commit 09137b916825cef36cd9bda52dd7e588fe05aa41
parent 905d51574845d25fd543b510c81c5a7bd4c80d2d
Author: Evgeny Grin (Karlson2k) <k2k@drgrin.dev>
Date: Sun, 17 May 2026 10:47:40 +0200
Re-written SBOM generation from scratch
Generation moved from configure-time to build-time, fixed portability,
removed external dependencies, added support for CycloneDX SBOM, fixed
unmatched declared SBOM version and the file content.
Diffstat:
| M | .gitignore | | | 3 | ++- |
| M | Makefile.am | | | 37 | ++++++++++++++++++++++++++++++++----- |
| M | configure.ac | | | 119 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---------------- |
| A | create-sbom.sh | | | 603 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
| D | m4/make-sbom.m4 | | | 119 | ------------------------------------------------------------------------------- |
5 files changed, 733 insertions(+), 148 deletions(-)
diff --git a/.gitignore b/.gitignore
@@ -61,4 +61,5 @@ stamp-h[0-9]
/.clangd
/.cache/
compile_commands.json
-libmicrohttpd-spdx.json
+/*.cdx.json
+/*.spdx.json
diff --git a/Makefile.am b/Makefile.am
@@ -6,9 +6,6 @@ if BUILD_DOC
SUBDIRS += doc
endif
-sbomdir = $(datadir)/libmicrohttpd
-sbom_DATA = libmicrohttpd-spdx.json
-
W32COMMON = \
w32/common/vs_dirs.props \
w32/common/project-configs.props \
@@ -61,8 +58,7 @@ W32VSAV = \
W32VS_ALL = $(W32COMMON) $(W32VS2017) $(W32VS2019) $(W32VS2022) $(W32VSAV)
EXTRA_DIST = \
- $(W32VS_ALL) \
- libmicrohttpd-spdx.json.in
+ $(W32VS_ALL)
EXTRA_DIST += pre-dist-hook-dummy
MOSTLYCLEANFILES = pre-dist-hook-dummy
@@ -457,3 +453,34 @@ check-sources-missing update-vs-files:
check-missing-sources: check-sources-missing
.PHONY: check-sources-missing check-missing-sources update-vs-files
+
+
+SBOM_SPDX_FILENAME = $(PACKAGE_TARNAME).spdx.json
+SBOM_CDX_FILENAME = $(PACKAGE_TARNAME).cdx.json
+
+MOSTLYCLEANFILES += $(SBOM_SPDX_FILENAME) $(SBOM_CDX_FILENAME)
+
+doc_DATA =
+
+
+if ENABLE_SBOM_SPDX
+ doc_DATA += $(SBOM_SPDX_FILENAME)
+endif
+
+if ENABLE_SBOM_CDX
+ doc_DATA += $(SBOM_CDX_FILENAME)
+endif
+
+$(SBOM_SPDX_FILENAME) $(SBOM_CDX_FILENAME): Makefile $(srcdir)/create-sbom.sh
+ $(AM_V_at)$(SHELL) '$(srcdir)/create-sbom.sh' \
+ 'pkgname=$(PACKAGE_TARNAME)' \
+ 'mhd_sbom_spdx_filename=$(SBOM_SPDX_FILENAME)' \
+ 'mhd_sbom_cdx_filename=$(SBOM_CDX_FILENAME)' \
+ 'mhd_sbom_mhd_licence=@MHD_LICENSE_SPDX@' \
+ 'mhd_sbom_gnutls_ver=@GNUTLS_LIB_VERSION@' \
+ 'mhd_sbom_openssl_ver=@OPENSSL_LIB_VERSION@' \
+ 'mhd_sbom_mbedtls_ver=@MBEDTLS_LIB_VERSION@' \
+ 'AM_V_P=$(AM_V_P)' \
+ '$@'
+
+EXTRA_DIST += $(srcdir)/create-sbom.sh
diff --git a/configure.ac b/configure.ac
@@ -6163,6 +6163,9 @@ AM_CONDITIONAL([MHD_SUPPORT_HTTP2], [test "x$enable_http2" = "xyes"])
# optional: HTTPS support. Enabled if GnuTLS is available.
PKG_PROG_PKG_CONFIG
+AS_UNSET([GNUTLS_MOD_VERSION])
+AS_UNSET([OPENSSL_MOD_VERSION])
+AS_UNSET([MBEDTLS_MOD_VERSION])
AC_ARG_ENABLE([https],
[AS_HELP_STRING([--enable-https],
[enable HTTPS support (yes, no, auto)[auto]])],
@@ -6329,17 +6332,25 @@ fail test here %%%@<:@-1@:>@
)
AS_VAR_IF([have_gnutls],["yes"],
- [:],
+ [
+ AS_VAR_IF([have_gnutls_pkgcfg],["yes"],
+ [
+ MHD_PKG_CONF_MODULE_VERSION([GNUTLS],[],[],[GNUTLS_MOD_VERSION='0'])
+ ],[GNUTLS_MOD_VERSION='0']
+ )
+ ],
[
have_gnutls="no"
have_gnutls_pkgcfg="no"
+ GNUTLS_MOD_VERSION="no"
AS_UNSET([GNUTLS_CPPFLAGS])
AS_UNSET([GNUTLS_CFLAGS])
AS_UNSET([GNUTLS_LDFLAGS])
AS_UNSET([GNUTLS_LIBS])
]
)
-
+ AC_SUBST([GNUTLS_LIB_VERSION],[${GNUTLS_MOD_VERSION}])
+ AM_SUBST_NOTMAKE([GNUTLS_LIB_VERSION])
AC_MSG_CHECKING([[how to find OpenSSL library]])
AC_ARG_WITH([[openssl]],
@@ -6497,18 +6508,28 @@ fail test here %%%@<:@-1@:>@
)
AS_VAR_IF([have_openssl],["yes"],
- [:],
+ [
+ AS_VAR_IF([have_openssl_pkgcfg],["yes"],
+ [
+ MHD_PKG_CONF_MODULE_VERSION([OPENSSL],[openssl >= 3.0],[],[OPENSSL_MOD_VERSION='0'])
+ ],[OPENSSL_MOD_VERSION='0']
+ )
+ ],
[
have_openssl="no"
have_openssl_pkgcfg="no"
