From 9019fba4af3a286e66436c6f68967640fcfd8823 Mon Sep 17 00:00:00 2001 From: Tim Waugh Date: Thu, 12 Sep 2024 11:25:57 +0100 Subject: [PATCH] Include checksums for parent images --- ...ement-operator-container-1.1.2-25_amd64.spdx.json | 12 ++++++++++++ ...ement-operator-container-1.1.2-25_arm64.spdx.json | 12 ++++++++++++ ...ent-operator-container-1.1.2-25_ppc64le.spdx.json | 12 ++++++++++++ ...-micro-container-9.4-6.1716471860_amd64.spdx.json | 6 ++++++ ...-micro-container-9.4-6.1716471860_arm64.spdx.json | 6 ++++++ ...icro-container-9.4-6.1716471860_ppc64le.spdx.json | 6 ++++++ ...-micro-container-9.4-6.1716471860_s390x.spdx.json | 6 ++++++ .../examples/container_image/release/from_catalog.py | 10 +++++++++- ...ement-operator-container-1.1.2-25_amd64.spdx.json | 12 ++++++++++++ ...ement-operator-container-1.1.2-25_arm64.spdx.json | 12 ++++++++++++ ...ent-operator-container-1.1.2-25_ppc64le.spdx.json | 12 ++++++++++++ ...-micro-container-9.4-6.1716471860_amd64.spdx.json | 6 ++++++ ...-micro-container-9.4-6.1716471860_arm64.spdx.json | 6 ++++++ ...icro-container-9.4-6.1716471860_ppc64le.spdx.json | 6 ++++++ ...-micro-container-9.4-6.1716471860_s390x.spdx.json | 6 ++++++ 15 files changed, 129 insertions(+), 1 deletion(-) diff --git a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json index d0966d6..f31dad1 100644 --- a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json +++ b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json @@ -4005,6 +4005,12 @@ "referenceType": "purl", "referenceLocator": "pkg:oci/rhel9-go-toolset@sha256:354b40a0fdcd1a9dd9af1b88f9a45fc2b0c8065980dfd9b5097e137a7db6e0bd" } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "354b40a0fdcd1a9dd9af1b88f9a45fc2b0c8065980dfd9b5097e137a7db6e0bd" + } ] }, { @@ -4020,6 +4026,12 @@ "referenceType": "purl", "referenceLocator": "pkg:oci/rhel@sha256:8759d95740eb14a6b6253a574edeea7de6840be30d38c630675ae2a0c76b9f93" } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "8759d95740eb14a6b6253a574edeea7de6840be30d38c630675ae2a0c76b9f93" + } ] } ], diff --git a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json index 48acd5a..7d09162 100644 --- a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json +++ b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json @@ -4005,6 +4005,12 @@ "referenceType": "purl", "referenceLocator": "pkg:oci/rhel9-go-toolset@sha256:355b1d0a6e12250247d157949dcdc68d8a9508fc027223515a6d4662f4ec03f6" } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "355b1d0a6e12250247d157949dcdc68d8a9508fc027223515a6d4662f4ec03f6" + } ] }, { @@ -4020,6 +4026,12 @@ "referenceType": "purl", "referenceLocator": "pkg:oci/rhel@sha256:8d79ed0aaf36d7bf914411aab26e3a78308fe6217ca865ad7cc107c9078bfb12" } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "8d79ed0aaf36d7bf914411aab26e3a78308fe6217ca865ad7cc107c9078bfb12" + } ] } ], diff --git a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json index 841706d..3da6856 100644 --- a/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json +++ b/sbom/examples/container_image/build/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json @@ -4005,6 +4005,12 @@ "referenceType": "purl", "referenceLocator": "pkg:oci/rhel9-go-toolset@sha256:a6b2fd68651aa7d544e53676f99f9017cf241b855bcdc2400d81081bba6f329a" } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "b2fd68651aa7d544e53676f99f9017cf241b855bcdc2400d81081bba6f329a" + } ] }, { @@ -4020,6 +4026,12 @@ "referenceType": "purl", "referenceLocator": "pkg:oci/rhel@sha256:cb23b09712fa36dfa2cd39ea60afb439c17fd0fec60a26a59e122618c8a33379" } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "cb23b09712fa36dfa2cd39ea60afb439c17fd0fec60a26a59e122618c8a33379" + } ] } ], diff --git a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json index 2dd691f..0c7abea 100644 --- a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json +++ b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json @@ -490,6 +490,12 @@ "referenceType": "purl", "referenceLocator": "pkg:oci/ubi9@sha256:11d5b4a77bfc15341d4b6dffa3d6ed510189fec9583db77cfc107067b5f906c5" } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "11d5b4a77bfc15341d4b6dffa3d6ed510189fec9583db77cfc107067b5f906c5" + } ] } ], diff --git a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json index 0da7989..d79d26d 100644 --- a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json +++ b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json @@ -490,6 +490,12 @@ "referenceType": "purl", "referenceLocator": "pkg:oci/ubi9@sha256:cad979d0a2eb78699b62efaf4797f51c4781dfc2a17d9bef5a3a2f5d67cc8e8c" } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "cad979d0a2eb78699b62efaf4797f51c4781dfc2a17d9bef5a3a2f5d67cc8e8c" + } ] } ], diff --git a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json index 7575e78..5949b1c 100644 --- a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json +++ b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json @@ -490,6 +490,12 @@ "referenceType": "purl", "referenceLocator": "pkg:oci/ubi9@sha256:8a3b5f66fcf8335ba23cd4d7210faf794bcf1f05c19ef6365459852f51d06b49" } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "8a3b5f66fcf8335ba23cd4d7210faf794bcf1f05c19ef6365459852f51d06b49" + } ] } ], diff --git a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json index 64ee71e..ea1755e 100644 --- a/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json +++ b/sbom/examples/container_image/build/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json @@ -490,6 +490,12 @@ "referenceType": "purl", "referenceLocator": "pkg:oci/ubi9@sha256:dee3c77221eab321e79ad2b0277b91856879a8f5b675a48ad83af26c7a774fb3" } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "dee3c77221eab321e79ad2b0277b91856879a8f5b675a48ad83af26c7a774fb3" + } ] } ], diff --git a/sbom/examples/container_image/release/from_catalog.py b/sbom/examples/container_image/release/from_catalog.py index a6c4fc9..cf96842 100644 --- a/sbom/examples/container_image/release/from_catalog.py +++ b/sbom/examples/container_image/release/from_catalog.py @@ -215,8 +215,9 @@ def generate_sboms_for_image(image_nvr): for a in parent_archives if a["btype"] == "image" and a["extra"]["docker"]["config"]["architecture"] == arch ] + parent_digest = parent_digests[0] if parent_digests else "" if parent_digests: - version = f"@{parent_digests[0]}" + version = f"@{parent_digest}" else: version = "" @@ -246,6 +247,13 @@ def generate_sboms_for_image(image_nvr): }, ], } + if parent_digest: + parent_pkg["checksums"] = [ + { + "algorithm": "SHA256", + "checksumValue": parent_digest.lstrip("sha256:"), + } + ] other_pkgs.append(parent_pkg) if index == direct_parent_index: diff --git a/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json b/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json index 4009f88..882ac9b 100644 --- a/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json +++ b/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_amd64.spdx.json @@ -4005,6 +4005,12 @@ "referenceType": "purl", "referenceLocator": "pkg:oci/rhel9-go-toolset@sha256:354b40a0fdcd1a9dd9af1b88f9a45fc2b0c8065980dfd9b5097e137a7db6e0bd?tag=1.19.4-18" } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "354b40a0fdcd1a9dd9af1b88f9a45fc2b0c8065980dfd9b5097e137a7db6e0bd" + } ] }, { @@ -4020,6 +4026,12 @@ "referenceType": "purl", "referenceLocator": "pkg:oci/rhel@sha256:8759d95740eb14a6b6253a574edeea7de6840be30d38c630675ae2a0c76b9f93?tag=9.2-1191&repository_url=registry.redhat.io/rhel9-2-els" } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "8759d95740eb14a6b6253a574edeea7de6840be30d38c630675ae2a0c76b9f93" + } ] } ], diff --git a/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json b/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json index 67046b5..7c24fbe 100644 --- a/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json +++ b/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_arm64.spdx.json @@ -4005,6 +4005,12 @@ "referenceType": "purl", "referenceLocator": "pkg:oci/rhel9-go-toolset@sha256:355b1d0a6e12250247d157949dcdc68d8a9508fc027223515a6d4662f4ec03f6?tag=1.19.4-18" } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "355b1d0a6e12250247d157949dcdc68d8a9508fc027223515a6d4662f4ec03f6" + } ] }, { @@ -4020,6 +4026,12 @@ "referenceType": "purl", "referenceLocator": "pkg:oci/rhel@sha256:8d79ed0aaf36d7bf914411aab26e3a78308fe6217ca865ad7cc107c9078bfb12?tag=9.2-1191&repository_url=registry.redhat.io/rhel9-2-els" } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "8d79ed0aaf36d7bf914411aab26e3a78308fe6217ca865ad7cc107c9078bfb12" + } ] } ], diff --git a/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json b/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json index 759dab7..8559d48 100644 --- a/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json +++ b/sbom/examples/container_image/release/kernel-module-management-operator-container-1.1.2-25_ppc64le.spdx.json @@ -4005,6 +4005,12 @@ "referenceType": "purl", "referenceLocator": "pkg:oci/rhel9-go-toolset@sha256:a6b2fd68651aa7d544e53676f99f9017cf241b855bcdc2400d81081bba6f329a?tag=1.19.4-18" } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "b2fd68651aa7d544e53676f99f9017cf241b855bcdc2400d81081bba6f329a" + } ] }, { @@ -4020,6 +4026,12 @@ "referenceType": "purl", "referenceLocator": "pkg:oci/rhel@sha256:cb23b09712fa36dfa2cd39ea60afb439c17fd0fec60a26a59e122618c8a33379?tag=9.2-1191&repository_url=registry.redhat.io/rhel9-2-els" } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "cb23b09712fa36dfa2cd39ea60afb439c17fd0fec60a26a59e122618c8a33379" + } ] } ], diff --git a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json index 020762a..585bee8 100644 --- a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json +++ b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_amd64.spdx.json @@ -490,6 +490,12 @@ "referenceType": "purl", "referenceLocator": "pkg:oci/ubi9@sha256:11d5b4a77bfc15341d4b6dffa3d6ed510189fec9583db77cfc107067b5f906c5?tag=9.4-947" } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "11d5b4a77bfc15341d4b6dffa3d6ed510189fec9583db77cfc107067b5f906c5" + } ] } ], diff --git a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json index bd047e5..c2933d6 100644 --- a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json +++ b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_arm64.spdx.json @@ -490,6 +490,12 @@ "referenceType": "purl", "referenceLocator": "pkg:oci/ubi9@sha256:cad979d0a2eb78699b62efaf4797f51c4781dfc2a17d9bef5a3a2f5d67cc8e8c?tag=9.4-947" } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "cad979d0a2eb78699b62efaf4797f51c4781dfc2a17d9bef5a3a2f5d67cc8e8c" + } ] } ], diff --git a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json index c088dc3..ea15152 100644 --- a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json +++ b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_ppc64le.spdx.json @@ -490,6 +490,12 @@ "referenceType": "purl", "referenceLocator": "pkg:oci/ubi9@sha256:8a3b5f66fcf8335ba23cd4d7210faf794bcf1f05c19ef6365459852f51d06b49?tag=9.4-947" } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "8a3b5f66fcf8335ba23cd4d7210faf794bcf1f05c19ef6365459852f51d06b49" + } ] } ], diff --git a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json index 259c9de..37b3895 100644 --- a/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json +++ b/sbom/examples/container_image/release/ubi9-micro-container-9.4-6.1716471860_s390x.spdx.json @@ -490,6 +490,12 @@ "referenceType": "purl", "referenceLocator": "pkg:oci/ubi9@sha256:dee3c77221eab321e79ad2b0277b91856879a8f5b675a48ad83af26c7a774fb3?tag=9.4-947" } + ], + "checksums": [ + { + "algorithm": "SHA256", + "checksumValue": "dee3c77221eab321e79ad2b0277b91856879a8f5b675a48ad83af26c7a774fb3" + } ] } ],