From 58ccc54d1192a39f7e987dc41887d67ebc1927d7 Mon Sep 17 00:00:00 2001
From: Christian Schneemann <schneemann@b1-systems.de>
Date: Thu, 23 May 2024 21:59:47 +0200
Subject: [PATCH] build-receipe-mkosi support for generate_sbom

Added support for generate_sbom through a finalize script.

Tested with mkosi 22 on Debian Testing.
The used version needs to support configuration dir feature and multiple
scripts of same name (mkosi v18)

Mkosi builds in using tmpfs and other security features and removes
everything after building, so it is not possible to call generate_sbom
after mkosi run on the buildroot.

Content of `/.build` needs to be copied into a place under `/usr`
because most host directories are hidden from mkosi (introduced in mkosi
v20)
---
 build-recipe-mkosi | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/build-recipe-mkosi b/build-recipe-mkosi
index 99159a3f0..d445c4429 100644
--- a/build-recipe-mkosi
+++ b/build-recipe-mkosi
@@ -93,6 +93,33 @@ recipe_build_mkosi() {
     if [ -n "$RELEASE" ]; then
         image_version="--image-version=${RELEASE}"
     fi
+
+    for format in $(queryconfig --dist "$BUILD_DIST" --configdir "$CONFIG_DIR" --archpath "$BUILD_ARCH" buildflags+ sbom | sort -u) ; do
+        # workaround as /.build/ is not available in chroot
+        mkdir -p "$TOPDIR/scripts"
+        cp -r "/.build/" "$TOPDIR/scripts"
+        chmod +x "$TOPDIR/scripts/.build/generate_sbom"
+        mkdir -p $BUILD_ROOT/$TOPDIR/SOURCES/mkosi.conf.d/99-sbom/
+        echo "generating script for sbom $format"
+cat << EOF >> $BUILD_ROOT/$TOPDIR/SOURCES/mkosi.conf.d/99-sbom/mkosi.finalize
+#!/usr/bin/bash
+# script generated by build-receipe-mkosi for sbom buildflags
+echo "Generating $format sbom file"
+imgname="image.${RELEASE}"
+export PERL5LIB="$TOPDIR/scripts/.build"
+$TOPDIR/scripts/.build/generate_sbom \
+  --dist "$TOPDIR/scripts/$BUILD_DIST" \
+  --configdir "$TOPDIR/scripts/$CONFIG_DIR" \
+  --archpath "$BUILD_ARCH" \
+  --format "$format" \
+  --dir \$BUILDROOT  > "\$OUTPUTDIR/\${imgname}${buildnum}.${format/cyclonedx/cdx}.json"
+pushd \$OUTPUTDIR >/dev/null
+/usr/bin/sha256sum "\${imgname}${buildnum}.${format/cyclonedx/cdx}.json" > "\${imgname}${buildnum}.${format/cyclonedx/cdx}.json".sh256
+popd >/dev/null
+EOF
+        chmod +x $BUILD_ROOT/$TOPDIR/SOURCES/mkosi.conf.d/99-sbom/mkosi.finalize
+    done
+
     set -- mkosi \
         --directory "$TOPDIR/SOURCES" \
         --default \