+ OPENSSL_MOD_VERSION="no"
AS_UNSET([OPENSSL_CPPFLAGS])
AS_UNSET([OPENSSL_CFLAGS])
AS_UNSET([OPENSSL_LDFLAGS])
AS_UNSET([OPENSSL_LIBS])
]
)
+ AC_SUBST([OPENSSL_LIB_VERSION],[${OPENSSL_MOD_VERSION}])
+ AM_SUBST_NOTMAKE([OPENSSL_LIB_VERSION])
AC_MSG_CHECKING([[how to find MbedTLS library]])
+ mhd_mbedtls_pkgspec=''
AC_ARG_WITH([[mbedtls]],
[AS_HELP_STRING([[--with-mbedtls[=PRFX]]],
[use MbedTLS for HTTPS support, optional PRFX overrides pkg-config data for MbedTLS headers (PRFX/include) and libs (PRFX/lib)])],
@@ -6596,6 +6617,7 @@ fail test here %%%@<:@-1@:>@
mbedtls_modules="${mbedtls_modules} and mbedtls-4"
have_mbedtls_pkgcfg="yes"
have_mbedtls="yes"
+ mhd_mbedtls_pkgspec="mbedtls-4 >= ${mbedtsl_min_ver}"
],[]
)
],[]
@@ -6621,6 +6643,7 @@ fail test here %%%@<:@-1@:>@
mbedtls_modules="${mbedtls_modules} and mbedtls-3"
have_mbedtls_pkgcfg="yes"
have_mbedtls="yes"
+ mhd_mbedtls_pkgspec="mbedtls-3 >= ${mbedtsl_min_ver}"
],[]
)
],[]
@@ -6648,6 +6671,7 @@ fail test here %%%@<:@-1@:>@
mbedtls_modules="${mbedtls_modules} and mbedtls"
have_mbedtls_pkgcfg="yes"
have_mbedtls="yes"
+ mhd_mbedtls_pkgspec="mbedtls >= ${mbedtsl_min_ver}"
],[]
)
],[]
@@ -6835,7 +6859,14 @@ fail test here %%%@<:@-1@:>@
]
)
- AS_VAR_IF([have_mbedtls],["yes"],[:],
+ AS_VAR_IF([have_mbedtls],["yes"],
+ [
+ AS_IF([test -n "${mhd_mbedtls_pkgspec}"],
+ [
+ MHD_PKG_CONF_MODULE_VERSION([MBEDTLS],[${mhd_mbedtls_pkgspec}],[],[MBEDTLS_MOD_VERSION='0'])
+ ],[MBEDTLS_MOD_VERSION='0']
+ )
+ ],
[
have_mbedtls="no"
AS_CASE(["x$with_mbedtls"],
@@ -6844,6 +6875,7 @@ fail test here %%%@<:@-1@:>@
["no"],[:]
[AC_MSG_ERROR([cannot find usable MbedTLS library at specified prefix $with_mbedtls])]
)
+ MBEDTLS_MOD_VERSION="no"
AS_UNSET([MBEDTLS_FULL_CPPFLAGS])
AS_UNSET([MBEDTLS_FULL_CFLAGS])
AS_UNSET([MBEDTLS_FULL_LDFLAGS])
@@ -6862,6 +6894,9 @@ fail test here %%%@<:@-1@:>@
AS_UNSET([MBEDTLS_TLS_LIBS])
]
)
+ AS_UNSET([mhd_mbedtls_pkgspec])
+ AC_SUBST([MBEDTLS_LIB_VERSION],[${MBEDTLS_MOD_VERSION}])
+ AM_SUBST_NOTMAKE([MBEDTLS_LIB_VERSION])
AS_IF([test "x$have_gnutls" = "xyes" || test "x$have_openssl" = "xyes" || test "x$have_mbedtls" = "xyes"],
[
@@ -9599,6 +9634,63 @@ AC_CONFIG_COMMANDS([po-directories],
AC_SUBST([ZZUF])
AC_SUBST([SOCAT])
+# SBOMs
+AC_MSG_CHECKING([fo][r the effective library licence])
+AS_UNSET([licence_SPDX])
+AS_UNSET([licence_descr])
+licence_num="0"
+AS_VAR_IF([have_gnutls],["yes"],
+ [AS_IF([test "2" -gt "$licence_num"],[licence_num="2"])]
+)
+AS_VAR_IF([have_openssl],["yes"],
+ [AS_IF([test "3" -gt "$licence_num"],[licence_num="3"])]
+)
+AS_VAR_IF([have_mbedtls],["yes"],
+ [AS_IF([test "3" -gt "$licence_num"],[licence_num="3"])]
+)
+AS_CASE([$licence_num],
+ [0],
+ [
+ licence_SPDX="LGPL-2.1-or-later OR (GPL-2.0-or-later WITH eCos-exception-2.0)"
+ licence_descr="LGPLv2.1+ or GPLv2+ with eCos exception"
+ ],
+ [2],
+ [
+ licence_SPDX="LGPL-2.1-or-later"
+ licence_descr="LGPL version 2.1 or any later version"
+ ],
+ [3],
+ [
+ licence_SPDX="LGPL-3.0-or-later"
+ licence_descr="LGPL version 3.0 or any later version"
+ ],
+ [AC_MSG_ERROR([internal error: unexpected licence selector value: ${licence_num}])]
+)
+AC_MSG_RESULT([${licence_descr}])
+AC_SUBST([MHD_LICENSE_SPDX],[${licence_SPDX}])
+AM_SUBST_NOTMAKE([MHD_LICENSE_SPDX])
+
+AC_ARG_ENABLE([sboms],
+[AS_HELP_STRING([[--enable-sboms[=TYPEs]]],[enable SBOMs generation (all,spdx,cdx) [all]])],
+[
+ AS_CASE([${enable_sboms}],
+ [yes|no|all|cdx|spdx|cdx,spdx|spdx,cdx],[],
+ [AC_MSG_ERROR([Unknown parameter value: --enable-sboms=${enable_sboms}])]
+ )
+],[enable_sboms="yes"]
+)
+
+use_sbom_spdx="no"
+AS_CASE([${enable_sboms}],
+ [yes|all|spdx|*,spdx|spdx,*|*,spdx,*],[use_sbom_spdx="yes"]
+)
+use_sbom_cdx="no"
+AS_CASE([${enable_sboms}],
+ [yes|all|cdx|*,cdx|cdx,*|*,cdx,*],[use_sbom_cdx="yes"]
+)
+AM_CONDITIONAL([ENABLE_SBOM_SPDX],[test "X${use_sbom_spdx}" = "Xyes"])
+AM_CONDITIONAL([ENABLE_SBOM_CDX],[test "X${use_sbom_cdx}" = "Xyes"])
