Skip to content

Commit ea5be69

Browse files
Avus-cAvus-c
authored
Merge pull request #5 from sodgeit/feature/multiple-FileType-fields
support for multiple file type fields and a corresponding verifier
2 parents 2ce33c7 + aa60154 commit ea5be69

File tree

3 files changed

+45
-24
lines changed

3 files changed

+45
-24
lines changed

cmake/sbom.cmake

+42-21
Original file line numberDiff line numberDiff line change
@@ -588,11 +588,20 @@ function(sbom_finalize)
588588
set_property(GLOBAL PROPERTY sbom_project "")
589589
endfunction()
590590

591+
function(_sbom_verify_filetype FILETYPE)
592+
# https://spdx.github.io/spdx-spec/v2.3/file-information/#83-file-type-field
593+
set(valid_entries "SOURCE" "BINARY" "ARCHIVE" "APPLICATION" "AUDIO" "IMAGE" "TEXT" "VIDEO" "DOCUMENTATION" "SPDX" "OTHER")
594+
list(FIND valid_entries "${FILETYPE}" _index)
595+
if(${_index} EQUAL -1)
596+
message(FATAL_ERROR "Invalid FILETYPE: ${FILETYPE}")
597+
endif()
598+
endfunction()
599+
591600
# Append a file to the SBOM. Use this after calling sbom_generate().
592601
function(_sbom_file)
593602
set(options OPTIONAL)
594-
set(oneValueArgs FILENAME FILETYPE RELATIONSHIP SPDXID)
595-
set(multiValueArgs)
603+
set(oneValueArgs FILENAME RELATIONSHIP SPDXID)
604+
set(multiValueArgs FILETYPE)
596605
cmake_parse_arguments(SBOM_FILE "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
597606

598607
if(SBOM_FILE_UNPARSED_ARGUMENTS)
@@ -603,6 +612,14 @@ function(_sbom_file)
603612
message(FATAL_ERROR "Missing FILENAME argument")
604613
endif()
605614

615+
if(NOT DEFINED SBOM_FILE_FILETYPE)
616+
message(FATAL_ERROR "Missing FILETYPE argument")
617+
endif()
618+
619+
foreach(_filetype ${SBOM_FILE_FILETYPE})
620+
_sbom_verify_filetype("${_filetype}")
621+
endforeach()
622+
606623
sbom_spdxid(
607624
VARIABLE SBOM_FILE_SPDXID
608625
CHECK "${SBOM_FILE_SPDXID}"
@@ -614,10 +631,6 @@ function(_sbom_file)
614631
PARENT_SCOPE
615632
)
616633

