docker-library
/
rabbitmq
mirror of https://github.com/docker-library/rabbitmq.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove manual SBOMs 

Syft is now detecting OpenSSL and Erlanf binaries and rabbitmq erlang package
This commit is contained in:
Laurent Goderre 2024-05-01 14:59:15 -04:00
parent 1f3e8ebea6
commit 8eeb831c64
8 changed files with 6 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,2 +1 @@
.jq-template.awk
.template-helper-functions.jq

8
3.12/alpine/Dockerfile generated
View File

@ -5,7 +5,6 @@
#
# Alpine Linux is not officially supported by the RabbitMQ team -- use at your own risk!
FROM alpine:3.19 as build-base
RUN apk add --no-cache \
@ -201,10 +200,7 @@ ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX
RUN echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"erlang-sbom","packages":[{"name":"erlang","versionInfo":"25.3.2.12","SPDXID":"SPDXRef-Package--erlang","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/erlang@25.3.2.12?os_name=alpine&os_version=3.19"}],"licenseDeclared":"Apache-2.0"}]}' > $ERLANG_INSTALL_PATH_PREFIX/erlang.spdx.json
COPY --from=openssl-builder $OPENSSL_INSTALL_PATH_PREFIX $OPENSSL_INSTALL_PATH_PREFIX
RUN echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"openssl-sbom","packages":[{"name":"openssl","versionInfo":"3.1.5","SPDXID":"SPDXRef-Package--openssl","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/openssl@3.1.5?os_name=alpine&os_version=3.19"}],"licenseDeclared":"Apache-2.0"}]}' > $OPENSSL_INSTALL_PATH_PREFIX/openssl.spdx.json
ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$OPENSSL_INSTALL_PATH_PREFIX/bin:$PATH
@ -303,9 +299,7 @@ RUN set -eux; \
su-exec rabbitmq rabbitmqctl list_ciphers; \
su-exec rabbitmq rabbitmq-plugins list; \
# no stale cookies
rm "$RABBITMQ_DATA_DIR/.erlang.cookie";\
\
echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"rabbitmq-sbom","packages":[{"name":"rabbitmq","versionInfo":"3.12.13","SPDXID":"SPDXRef-Package--rabbitmq","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/rabbitmq@3.12.13?os_name=alpine&os_version=3.19"}],"licenseDeclared":"MPL-2.0 AND Apache-2.0"}]}' > $RABBITMQ_HOME/rabbitmq.spdx.json;
rm "$RABBITMQ_DATA_DIR/.erlang.cookie"
# Enable Prometheus-style metrics by default (https://github.com/docker-library/rabbitmq/issues/419)
RUN su-exec rabbitmq rabbitmq-plugins enable --offline rabbitmq_prometheus

