepoConfig)
for name, pkgSet := range packageSets {
res, repos, err := solver.Depsolve(pkgSet)
res, err := solver.Depsolve(pkgSet, sbom.StandardTypeNone)
if err != nil {
return nil, nil, err
}
depsolvedSets[name] = res
repoConfigs[name] = repos
depsolvedSets[name] = res.Packages
repoConfigs[name] = res.Repos
}
return depsolvedSets, repoConfigs, nil
}
Expand Down
9 changes: 5 additions & 4 deletions cmd/osbuild-dnf-json-tests/main_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ import (
"github.com/osbuild/images/pkg/ostree"
"github.com/osbuild/images/pkg/reporegistry"
"github.com/osbuild/images/pkg/rpmmd"
"github.com/osbuild/images/pkg/sbom"
)

// This test loads all the repositories available in /repositories directory
Expand Down Expand Up @@ -67,7 +68,7 @@ func TestCrossArchDepsolve(t *testing.T) {
assert.NoError(t, err)

for _, set := range manifest.GetPackageSetChains() {
_, _, err = solver.Depsolve(set)
_, err = solver.Depsolve(set, sbom.StandardTypeNone)
assert.NoError(t, err)
}
})
Expand Down Expand Up @@ -109,12 +110,12 @@ func TestDepsolvePackageSets(t *testing.T) {
gotPackageSpecsSets := make(map[string][]rpmmd.PackageSpec, len(imagePkgSets))
gotRepoConfigs := make(map[string][]rpmmd.RepoConfig, len(imagePkgSets))
for name, pkgSet := range imagePkgSets {
res, repos, err := solver.Depsolve(pkgSet)
res, err := solver.Depsolve(pkgSet, sbom.StandardTypeNone)
if err != nil {
require.Nil(t, err)
}
gotPackageSpecsSets[name] = res
gotRepoConfigs[name] = repos
gotPackageSpecsSets[name] = res.Packages
gotRepoConfigs[name] = res.Repos
}
expectedPackageSpecsSetNames := []string{"build", "os"}
require.EqualValues(t, len(expectedPackageSpecsSetNames), len(gotPackageSpecsSets))
Expand Down
7 changes: 4 additions & 3 deletions cmd/osbuild-store-dump/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import (
"github.com/osbuild/images/pkg/manifest"
"github.com/osbuild/images/pkg/reporegistry"
"github.com/osbuild/images/pkg/rpmmd"
"github.com/osbuild/images/pkg/sbom"
"github.com/osbuild/osbuild-composer/internal/blueprint"
"github.com/osbuild/osbuild-composer/internal/store"
"github.com/osbuild/osbuild-composer/internal/target"
Expand All @@ -32,12 +33,12 @@ func getManifest(bp blueprint.Blueprint, t distro.ImageType, a distro.Arch, d di
repoConfigs := make(map[string][]rpmmd.RepoConfig)
solver := dnfjson.NewSolver(d.ModulePlatformID(), d.Releasever(), a.Name(), d.Name(), cacheDir)
for name, packages := range manifest.GetPackageSetChains() {
res, repos, err := solver.Depsolve(packages)
res, err := solver.Depsolve(packages, sbom.StandardTypeNone)
if err != nil {
panic(err)
}
pkgSpecSets[name] = res
repoConfigs[name] = repos
pkgSpecSets[name] = res.Packages
repoConfigs[name] = res.Repos
}

mf, err := manifest.Serialize(pkgSpecSets, nil, nil, repoConfigs)
Expand Down
Loading
Loading