617-
if("${SBOM_FILE_FILETYPE}" STREQUAL "")
618-
message(FATAL_ERROR "Missing FILETYPE argument")
619-
endif()
620-
621634
if("${SBOM_FILE_RELATIONSHIP}" STREQUAL "")
622635
set(SBOM_FILE_RELATIONSHIP "SPDXRef-${_sbom_project} CONTAINS ${SBOM_FILE_SPDXID}")
623636
else()
@@ -631,29 +644,37 @@ function(_sbom_file)
631644
OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${SBOM_FILE_SPDXID}.cmake
632645
CONTENT
633646
"
634-
cmake_policy(SET CMP0011 NEW)
635-
cmake_policy(SET CMP0012 NEW)
636-
if(NOT EXISTS ${CMAKE_INSTALL_PREFIX}/${SBOM_FILE_FILENAME})
637-
if(NOT ${SBOM_FILE_OPTIONAL})
638-
message(FATAL_ERROR \"Cannot find ${SBOM_FILE_FILENAME}\")
639-
endif()
640-
else()
641-
file(SHA1 ${CMAKE_INSTALL_PREFIX}/${SBOM_FILE_FILENAME} _sha1)
642-
list(APPEND SBOM_VERIFICATION_CODES \${_sha1})
643-
file(APPEND \"${PROJECT_BINARY_DIR}/sbom/sbom.spdx.in\"
647+
cmake_policy(SET CMP0011 NEW)
648+
cmake_policy(SET CMP0012 NEW)
649+
if(NOT EXISTS ${CMAKE_INSTALL_PREFIX}/${SBOM_FILE_FILENAME})
650+
if(NOT ${SBOM_FILE_OPTIONAL})
651+
message(FATAL_ERROR \"Cannot find ${SBOM_FILE_FILENAME}\")
652+
endif()
653+
else()
654+
file(SHA1 ${CMAKE_INSTALL_PREFIX}/${SBOM_FILE_FILENAME} _sha1)
655+
list(APPEND SBOM_VERIFICATION_CODES \${_sha1})
656+
file(APPEND \"${PROJECT_BINARY_DIR}/sbom/sbom.spdx.in\"
644657
\"
645658
FileName: ./${SBOM_FILE_FILENAME}
646659
SPDXID: ${SBOM_FILE_SPDXID}
647-
FileType: ${SBOM_FILE_FILETYPE}
648-
FileChecksum: SHA1: \${_sha1}
660+
\"
661+
)
662+
foreach(_filetype ${SBOM_FILE_FILETYPE})
663+
file(APPEND \"${PROJECT_BINARY_DIR}/sbom/sbom.spdx.in\"
664+
\"FileType: \${_filetype}
665+
\"
666+
)
667+
endforeach()
668+
file(APPEND \"${PROJECT_BINARY_DIR}/sbom/sbom.spdx.in\"
669+
\"FileChecksum: SHA1: \${_sha1}
649670
LicenseConcluded: NOASSERTION
650671
LicenseInfoInFile: NOASSERTION
651672
FileCopyrightText: NOASSERTION
652673
Relationship: ${SBOM_FILE_RELATIONSHIP}
653674
\"
654-
)
655-
endif()
656-
"
675+
)
676+
endif()
677+
"
657678
)
658679

659680
install(SCRIPT ${CMAKE_CURRENT_BINARY_DIR}/${SBOM_FILE_SPDXID}.cmake)

example/CMakeLists.txt

+1-1
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,7 @@ sbom_add(TARGET example)
6464
install(FILES ${PROJECT_BINARY_DIR}/version.txt DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/example)
6565

6666
# Mention the version file in the SBOM.
67-
sbom_add(FILENAME ${CMAKE_INSTALL_DATAROOTDIR}/example/version.txt FILETYPE DOCUMENTATION)
67+
sbom_add(FILENAME ${CMAKE_INSTALL_DATAROOTDIR}/example/version.txt FILETYPE DOCUMENTATION TEXT)
6868

6969
# Trigger SBOM finalization and verification.
7070
sbom_finalize()

readme.md

+2-2
Original file line numberDiff line numberDiff line change
@@ -158,14 +158,14 @@ Add something to the SBOM.
158158
```cmake
159159
sbom_add(
160160
FILENAME <filename>
161-
FILETYPE <type>
161+
FILETYPE <type> [type2 ...]
162162
[RELATIONSHIP <string>]
163163
[SPDXID <id>]
164164
)
165165
```
166166

167167
- `FILENAME`: The file to add. It should be a relative path from `CMAKE_INSTALL_PREFIX`. Generator expressions are allowed.
168-
- `FILETYPE`: The SPDX File Type. Refer to the [SPDX specification](https://spdx.github.io/spdx-spec/v2.3/).
168+
- `FILETYPE`: One or more file types. Refer to the [SPDX specification Clause 8.3](https://spdx.github.io/spdx-spec/v2.3/file-information/#83-file-type-field).
169169
- `RELATIONSHIP`: A relationship definition related to this file. The string `@SBOM_LAST_SPDXID@` will be replaced by the SPDXID that is used for this SBOM item. Refer to the [SPDX specification](https://spdx.github.io/spdx-spec/v2.3/).
170170
- `SPDXID`: The ID to use for identifier generation. By default, generate a new one. Whether or not this is specified, the variable `SBOM_LAST_SPDXID` is set to just generated/used SPDXID, which could be used for later relationship definitions.
171171

0 commit comments

Comments
 (0)