8
3.12/ubuntu/Dockerfile generated
View File

@ -6,7 +6,6 @@
# The official Canonical Ubuntu Focal image is ideal from a security perspective,
# especially for the enterprises that we, the RabbitMQ team, have to deal with
FROM ubuntu:22.04 as build-base
ARG BUILDKIT_SBOM_SCAN_STAGE=true
@ -200,10 +199,7 @@ FROM ubuntu:22.04
ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX
RUN echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"erlang-sbom","packages":[{"name":"erlang","versionInfo":"25.3.2.12","SPDXID":"SPDXRef-Package--erlang","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/erlang@25.3.2.12?os_name=ubuntu&os_version=22.04"}],"licenseDeclared":"Apache-2.0"}]}' > $ERLANG_INSTALL_PATH_PREFIX/erlang.spdx.json
COPY --from=openssl-builder $OPENSSL_INSTALL_PATH_PREFIX $OPENSSL_INSTALL_PATH_PREFIX
RUN echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"openssl-sbom","packages":[{"name":"openssl","versionInfo":"3.1.5","SPDXID":"SPDXRef-Package--openssl","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/openssl@3.1.5?os_name=ubuntu&os_version=22.04"}],"licenseDeclared":"Apache-2.0"}]}' > $OPENSSL_INSTALL_PATH_PREFIX/openssl.spdx.json
ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$OPENSSL_INSTALL_PATH_PREFIX/bin:$PATH
@ -297,9 +293,7 @@ RUN set -eux; \
gosu rabbitmq rabbitmqctl list_ciphers; \
gosu rabbitmq rabbitmq-plugins list; \
# no stale cookies
rm "$RABBITMQ_DATA_DIR/.erlang.cookie"; \
\
echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"rabbitmq-sbom","packages":[{"name":"rabbitmq","versionInfo":"3.12.13","SPDXID":"SPDXRef-Package--rabbitmq","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/rabbitmq@3.12.13?os_name=ubuntu&os_version=22.04"}],"licenseDeclared":"MPL-2.0 AND Apache-2.0"}]}' > $RABBITMQ_HOME/rabbitmq.spdx.json
rm "$RABBITMQ_DATA_DIR/.erlang.cookie"
# Enable Prometheus-style metrics by default (https://github.com/docker-library/rabbitmq/issues/419)
RUN gosu rabbitmq rabbitmq-plugins enable --offline rabbitmq_prometheus

8
3.13/alpine/Dockerfile generated
View File

@ -5,7 +5,6 @@
#
# Alpine Linux is not officially supported by the RabbitMQ team -- use at your own risk!
FROM alpine:3.19 as build-base
RUN apk add --no-cache \
@ -201,10 +200,7 @@ ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX
RUN echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"erlang-sbom","packages":[{"name":"erlang","versionInfo":"26.2.5","SPDXID":"SPDXRef-Package--erlang","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/erlang@26.2.5?os_name=alpine&os_version=3.19"}],"licenseDeclared":"Apache-2.0"}]}' > $ERLANG_INSTALL_PATH_PREFIX/erlang.spdx.json
COPY --from=openssl-builder $OPENSSL_INSTALL_PATH_PREFIX $OPENSSL_INSTALL_PATH_PREFIX
RUN echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"openssl-sbom","packages":[{"name":"openssl","versionInfo":"3.1.5","SPDXID":"SPDXRef-Package--openssl","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/openssl@3.1.5?os_name=alpine&os_version=3.19"}],"licenseDeclared":"Apache-2.0"}]}' > $OPENSSL_INSTALL_PATH_PREFIX/openssl.spdx.json
ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$OPENSSL_INSTALL_PATH_PREFIX/bin:$PATH
@ -303,9 +299,7 @@ RUN set -eux; \
su-exec rabbitmq rabbitmqctl list_ciphers; \
su-exec rabbitmq rabbitmq-plugins list; \
# no stale cookies
rm "$RABBITMQ_DATA_DIR/.erlang.cookie";\
\
echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"rabbitmq-sbom","packages":[{"name":"rabbitmq","versionInfo":"3.13.2","SPDXID":"SPDXRef-Package--rabbitmq","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/rabbitmq@3.13.2?os_name=alpine&os_version=3.19"}],"licenseDeclared":"MPL-2.0 AND Apache-2.0"}]}' > $RABBITMQ_HOME/rabbitmq.spdx.json;
rm "$RABBITMQ_DATA_DIR/.erlang.cookie"
# Enable Prometheus-style metrics by default (https://github.com/docker-library/rabbitmq/issues/419)
RUN su-exec rabbitmq rabbitmq-plugins enable --offline rabbitmq_prometheus

