From 2b1285aaeece22e910c4d5b638c3765956ddc352 Mon Sep 17 00:00:00 2001 From: Laurent Goderre Date: Mon, 11 Dec 2023 10:50:20 -0500 Subject: [PATCH] Revert "Added inline SBOM for binaries downloaded outside package manager" This reverts commit 6f4ae836406b010948f01fbcb400a31dca4fdf52. --- .gitignore | 1 - 11/alpine3.17/Dockerfile | 4 +--- 11/alpine3.18/Dockerfile | 4 +--- 12/alpine3.17/Dockerfile | 4 +--- 12/alpine3.18/Dockerfile | 4 +--- 13/alpine3.17/Dockerfile | 4 +--- 13/alpine3.18/Dockerfile | 4 +--- 14/alpine3.17/Dockerfile | 4 +--- 14/alpine3.18/Dockerfile | 4 +--- 15/alpine3.17/Dockerfile | 4 +--- 15/alpine3.18/Dockerfile | 4 +--- 16/alpine3.17/Dockerfile | 4 +--- 16/alpine3.18/Dockerfile | 4 +--- Dockerfile-alpine.template | 16 +--------------- apply-templates.sh | 5 ----- 15 files changed, 13 insertions(+), 57 deletions(-) diff --git a/.gitignore b/.gitignore index 2a4a211b89..d548f66de0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1 @@ .jq-template.awk -template-helper-functions.jq diff --git a/11/alpine3.17/Dockerfile b/11/alpine3.17/Dockerfile index ba083fd7da..7730ab0be3 100644 --- a/11/alpine3.17/Dockerfile +++ b/11/alpine3.17/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine @@ -152,8 +151,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.21","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.21?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/11/alpine3.18/Dockerfile b/11/alpine3.18/Dockerfile index 0c2fdd7d16..7de4f4ab5c 100644 --- a/11/alpine3.18/Dockerfile +++ b/11/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -152,8 +151,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"11.21","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@11.21?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/12/alpine3.17/Dockerfile b/12/alpine3.17/Dockerfile index 257b372eba..19e3d03e14 100644 --- a/12/alpine3.17/Dockerfile +++ b/12/alpine3.17/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine @@ -152,8 +151,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.16","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.16?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/12/alpine3.18/Dockerfile b/12/alpine3.18/Dockerfile index 1669e4f377..ae9b2ad48a 100644 --- a/12/alpine3.18/Dockerfile +++ b/12/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -152,8 +151,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"12.16","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@12.16?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/13/alpine3.17/Dockerfile b/13/alpine3.17/Dockerfile index 9510d10f56..8d9822dd8d 100644 --- a/13/alpine3.17/Dockerfile +++ b/13/alpine3.17/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine @@ -152,8 +151,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.12","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.12?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/13/alpine3.18/Dockerfile b/13/alpine3.18/Dockerfile index 119d0ce90d..179639fa0f 100644 --- a/13/alpine3.18/Dockerfile +++ b/13/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -152,8 +151,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"13.12","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@13.12?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/14/alpine3.17/Dockerfile b/14/alpine3.17/Dockerfile index a814f6d12e..8953fca701 100644 --- a/14/alpine3.17/Dockerfile +++ b/14/alpine3.17/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine @@ -155,8 +154,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.9","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.9?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/14/alpine3.18/Dockerfile b/14/alpine3.18/Dockerfile index 2b6788066a..d349333c0a 100644 --- a/14/alpine3.18/Dockerfile +++ b/14/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -155,8 +154,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"14.9","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@14.9?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/15/alpine3.17/Dockerfile b/15/alpine3.17/Dockerfile index 3dfb914b27..cfab85a8e4 100644 --- a/15/alpine3.17/Dockerfile +++ b/15/alpine3.17/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine @@ -158,8 +157,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.4","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.4?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/15/alpine3.18/Dockerfile b/15/alpine3.18/Dockerfile index 560e8d644b..f54cd720ff 100644 --- a/15/alpine3.18/Dockerfile +++ b/15/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -158,8 +157,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"15.4","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@15.4?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/16/alpine3.17/Dockerfile b/16/alpine3.17/Dockerfile index 5863fd58d3..0b00e1d491 100644 --- a/16/alpine3.17/Dockerfile +++ b/16/alpine3.17/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.17 # 70 is the standard uid/gid for "postgres" in Alpine @@ -157,8 +156,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.0","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.0?os_name=alpine&os_version=3.17"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/16/alpine3.18/Dockerfile b/16/alpine3.18/Dockerfile index 94437870d5..7d21a33740 100644 --- a/16/alpine3.18/Dockerfile +++ b/16/alpine3.18/Dockerfile @@ -4,7 +4,6 @@ # PLEASE DO NOT EDIT IT DIRECTLY. # - FROM alpine:3.18 # 70 is the standard uid/gid for "postgres" in Alpine @@ -157,8 +156,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"postgres-sbom","packages":[{"name":"postgres","versionInfo":"16.0","SPDXID":"SPDXRef-Package--postgres","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/postgres@16.0?os_name=alpine&os_version=3.18"}],"licenseDeclared":"PostgreSQL"}]}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 0548c0126a..c581fe0ecf 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,4 +1,3 @@ -{{ include "template-helper-functions" }} FROM alpine:{{ env.variant | ltrimstr("alpine") }} # 70 is the standard uid/gid for "postgres" in Alpine @@ -165,20 +164,7 @@ RUN set -eux; \ /usr/local/share/doc \ /usr/local/share/man \ ; \ - echo '{{ - { - name: "postgres", - version: .version, - params: { - os_name: "alpine", - os_version: env.variant | ltrimstr("alpine"), - }, - licenses: [ - "PostgreSQL" - ] - } | sbom | tostring - }}' > /usr/local/postgres.spdx.json \ - ; \ + \ postgres --version # make the sample config easier to munge (and "correct by default") diff --git a/apply-templates.sh b/apply-templates.sh index 7b6dc1763d..31eb541934 100755 --- a/apply-templates.sh +++ b/apply-templates.sh @@ -13,11 +13,6 @@ elif [ "$BASH_SOURCE" -nt "$jqt" ]; then wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/9f6a35772ac863a0241f147c820354e4008edf38/scripts/jq-template.awk' fi -jqf='template-helper-functions.jq' -if [ "$BASH_SOURCE" -nt "$jqf" ]; then - wget -qO "$jqf" 'https://github.com/docker-library/bashbrew/raw/master/scripts/template-helper-functions.jq' -fi - if [ "$#" -eq 0 ]; then versions="$(jq -r 'keys | map(@sh) | join(" ")' versions.json)" eval "set -- $versions"