mirrors/talos-extensions
1
0
Fork 0
mirror of https://github.com/siderolabs/extensions.git synced 2025-08-06 22:37:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

docs: add SBOM for more extensions

Browse Source 
Partial for #10940

Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>
This commit is contained in:
Mateusz Urbanek 2025-07-31 11:40:37 +02:00
parent b42fa4142f
commit efcb066a66
No known key found for this signature in database
GPG Key ID: F16F84591E26D77F
16 changed files with 94 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
dvb/cx23885/pkg.yaml
View File

@ -46,6 +46,9 @@ steps:
cp -r /rootfs/ /extensions-validator-rootfs/rootfs cp -r /rootfs/ /extensions-validator-rootfs/rootfs
cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
/extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}" /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
sbom:
outputPath: /rootfs/usr/local/share/spdx/cx23885.spdx.json
version: {{ .LINUX_DVB_FIRMWARE }}
# {{ end }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr # {{ end }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
finalize: finalize:
- from: /rootfs - from: /rootfs

3
dvb/dvb-m88ds3103/pkg.yaml
View File

@ -33,6 +33,9 @@ steps:
cp -r /rootfs/ /extensions-validator-rootfs/rootfs cp -r /rootfs/ /extensions-validator-rootfs/rootfs
cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
/extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}" /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
sbom:
outputPath: /rootfs/usr/local/share/spdx/dvb-m88ds3103.spdx.json
version: {{ .VERSION }}
finalize: finalize:
- from: /rootfs - from: /rootfs
to: /rootfs to: /rootfs

3
firmware/intel-ucode/pkg.yaml
View File

@ -24,6 +24,9 @@ steps:
cp -r /rootfs/ /extensions-validator-rootfs/rootfs cp -r /rootfs/ /extensions-validator-rootfs/rootfs
cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
/extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}" /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
sbom:
outputPath: /rootfs/usr/local/share/spdx/intel-ucode.spdx.json
version: {{ .INTEL_UCODE_VERSION }}
finalize: finalize:
- from: /rootfs - from: /rootfs
to: /rootfs to: /rootfs

7
guest-agents/qemu-guest-agent/pcre2/pkg.yaml
View File

@ -23,6 +23,13 @@ steps:
install: install:
- | - |
make DESTDIR=/rootfs install make DESTDIR=/rootfs install
sbom:
outputPath: /rootfs/usr/local/share/spdx/pcre2.spdx.json
version: {{ .PCRE2_VERSION }}
cpes:
- cpe:2.3:a:pcre:pcre2:{{ .CONTAINER_TOOLKIT_VERSION }}:*:*:*:*:*:*:*
licenses:
- BSD-2-Clause
finalize: finalize:
- from: /rootfs - from: /rootfs
to: / to: /

7
guest-agents/vmtoolsd-guest-agent/pkg.yaml
View File

@ -3,13 +3,18 @@ variant: scratch
shell: /bin/bash shell: /bin/bash
dependencies: dependencies:
- stage: base - stage: base
- image: {{ .BUILD_ARG_PKGS_PREFIX }}/talos-vmtoolsd:{{ .TALOS_VMTOOLSD_VERSION }} - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/talos-vmtoolsd:{{ .TALOS_VMTOOLSD_VERSION }}"
from: / from: /
to: /rootfs to: /rootfs
steps: steps:
- test: - test:
- | - |
/extensions-validator validate --rootfs=/rootfs --pkg-name="${PKG_NAME}" /extensions-validator validate --rootfs=/rootfs --pkg-name="${PKG_NAME}"
sbom:
outputPath: /rootfs/usr/local/share/spdx/vmtoolsd-guest-agent.spdx.json
version: {{ .TALOS_VMTOOLSD_VERSION }}
licenses:
- Apache-2.0
finalize: finalize:
- from: /rootfs - from: /rootfs
to: / to: /

7
nvidia-gpu/nvidia-container-toolkit/nvidia-container-cli/libseccomp/pkg.yaml
View File

@ -36,6 +36,13 @@ steps:
make install DESTDIR=/rootfs make install DESTDIR=/rootfs
# we only need the libs and headers, remove everything else # we only need the libs and headers, remove everything else
find /rootfs/usr/local/ -type d \( -name bin -o -name sbin -o -name share \) -prune -exec rm -rf {} \; find /rootfs/usr/local/ -type d \( -name bin -o -name sbin -o -name share \) -prune -exec rm -rf {} \;
sbom:
outputPath: /rootfs/usr/local/share/spdx/libseccomp.spdx.json
version: {{ .LIBSECCOMP_VERSION }}
cpes:
- cpe:2.3:a:libseccomp_project:libseccomp:{{ .LIBSECCOMP_VERSION }}:*:*:*:*:*:*:*
licenses:
- LGPL-2.1
finalize: finalize:
- from: /rootfs - from: /rootfs
to: /rootfs to: /rootfs