8
3.13/ubuntu/Dockerfile generated
View File

@ -6,7 +6,6 @@
# The official Canonical Ubuntu Focal image is ideal from a security perspective,
# especially for the enterprises that we, the RabbitMQ team, have to deal with
FROM ubuntu:22.04 as build-base
ARG BUILDKIT_SBOM_SCAN_STAGE=true
@ -200,10 +199,7 @@ FROM ubuntu:22.04
ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX
RUN echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"erlang-sbom","packages":[{"name":"erlang","versionInfo":"26.2.5","SPDXID":"SPDXRef-Package--erlang","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/erlang@26.2.5?os_name=ubuntu&os_version=22.04"}],"licenseDeclared":"Apache-2.0"}]}' > $ERLANG_INSTALL_PATH_PREFIX/erlang.spdx.json
COPY --from=openssl-builder $OPENSSL_INSTALL_PATH_PREFIX $OPENSSL_INSTALL_PATH_PREFIX
RUN echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"openssl-sbom","packages":[{"name":"openssl","versionInfo":"3.1.5","SPDXID":"SPDXRef-Package--openssl","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/openssl@3.1.5?os_name=ubuntu&os_version=22.04"}],"licenseDeclared":"Apache-2.0"}]}' > $OPENSSL_INSTALL_PATH_PREFIX/openssl.spdx.json
ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$OPENSSL_INSTALL_PATH_PREFIX/bin:$PATH
@ -297,9 +293,7 @@ RUN set -eux; \
gosu rabbitmq rabbitmqctl list_ciphers; \
gosu rabbitmq rabbitmq-plugins list; \
# no stale cookies
rm "$RABBITMQ_DATA_DIR/.erlang.cookie"; \
\
echo '{"spdxVersion":"SPDX-2.3","SPDXID":"SPDXRef-DOCUMENT","name":"rabbitmq-sbom","packages":[{"name":"rabbitmq","versionInfo":"3.13.2","SPDXID":"SPDXRef-Package--rabbitmq","externalRefs":[{"referenceCategory":"PACKAGE-MANAGER","referenceType":"purl","referenceLocator":"pkg:generic/rabbitmq@3.13.2?os_name=ubuntu&os_version=22.04"}],"licenseDeclared":"MPL-2.0 AND Apache-2.0"}]}' > $RABBITMQ_HOME/rabbitmq.spdx.json
rm "$RABBITMQ_DATA_DIR/.erlang.cookie"
# Enable Prometheus-style metrics by default (https://github.com/docker-library/rabbitmq/issues/419)
RUN gosu rabbitmq rabbitmq-plugins enable --offline rabbitmq_prometheus

45
Dockerfile-alpine.template
View File

@ -1,5 +1,4 @@
# Alpine Linux is not officially supported by the RabbitMQ team -- use at your own risk!
{{ include ".template-helper-functions" }}
FROM alpine:{{ .alpine.version }} as build-base
RUN apk add --no-cache \
@ -235,34 +234,7 @@ ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX
RUN echo '{{
{
name: "erlang",
version: .otp.version,
params: {
os_name: "alpine",
os_version: .alpine.version
},
licenses: [
"Apache-2.0"
]
} | sbom | tostring
}}' > $ERLANG_INSTALL_PATH_PREFIX/erlang.spdx.json
COPY --from=openssl-builder $OPENSSL_INSTALL_PATH_PREFIX $OPENSSL_INSTALL_PATH_PREFIX
RUN echo '{{
{
name: "openssl",
version: .openssl.version,
params: {
os_name: "alpine",
os_version: .alpine.version
},
licenses: [
"Apache-2.0"
]
} | sbom | tostring
}}' > $OPENSSL_INSTALL_PATH_PREFIX/openssl.spdx.json
ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$OPENSSL_INSTALL_PATH_PREFIX/bin:$PATH
@ -361,22 +333,7 @@ RUN set -eux; \
su-exec rabbitmq rabbitmqctl list_ciphers; \
su-exec rabbitmq rabbitmq-plugins list; \
# no stale cookies
rm "$RABBITMQ_DATA_DIR/.erlang.cookie";\
\
echo '{{
{
name: "rabbitmq",
version: .version,
params: {
os_name: "alpine",
os_version: .alpine.version
},
licenses: [
"MPL-2.0",
"Apache-2.0"
]
} | sbom | tostring
}}' > $RABBITMQ_HOME/rabbitmq.spdx.json;
rm "$RABBITMQ_DATA_DIR/.erlang.cookie"
# Enable Prometheus-style metrics by default (https://github.com/docker-library/rabbitmq/issues/419)
RUN su-exec rabbitmq rabbitmq-plugins enable --offline rabbitmq_prometheus

