create-sbom.sh (21579B)
1 #! /bin/sh 2 # 3 # This file is part of GNU libmicrohttpd. 4 # (C) 2026 Evgeny Grin (Karlson2k) 5 # 6 # GNU libmicrohttpd is free software; you can redistribute it and/or 7 # modify it under the terms of the GNU Lesser General Public 8 # License as published by the Free Software Foundation; either 9 # version 2.1 of the License, or (at your option) any later version. 10 # 11 # GNU libmicrohttpd is distributed in the hope that it will be useful, 12 # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 # Lesser General Public License for more details. 15 # 16 # Alternatively, you can redistribute GNU libmicrohttpd and/or 17 # modify it under the terms of the GNU General Public License as 18 # published by the Free Software Foundation; either version 2 of 19 # the License, or (at your option) any later version, together 20 # with the eCos exception, as follows: 21 # 22 # As a special exception, if other files instantiate templates or 23 # use macros or inline functions from this file, or you compile this 24 # file and link it with other works to produce a work based on this 25 # file, this file does not by itself cause the resulting work to be 26 # covered by the GNU General Public License. However the source code 27 # for this file must still be made available in accordance with 28 # section (3) of the GNU General Public License v2. 29 # 30 # This exception does not invalidate any other reasons why a work 31 # based on this file might be covered by the GNU General Public 32 # License. 33 # 34 # You should have received copies of the GNU Lesser General Public 35 # License and the GNU General Public License along with this library; 36 # if not, see <https://www.gnu.org/licenses/>. 37 # 38 39 pkgname='libmicrohttpd2' 40 mhd_sbom_tool_ver="0.9" 41 mhd_sbom_pkg_homepage='https://www.gnu.org/software/libmicrohttpd/' 42 case ${0} in 43 -*/*|-*'\'*) mhd_sbom_tool=`expr "X${0}" : 'X.*[/\\]\([^/\\][^/\\]*\)$'`;; 44 -*) mhd_sbom_tool="${0}" ;; 45 *) mhd_sbom_tool=`basename "${0}"` ;; 46 esac 47 test -n "${mhd_sbom_tool}" || mhd_sbom_tool='create-sbom.sh' 48 49 test -n "${mhd_sbom_spdx_filename}" || mhd_sbom_spdx_filename="${pkgname}.spdx.json" 50 test -n "${mhd_sbom_cdx_filename}" || mhd_sbom_cdx_filename="${pkgname}.cdx.json" 51 52 print_help_fn() { 53 cat << _EOF_ 54 Usage: 55 ${0} [var=value ...] {${mhd_sbom_spdx_filename} [${mhd_sbom_cdx_filename}] | ${mhd_sbom_cdx_filename}} 56 _EOF_ 57 } 58 59 mhd_var_nl=" 60 " 61 mhd_var_cr=`printf '\r'` 62 mhd_var_tab=" " 63 # Check whether mhd_var_cr is really set to avoid matching everything 64 test -n "${mhd_var_cr}" || mhd_var_cr="${mhd_var_nl}" 65 66 for param in "$@" 67 do 68 case $param in 69 *"'"*|*'"'*|*"${mhd_var_nl}"*|*"${mhd_var_cr}"*|*'\'*) echo "Bad parameter: '$param'" >&2; exit 2 ;; 70 esac 71 if expr "X${param}" : 'X[A-Za-z][A-Za-z0-9_]*=.*' >/dev/null ; then 72 tmp_var_name=`expr "X${param}" : 'X\([A-Za-z][A-Za-z0-9_]*\)='` 73 test -n "${tmp_var_name}" || exit 3 74 if expr "X${param}" : 'X[A-Za-z][A-Za-z0-9_]*=$' >/dev/null ; then 75 tmp_var_val="" 76 else 77 # Do not check "expr" return code otherwise resulting "0" interpreted as failure 78 tmp_var_val=`expr "X${param}" : 'X[A-Za-z][A-Za-z0-9_]*=\(.