+
# should experimental code be compiled (code that may not yet compile)?
AC_MSG_CHECKING(whether to compile experimental code)
AC_ARG_ENABLE([experimental],
@@ -9670,8 +9762,6 @@ AC_MSG_NOTICE([Toolchain settings:
LIBS= "$fin_lib_LIBS"
])
-MHD_GENERATE_SBOM3([$fin_lib_LIBS])
-
AS_UNSET([fin_CPPFLAGS])
AS_UNSET([fin_CFLAGS])
AS_UNSET([fin_LDFLAGS])
@@ -9739,23 +9829,6 @@ AC_MSG_NOTICE([[${PACKAGE_NAME} ${PACKAGE_VERSION} Configuration Summary:
Fuzzing tests : ${run_zzuf_tests_MSG=no}
]])
-licence_num="0"
-AS_VAR_IF([have_gnutls],["yes"],
- [AS_IF([test "2" -gt "$licence_num"],[licence_num="2"])]
-)
-AS_VAR_IF([have_openssl],["yes"],
- [AS_IF([test "3" -gt "$licence_num"],[licence_num="3"])]
-)
-AS_VAR_IF([have_mbedtls],["yes"],
- [AS_IF([test "3" -gt "$licence_num"],[licence_num="3"])]
-)
-AS_CASE([$licence_num],
- [0],[licence_descr="LGPLv2.1+ or eCos"],
- [2],[licence_descr="LGPL version 2.1 or any later version"],
- [3],[licence_descr="LGPL version 3.0 or any later version"],
- [AC_MSG_ERROR(internal error: unexpected licence version)]
-)
-
AC_MSG_NOTICE([[
[ Licence due to TLS backends used ]
Library licence : ${licence_descr}
diff --git a/create-sbom.sh b/create-sbom.sh
@@ -0,0 +1,603 @@
+#! /bin/sh
+#
+# This file is part of GNU libmicrohttpd.
+# (C) 2026 Evgeny Grin (Karlson2k)
+#
+# GNU libmicrohttpd is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# GNU libmicrohttpd is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# Alternatively, you can redistribute GNU libmicrohttpd and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version, together
+# with the eCos exception, as follows:
+#
+# As a special exception, if other files instantiate templates or
+# use macros or inline functions from this file, or you compile this
+# file and link it with other works to produce a work based on this
+# file, this file does not by itself cause the resulting work to be
+# covered by the GNU General Public License. However the source code
+# for this file must still be made available in accordance with
+# section (3) of the GNU General Public License v2.
+#
+# This exception does not invalidate any other reasons why a work
+# based on this file might be covered by the GNU General Public
+# License.
+#
+# You should have received copies of the GNU Lesser General Public
+# License and the GNU General Public License along with this library;
+# if not, see <https://www.gnu.org/licenses/>.
+#
+
+pkgname='libmicrohttpd2'
+mhd_sbom_tool_ver="0.9"
+mhd_sbom_pkg_homepage='https://www.gnu.org/software/libmicrohttpd/'
+case ${0} in
+ -*/*|-*'\'*) mhd_sbom_tool=`expr "X${0}" : 'X.*[/\\]\([^/\\][^/\\]*\)$'`;;
+ -*) mhd_sbom_tool="${0}" ;;
+ *) mhd_sbom_tool=`basename "${0}"` ;;
+esac
+test -n "${mhd_sbom_tool}" || mhd_sbom_tool='create-sbom.sh'
+
+test -n "${mhd_sbom_spdx_filename}" || mhd_sbom_spdx_filename="${pkgname}.spdx.json"
+test -n "${mhd_sbom_cdx_filename}" || mhd_sbom_cdx_filename="${pkgname}.cdx.json"
+
+print_help_fn() {
+ cat << _EOF_
+Usage:
+ ${0} [var=value ...] {${mhd_sbom_spdx_filename} [${mhd_sbom_cdx_filename}] | ${mhd_sbom_cdx_filename}}
+_EOF_
+}
+
+mhd_var_nl="
+"
+mhd_var_cr=`printf '\r'`
+mhd_var_tab=" "
+# Check whether mhd_var_cr is really set to avoid matching everything
+test -n "${mhd_var_cr}" || mhd_var_cr="${mhd_var_nl}"
+
+for param in "$@"
+do
+ case $param in
+ *"'"*|*'"'*|*"${mhd_var_nl}"*|*"${mhd_var_cr}"*|*'\'*) echo "Bad parameter: '$param'" >&2; exit 2 ;;
+ esac
+ if expr "X${param}" : 'X[A-Za-z][A-Za-z0-9_]*=.*' >/dev/null ; then
+ tmp_var_name=`expr "X${param}" : 'X\([A-Za-z][A-Za-z0-9_]*\)='`
+ test -n "${tmp_var_name}" || exit 3
+ if expr "X${param}" : 'X[A-Za-z][A-Za-z0-9_]*=$' >/dev/null ; then
+ tmp_var_val=""
+ else
+ # Do not check "expr" return code otherwise resulting "0" interpreted as failure