45
Dockerfile-ubuntu.template
View File

@ -1,6 +1,5 @@
# The official Canonical Ubuntu Focal image is ideal from a security perspective,
# especially for the enterprises that we, the RabbitMQ team, have to deal with
{{ include ".template-helper-functions" }}
FROM ubuntu:{{ .ubuntu.version }} as build-base
ARG BUILDKIT_SBOM_SCAN_STAGE=true
@ -234,34 +233,7 @@ FROM ubuntu:{{ .ubuntu.version }}
ENV ERLANG_INSTALL_PATH_PREFIX /opt/erlang
ENV OPENSSL_INSTALL_PATH_PREFIX /opt/openssl
COPY --from=erlang-builder $ERLANG_INSTALL_PATH_PREFIX $ERLANG_INSTALL_PATH_PREFIX
RUN echo '{{
{
name: "erlang",
version: .otp.version,
params: {
os_name: "ubuntu",
os_version: .ubuntu.version
},
licenses: [
"Apache-2.0"
]
} | sbom | tostring
}}' > $ERLANG_INSTALL_PATH_PREFIX/erlang.spdx.json
COPY --from=openssl-builder $OPENSSL_INSTALL_PATH_PREFIX $OPENSSL_INSTALL_PATH_PREFIX
RUN echo '{{
{
name: "openssl",
version: .openssl.version,
params: {
os_name: "ubuntu",
os_version: .ubuntu.version
},
licenses: [
"Apache-2.0"
]
} | sbom | tostring
}}' > $OPENSSL_INSTALL_PATH_PREFIX/openssl.spdx.json
ENV PATH $ERLANG_INSTALL_PATH_PREFIX/bin:$OPENSSL_INSTALL_PATH_PREFIX/bin:$PATH
@ -355,22 +327,7 @@ RUN set -eux; \
gosu rabbitmq rabbitmqctl list_ciphers; \
gosu rabbitmq rabbitmq-plugins list; \
# no stale cookies
rm "$RABBITMQ_DATA_DIR/.erlang.cookie"; \
\
echo '{{
{
name: "rabbitmq",
version: .version,
params: {
os_name: "ubuntu",
os_version: .ubuntu.version
},
licenses: [
"MPL-2.0",
"Apache-2.0"
]
} | sbom | tostring
}}' > $RABBITMQ_HOME/rabbitmq.spdx.json
rm "$RABBITMQ_DATA_DIR/.erlang.cookie"
# Enable Prometheus-style metrics by default (https://github.com/docker-library/rabbitmq/issues/419)
RUN gosu rabbitmq rabbitmq-plugins enable --offline rabbitmq_prometheus

8
apply-templates.sh
View File

@ -13,14 +13,6 @@ elif [ "$BASH_SOURCE" -nt "$jqt" ]; then
wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/9f6a35772ac863a0241f147c820354e4008edf38/scripts/jq-template.awk'
fi
jqf='.template-helper-functions.jq'
if [ -n "${BASHBREW_SCRIPTS:-}" ]; then
jqf="$BASHBREW_SCRIPTS/template-helper-functions.jq"
elif [ "$BASH_SOURCE" -nt "$jqf" ]; then
# https://github.com/docker-library/bashbrew/blob/master/scripts/template-helper-functions.jq
wget -qO "$jqf" 'https://github.com/docker-library/bashbrew/raw/5a86c34c5a3ef370b3d22c398d45ccab53bd64bd/scripts/template-helper-functions.jq'
fi
if [ "$#" -eq 0 ]; then
versions="$(jq -r 'keys | map(@sh) | join(" ")' versions.json)"
eval "set -- $versions"