*\)'` 79 test -n "${tmp_var_val}" || exit 3 80 fi 81 eval "${tmp_var_name}=\"\${tmp_var_val}\"" || exit 1 82 else 83 case $param in 84 "${mhd_sbom_spdx_filename}") mhd_sbom_spdx_outfile="$param" ;; 85 "${mhd_sbom_cdx_filename}") mhd_sbom_cdx_outfile="$param" ;; 86 --help|-h) print_help_fn; exit 0 ;; 87 *) echo "Unknown parameter: '$param'" >&2; exit 2 ;; 88 esac 89 fi 90 done 91 92 if test -z "${mhd_sbom_spdx_outfile}${mhd_sbom_cdx_outfile}" ; then 93 echo "No output file is specified." >&2 94 exit 2 95 fi 96 97 # Start from scratch 98 rm -f "${mhd_sbom_spdx_outfile}" "${mhd_sbom_cdx_outfile}" || exit 1 99 100 test -n "${AM_V_P}" || AM_V_P=":" 101 if ${AM_V_P} >/dev/null 2>/dev/null; then 102 AM_V_P=":" 103 else 104 AM_V_P="false" 105 fi 106 107 mhd_sbom_mhd_licence_num='0' 108 109 if test "Xno" = "X${mhd_sbom_gnutls_ver}" || test -z "${mhd_sbom_gnutls_ver}"; then 110 mhd_sbom_gnutls_ver="" 111 elif test "X0" = "X${mhd_sbom_gnutls_ver}" || \ 112 expr "X${mhd_sbom_gnutls_ver}" : "X[1-9][0-9]*\." >/dev/null || \ 113 expr "X${mhd_sbom_gnutls_ver}" : "X[0-9]\." >/dev/null ; then 114 test "2" -le "${mhd_sbom_mhd_licence_num}" || mhd_sbom_mhd_licence_num="2" 115 else 116 echo "Bad GnuTLS version: '${mhd_sbom_gnutls_ver}'" >&2 117 exit 2 118 fi 119 120 if test "Xno" = "X${mhd_sbom_openssl_ver}" || test -z "${mhd_sbom_openssl_ver}"; then 121 mhd_sbom_openssl_ver="" 122 elif test "X0" = "X${mhd_sbom_openssl_ver}" || \ 123 expr "X${mhd_sbom_openssl_ver}" : "X[1-9][0-9]*\." >/dev/null || \ 124 expr "X${mhd_sbom_openssl_ver}" : "X[0-9]\." >/dev/null ; then 125 test "3" -le "${mhd_sbom_mhd_licence_num}" || mhd_sbom_mhd_licence_num="3" 126 else 127 echo "Bad OpenSSL version: '${mhd_sbom_openssl_ver}'" >&2 128 exit 2 129 fi 130 131 if test "Xno" = "X${mhd_sbom_mbedtls_ver}" || test -z "${mhd_sbom_mbedtls_ver}"; then 132 mhd_sbom_mbedtls_ver="" 133 elif test "X0" = "X${mhd_sbom_mbedtls_ver}" || \ 134 expr "X${mhd_sbom_mbedtls_ver}" : "X[1-9][0-9]*\." >/dev/null || \ 135 expr "X${mhd_sbom_mbedtls_ver}" : "X[0-9]\." >/dev/null ; then 136 test "3" -le "${mhd_sbom_mhd_licence_num}" || mhd_sbom_mhd_licence_num="3" 137 else 138 echo "Bad Mbed TLS version: '${mhd_sbom_mbedtls_ver}'" >&2 139 exit 2 140 fi 141 142 if test -z "${mhd_sbom_mhd_licence}"; then 143 case ${mhd_sbom_mhd_licence_num} in 144 0) mhd_sbom_mhd_licence='LGPL-2.1-or-later OR (GPL-2.0-or-later WITH eCos-exception-2.0)' ;; 145 2) mhd_sbom_mhd_licence='LGPL-2.1-or-later' ;; 146 3) mhd_sbom_mhd_licence='LGPL-3.0-or-later' ;; 147 *) echo "Internal error" >&2; exit 3 ;; 148 esac 149 fi 150 151 test -n "${mhd_sbom_publisher}" || mhd_sbom_publisher='Evgeny Grin (Karlson2k), Christian Grothoff' 152 153 err_out_cleanup() { 154 rm -f "${mhd_sbom_spdx_outfile}" "${mhd_sbom_cdx_outfile}" 155 exit 1 156 } 157 158 is_uuid_valid_fn() { 159 case ${1} in 160 [0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]-[0-9a-f][0-9a-f][0-9a-f][0-9a-f]-[0-9a-f][0-9a-f][0-9a-f][0-9a-f]-[0-9a-f][0-9a-f][0-9a-f][0-9a-f]-[0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f][0-9a-f]) return 