+ tmp_var_val=`expr "X${param}" : 'X[A-Za-z][A-Za-z0-9_]*=\(.*\)'`
+ test -n "${tmp_var_val}" || exit 3
+ fi
+ eval "${tmp_var_name}=\"\${tmp_var_val}\"" || exit 1
+ else
+ case $param in
+ "${mhd_sbom_spdx_filename}") mhd_sbom_spdx_outfile="$param" ;;
+ "${mhd_sbom_cdx_filename}") mhd_sbom_cdx_outfile="$param" ;;
+ --help|-h) print_help_fn; exit 0 ;;
+ *) echo "Unknown parameter: '$param'" >&2; exit 2 ;;
+ esac
+ fi
+done
+
+if test -z "${mhd_sbom_spdx_outfile}${mhd_sbom_cdx_outfile}" ; then
+ echo "No output file is specified." >&2
+ exit 2
+fi
+
+# Start from scratch
+rm -f "${mhd_sbom_spdx_outfile}" "${mhd_sbom_cdx_outfile}" || exit 1
+
+test -n "${AM_V_P}" || AM_V_P=":"
+if ${AM_V_P} >/dev/null 2>/dev/null; then
+ AM_V_P=":"
+else
+ AM_V_P="false"
+fi
+
+mhd_sbom_mhd_licence_num='0'
+
+if test "Xno" = "X${mhd_sbom_gnutls_ver}" || test -z "${mhd_sbom_gnutls_ver}"; then
+ mhd_sbom_gnutls_ver=""
+elif test "X0" = "X${mhd_sbom_gnutls_ver}" || \
+ expr "X${mhd_sbom_gnutls_ver}" : "X[1-9][0-9]*\." >/dev/null || \
+ expr "X${mhd_sbom_gnutls_ver}" : "X[0-9]\." >/dev/null ; then
+ test "2" -le "${mhd_sbom_mhd_licence_num}" || mhd_sbom_mhd_licence_num="2"
+else
+ echo "Bad GnuTLS version: '${mhd_sbom_gnutls_ver}'" >&2
+ exit 2
+fi
+
+if test "Xno" = "X${mhd_sbom_openssl_ver}" || test -z "${mhd_sbom_openssl_ver}"; then
+ mhd_sbom_openssl_ver=""
+elif test "X0" = "X${mhd_sbom_openssl_ver}" || \
+ expr "X${mhd_sbom_openssl_ver}" : "X[1-9][0-9]*\." >/dev/null || \
+ expr "X${mhd_sbom_openssl_ver}" : "X[0-9]\." >/dev/null ; then
+ test "3" -le "${mhd_sbom_mhd_licence_num}" || mhd_sbom_mhd_licence_num="3"
+else
+ echo "Bad OpenSSL version: '${mhd_sbom_openssl_ver}'" >&2
+ exit 2
+fi
+
+if test "Xno" = "X${mhd_sbom_mbedtls_ver}" || test -z "${mhd_sbom_mbedtls_ver}"; then
+ mhd_sbom_mbedtls_ver=""
+elif test "X0" = "X${mhd_sbom_mbedtls_ver}" || \
+ expr "X${mhd_sbom_mbedtls_ver}" : "X[1-9][0-9]*\." >/dev/null || \
+ expr "X${mhd_sbom_mbedtls_ver}" : "X[0-9]\." >/dev/null ; then
+ test "3" -le "${mhd_sbom_mhd_licence_num}" || mhd_sbom_mhd_licence_num="3"
+else
+ echo "Bad Mbed TLS version: '${mhd_sbom_mbedtls_ver}'" >&2
+ exit 2
+fi
+
+if test -z "${mhd_sbom_mhd_licence}"; then
+ case ${mhd_sbom_mhd_licence_num} in
+ 0) mhd_sbom_mhd_licence='LGPL-2.1-or-later OR (GPL-2.0-or-later WITH eCos-exception-2.0)' ;;
+ 2) mhd_sbom_mhd_licence='LGPL-2.1-or-later' ;;
+ 3) mhd_sbom_mhd_licence='LGPL-3.0-or-later' ;;
+ *) echo "Internal error" >&2; exit 3 ;;
+ esac
+fi
+
+test -n "${mhd_sbom_publisher}" || mhd_sbom_publisher='Evgeny Grin (Karlson2k), Christian Grothoff'
+
+err_out_cleanup() {
+ rm -f "${mhd_sbom_spdx_outfile}" "${mhd_sbom_cdx_outfile}"
+ exit 1
+}
+
+is_uuid_valid_fn() {
+ case ${1} in
+ [0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]-[0-9a-f][0-9a-f][0-9a-f][0-9a-f]-[0-9a-f][0-9a-f][0-9a-f][0-9a-f]-[0-9a-f][0-9a-f][0-9a-f][0-9a-f]-[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]) return 0 ;;
+ esac
+ return 1
+}
+
+is_timestamp_valid_fn() {
+ case ${1} in
+ [0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z) return 0 ;;
+ esac
+ return 1
+}
+
+is_timestamp_valid_fn "${mhd_sbom_timestamp}" || \
+ { mhd_sbom_timestamp=`date -u '+%Y-%m-%dT%H:%M:%SZ'` || mhd_sbom_timestamp="" ; } 2>/dev/null
+
+is_timestamp_valid_fn "${mhd_sbom_timestamp}" || mhd_sbom_timestamp=''
+
+
+is_uuid_valid_fn "${mhd_sbom_uuid}" || \
+ { mhd_sbom_uuid=`uuidgen` || mhd_sbom_uuid='' ; } 2>/dev/null
+
+if is_uuid_valid_fn "${mhd_sbom_uuid}" ; then : ; else
+ test -r '/proc/sys/kernel/random/uuid' && read mhd_sbom_uuid < '/proc/sys/kernel/random/uuid' 2>/dev/null
+fi
+
+is_uuid_valid_fn "${mhd_sbom_uuid}" || mhd_sbom_uuid=''
+
+
+if test -n "${mhd_sbom_spdx_outfile}"; then
+
+ if ${AM_V_P}; then
+ echo "Generating '${mhd_sbom_spdx_outfile}'..."