7
nvidia-gpu/nvidia-container-toolkit/nvidia-container-cli/lts/pkg.yaml
View File

@ -68,6 +68,13 @@ steps:
# run ldconfig to update the cache # run ldconfig to update the cache
/rootfs/usr/local/glibc/sbin/ldconfig -r /rootfs /rootfs/usr/local/glibc/sbin/ldconfig -r /rootfs
sbom:
outputPath: /rootfs/usr/local/share/spdx/nvidia-container-cli.spdx.json
version: {{ .LIBNVIDIA_CONTAINER_VERSION }}
licenses:
- Apache-2.0
- GPL-3.0
- LGPL-3.0
finalize: finalize:
- from: /rootfs - from: /rootfs
to: /rootfs to: /rootfs

7
nvidia-gpu/nvidia-container-toolkit/nvidia-container-cli/production/pkg.yaml
View File

@ -68,6 +68,13 @@ steps:
# run ldconfig to update the cache # run ldconfig to update the cache
/rootfs/usr/local/glibc/sbin/ldconfig -r /rootfs /rootfs/usr/local/glibc/sbin/ldconfig -r /rootfs
sbom:
outputPath: /rootfs/usr/local/share/spdx/nvidia-container-cli.spdx.json
version: {{ .LIBNVIDIA_CONTAINER_VERSION }}
licenses:
- Apache-2.0
- GPL-3.0
- LGPL-3.0
finalize: finalize:
- from: /rootfs - from: /rootfs
to: /rootfs to: /rootfs

7
nvidia-gpu/nvidia-container-toolkit/nvidia-container-runtime/pkg.yaml
View File

@ -58,6 +58,13 @@ steps:
mkdir -p /rootfs/usr/local/etc/nvidia-container-runtime mkdir -p /rootfs/usr/local/etc/nvidia-container-runtime
cp /pkg/nvidia-container-runtime.toml /rootfs/usr/local/etc/nvidia-container-runtime/config.toml cp /pkg/nvidia-container-runtime.toml /rootfs/usr/local/etc/nvidia-container-runtime/config.toml
sbom:
outputPath: /rootfs/usr/local/share/spdx/nvidia-container-runtime.spdx.json
version: {{ .CONTAINER_TOOLKIT_VERSION }}
cpes:
- cpe:2.3:a:nvidia:nvidia_container_toolkit:{{ .CONTAINER_TOOLKIT_VERSION }}:*:*:*:*:*:*:*
licenses:
- Apache-2.0
finalize: finalize:
- from: /rootfs - from: /rootfs
to: /rootfs to: /rootfs

6
power/nut-client/pkg.yaml
View File

@ -81,6 +81,12 @@ steps:
cp -r /rootfs/ /extensions-validator-rootfs/rootfs cp -r /rootfs/ /extensions-validator-rootfs/rootfs
cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
/extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}" /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
sbom:
outputPath: /rootfs/usr/local/share/spdx/nut-client.spdx.json
version: {{ .NUT_VERSION }}
licenses:
- GPL-2.0
- GPL-3.0
finalize: finalize:
- from: /rootfs - from: /rootfs
to: /rootfs to: /rootfs

7
storage/iscsi-tools/open-iscsi/pkg.yaml
View File

@ -46,6 +46,13 @@ steps:
rm -rf /rootfs/etc rm -rf /rootfs/etc
rm -rf /rootfs/usr/local/{etc,share,include,pkgconfig} rm -rf /rootfs/usr/local/{etc,share,include,pkgconfig}
rm -rf /rootfs/var rm -rf /rootfs/var
sbom:
outputPath: /rootfs/usr/local/share/spdx/open-iscsi.spdx.json
version: {{ .OPEN_ISCSI_VERSION }}
cpes:
- cpe:2.3:a:open-iscsi_project:open-iscsi:{{ .OPEN_ISCSI_VERSION }}:*:*:*:*:*:*:*
licenses:
- GPL-2.0
finalize: finalize:
- from: /rootfs - from: /rootfs
to: /rootfs to: /rootfs

