From a07431bb3419a09ef28e298d03b9bbdf68838735 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Hozza?= Date: Tue, 4 Feb 2025 18:14:22 +0100 Subject: [PATCH] osbuild-depsolve-dnf: allow passing custom license index db file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allow passing a custom license index db file for SBOM generation by specifying it in the solver configuration. Signed-off-by: Tomáš Hozza --- osbuild/solver/dnf.py | 10 ++++++---- osbuild/solver/dnf5.py | 10 ++++++---- tools/osbuild-depsolve-dnf | 2 +- 3 files changed, 13 insertions(+), 9 deletions(-) diff --git a/osbuild/solver/dnf.py b/osbuild/solver/dnf.py index 13affb9c..99217d5e 100755 --- a/osbuild/solver/dnf.py +++ b/osbuild/solver/dnf.py @@ -17,7 +17,7 @@ from osbuild.util.sbom.spdx import sbom_pkgset_to_spdx2_doc class DNF(SolverBase): - def __init__(self, request, persistdir, cache_dir): + def __init__(self, request, persistdir, cache_dir, license_index_path=None): arch = request["arch"] releasever = request.get("releasever") module_platform_id = request["module_platform_id"] @@ -93,6 +93,9 @@ class DNF(SolverBase): # enable module resolving self.base_module = dnf.module.module_base.ModuleBase(self.base) + # Custom license index file path use for SBOM generation + self.license_index_path = license_index_path + @staticmethod def _dnfrepo(desc, parent_conf=None): """Makes a dnf.repo.Repo out of a JSON repository description""" @@ -167,15 +170,14 @@ class DNF(SolverBase): def _timestamp_to_rfc3339(timestamp): return datetime.utcfromtimestamp(timestamp).strftime('%Y-%m-%dT%H:%M:%SZ') - @staticmethod - def _sbom_for_pkgset(pkgset: List[dnf.package.Package]) -> Dict: + def _sbom_for_pkgset(self, pkgset: List[dnf.package.Package]) -> Dict: """ Create an SBOM document for the given package set. For now, only SPDX v2 is supported. """ pkgset = dnf_pkgset_to_sbom_pkgset(pkgset) - spdx_doc = sbom_pkgset_to_spdx2_doc(pkgset) + spdx_doc = sbom_pkgset_to_spdx2_doc(pkgset, self.license_index_path) return spdx_doc.to_dict() def dump(self): diff --git a/osbuild/solver/dnf5.py b/osbuild/solver/dnf5.py index 9b7a2271..58e33e71 100755 --- a/osbuild/solver/dnf5.py +++ b/osbuild/solver/dnf5.py @@ -56,7 +56,7 @@ class DNF5(SolverBase): """ # pylint: disable=too-many-arguments - def __init__(self, request, persistdir, cachedir): + def __init__(self, request, persistdir, cachedir, license_index_path=None): arch = request["arch"] releasever = request.get("releasever") module_platform_id = request["module_platform_id"] @@ -167,6 +167,9 @@ class DNF5(SolverBase): except RuntimeError as e: raise RepoError(e) from e + # Custom license index file path use for SBOM generation + self.license_index_path = license_index_path + _BASEARCH_MAP = _invert({ 'aarch64': ('aarch64',), 'alpha': ('alpha', 'alphaev4', 'alphaev45', 'alphaev5', 'alphaev56', @@ -278,15 +281,14 @@ class DNF5(SolverBase): def _timestamp_to_rfc3339(timestamp): return datetime.utcfromtimestamp(timestamp).strftime('%Y-%m-%dT%H:%M:%SZ') - @staticmethod - def _sbom_for_pkgset(pkgset: List[dnf5.rpm.Package]) -> Dict: + def _sbom_for_pkgset(self, pkgset: List[dnf5.rpm.Package]) -> Dict: """ Create an SBOM document for the given package set. For now, only SPDX v2 is supported. """ pkgset = dnf_pkgset_to_sbom_pkgset(pkgset) - spdx_doc = sbom_pkgset_to_spdx2_doc(pkgset) + spdx_doc = sbom_pkgset_to_spdx2_doc(pkgset, self.license_index_path) return spdx_doc.to_dict() def dump(self): diff --git a/tools/osbuild-depsolve-dnf b/tools/osbuild-depsolve-dnf index 144cb6d7..186121aa 100755 --- a/tools/osbuild-depsolve-dnf +++ b/tools/osbuild-depsolve-dnf @@ -59,7 +59,7 @@ def solve(request, cache_dir): with tempfile.TemporaryDirectory() as persistdir: try: - solver = Solver(request, persistdir, cache_dir) + solver = Solver(request, persistdir, cache_dir, config.get("license_index_path")) if command == "dump": result = solver.dump() elif command == "depsolve":