+ else
+ echo " GEN${mhd_var_tab}${mhd_sbom_spdx_outfile}"
+ fi
+
+ test -n "${mhd_sbom_spdx_name}" || mhd_sbom_spdx_name="${pkgname}${mhd_sbom_mhd_version_short:+-}${mhd_sbom_mhd_version_short}"
+
+ test -n "${mhd_sbom_spdx_docnamespace_base}" || mhd_sbom_spdx_docnamespace_base="https://www.gnu.org/software/libmicrohttpd/spdx/${mhd_sbom_spdx_name}"
+ test -n "${mhd_sbom_spdx_docnamespace_suff}" || mhd_sbom_spdx_docnamespace_suff="${mhd_sbom_uuid}"
+ test -n "${mhd_sbom_spdx_docnamespace_suff}" || mhd_sbom_spdx_docnamespace_suff="${mhd_sbom_timestamp}"
+ test -n "${mhd_sbom_spdx_docnamespace_suff}" || mhd_sbom_spdx_docnamespace_suff="${mhd_sbom_mhd_version_full}"
+ test -n "${mhd_sbom_spdx_docnamespace_full}" \
+ || mhd_sbom_spdx_docnamespace_full="${mhd_sbom_spdx_docnamespace_base}${mhd_sbom_spdx_docnamespace_suff:+-}${mhd_sbom_spdx_docnamespace_suff}"
+
+ if test -z "${mhd_sbom_spdx_purl}" ; then
+ mhd_sbom_spdx_purl="pkg:generic/${pkgname}"
+ test -z "${mhd_sbom_mhd_version_full}" || mhd_sbom_spdx_purl="${mhd_sbom_spdx_purl}@${mhd_sbom_mhd_version_full}"
+ test -z "${mhd_sbom_mhd_version_extra}" || mhd_sbom_spdx_purl="${mhd_sbom_spdx_purl}?${mhd_sbom_mhd_version_extra}"
+ elif test "Xno" = "X${mhd_sbom_spdx_purl}" ; then
+ mhd_sbom_spdx_purl=""
+ fi
+
+ # Basic checks only, not a real validation
+ case "${pkgname}${mhd_sbom_mhd_version_full}${mhd_sbom_mhd_licence}${mhd_sbom_spdx_name}${mhd_sbom_spdx_docnamespace_full}${mhd_sbom_spdx_purl}${mhd_sbom_pkg_homepage}${mhd_sbom_pkg_dwnl_url}${mhd_sbom_gnutls_ver}${mhd_sbom_openssl_ver}${mhd_sbom_mbedtls_ver}${mhd_sbom_tool}${mhd_sbom_tool_ver}" in
+ *"'"*|*'"'*|*"${mhd_var_nl}"*|*"${mhd_var_cr}"*|*'\'*|*"${mhd_var_tab}"*) echo "Bad JSON data" >&2; exit 2 ;;
+ esac
+
+ # Cleanup partial output on early exit
+ trap err_out_cleanup 0 1 2 13 15
+
+ mhd_sbom_next_element_comma=''
+ test -z "${mhd_sbom_gnutls_ver}${mhd_sbom_openssl_ver}${mhd_sbom_mbedtls_ver}" || \
+ mhd_sbom_next_element_comma=','
+
+ cat >"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1
+{
+ "SPDXID": "SPDXRef-DOCUMENT",
+ "spdxVersion": "SPDX-2.3",
+ "name": "${mhd_sbom_spdx_name}",
+ "creationInfo": {
+_JSON_EOF_
+ test -z "${mhd_sbom_timestamp}" || cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1
+ "created": "${mhd_sbom_timestamp}",
+_JSON_EOF_
+ cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1
+ "creators": [
+ "Tool: ${pkgname}-${mhd_sbom_tool}-${mhd_sbom_tool_ver}"
+ ]
+ },
+ "dataLicense": "CC0-1.0",
+ "documentNamespace": "${mhd_sbom_spdx_docnamespace_full}",
+ "packages": [
+ {
+ "SPDXID": "SPDXRef-Package-libmicrohttpd2",
+ "name": "${pkgname}",
+_JSON_EOF_
+ test -z "${mhd_sbom_mhd_version_full}" || cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1
+ "versionInfo": "${mhd_sbom_mhd_version_full}",
+_JSON_EOF_
+ cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1
+ "homepage": "${mhd_sbom_pkg_homepage}",
+ "downloadLocation": "${mhd_sbom_pkg_dwnl_url:-NOASSERTION}",
+ "filesAnalyzed": false,
+ "licenseDeclared": "LGPL-2.1-or-later OR (GPL-2.0-or-later WITH eCos-exception-2.0)",
+ "licenseConcluded": "${mhd_sbom_mhd_licence}",
+ "copyrightText": "NOASSERTION",
+_JSON_EOF_
+ test -z "${mhd_sbom_spdx_purl}" || cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1
+ "externalRefs": [
+ {
+ "referenceCategory": "PACKAGE-MANAGER",
+ "referenceType": "purl",
+ "referenceLocator": "${mhd_sbom_spdx_purl}"
+ }
+ ],
+_JSON_EOF_
+ cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1
+ "description": "Small C library for embedding an HTTP server in applications"
+ }${mhd_sbom_next_element_comma}
+_JSON_EOF_
+ if test -n "${mhd_sbom_gnutls_ver}"; then
+ mhd_sbom_next_element_comma=''
+ test -z "${mhd_sbom_openssl_ver}${mhd_sbom_mbedtls_ver}" || \