7
storage/nfsrahead/libevent/pkg.yaml
View File

@ -27,6 +27,13 @@ steps:
make DESTDIR=/rootfs install make DESTDIR=/rootfs install
# we only need the libs and headers, remove everything else # we only need the libs and headers, remove everything else
find /rootfs/usr/local/ -type d \( -name bin -o -name sbin -o -name share \) -prune -exec rm -rf {} \; find /rootfs/usr/local/ -type d \( -name bin -o -name sbin -o -name share \) -prune -exec rm -rf {} \;
sbom:
outputPath: /rootfs/usr/local/share/spdx/libevent.spdx.json
version: {{ .LIBEVENT_VERSION }}
cpes:
- cpe:2.3:a:libevent_project:libevent:{{ .LIBEVENT_VERSION }}:*:*:*:*:*:*:*
licenses:
- BSD-3-Clause
finalize: finalize:
- from: /rootfs - from: /rootfs
to: /rootfs to: /rootfs

6
storage/nfsrahead/sqlite/pkg.yaml
View File

@ -27,6 +27,12 @@ steps:
make DESTDIR=/rootfs install make DESTDIR=/rootfs install
# we only need the libs and headers, remove everything else # we only need the libs and headers, remove everything else
find /rootfs/usr/local/ -type d \( -name bin -o -name sbin -o -name share \) -prune -exec rm -rf {} \; find /rootfs/usr/local/ -type d \( -name bin -o -name sbin -o -name share \) -prune -exec rm -rf {} \;
sbom:
outputPath: /rootfs/usr/local/share/spdx/sqlite.spdx.json
version: {{ .SQLITE_VERSION }}
cpes:
- cpe:2.3:a:sqlite:sqlite:{{ .SQLITE_VERSION }}:*:*:*:*:*:*:*
licenses: [] # explicit empty, sqlite is Public Domain
finalize: finalize:
- from: /rootfs - from: /rootfs
to: /rootfs to: /rootfs

9
storage/zfs/zfs-tools/pkg.yaml
View File

@ -14,7 +14,7 @@ steps:
sha256: {{ .ZFS_TOOLS_SHA256 }} sha256: {{ .ZFS_TOOLS_SHA256 }}
sha512: {{ .ZFS_TOOLS_SHA512 }} sha512: {{ .ZFS_TOOLS_SHA512 }}
env: env:
ARCH: {{ if eq .ARCH "aarch64"}}arm64{{ else if eq .ARCH "x86_64" }}x86_64{{ else }}unsupported{{ end }} ARCH: '{{ if eq .ARCH "aarch64"}}arm64{{ else if eq .ARCH "x86_64" }}x86_64{{ else }}unsupported{{ end }}'
prepare: prepare:
- | - |
tar -xf zfs.tar.gz --strip-components=1 tar -xf zfs.tar.gz --strip-components=1
@ -40,6 +40,13 @@ steps:
# since talos doesn't have a shell, this would fail # since talos doesn't have a shell, this would fail
# the default shipped file is a no-op, so safe to remove. # the default shipped file is a no-op, so safe to remove.
rm -f /rootfs/usr/local/libexec/zfs/zfs_prepare_disk rm -f /rootfs/usr/local/libexec/zfs/zfs_prepare_disk
sbom:
outputPath: /rootfs/usr/local/share/spdx/zfs-tools.spdx.json
version: {{ .ZFS_DRIVER_VERSION }}
cpes:
- cpe:2.3:a:openzfs:openzfs:{{ .ZFS_DRIVER_VERSION }}:*:*:*:*:*:*:*
licenses:
- CDDL-1.0
finalize: finalize:
- from: /rootfs - from: /rootfs
to: /rootfs to: /rootfs

5
tools/nvme-cli/libnvme/pkg.yaml
View File

@ -30,6 +30,11 @@ steps:
install: install:
- | - |
DESTDIR=/rootfs meson install -C .build DESTDIR=/rootfs meson install -C .build
sbom:
outputPath: /rootfs/usr/local/share/spdx/libnvme.spdx.json
version: {{ .LIBNVME_VERSION }}
licenses:
- LGPL-2.1
finalize: finalize:
- from: /rootfs - from: /rootfs
to: /rootfs to: /rootfs

5
tools/nvme-cli/pkg.yaml
View File

@ -43,6 +43,11 @@ steps:
cp -r /rootfs/ /extensions-validator-rootfs/rootfs cp -r /rootfs/ /extensions-validator-rootfs/rootfs
cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
/extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}" /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
sbom:
outputPath: /rootfs/usr/local/share/spdx/nvme-cli.spdx.json
version: {{ .NVME_CLI_VERSION }}
licenses:
- GPL-2.0
finalize: finalize:
- from: /rootfs - from: /rootfs
to: /rootfs to: /rootfs