particle-os/debian-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
3489 commits 2 branches 0 tags 60 MiB
Find a file
Tomáš Hozza a3428e282d sbom/spdx: use compliant license expressions 
Introduce a new class `SpdxLicenseExpressionCreator`, responsible for
converting license texts extracted from packages, into an SPDX-compliant
license expressions. If the `license_expression` Python package is
available on the system, it is used to determine the license text
extracted from a package is a valid SPDX license expression. If it is,
it's returned as is back to the caller. If it is not, or of the package
is not available on the system, the license text is wrapped in a
`ExtractedLicensingInfo` instance.

The `SpdxLicenseExpressionCreator` object keeps track of all generated
`ExtractedLicensingInfo` instances and de-duplicates them based on the
license text. This means that if two packages use the same
SPDX-non-compliant license text, they will be wrapped by an
`ExtractedLicensingInfo` instance with the same `LicenseRef-` ID.

The reason for fallback when `license_expression` package is not
available is that it is not available on RHEL and CentOS Stream. This
implementation allows us to ship the functionality in RHEL and
optionally enabling it by installing `license_expression` from a 3rd
party repository. In any case, the generated SBOM document will always
contain valid SPDX license expressions.

Extend unit tests to cover the newly added functionality.

Signed-off-by: Tomáš Hozza <thozza@redhat.com>

FIXUP: sbom/spdx: use compliant license expressions

Signed-off-by: Tomáš Hozza <thozza@redhat.com>
2025-02-27 13:31:19 +01:00
.devcontainer Add support for using librepo to download packages 2025-01-14 08:19:16 +01:00
.github GH/update-images: fix missing quote in the script 2025-02-14 17:48:13 +01:00
assemblers Fix pylint issue E0606: possibly-used-before-assignment 2024-11-25 10:09:18 +01:00
data devices: add custom udev rule inhibitor mechanism 2021-12-09 00:44:21 +00:00
devices devices/loopback: add read-only option 2024-09-18 08:54:34 +02:00
docs doc: document the new json-sequence monitor 2024-03-13 17:27:39 +01:00
inputs Fix pylint issue E0606: possibly-used-before-assignment 2024-11-25 10:09:18 +01:00
mounts mounts: implement new org.osbuild.bind mount 2024-04-11 17:40:21 +02:00
osbuild sbom/spdx: use compliant license expressions 2025-02-27 13:31:19 +01:00
runners Revert "runners: clean up temp files before exiting the runner" 2024-05-20 11:55:24 -07:00
schemas schema: metadata at the top level 2024-10-29 08:24:33 +01:00
schutzbot update-schutzfile-images: don't catch HTTPError 2025-02-03 12:47:35 +01:00
selinux SELinux: apply osbuild_exec_t to /usr/bin/osbuild-image-info 2024-12-18 12:50:32 +01:00
sources Revert "ostree: introduce optional subpath feature" 2025-02-11 17:39:45 +01:00
stages stages: ensure dirs for dracut-conf stage are available 2025-02-24 13:18:33 +01:00
test sbom/spdx: use compliant license expressions 2025-02-27 13:31:19 +01:00
tools tools/test/depsolve: remove checks for errors where unnecessary 2025-02-18 10:50:19 +01:00
.bandit lint: provide bandit configuration 2023-04-23 21:44:46 +02:00
.editorconfig editorconfig: include markdown specifications 2020-10-23 16:29:50 +02:00
.git-blame-ignore-revs git: ignore isort commit 2022-09-12 13:32:51 +02:00
.gitignore test: regenerate X509 test certs 2024-11-22 10:15:50 +01:00
.gitlab-ci.yml GitLab CI/manifest_tests: explicitly specify workdir 2025-01-31 10:18:14 +01:00
.mypy.ini sbom/spdx: use compliant license expressions 2025-02-27 13:31:19 +01:00
.packit.yaml Packit: build RPMs in COPR for c10s and c9s on all arches 2024-06-17 11:43:40 +02:00
.ruff.toml meta: rename -meta.json to .meta.json 2024-03-14 13:37:57 +01:00
CODEOWNERS CODEOWNERS: Assign ownership for CoreOS-related files 2024-12-05 09:28:59 +01:00
LICENSE Revert "Fill in the license template" 2019-11-18 12:23:10 +01:00
Makefile Makefile: run tox parallel without the spinner 2024-08-07 17:27:35 +02:00
osbuild.spec Post release version bump 2025-02-26 08:32:13 +00:00
README.md README: remove mailing list 2025-01-17 14:11:16 +01:00
requirements.txt Makefile: use pytest for nicer output 2020-12-04 18:24:48 +01:00
samples samples: replace with symlink to test data 2021-07-12 18:44:50 +02:00
Schutzfile Schutzfile: Update images dependency ref to latest 2025-02-24 13:19:36 +01:00
setup.cfg Lint/pylint: disable too-many-positional-arguments check 2024-11-25 10:09:18 +01:00
setup.py Post release version bump 2025-02-26 08:32:13 +00:00
tox.ini sbom/spdx: use compliant license expressions 2025-02-27 13:31:19 +01:00

README.md

OSBuild

Build-Pipelines for Operating System Artifacts

OSBuild is a pipeline-based build system for operating system artifacts. It defines a universal pipeline description and a build system to execute them, producing artifacts like operating system images, working towards an image build pipeline that is more comprehensible, reproducible, and extendable.

See the osbuild(1) man-page for details on how to run osbuild, the definition of the pipeline description, and more.

Project

Principles

  1. OSBuild stages are never broken, only deprecated. The same manifest should always produce the same output.
  2. OSBuild stages should be explicit whenever possible instead of e.g. relying on the state of the tree.
  3. Pipelines are independent, so the tree is expected to be empty at the beginning of each.
  4. Manifests are expected to be machine-generated, so OSBuild has no convenience functions to support manually created manifests.
  5. The build environment is confined against accidental misuse, but this should not be considered a security boundary.
  6. OSBuild may only use Python language features supported by the oldest target distribution.

Contributing

Please refer to the developer guide to learn about our workflow, code style and more.

Requirements

The requirements for this project are:

  • bubblewrap >= 0.4.0
  • python >= 3.6

Additionally, the built-in stages require:

  • bash >= 5.0
  • coreutils >= 8.31
  • curl >= 7.68
  • qemu-img >= 4.2.0
  • rpm >= 4.15
  • tar >= 1.32
  • util-linux >= 235
  • skopeo
  • python3-librepo

At build-time, the following software is required:

  • python-docutils >= 0.13
  • pkg-config >= 0.29

Testing requires additional software:

  • pytest

Build

Osbuild is a python script so it is not compiled. To verify changes made to the code use included makefile rules:

  • make lint to run linter on top of the code
  • make test-all to run base set of tests
  • sudo make test-run to run extended set of tests (takes long time)

Also keep in mind that some tests require those prerequisites, otherwise they are skipped

sudo dnf install -y systemd-boot-unsigned erofs-utils pykickstart podman xfsprogs

Installation

Installing osbuild requires to not only install the osbuild module, but also additional artifacts such as tools (i.e: osbuild-mpp) sources, stages, schemas and SELinux policies.

For this reason, doing an installation from source is not trivial and the easier way to install it is to create the set of RPMs that contain all these components.

This can be done with the rpm make target, i.e:

make rpm

A set of RPMs will be created in the ./rpmbuild/RPMS/noarch/ directory and can be installed in the system using the distribution package manager, i.e:

sudo dnf install ./rpmbuild/RPMS/noarch/*.rpm

Repository

License

  • Apache-2.0
  • See LICENSE file for details.