+ mhd_sbom_next_element_comma=','
+ cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1
+ {
+ "SPDXID": "SPDXRef-Package-GnuTLS",
+ "name": "GnuTLS",
+_JSON_EOF_
+ test "X${mhd_sbom_gnutls_ver}" = "X0" || cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1
+ "versionInfo": "${mhd_sbom_gnutls_ver}",
+_JSON_EOF_
+ cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1
+ "downloadLocation": "NOASSERTION",
+ "filesAnalyzed": false,
+ "licenseConcluded": "NOASSERTION",
+ "licenseDeclared": "NOASSERTION",
+ "copyrightText": "NOASSERTION"
+ }${mhd_sbom_next_element_comma}
+_JSON_EOF_
+ fi
+ if test -n "${mhd_sbom_openssl_ver}"; then
+ mhd_sbom_next_element_comma=''
+ test -z "${mhd_sbom_mbedtls_ver}" || \
+ mhd_sbom_next_element_comma=','
+ cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1
+ {
+ "SPDXID": "SPDXRef-Package-OpenSSL",
+ "name": "OpenSSL",
+_JSON_EOF_
+ test "X${mhd_sbom_openssl_ver}" = "X0" || cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1
+ "versionInfo": "${mhd_sbom_openssl_ver}",
+_JSON_EOF_
+ cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1
+ "downloadLocation": "NOASSERTION",
+ "filesAnalyzed": false,
+ "licenseConcluded": "NOASSERTION",
+ "licenseDeclared": "NOASSERTION",
+ "copyrightText": "NOASSERTION"
+ }${mhd_sbom_next_element_comma}
+_JSON_EOF_
+ fi
+ if test -n "${mhd_sbom_mbedtls_ver}"; then
+ mhd_sbom_next_element_comma=''
+ cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1
+ {
+ "SPDXID": "SPDXRef-Package-MbedTLS",
+ "name": "MbedTLS",
+_JSON_EOF_
+ test "X${mhd_sbom_mbedtls_ver}" = "X0" || cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1
+ "versionInfo": "${mhd_sbom_mbedtls_ver}",
+_JSON_EOF_
+ cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1
+ "downloadLocation": "NOASSERTION",
+ "filesAnalyzed": false,
+ "licenseConcluded": "NOASSERTION",
+ "licenseDeclared": "NOASSERTION",
+ "copyrightText": "NOASSERTION"
+ }${mhd_sbom_next_element_comma}
+_JSON_EOF_
+ fi
+ mhd_sbom_next_element_comma=''
+ test -z "${mhd_sbom_gnutls_ver}${mhd_sbom_openssl_ver}${mhd_sbom_mbedtls_ver}" || \
+ mhd_sbom_next_element_comma=','
+ cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1
+ ],
+ "relationships": [
+ {
+ "spdxElementId": "SPDXRef-DOCUMENT",
+ "relationshipType": "DESCRIBES",
+ "relatedSpdxElement": "SPDXRef-Package-libmicrohttpd2"
+ }${mhd_sbom_next_element_comma}
+_JSON_EOF_
+ if test -n "${mhd_sbom_gnutls_ver}"; then
+ mhd_sbom_next_element_comma=''
+ test -z "${mhd_sbom_openssl_ver}${mhd_sbom_mbedtls_ver}" || \
+ mhd_sbom_next_element_comma=','
+ cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1
+ {
+ "spdxElementId": "SPDXRef-Package-libmicrohttpd2",
+ "relationshipType": "DEPENDS_ON",
+ "relatedSpdxElement": "SPDXRef-Package-GnuTLS"
+ }${mhd_sbom_next_element_comma}
+_JSON_EOF_
+ fi
+ if test -n "${mhd_sbom_openssl_ver}"; then
+ mhd_sbom_next_element_comma=''
+ test -z "${mhd_sbom_mbedtls_ver}" || \
+ mhd_sbom_next_element_comma=','
+ cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1
+ {
+ "spdxElementId": "SPDXRef-Package-libmicrohttpd2",
+ "relationshipType": "DEPENDS_ON",
+ "relatedSpdxElement": "SPDXRef-Package-OpenSSL"
+ }${mhd_sbom_next_element_comma}
+_JSON_EOF_
+ fi
+ if test -n "${mhd_sbom_mbedtls_ver}"; then
+ mhd_sbom_next_element_comma=''
+ cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1
+ {
+ "spdxElementId": "SPDXRef-Package-libmicrohttpd2",
+ "relationshipType": "DEPENDS_ON",
+ "relatedSpdxElement": "SPDXRef-Package-MbedTLS"
+ }${mhd_sbom_next_element_comma}
+_JSON_EOF_
+ fi
+ cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1
+ ]
+}
+_JSON_EOF_
+fi
+
+if test -n "${mhd_sbom_cdx_outfile}"; then
+
+ if ${AM_V_P}; then
+ echo "Generating '${mhd_sbom_cdx_outfile}'..."
