mirror/openwrt
1
0
Fork 0
mirror of https://git.openwrt.org/openwrt/openwrt.git synced 2024-10-18 05:18:14 +02:00
Code Issues
2ded629864
openwrt/scripts
History
Roman Azarenko 2ded629864 build: add explicit timezone in CycloneDX SBOM 
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Per the CycloneDX 1.4 spec, the `metadata.timestamp` field contains
the date/time when the BOM was created [1].

Before the change, the value generated by the package-metadata.pl
script would look like this:

	2024-06-03T15:51:10

CycloneDX 1.4 relies on the JSON Schema specification version draft-07,
which defines the `date-time` format [2] as derived from RFC 3339,
section 5.6 [3]. In this format, the `time-offset` component is required,
however in the original version of package-metadata.pl it is omitted.

This is causing problems with OWASP Dependency-Track version 4.11.0 or
newer, where it now validates submitted SBOMs against the JSON schema
by default [4]. SBOMs with incorrect timestamp values are rejected with
the following error:

	{
	    "detail": "Schema validation failed",
	    "errors": [
	        "$.metadata.timestamp: 2024-06-03T15:51:10 is an invalid date-time"
	    ],
	    "status": 400,
	    "title": "The uploaded BOM is invalid"
	}

Add explicit `Z` (UTC) timezone offset in the `timestamp` field
to satisfy the CycloneDX schema.

[1]: https://github.com/CycloneDX/specification/blob/1.4/schema/bom-1.4.schema.json#L116-L121
[2]: https://json-schema.org/draft-07/draft-handrews-json-schema-validation-01#rfc.section.7.3.1
[3]: https://datatracker.ietf.org/doc/html/rfc3339#section-5.6
[4]: https://github.com/DependencyTrack/dependency-track/pull/3522

