diff --git a/internal/gok/overwrite.go b/internal/gok/overwrite.go index 0516764..23ef2a1 100644 --- a/internal/gok/overwrite.go +++ b/internal/gok/overwrite.go @@ -65,6 +65,11 @@ func init() { } func (r *overwriteImplConfig) run(ctx context.Context, args []string, stdout, stderr io.Writer) error { + fileCfg, err := config.ReadFromFile() + if err != nil { + return err + } + cfg, err := config.ReadFromFile() if err != nil { return err @@ -121,8 +126,9 @@ func (r *overwriteImplConfig) run(ctx context.Context, args []string, stdout, st } pack := &packer.Pack{ - Cfg: cfg, - Output: &output, + FileCfg: fileCfg, + Cfg: cfg, + Output: &output, } pack.Main("gokrazy gok") diff --git a/internal/gok/sbom.go b/internal/gok/sbom.go index 8757389..c7808be 100644 --- a/internal/gok/sbom.go +++ b/internal/gok/sbom.go @@ -58,6 +58,11 @@ func (r *sbomConfig) run(ctx context.Context, args []string, stdout, stderr io.W updateflag.SetUpdate("yes") + // GenerateSBOM() must be provided with a cfg + // that hasn't been modified by gok at runtime, + // as the SBOM should reflect what’s going into gokrazy, + // not its internal implementation details + // (i.e. cfg.InternalCompatibilityFlags untouched). sbomMarshaled, sbomWithHash, err := packer.GenerateSBOM(cfg) if os.IsNotExist(err) { // Common case, handle with a good error message diff --git a/internal/gok/update.go b/internal/gok/update.go index 320a4a4..0c91975 100644 --- a/internal/gok/update.go +++ b/internal/gok/update.go @@ -45,6 +45,11 @@ func init() { } func (r *updateImplConfig) run(ctx context.Context, args []string, stdout, stderr io.Writer) error { + fileCfg, err := config.ReadFromFile() + if err != nil { + return err + } + cfg, err := config.ReadFromFile() if err != nil { return err @@ -77,7 +82,8 @@ func (r *updateImplConfig) run(ctx context.Context, args []string, stdout, stder } pack := &packer.Pack{ - Cfg: cfg, + FileCfg: fileCfg, + Cfg: cfg, } pack.Main("gokrazy gok") diff --git a/internal/oldpacker/oldpacker.go b/internal/oldpacker/oldpacker.go index d715b48..2c00a37 100644 --- a/internal/oldpacker/oldpacker.go +++ b/internal/oldpacker/oldpacker.go @@ -225,7 +225,8 @@ func logic(instanceDir string) error { } pack := &internalpacker.Pack{ - Cfg: &cfg, + FileCfg: &cfg, + Cfg: &cfg, } pack.Main("gokrazy packer") diff --git a/internal/packer/gaf.go b/internal/packer/gaf.go index e6955a4..996feed 100644 --- a/internal/packer/gaf.go +++ b/internal/packer/gaf.go @@ -49,7 +49,12 @@ func (p *Pack) overwriteGaf(root *FileInfo) error { return err } - sbomMarshaled, _, err := GenerateSBOM(p.Cfg) + // GenerateSBOM() must be provided with a cfg + // that hasn't been modified by gok at runtime, + // as the SBOM should reflect what’s going into gokrazy, + // not its internal implementation details + // (i.e. cfg.InternalCompatibilityFlags untouched). + sbomMarshaled, _, err := GenerateSBOM(p.FileCfg) if err != nil { return err } diff --git a/internal/packer/packer.go b/internal/packer/packer.go index 1c91ee3..78dc988 100644 --- a/internal/packer/packer.go +++ b/internal/packer/packer.go @@ -978,8 +978,11 @@ type OutputStruct struct { type Pack struct { packer.Pack - Cfg *config.Struct - Output *OutputStruct + // FileCfg holds an untouched copy + // of the config file, as it was read from disk. + FileCfg *config.Struct + Cfg *config.Struct + Output *OutputStruct } func filterGoEnv(env []string) []string { @@ -1366,10 +1369,16 @@ func (pack *Pack) logic(programName string) error { FromLiteral: update.HTTPSPort, }) - sbom, _, err := GenerateSBOM(cfg) + // GenerateSBOM() must be provided with a cfg + // that hasn't been modified by gok at runtime, + // as the SBOM should reflect what’s going into gokrazy, + // not its internal implementation details + // (i.e. cfg.InternalCompatibilityFlags untouched). + sbom, _, err := GenerateSBOM(pack.FileCfg) if err != nil { return err } + etcGokrazy := &FileInfo{Filename: "gokrazy"} etcGokrazy.Dirents = append(etcGokrazy.Dirents, &FileInfo{ Filename: "sbom.json", diff --git a/internal/packer/sbom.go b/internal/packer/sbom.go index d8bb143..f65e7e8 100644 --- a/internal/packer/sbom.go +++ b/internal/packer/sbom.go @@ -48,6 +48,10 @@ type SBOMWithHash struct { // GenerateSBOM generates a Software Bills Of Material (SBOM) for the // local gokrazy instance. +// It must be provided with a cfg that hasn't been modified by gok at runtime, +// as the SBOM should reflect what’s going into gokrazy, +// not its internal implementation details +// (i.e. cfg.InternalCompatibilityFlags untouched). func GenerateSBOM(cfg *config.Struct) ([]byte, SBOMWithHash, error) { wd, err := os.Getwd() if err != nil {