+ else
+ echo " GEN${mhd_var_tab}${mhd_sbom_cdx_outfile}"
+ fi
+
+ if test -z "${mhd_sbom_cdx_purl}" ; then
+ mhd_sbom_cdx_purl="pkg:generic/${pkgname}"
+ test -z "${mhd_sbom_mhd_version_full}" || mhd_sbom_cdx_purl="${mhd_sbom_cdx_purl}@${mhd_sbom_mhd_version_full}"
+ test -z "${mhd_sbom_mhd_version_extra}" || mhd_sbom_cdx_purl="${mhd_sbom_cdx_purl}?${mhd_sbom_mhd_version_extra}"
+ elif test "Xno" = "X${mhd_sbom_cdx_purl}" ; then
+ mhd_sbom_cdx_purl=""
+ fi
+
+ if test -z "${mhd_sbom_cdx_bom_ref}" ; then
+ if test -n "${mhd_sbom_cdx_purl}" ; then
+ mhd_sbom_cdx_bom_ref="${mhd_sbom_cdx_purl}"
+ else
+ mhd_sbom_cdx_bom_ref="${pkgname}"
+ fi
+ fi
+
+ # Basic checks only, not a real validation
+ case "${pkgname}${mhd_sbom_pkg_homepage}${mhd_sbom_mhd_version_short}${mhd_sbom_mhd_licence}${mhd_sbom_cdx_purl}${mhd_sbom_cdx_bom_ref}${mhd_sbom_publisher}${mhd_sbom_gnutls_ver}${mhd_sbom_openssl_ver}${mhd_sbom_mbedtls_ver}${mhd_sbom_tool}${mhd_sbom_tool_ver}" in
+ *"'"*|*'"'*|*"${mhd_var_nl}"*|*"${mhd_var_cr}"*|*'\'*|*"${mhd_var_tab}"*) echo "Bad JSON data" >&2; exit 2 ;;
+ esac
+
+ mhd_sbom_cdx_spec_version="1.6"
+
+ # Cleanup partial output on early exit
+ trap err_out_cleanup 0 1 2 13 15
+
+ cat >"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1
+{
+ "\$schema": "http://cyclonedx.org/schema/bom-${mhd_sbom_cdx_spec_version}.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "${mhd_sbom_cdx_spec_version}",
+ "version": 1,
+_JSON_EOF_
+ test -z "${mhd_sbom_uuid}" || cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1
+ "serialNumber": "urn:uuid:${mhd_sbom_uuid}",
+_JSON_EOF_
+ cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1
+ "metadata": {
+_JSON_EOF_
+ test -z "${mhd_sbom_timestamp}" || cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1
+ "timestamp": "${mhd_sbom_timestamp}",
+_JSON_EOF_
+ cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1
+ "component": {
+ "type": "library",
+ "name": "${pkgname}",
+ "description": "Small C library for embedding an HTTP server in applications",
+_JSON_EOF_
+ test -z "${mhd_sbom_mhd_version_short}" || cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1
+ "version": "${mhd_sbom_mhd_version_short}",
+_JSON_EOF_
+ test -z "${mhd_sbom_mhd_licence}" || cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1
+ "licenses": [
+ {
+ "expression": "${mhd_sbom_mhd_licence}"
+ }
+ ],
+_JSON_EOF_
+ test -z "${mhd_sbom_cdx_purl}" || cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1
+ "purl": "${mhd_sbom_cdx_purl}",
+_JSON_EOF_
+ cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1
+ "bom-ref": "${mhd_sbom_cdx_bom_ref}",
+ "publisher": "${mhd_sbom_publisher}"
+ },
+_JSON_EOF_
+ cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1
+ "tools": {
+ "components": [
+ {
+ "type": "application",
+ "group": "org.gnu.libmicrohttpd",
+_JSON_EOF_
+ test -z "${mhd_sbom_tool_ver}" || cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1
+ "version": "${mhd_sbom_tool_ver}",
+_JSON_EOF_
+ cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1
+ "name": "${mhd_sbom_tool}"
+ }
+ ]
+ },
+ "lifecycles": [
+ {
+ "phase": "build"
+ }
+ ],
+ "authors": [
+ {
+ "name": "Evgeny Grin (Karlson2k)"
+ }
+ ],
+ "properties": [
+ {
+ "name": "org.gnu.libmicrohttpd:separate-sbom-license",
+ "value": "CC0-1.0"
+ }
+ ],
+ "licenses": [
+ {
+ "expression": "CC0-1.0"
+ }
+ ]
+ },
+_JSON_EOF_
+ mhd_sbom_dependson=""
+ if test -n "${mhd_sbom_gnutls_ver}" || test -n "${mhd_sbom_openssl_ver}" \
+ || test -n "${mhd_sbom_mbedtls_ver}" ; then
+
+ cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1
+ "components": [
+_JSON_EOF_
+
+ if test -n "${mhd_sbom_gnutls_ver}" ; then
+ mhd_sbom_dependson="${mhd_sbom_dependson}\"tlsbackend-gnutls\""
+ mhd_sbom_next_element_comma=''
+ if test -n "${mhd_sbom_openssl_ver}${mhd_sbom_mbedtls_ver}"; then
+ mhd_sbom_dependson="${mhd_sbom_dependson},${mhd_var_nl} "
+ mhd_sbom_next_element_comma=','
+ fi
+ cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1
+ {
+ "type": "library",
+ "name": "GnuTLS",
+_JSON_EOF_
+ test "X0" = "X${mhd_sbom_gnutls_ver}" || cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1
+ "version": "${mhd_sbom_gnutls_ver}",
+_JSON_EOF_
+ cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1
+ "bom-ref": "tlsbackend-gnutls"
+ }${mhd_sbom_next_element_comma}
+_JSON_EOF_
+ fi
+
+ if test -n "${mhd_sbom_openssl_ver}" ; then
+ mhd_sbom_dependson="${mhd_sbom_dependson}\"tlsbackend-openssl\""
+ mhd_sbom_next_element_comma=''
+ if test -n "${mhd_sbom_mbedtls_ver}"; then
+ mhd_sbom_dependson="${mhd_sbom_dependson},${mhd_var_nl} "
+ mhd_sbom_next_element_comma=','
+ fi
+ cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1
+ {
+ "type": "library",
+ "name": "OpenSSL",
+_JSON_EOF_
+ test "X0" = "X${mhd_sbom_openssl_ver}" || cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1
+ "version": "${mhd_sbom_openssl_ver}",
+_JSON_EOF_
+ cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1
+ "bom-ref": "tlsbackend-openssl"
+ }${mhd_sbom_next_element_comma}
+_JSON_EOF_
+ fi
+
+ if test -n "${mhd_sbom_mbedtls_ver}" ; then
+ mhd_sbom_dependson="${mhd_sbom_dependson}\"tlsbackend-mbedtls\""
+ mhd_sbom_next_element_comma=''
+ cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1
+ {
+ "type": "library",
+ "name": "MbedTLS",
+_JSON_EOF_
+ test "X0" = "X${mhd_sbom_mbedtls_ver}" || cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1
+ "version": "${mhd_sbom_mbedtls_ver}",
+_JSON_EOF_
+ cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1
+ "bom-ref": "tlsbackend-mbedtls"
+ }${mhd_sbom_next_element_comma}
+_JSON_EOF_
+ fi
+
+ cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1
+ ],
+_JSON_EOF_
+ fi
+ test -z "${mhd_sbom_dependson}" || cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1
+ "dependencies": [
+ {
+ "ref": "${mhd_sbom_cdx_bom_ref}",
+ "dependsOn": [
+ ${mhd_sbom_dependson}
+ ]
+ }
+ ],
+_JSON_EOF_
+ cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1
+ "externalReferences": [
+ {
+ "type": "website",
+ "url": "${mhd_sbom_pkg_homepage}"
+ },
+ {
+ "type": "vcs",
+ "url": "git://git.gnunet.org/libmicrohttpd2.git"
+ },
+ {
+ "type": "issue-tracker",
+ "url": "https://bugs.gnunet.org/view_all_bug_page.php?project_id=32"
+ },
+ {
+ "type": "mailing-list",
+ "url": "https://lists.gnu.org/mailman/listinfo/libmicrohttpd"
+ }
+ ]
+}
+_JSON_EOF_
+
+ ${AM_V_P} && echo "'${mhd_sbom_cdx_outfile}' - done."