Signed-off-by: Roman Azarenko <roman.azarenko@iopsys.eu>
2024-06-07 12:05:49 +02:00
..
config build: scripts/config - update to kconfig-v6.6.16 2024-03-01 19:02:00 +01:00
flashing scripts: eva_ramboot.py: remove unused import 2021-10-30 15:00:22 +02:00
brcmImage.pl merge: targets: update image generation and targets 2017-12-08 19:41:18 +01:00
bundle-libraries.sh scripts: bundle-libraries.sh: fix broken SDK compiler 2020-11-02 08:39:49 +01:00
cameo-imghdr.py scripts: add cameo image header generator 2022-06-28 22:20:09 +02:00
cameo-tag.py scripts: fix CAMEO tag generator 2022-07-05 10:18:06 +02:00
cfe-bin-header.py scripts: cfe-bin-header: fix shebang 2020-05-19 08:05:22 +02:00
cfe-partition-tag.py scripts: format to black 2022-04-16 14:53:17 +02:00
cfe-wfi-tag.py scripts: format to black 2022-04-16 14:53:17 +02:00
check-toolchain-clean.sh check-toolchain-clean.sh: workaround stray rebuilds 2022-02-28 15:17:11 +01:00
checkpatch.pl scripts: fix various typos 2021-10-31 21:24:47 +01:00
clean-package.sh build: Fix directory symlinks not removed when cleaning STAGING_DIR 2020-03-01 21:35:59 +01:00
cleanfile build: remove absolute path to perl and replace with /usr/bin/env perl 2017-05-02 14:33:58 +02:00
cleanpatch build: remove absolute path to perl and replace with /usr/bin/env perl 2017-05-02 14:33:58 +02:00
combined-ext-image.sh build: introduce $(MKHASH) 2021-05-13 15:13:15 +02:00
combined-image.sh build: introduce $(MKHASH) 2021-05-13 15:13:15 +02:00
command_all.sh treewide: drop use of which 2022-01-17 09:14:26 +01:00
config.guess scripts: config.guess: update to 2021-05-24 2021-05-29 13:03:07 +02:00
config.rpath add config.rpath and link it in autotools.mk if missing, some packages might need it, especially users of lib-link.m4 or iconv.m4 2011-02-27 15:39:27 +00:00
config.sub scripts: config.guess: update to 2021-05-24 2021-05-29 13:03:07 +02:00
const_structs.checkpatch scripts: add const_structs.checkpatch for checkpatch.pl 2020-11-18 21:50:58 +01:00
deptest.sh scripts: avoid hard-coded paths in scripts 2016-04-28 16:43:28 +02:00
diffconfig.sh scripts/diffconfig.sh: ensure config/conf is built 2022-02-26 13:36:30 +01:00
dl_cleanup.py scripts: add .tar.zst to dl_cleanup extensions 2024-04-06 17:07:32 +03:00
dl_github_archive.py scripts/dl_github_archive: use tar -I for ZSTD 2024-04-09 18:39:36 +02:00
download.pl scripts: Add GNU ftp mirror redirector for GNU and Savannah 2024-05-29 11:19:08 +02:00
dump-target-info.pl scripts/dump-target-info.pl: add new function to DUMP devices 2023-11-15 10:59:23 +01:00
env scripts/env: fix env for git conf init.defaultBranch not set to "master" 2021-11-13 10:29:41 -10:00
ext-toolchain.sh scripts/ext-toolchain: implement external GCC version detection 2023-10-20 16:13:31 +02:00
ext-tools.sh scripts: ext-tools: add option to only refresh timestamps 2023-01-23 19:18:05 +01:00
feeds build: add APK package build capabilities 2024-05-17 23:21:26 +03:00
fixup-makefile.pl fixup-makefile.pl: fixup when PKG_SOURCE is defined elsewhere 2018-07-05 01:30:57 +08:00
functions.sh images: Fix sysupgrade.tar for devices with NOR flash 2020-12-22 19:11:50 +01:00
gen_image_generic.sh scripts: gen_image_generic: allow the partition types to be set 2023-06-02 11:36:13 +02:00
gen-dependencies.sh scripts/gen-dependencies.sh: use /bin/sh 2020-01-01 17:01:02 +01:00
get_source_date_epoch.sh build: add explicit --no-show-signature for git 2024-02-20 20:57:53 +01:00
getver.sh scripts: fix revision calculation using new "main" branch 2024-05-21 17:53:33 +02:00
ipkg-build scripts: fix installed-size calculation 2024-01-08 14:08:06 +01:00
ipkg-make-index.sh Revert "scripts: run ipkg-make-index through shellcheck" 2023-05-09 21:32:26 +02:00
ipkg-remove scripts: ipkg-remove: handle existing .ipk files without SourceName field 2019-01-21 16:35:40 +01:00
json_add_image_info.py build: fix generation of large .vdi images 2023-07-15 17:02:42 +02:00
