From 7c15c748ec9301f0cca2814383ce8467832996bc Mon Sep 17 00:00:00 2001 From: Laurent Goderre Date: Mon, 11 Dec 2023 10:50:20 -0500 Subject: [PATCH] Revert "Added inline SBOM for binaries downloaded outside package manager" This reverts commit 6f4ae836406b010948f01fbcb400a31dca4fdf52. --- .gitignore | 1 - 11/alpine3.18/Dockerfile | 4 +--- 11/alpine3.19/Dockerfile | 4 +--- 12/alpine3.18/Dockerfile | 4 +--- 12/alpine3.19/Dockerfile | 4 +--- 13/alpine3.18/Dockerfile | 4 +--- 13/alpine3.19/Dockerfile | 4 +--- 14/alpine3.18/Dockerfile | 4 +--- 14/alpine3.19/Dockerfile | 4 +--- 15/alpine3.18/Dockerfile | 4 +--- 15/alpine3.19/Dockerfile | 4 +--- 16/alpine3.18/Dockerfile | 4 +--- 16/alpine3.19/Dockerfile | 4 +--- Dockerfile-alpine.template | 16 +--------------- apply-templates.sh | 5 ----- 15 files changed, 13 insertions(+), 57 deletions(-) diff --git a/.gitignore b/.gitignore index 2a4a211b89..d548f66de0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1 @@ .jq-template.awk -template-helper-functions.jq diff --git a/11/alpine3.18/Dockerfile b/11/alpine3.18/Dockerfile index 8e5d701a7d..53822af3d3 100644 --- a/11/alpine3.18/Dockerfile +++ b/11/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -152,8 +151,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.22","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.22?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/11/alpine3.19/Dockerfile b/11/alpine3.19/Dockerfile index a76eb7be7e..aca49e2771 100644 --- a/11/alpine3.19/Dockerfile +++ b/11/alpine3.19/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine @@ -152,8 +151,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.22","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.22?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index fde4049703..13907f6199 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -152,8 +151,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.17","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.17?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/12/alpine3.19/Dockerfile b/12/alpine3.19/Dockerfile index 6f3347c0ff..d3c4866ae1 100644 --- a/12/alpine3.19/Dockerfile +++ b/12/alpine3.19/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine @@ -152,8 +151,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.17","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.17?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index cd9936c4c4..ae0476428e 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -152,8 +151,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.13","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.13?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/13/alpine3.19/Dockerfile b/13/alpine3.19/Dockerfile index e82d1b9db4..b91d2ed943 100644 --- a/13/alpine3.19/Dockerfile +++ b/13/alpine3.19/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine @@ -152,8 +151,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.13","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.13?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index 9856dcc54b..4180502a27 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -155,8 +154,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.10","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.10?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/14/alpine3.19/Dockerfile b/14/alpine3.19/Dockerfile index 20ac720b77..ce011a9531 100644 --- a/14/alpine3.19/Dockerfile +++ b/14/alpine3.19/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine @@ -155,8 +154,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.10","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.10?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index 8fda3e0adf..63e59bbb90 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -158,8 +157,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.5","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.5?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/15/alpine3.19/Dockerfile b/15/alpine3.19/Dockerfile index d419a42cae..63894586fb 100644 --- a/15/alpine3.19/Dockerfile +++ b/15/alpine3.19/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine @@ -158,8 +157,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.5","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.5?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index c93ecdb229..626e269ce6 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -157,8 +156,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.1","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.1?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/16/alpine3.19/Dockerfile b/16/alpine3.19/Dockerfile index 0f98b442c0..7abdc999d8 100644 --- a/16/alpine3.19/Dockerfile +++ b/16/alpine3.19/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.19 # 70 is the standard uid/gid for "postgres" in Alpine @@ -157,8 +156,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.1","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.1?os_name=alpine&os_version=3.19"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index efbccde00e..cd2b282f45 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,4 +1,3 @@ -{{ include "template-helper-functions" }} FROM alpine:{{ env.variant | ltrimstr("alpine") }} # 70 is the standard uid/gid for "postgres" in Alpine @@ -165,20 +164,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{{ - { - name: "postgres", - version: .version, - params: { - os_name: "alpine", - os_version: env.variant | ltrimstr("alpine"), - }, - licenses: [ - "PostgreSQL" - ] - } | sbom | tostring - }}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/apply-templates.sh b/apply-templates.sh index 7b6dc1763d..31eb541934 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -13,11 +13,6 @@ elif [ "$BASH_SOURCE" -nt "$jqt" ]; then wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/9f6a35772ac863a0241f147c820354e4008edf38/scripts/jq-template.awk' fi -jqf='template-helper-functions.jq' -if [ "$BASH_SOURCE" -nt "$jqf" ]; then - wget -qO "$jqf" 'https://github.com/docker-library/bashbrew/raw/master/scripts/template-helper-functions.jq' -fi - if [ "$#" -eq 0 ]; then versions="$(jq -r 'keys | map(@sh) | join(" ")' versions.json)" eval "set -- $versions"