+fi
+
+
+trap '' 0
diff --git a/m4/make-sbom.m4 b/m4/make-sbom.m4
@@ -1,119 +0,0 @@
-AC_DEFUN([MHD_GENERATE_SBOM3], [
-
- AC_CHECK_PROG([HAVE_JQ], [jq], [yes], [no])
- AC_CHECK_PROG([HAVE_PKG_CONFIG], [pkg-config], [yes], [no])
-
- if test "x$HAVE_JQ" = "xyes";
- then
- AC_MSG_NOTICE([jq found, generating SBOM v3])
-
- jq --arg ver "$PACKAGE_VERSION" '
- .elements[[0]].versionInfo=$ver' \
- < "$srcdir/libmicrohttpd-spdx.json.in" \
- > libmicrohttpd-spdx.json
-
- for l in $1;
- do
- AC_MSG_NOTICE([processing $l])
-
- AS_CASE([$l],
- [-lssl], [:],
- [-lcrypto], [
- dep_ver=UNKNOWN
- if test "x$HAVE_PKG_CONFIG" = "xyes" && pkg-config --exists openssl;
- then
- dep_ver=`pkg-config --modversion openssl 2>/dev/null`
- fi
- jqprog='
- .elements += [[{
- type:"Package",
- SPDXID:"SPDXRef-Package-OpenSSL",
- name:"OpenSSL",
- versionInfo:$ver,
- downloadLocation: "https://github.com/openssl/openssl/releases/download/",
- homepage: "https://openssl.org/",
- licenseConcluded: "OpenSSL-3.0",
- licenseDeclared: "OpenSSL-3.0"
- }]] |
- .relationships += [[{
- type:"Relationship",
- SPDXID:"SPDXRef-Rel-OpenSSL",
- relationshipType:"DEPENDS_ON",
- from:"SPDXRef-Package-libmicrohttpd2",
- to:"SPDXRef-Package-OpenSSL"
- }]]'
- jq --arg ver "$dep_ver" "$jqprog" \
- < libmicrohttpd-spdx.json \
- > libmicrohttpd-spdx.json.tmp &&
- mv libmicrohttpd-spdx.json.tmp libmicrohttpd-spdx.json
- ],
- [-lgnutls], [
- dep_ver=UNKNOWN
- if test "x$HAVE_PKG_CONFIG" = "xyes" && pkg-config --exists gnutls;
- then
- dep_ver=`pkg-config --modversion gnutls 2>/dev/null`
- fi
-
- jqprog='
- .elements += [[{
- type:"Package",
- SPDXID:"SPDXRef-Package-GnuTLS",
- name:"GnuTLS",
- versionInfo:$ver,
- downloadLocation : "https://www.gnupg.org/ftp/gcrypt/gnutls/",
- homepage: "https://gnutls.org/",
- licenseConcluded: "LGPL-2.1-or-later",
- licenseDeclared: "LGPL-2.1-or-later"
- }]] |
- .relationships += [[{
- type:"Relationship",
- SPDXID:"SPDXRef-Rel-GnuTLS",
- relationshipType:"DEPENDS_ON",
- from:"SPDXRef-Package-libmicrohttpd2",
- to:"SPDXRef-Package-GnuTLS"
- }]]'
- jq --arg ver "$dep_ver" "$jqprog" \
- < libmicrohttpd-spdx.json \
- > libmicrohttpd-spdx.json.tmp &&
- mv libmicrohttpd-spdx.json.tmp libmicrohttpd-spdx.json
- ],
- [-lmbedtls], [
- dep_ver=UNKNOWN
- if test "x$HAVE_PKG_CONFIG" = "xyes" && pkg-config --exists mbedtls;
- then
- dep_ver=`pkg-config --modversion mbedtls 2>/dev/null`
- fi
-
- jqprog='
- .elements += [[{
- type:"Package",
- SPDXID:"SPDXRef-Package-mbedTLS",
- name:"mbedTLS",
- versionInfo:$ver,
- homepage: "https://www.trustedfirmware.org/projects/mbed-tls/",
- downloadLocation: "https://github.com/Mbed-TLS/mbedtls",
- licenseConcluded: "Apache-2.0",
- licenseDeclared: "Apache-2.0"
- }]] |
- .relationships += [[{
- type:"Relationship",
- SPDXID:"SPDXRef-Rel-mbedTLS",
- relationshipType:"DEPENDS_ON",
- from:"SPDXRef-Package-libmicrohttpd2",
- to:"SPDXRef-Package-mbedTLS"
- }]]'
- jq --arg ver "$dep_ver" "$jqprog" \
- < libmicrohttpd-spdx.json \
- > libmicrohttpd-spdx.json.tmp &&
- mv libmicrohttpd-spdx.json.tmp libmicrohttpd-spdx.json
- ],
- [-lpthread], [:]
- )
- done
-
- AC_MSG_NOTICE([SBOM written to libmicrohttpd-spdx.json])
- else
- AC_MSG_WARN([jq not available, only dumping incomplete SBOM template])
- cp "$srcdir/libmicrohttpd-spdx.json.in" libmicrohttpd-spdx.json
- fi
-])