json_overview_image_info.py build: ensure silent Make behavior for json scripts 2024-01-05 16:25:14 +01:00
kconfig.pl scripts/kconfig.pl: allow regex syntax in filtering out config entries 2020-11-13 13:17:53 +01:00
kernel_bump.sh scripts/kernel_bump: Fix commit text formatting 2024-04-29 00:24:02 +02:00
make-ipkg-dir.sh branding: add LEDE branding 2016-03-24 22:40:13 +01:00
md5sum improve support for building on mac os x by improving detection of missing components 2009-01-25 19:00:43 +00:00
metadata.pm packages: store URL in Manifest 2024-01-08 14:06:38 +01:00
mkhash.c mkhash: fix build errors on FreeBSD 13.0 2022-03-05 18:01:04 +01:00
mkits-qsdk-ipq-image.sh build: add helpers for generating QSDK sysupgrade compatible images 2019-02-25 17:36:16 +01:00
mkits-zyxel-fit-filogic.sh mediatek: add support for ZyXEL NWA50AX Pro 2023-07-21 20:28:13 +02:00
mkits-zyxel-fit.sh ramips: add support for ZyXEL NWA50AX / NWA55AXE 2022-07-20 21:52:06 +02:00
mkits.sh scripts/mkits.sh: DT overlays don't need a loadaddr 2023-07-12 19:02:08 +01:00
moxa-encode-fw.py ath79: Add support for MOXA AWK-1137C 2023-06-25 12:59:26 +02:00
netgear-encrypted-factory.py image: add additional fields to Netgear encrypted image 2023-07-01 14:42:11 +02:00
noop.sh build: replace true with a custom noop script 2023-11-03 23:06:07 +01:00
om-fwupgradecfg-gen.sh build: introduce $(MKHASH) 2021-05-13 15:13:15 +02:00
package-metadata.pl build: add explicit timezone in CycloneDX SBOM 2024-06-07 12:05:49 +02:00
pad_image scripts: fix various typos 2021-10-31 21:24:47 +01:00
patch-kernel.sh build: fix shebang line 2024-02-28 12:31:33 +08:00
patch-specs.sh toolchain: Add GCC 9.1.0 release 2019-06-16 16:40:08 +02:00
portable_date.sh scripts: fix GNU data invocation 2016-02-01 10:43:27 +00:00
qemustart scripts: qemustart: Fix x86/legacy bootup 2023-08-14 23:37:04 +02:00
redboot-script.pl scripts: avoid hard-coded paths in scripts 2016-04-28 16:43:28 +02:00
relink-lib.sh base-files: relink uclibc and libgcc libraries to remove leftovers of the statically linked initial libgcc saves a few kb and gets rid of unused not exported functions as well should also improve the reliability of mklibs 2011-03-01 05:40:38 +00:00
remote-gdb Fix handling of BUILD_SUFFIX in remote-gdb script 2019-09-01 18:38:05 +02:00
rstrip.sh scripts/rstrip.sh: ignore /lib/firmware 2024-01-22 13:01:31 +01:00
sercomm-crypto.py scripts: support Sercomm crypto 2020-06-02 08:37:54 +02:00
sercomm-kernel-header.py scripts: sercomm-kernel-header.py: improve compatibility 2023-06-11 13:36:38 +08:00
sercomm-partition-tag.py scripts: support Sercomm partition tags 2020-06-02 08:33:11 +02:00
sercomm-payload.py scripts: sercomm-payload: add PID file support 2023-04-09 09:55:57 +02:00
sercomm-pid.py scripts: sercomm-pid.py: use uppercase hwid in pid 2023-11-25 01:11:18 +01:00
sign_images.sh scripts: fix various typos 2021-10-31 21:24:47 +01:00
size_compare.sh scripts: size_compare: print a grand total 2023-02-03 21:22:49 +01:00
slugimage.pl scripts: fix various typos 2021-10-31 21:24:47 +01:00
spelling.txt scripts: add spelling.txt for checkpatch.pl 2020-11-12 18:21:55 +01:00
srecimage.pl treewide: replace jow@openwrt.org with jo@mein.io 2016-06-07 11:42:52 +02:00
strip-kmod.sh scripts/strip-kmod.sh: harmonize leading whitespaces 2019-12-31 11:41:07 +01:00
symlink-tree.sh scripts/symlink-tree.sh: use /bin/sh 2019-12-31 11:43:15 +01:00
sysupgrade-tar.sh images: fix boot failures on NAND with small sub pages 2019-09-14 11:43:19 +02:00
target-metadata.pl base-files: add eMMC sysupgrade support 2021-12-02 20:42:58 +00:00
time.pl scripts: time.pl: Don't print the time on stderr 2019-07-03 07:45:00 +02:00
timestamp.pl fix timestamp checks for build system paths which have '.svn' in their directory name 2010-04-14 22:21:15 +00:00
ubinize-image.sh scripts: ubinize-image.sh: fix support for static volume 2024-04-24 02:32:22 +01:00
xxdi.pl scripts: xxdi.pl: add xxd -i compat mode 2022-09-06 08:04:53 +02:00