0 ;; 161 esac 162 return 1 163 } 164 165 is_timestamp_valid_fn() { 166 case ${1} in 167 [0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]Z) return 0 ;; 168 esac 169 return 1 170 } 171 172 is_timestamp_valid_fn "${mhd_sbom_timestamp}" || \ 173 { mhd_sbom_timestamp=`date -u '+%Y-%m-%dT%H:%M:%SZ'` || mhd_sbom_timestamp="" ; } 2>/dev/null 174 175 is_timestamp_valid_fn "${mhd_sbom_timestamp}" || mhd_sbom_timestamp='' 176 177 178 is_uuid_valid_fn "${mhd_sbom_uuid}" || \ 179 { mhd_sbom_uuid=`uuidgen` || mhd_sbom_uuid='' ; } 2>/dev/null 180 181 if is_uuid_valid_fn "${mhd_sbom_uuid}" ; then : ; else 182 test -r '/proc/sys/kernel/random/uuid' && read mhd_sbom_uuid < '/proc/sys/kernel/random/uuid' 2>/dev/null 183 fi 184 185 is_uuid_valid_fn "${mhd_sbom_uuid}" || mhd_sbom_uuid='' 186 187 188 if test -n "${mhd_sbom_spdx_outfile}"; then 189 190 if ${AM_V_P}; then 191 echo "Generating '${mhd_sbom_spdx_outfile}'..." 192 else 193 echo " GEN${mhd_var_tab}${mhd_sbom_spdx_outfile}" 194 fi 195 196 test -n "${mhd_sbom_spdx_name}" || mhd_sbom_spdx_name="${pkgname}${mhd_sbom_mhd_version_short:+-}${mhd_sbom_mhd_version_short}" 197 198 test -n "${mhd_sbom_spdx_docnamespace_base}" || mhd_sbom_spdx_docnamespace_base="https://www.gnu.org/software/libmicrohttpd/spdx/${mhd_sbom_spdx_name}" 199 test -n "${mhd_sbom_spdx_docnamespace_suff}" || mhd_sbom_spdx_docnamespace_suff="${mhd_sbom_uuid}" 200 test -n "${mhd_sbom_spdx_docnamespace_suff}" || mhd_sbom_spdx_docnamespace_suff="${mhd_sbom_timestamp}" 201 test -n "${mhd_sbom_spdx_docnamespace_suff}" || mhd_sbom_spdx_docnamespace_suff="${mhd_sbom_mhd_version_full}" 202 test -n "${mhd_sbom_spdx_docnamespace_full}" \ 203 || mhd_sbom_spdx_docnamespace_full="${mhd_sbom_spdx_docnamespace_base}${mhd_sbom_spdx_docnamespace_suff:+-}${mhd_sbom_spdx_docnamespace_suff}" 204 205 if test -z "${mhd_sbom_spdx_purl}" ; then 206 mhd_sbom_spdx_purl="pkg:generic/${pkgname}" 207 test -z "${mhd_sbom_mhd_version_full}" || mhd_sbom_spdx_purl="${mhd_sbom_spdx_purl}@${mhd_sbom_mhd_version_full}" 208 test -z "${mhd_sbom_mhd_version_extra}" || mhd_sbom_spdx_purl="${mhd_sbom_spdx_purl}?${mhd_sbom_mhd_version_extra}" 209 elif test "Xno" = "X${mhd_sbom_spdx_purl}" ; then 210 mhd_sbom_spdx_purl="" 211 fi 212 213 # Basic checks only, not a real validation 214 case "${pkgname}${mhd_sbom_mhd_version_full}${mhd_sbom_mhd_licence}${mhd_sbom_spdx_name}${mhd_sbom_spdx_docnamespace_full}${mhd_sbom_spdx_purl}${mhd_sbom_pkg_homepage}${mhd_sbom_pkg_dwnl_url}${mhd_sbom_gnutls_ver}${mhd_sbom_openssl_ver}${mhd_sbom_mbedtls_ver}${mhd_sbom_tool}${mhd_sbom_tool_ver}" in 215 *"'"*|*'"'*|*"${mhd_var_nl}"*|*"${mhd_var_cr}"*|*'\'*|*"${mhd_var_tab}"*) echo "Bad JSON data" >&2; exit 2 ;; 216 esac 217 218 # Cleanup partial output on early exit 219 trap err_out_cleanup 0 1 2 13 15 220 221 mhd_sbom_next_element_comma='' 222 test -z "${mhd_sbom_gnutls_ver}${mhd_sbom_openssl_ver}${mhd_sbom_mbedtls_ver}" || \ 223 mhd_sbom_next_element_comma=',' 224 225 cat >"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1 226 { 227 "SPDXID": "SPDXRef-DOCUMENT", 228 "spdxVersion": "SPDX-2.3", 229 "name": "${mhd_sbom_spdx_name}", 230 "creationInfo": { 231 _JSON_EOF_ 232 test -z "${mhd_sbom_timestamp}" || cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1 233 "created": "${mhd_sbom_timestamp}", 234 _JSON_EOF_ 235 cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1 236 "creators": [ 237 "Tool: ${pkgname}-${mhd_sbom_tool}-${mhd_sbom_tool_ver}" 238 ] 239 }, 240 "dataLicense": "CC0-1.0", 241 "documentNamespace": "${mhd_sbom_spdx_docnamespace_full}", 242 "packages": [ 243 { 244 "SPDXID": "SPDXRef-Package-libmicrohttpd2", 245 "name": "${pkgname}", 246 _JSON_EOF_ 247 test -z "${mhd_sbom_mhd_version_full}" || cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1 248 "versionInfo": "${mhd_sbom_mhd_version_full}", 249 _JSON_EOF_ 250 cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1 251 "homepage": "${mhd_sbom_pkg_homepage}", 252 "downloadLocation": "${mhd_sbom_pkg_dwnl_url:-NOASSERTION}", 253 "filesAnalyzed": false, 254 "licenseDeclared": "LGPL-2.1-or-later OR (GPL-2.0-or-later WITH eCos-exception-2.0)", 255 "licenseConcluded": "${mhd_sbom_mhd_licence}", 256 "copyrightText": "NOASSERTION", 257 _JSON_EOF_ 258 test -z "${mhd_sbom_spdx_purl}" || cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1 259 "externalRefs": [ 260 { 261 "referenceCategory": "PACKAGE-MANAGER", 262 "referenceType": "purl", 263 "referenceLocator": "${mhd_sbom_spdx_purl}" 264 } 265 ], 266 _JSON_EOF_ 267 cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1 268 "description": "Small C library for embedding an HTTP server in applications" 269 }${mhd_sbom_next_element_comma} 270 _JSON_EOF_ 271 if test -n "${mhd_sbom_gnutls_ver}"; then 272 mhd_sbom_next_element_comma='' 273 test -z "${mhd_sbom_openssl_ver}${mhd_sbom_mbedtls_ver}" || \ 274 mhd_sbom_next_element_comma=',' 275 cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1 276 { 277 "SPDXID": "SPDXRef-Package-GnuTLS", 278 "name": "GnuTLS", 279 _JSON_EOF_ 280 test "X${mhd_sbom_gnutls_ver}" = "X0" || cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1 281 "versionInfo": "${mhd_sbom_gnutls_ver}", 282 _JSON_EOF_ 283 cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1 284 "downloadLocation": "NOASSERTION", 285 "filesAnalyzed": false, 286 "licenseConcluded": "NOASSERTION", 287 "licenseDeclared": "NOASSERTION", 288 "copyrightText": "NOASSERTION" 289 }${mhd_sbom_next_element_comma} 290 _JSON_EOF_ 291 fi 292 if test -n "${mhd_sbom_openssl_ver}"; then 293 mhd_sbom_next_element_comma='' 294 test -z "${mhd_sbom_mbedtls_ver}" || \ 295 mhd_sbom_next_element_comma=',' 296 cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1 297 { 298 "SPDXID": "SPDXRef-Package-OpenSSL", 299 "name": "OpenSSL", 300 _JSON_EOF_ 301 test "X${mhd_sbom_openssl_ver}" = "X0" || cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1 302 "versionInfo": "${mhd_sbom_openssl_ver}", 303 _JSON_EOF_ 304 cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1 305 "downloadLocation": "NOASSERTION", 306 "filesAnalyzed": false, 307 "licenseConcluded": "NOASSERTION", 308 "licenseDeclared": "NOASSERTION", 309 "copyrightText": "NOASSERTION" 310 }${mhd_sbom_next_element_comma} 311 _JSON_EOF_ 312 fi 313 if test -n "${mhd_sbom_mbedtls_ver}"; then 