make-sbom.m4 (4117B)
1 AC_DEFUN([MHD_GENERATE_SBOM3], [ 2 3 AC_CHECK_PROG([HAVE_JQ], [jq], [yes], [no]) 4 AC_CHECK_PROG([HAVE_PKG_CONFIG], [pkg-config], [yes], [no]) 5 6 if test "x$HAVE_JQ" = "xyes"; 7 then 8 AC_MSG_NOTICE([jq found, generating SBOM v3]) 9 10 jq --arg ver "$PACKAGE_VERSION" ' 11 .elements[[0]].versionInfo=$ver' \ 12 < "$srcdir/libmicrohttpd-spdx.json.in" \ 13 > libmicrohttpd-spdx.json 14 15 for l in $1; 16 do 17 AC_MSG_NOTICE([processing $l]) 18 19 AS_CASE([$l], 20 [-lssl], [:], 21 [-lcrypto], [ 22 dep_ver=UNKNOWN 23 if test "x$HAVE_PKG_CONFIG" = "xyes" && pkg-config --exists openssl; 24 then 25 dep_ver=`pkg-config --modversion openssl 2>/dev/null` 26 fi 27 jqprog=' 28 .elements += [[{ 29 type:"Package", 30 SPDXID:"SPDXRef-Package-OpenSSL", 31 name:"OpenSSL", 32 versionInfo:$ver, 33 downloadLocation: "https://github.com/openssl/openssl/releases/download/", 34 homepage: "https://openssl.org/", 35 licenseConcluded: "OpenSSL-3.0", 36 licenseDeclared: "OpenSSL-3.0" 37 }]] | 38 .relationships += [[{ 39 type:"Relationship", 40 SPDXID:"SPDXRef-Rel-OpenSSL", 41 relationshipType:"DEPENDS_ON", 42 from:"SPDXRef-Package-libmicrohttpd2", 43 to:"SPDXRef-Package-OpenSSL" 44 }]]' 45 jq --arg ver "$dep_ver" "$jqprog" \ 46 < libmicrohttpd-spdx.json \ 47 > libmicrohttpd-spdx.json.tmp && 48 mv libmicrohttpd-spdx.json.tmp libmicrohttpd-spdx.json 49 ], 50 [-lgnutls], [ 51 dep_ver=UNKNOWN 52 if test "x$HAVE_PKG_CONFIG" = "xyes" && pkg-config --exists gnutls; 53 then 54 dep_ver=`pkg-config --modversion gnutls 2>/dev/null` 55 fi 56 57 jqprog=' 58 .elements += [[{ 59 type:"Package", 60 SPDXID:"SPDXRef-Package-GnuTLS", 61 name:"GnuTLS", 62 versionInfo:$ver, 63 downloadLocation : "https://www.gnupg.org/ftp/gcrypt/gnutls/", 64 homepage: "https://gnutls.org/", 65 licenseConcluded: "LGPL-2.1-or-later", 66 licenseDeclared: "LGPL-2.1-or-later" 67 }]] | 68 .relationships += [[{ 69 type:"Relationship", 70 SPDXID:"SPDXRef-Rel-GnuTLS", 71 relationshipType:"DEPENDS_ON", 72 from:"SPDXRef-Package-libmicrohttpd2", 73 to:"SPDXRef-Package-GnuTLS" 74 }]]' 75 jq --arg ver "$dep_ver" "$jqprog" \ 76 < libmicrohttpd-spdx.json \ 77 > libmicrohttpd-spdx.json.tmp && 78 mv libmicrohttpd-spdx.json.tmp libmicrohttpd-spdx.json 79 ], 80 [-lmbedtls], [ 81 dep_ver=UNKNOWN 82 if test "x$HAVE_PKG_CONFIG" = "xyes" && pkg-config --exists mbedtls; 83 then 84 dep_ver=`pkg-config --modversion mbedtls 2>/dev/null` 85 fi 86 87 jqprog=' 88 .elements += [[{ 89 type:"Package", 90 SPDXID:"SPDXRef-Package-mbedTLS", 91 name:"mbedTLS", 92 versionInfo:$ver, 93 homepage: "https://www.trustedfirmware.org/projects/mbed-tls/", 94 downloadLocation: "https://github.com/Mbed-TLS/mbedtls", 95 licenseConcluded: "Apache-2.0", 96 licenseDeclared: "Apache-2.0" 97 }]] | 98 .relationships += [[{ 99 type:"Relationship", 100 SPDXID:"SPDXRef-Rel-mbedTLS", 101 relationshipType:"DEPENDS_ON", 102 from:"SPDXRef-Package-libmicrohttpd2", 103 to:"SPDXRef-Package-mbedTLS" 104 }]]' 105 jq --arg ver "$dep_ver" "$jqprog" \ 106 < libmicrohttpd-spdx.json \ 107 > libmicrohttpd-spdx.json.tmp && 108 mv libmicrohttpd-spdx.json.tmp libmicrohttpd-spdx.json 109 ], 110 [-lpthread], [:] 111 ) 112 done 113 114 AC_MSG_NOTICE([SBOM written to libmicrohttpd-spdx.json]) 115 else 116 AC_MSG_WARN([jq not available, only dumping incomplete SBOM template]) 117 cp "$srcdir/libmicrohttpd-spdx.json.in" libmicrohttpd-spdx.json 118 fi 119 ])