[elbe-devel] [PATCH 1/1] elbepack: commands: cyclonedx-sbom.py: minor code fixes

Thomas Weißschuh t-8ch at linutronix.de
Fri May 10 11:00:12 CEST 2024 

Hi,

On Tue, May 07, 2024 at 03:12:29PM GMT, Eduard Krein wrote:
> minor code fixes
> 
> Signed-off-by: Eduard Krein <eduard.krein at linutronix.de>
> ---
>  elbepack/commands/cyclonedx-sbom.py | 48 ++++++++++++++++++-----------
>  1 file changed, 30 insertions(+), 18 deletions(-)
> 
> diff --git a/elbepack/commands/cyclonedx-sbom.py b/elbepack/commands/cyclonedx-sbom.py
> index e8fce54f..765318ae 100644
> --- a/elbepack/commands/cyclonedx-sbom.py
> +++ b/elbepack/commands/cyclonedx-sbom.py
> @@ -2,19 +2,25 @@
>  
>  import datetime
>  import json
> +import optparse
>  import os
> -from json import JSONEncoder
> -from optparse import OptionParser
> +import sys
>  
>  from elbepack.elbexml import ElbeXML
>  from elbepack.uuid7 import uuid7
>  
>  
> +class CycloneDXEncoder(json.JSONEncoder):
> +    def default(self, obj):
> +        if isinstance(obj, (datetime.date, datetime.datetime)):
> +            return obj.isoformat()
> +
> +
>  def run_command(argv):
>  
> -    oparser = OptionParser()
> -    oparser.add_option('-d', type='string', dest='elbe_build')
> -    (options, args) = oparser.parse_args()
> +    oparser = optparse.OptionParser()
> +    oparser.add_option('-d', dest='elbe_build')
> +    options, args = oparser.parse_args()
>  
>      xmlpath = os.path.join(options.elbe_build, 'source.xml')
>      data = ElbeXML(xmlpath)
> @@ -22,16 +28,22 @@ def run_command(argv):
>      elbe_uuid = uuid7(ts)
>      urn_uuid = 'urn:uuid:' + str(elbe_uuid)
>      elbeversion = data.get_elbe_version()
> -    output = {'bomFormat': 'CycloneDX', 'specVersion': '1.4',
> -              'serialNumber': urn_uuid, 'version': 1, 'metadata':

This could just use 'serialNumber': uuid7(ts).urn,

> -              {'timestamp': ts, 'tools': [{'vendor': 'Linutronix',
> -               'name': 'Elbe', 'version': elbeversion}]}}

Looking at the spec, "tools" are the tools
"used in the creation, enrichment, and validation of the BOM."

So we need the version of the currently running elbe instance, not the
one used to create the original image.

Use "elbepack.version.elbe_version".

The version of the image-creating elbe will be used somewhere else,
probably in "dependencies" when that is added.

> -
> -    json_string = json.dumps(output, indent=2, cls=DateTimeEncoder)
> -    print(json_string)
> -
> -
> -class DateTimeEncoder(JSONEncoder):
> -    def default(self, obj):
> -        if isinstance(obj, (datetime.date, datetime.datetime)):
> -            return obj.isoformat()
> +    output = {
> +        'bomFormat': 'CycloneDX',
> +        'specVersion': '1.4',
> +        'serialNumber': urn_uuid,
> +        'version': 1,
> +        'metadata': {
> +          'timestamp': ts,
> +          'tools': [
> +            {
> +              'vendor': 'Linutronix',
> +              'name': 'Elbe',
> +              'version': elbeversion
> +            }
> +          ]
> +        }
> +    }
> +
> +    json.dump(output, sys.stdout, indent=2, cls=CycloneDXEncoder)
> +    sys.stdout.write('\n')
> -- 
> 2.39.2
> 
> _______________________________________________
> elbe-devel mailing list
> elbe-devel at linutronix.de
> https://lists.linutronix.de/mailman/listinfo/elbe-devel

More information about the elbe-devel mailing list