314 mhd_sbom_next_element_comma='' 315 cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1 316 { 317 "SPDXID": "SPDXRef-Package-MbedTLS", 318 "name": "MbedTLS", 319 _JSON_EOF_ 320 test "X${mhd_sbom_mbedtls_ver}" = "X0" || cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1 321 "versionInfo": "${mhd_sbom_mbedtls_ver}", 322 _JSON_EOF_ 323 cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1 324 "downloadLocation": "NOASSERTION", 325 "filesAnalyzed": false, 326 "licenseConcluded": "NOASSERTION", 327 "licenseDeclared": "NOASSERTION", 328 "copyrightText": "NOASSERTION" 329 }${mhd_sbom_next_element_comma} 330 _JSON_EOF_ 331 fi 332 mhd_sbom_next_element_comma='' 333 test -z "${mhd_sbom_gnutls_ver}${mhd_sbom_openssl_ver}${mhd_sbom_mbedtls_ver}" || \ 334 mhd_sbom_next_element_comma=',' 335 cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1 336 ], 337 "relationships": [ 338 { 339 "spdxElementId": "SPDXRef-DOCUMENT", 340 "relationshipType": "DESCRIBES", 341 "relatedSpdxElement": "SPDXRef-Package-libmicrohttpd2" 342 }${mhd_sbom_next_element_comma} 343 _JSON_EOF_ 344 if test -n "${mhd_sbom_gnutls_ver}"; then 345 mhd_sbom_next_element_comma='' 346 test -z "${mhd_sbom_openssl_ver}${mhd_sbom_mbedtls_ver}" || \ 347 mhd_sbom_next_element_comma=',' 348 cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1 349 { 350 "spdxElementId": "SPDXRef-Package-libmicrohttpd2", 351 "relationshipType": "DEPENDS_ON", 352 "relatedSpdxElement": "SPDXRef-Package-GnuTLS" 353 }${mhd_sbom_next_element_comma} 354 _JSON_EOF_ 355 fi 356 if test -n "${mhd_sbom_openssl_ver}"; then 357 mhd_sbom_next_element_comma='' 358 test -z "${mhd_sbom_mbedtls_ver}" || \ 359 mhd_sbom_next_element_comma=',' 360 cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1 361 { 362 "spdxElementId": "SPDXRef-Package-libmicrohttpd2", 363 "relationshipType": "DEPENDS_ON", 364 "relatedSpdxElement": "SPDXRef-Package-OpenSSL" 365 }${mhd_sbom_next_element_comma} 366 _JSON_EOF_ 367 fi 368 if test -n "${mhd_sbom_mbedtls_ver}"; then 369 mhd_sbom_next_element_comma='' 370 cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1 371 { 372 "spdxElementId": "SPDXRef-Package-libmicrohttpd2", 373 "relationshipType": "DEPENDS_ON", 374 "relatedSpdxElement": "SPDXRef-Package-MbedTLS" 375 }${mhd_sbom_next_element_comma} 376 _JSON_EOF_ 377 fi 378 cat >>"${mhd_sbom_spdx_outfile}" <<_JSON_EOF_ || exit 1 379 ] 380 } 381 _JSON_EOF_ 382 fi 383 384 if test -n "${mhd_sbom_cdx_outfile}"; then 385 386 if ${AM_V_P}; then 387 echo "Generating '${mhd_sbom_cdx_outfile}'..." 388 else 389 echo " GEN${mhd_var_tab}${mhd_sbom_cdx_outfile}" 390 fi 391 392 if test -z "${mhd_sbom_cdx_purl}" ; then 393 mhd_sbom_cdx_purl="pkg:generic/${pkgname}" 394 test -z "${mhd_sbom_mhd_version_full}" || mhd_sbom_cdx_purl="${mhd_sbom_cdx_purl}@${mhd_sbom_mhd_version_full}" 395 test -z "${mhd_sbom_mhd_version_extra}" || mhd_sbom_cdx_purl="${mhd_sbom_cdx_purl}?${mhd_sbom_mhd_version_extra}" 396 elif test "Xno" = "X${mhd_sbom_cdx_purl}" ; then 397 mhd_sbom_cdx_purl="" 398 fi 399 400 if test -z "${mhd_sbom_cdx_bom_ref}" ; then 401 if test -n "${mhd_sbom_cdx_purl}" ; then 402 mhd_sbom_cdx_bom_ref="${mhd_sbom_cdx_purl}" 403 else 404 mhd_sbom_cdx_bom_ref="${pkgname}" 405 fi 406 fi 407 408 # Basic checks only, not a real validation 409 case "${pkgname}${mhd_sbom_pkg_homepage}${mhd_sbom_mhd_version_short}${mhd_sbom_mhd_licence}${mhd_sbom_cdx_purl}${mhd_sbom_cdx_bom_ref}${mhd_sbom_publisher}${mhd_sbom_gnutls_ver}${mhd_sbom_openssl_ver}${mhd_sbom_mbedtls_ver}${mhd_sbom_tool}${mhd_sbom_tool_ver}" in 410 *"'"*|*'"'*|*"${mhd_var_nl}"*|*"${mhd_var_cr}"*|*'\'*|*"${mhd_var_tab}"*) echo "Bad JSON data" >&2; exit 2 ;; 411 esac 412 413 mhd_sbom_cdx_spec_version="1.6" 414 415 # Cleanup partial output on early exit 416 trap err_out_cleanup 0 1 2 13 15 417 418 cat >"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1 419 { 420 "\$schema": "http://cyclonedx.org/schema/bom-${mhd_sbom_cdx_spec_version}.schema.json", 421 "bomFormat": "CycloneDX", 422 "specVersion": "${mhd_sbom_cdx_spec_version}", 423 "version": 1, 424 _JSON_EOF_ 425 test -z "${mhd_sbom_uuid}" || cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1 426 "serialNumber": "urn:uuid:${mhd_sbom_uuid}", 427 _JSON_EOF_ 428 cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1 429 "metadata": { 430 _JSON_EOF_ 431 test -z "${mhd_sbom_timestamp}" || cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1 432 "timestamp": "${mhd_sbom_timestamp}", 433 _JSON_EOF_ 434 cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1 435 "component": { 436 "type": "library", 437 "name": "${pkgname}", 438 "description": "Small C library for embedding an HTTP server in applications", 439 _JSON_EOF_ 440 test -z "${mhd_sbom_mhd_version_short}" || cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1 441 "version": "${mhd_sbom_mhd_version_short}", 442 _JSON_EOF_ 443 test -z "${mhd_sbom_mhd_licence}" || cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1 444 "licenses": [ 445 { 446 "expression": "${mhd_sbom_mhd_licence}" 447 } 448 ], 449 _JSON_EOF_ 450 test -z "${mhd_sbom_cdx_purl}" || cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1 451 "purl": "${mhd_sbom_cdx_purl}", 452 _JSON_EOF_ 453 cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1 454 "bom-ref": "${mhd_sbom_cdx_bom_ref}", 455 "publisher": "${mhd_sbom_publisher}" 456 }, 457 _JSON_EOF_ 458 cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1 459 "tools": { 460 "components": [ 461 { 462 "type": "application", 463 "group": "org.gnu.libmicrohttpd", 464 _JSON_EOF_ 465 test -z "${mhd_sbom_tool_ver}" || cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1 466 "version": "${mhd_sbom_tool_ver}", 467 _JSON_EOF_ 468 cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1 469 "name": "${mhd_sbom_tool}" 470 } 471 ] 472 }, 473 "lifecycles": [ 474 { 475 "phase": "build" 476 } 477 ], 478 "authors": [ 479 { 480 "name": "Evgeny Grin (Karlson2k)" 481 } 482 ], 483 "properties": [ 484 { 485 "name": "org.gnu.libmicrohttpd:separate-sbom-license", 486 "value": "CC0-1.0" 487 } 488 ], 489 "licenses": [ 490 { 491 "expression": "CC0-1.0" 492 } 493 ] 494 }, 495 _JSON_EOF_ 496 mhd_sbom_dependson="" 497 if test -n "${mhd_sbom_gnutls_ver}" || test -n "${mhd_sbom_openssl_ver}" \ 498 || test -n "${mhd_sbom_mbedtls_ver}" ; then 499 500 cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1 501 "components": [ 502 _JSON_EOF_ 503 504 if test -n "${mhd_sbom_gnutls_ver}" ; then 505 mhd_sbom_dependson="${mhd_sbom_dependson}\"tlsbackend-gnutls\"" 506 mhd_sbom_next_element_comma='' 507 if test -n "${mhd_sbom_openssl_ver}${mhd_sbom_mbedtls_ver}"; then 508 mhd_sbom_dependson="${mhd_sbom_dependson},${mhd_var_nl} " 509 mhd_sbom_next_element_comma=',' 510 fi 511 cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1 512 { 513 "type": "library", 514 "name": "GnuTLS", 515 _JSON_EOF_ 516 test "X0" = "X${mhd_sbom_gnutls_ver}" || cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1 517 "version": "${mhd_sbom_gnutls_ver}", 518 _JSON_EOF_ 519 cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1 520 "bom-ref": "tlsbackend-gnutls" 521 }${mhd_sbom_next_element_comma} 522 _JSON_EOF_ 523 fi 524 525 if test -n "${mhd_sbom_openssl_ver}" ; then 526 mhd_sbom_dependson="${mhd_sbom_dependson}\"tlsbackend-openssl\"" 527 mhd_sbom_next_element_comma='' 528 if test -n "${mhd_sbom_mbedtls_ver}"; then 529 mhd_sbom_dependson="${mhd_sbom_dependson},${mhd_var_nl} " 530 mhd_sbom_next_element_comma=',' 531 fi 532 cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1 533 { 534 "type": "library", 535 "name": "OpenSSL", 536 _JSON_EOF_ 537 test "X0" = "X${mhd_sbom_openssl_ver}" || cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1 538 "version": "${mhd_sbom_openssl_ver}", 539 _JSON_EOF_ 540 cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1 541 "bom-ref": "tlsbackend-openssl" 542 }${mhd_sbom_next_element_comma} 543 _JSON_EOF_ 544 fi 545 546 if test -n "${mhd_sbom_mbedtls_ver}" ; then 547 mhd_sbom_dependson="${mhd_sbom_dependson}\"tlsbackend-mbedtls\"" 548 mhd_sbom_next_element_comma='' 549 cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1 550 { 551 "type": "library", 552 "name": "MbedTLS", 553 _JSON_EOF_ 554 test "X0" = "X${mhd_sbom_mbedtls_ver}" || cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1 555 "version": "${mhd_sbom_mbedtls_ver}", 556 _JSON_EOF_ 557 cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1 558 "bom-ref": "tlsbackend-mbedtls" 559 }${mhd_sbom_next_element_comma} 560 _JSON_EOF_ 561 fi 562 563 cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1 564 ], 565 _JSON_EOF_ 566 fi 567 test -z "${mhd_sbom_dependson}" || cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1 568 "dependencies": [ 569 { 570 "ref": "${mhd_sbom_cdx_bom_ref}", 571 "dependsOn": [ 572 ${mhd_sbom_dependson} 573 ] 574 } 575 ], 576 _JSON_EOF_ 577 cat >>"${mhd_sbom_cdx_outfile}" <<_JSON_EOF_ || exit 1 578 "externalReferences": [ 579 { 580 "type": "website", 581 "url": "${mhd_sbom_pkg_homepage}" 582 }, 583 { 584 "type": "vcs", 585 "url": "git://git.gnunet.org/libmicrohttpd2.git" 586 }, 587 { 588 "type": "issue-tracker", 589 "url": "https://bugs.gnunet.org/view_all_bug_page.php?project_id=32" 590 }, 591 { 592 "type": "mailing-list", 593 "url": "https://lists.gnu.org/mailman/listinfo/libmicrohttpd" 594 } 595 ] 596 } 597 _JSON_EOF_ 598 599 ${AM_V_P} && echo "'${mhd_sbom_cdx_outfile}' - done." 600 fi 601 602 603 trap '' 0