diff options
-rw-r--r-- | .gitignore | 4 | ||||
-rw-r--r-- | SBoM_haketilo-1.0_hydrilla-1.0.txt | 205 | ||||
-rw-r--r-- | SBoM_hydrilla_haketilo-3.x.md | 187 | ||||
-rw-r--r-- | SBoM_hydrilla_haketilo-3.x.md.license (renamed from SBoM_haketilo-1.0_hydrilla-1.0.txt.license) | 0 | ||||
-rwxr-xr-x | make_markdown.sh | 56 |
5 files changed, 187 insertions, 265 deletions
diff --git a/.gitignore b/.gitignore deleted file mode 100644 index f9535fc..0000000 --- a/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -# SPDX-License-Identifier: CC0-1.0 -# -# Copyright (C) 2022 Wojtek Kosior <koszko@koszko.org> -*.md diff --git a/SBoM_haketilo-1.0_hydrilla-1.0.txt b/SBoM_haketilo-1.0_hydrilla-1.0.txt deleted file mode 100644 index 5491d8a..0000000 --- a/SBoM_haketilo-1.0_hydrilla-1.0.txt +++ /dev/null @@ -1,205 +0,0 @@ -Last updated: 2022-02-23 - -You may also want to look at SBoMs of Haketilo and Hydrilla on Redmine-powered wiki: -- https://hydrillabugs.koszko.org/projects/haketilo/wiki/Haketilo_Software_Bill_of_Materials -- https://hydrillabugs.koszko.org/projects/hydrilla/wiki/Hydrilla_Software_Bill_of_Materials - - -# Software Bill of Materials - Haketilo - -*Note: This SBoM corresponds to the upcoming Haketilo version 1.0.* - -## Incorporated code -Software parts that have been copied over to Haketilo source tree with only slight or no modification (code that has been mostly rewritten and non-software artworks are not mentioned here). - -### js-sha256 -| field | value | -|--------------+---------------------------------------------| -| name | js-sha256 | -| version | 0.9.0 | -| copyright | 2014-2017 Chen, Yi-Cyuan <emn178@gmail.com> | -| license | MIT (Expat) | -| upstream url | https://github.com/emn178/js-sha256 | - -This JavaScript implementation of SHA256 is included in the browser extension itself. It is used to derive nonces used internally by Haketilo. This library is only used in contexts where synchronous computation of SHA256 digest is required. In other cases (e.g. verification of integrity of downloaded files), the asynchronous crypto.subtle JavaScript API is used. - -### Reset CSS -| field | value | -|--------------+--------------------------------------------| -| name | Reset CSS | -| version | 2.0 | -| copyright | 2008,2011 Eric A. Meyer | -| license | public domain | -| upstream url | https://meyerweb.com/eric/tools/css/reset/ | - -The CSS Reset style sheet is used on pages displayed by Haketilo. - -### jsonschema (JavaScript library) -| field | value | -|--------------+----------------------------------------------------------| -| name | jsonschema | -| version | 1.4.0 | -| copyright | 2012-2021 Tom de Grunt <tom@degrunt.nl> and contributors | -| license | MIT (Expat) | -| upstream url | https://github.com/tdegrunt/jsonschema | - -This library shall be used to validate external JSON documents (e.g. those downloaded from Hydrilla repository). - -## External dependencies - -### POSIX environment -Standard UNIX tools (sh, awk, etc.) are needed to **build** Haketilo. There's no known dependency on specific implementations of those (e.g. gawk should work just as well as nawk). - -### Make -Make build system is an **optional requirement for building** Haketilo and a **strict requirement for running the test suite**. There's no known dependency on specific Make implementation. - -### Python3 -Python in at least version 3.7 is needed to run the automated test suite. - -### Pytest -| field | value | -|--------------+--------------------------------------------------| -| name | pytest | -| version | no known constraints (6.0.2 used in development) | -| copyright | 2004-2021 Holger Krekel and others | -| license | MIT (Expat) | -| upstream url | https://pytest.org | - -Pytest library is used in automated tests of the extension. - -### Selenium webdriver (Python) -| field | value | -|--------------+-----------------------------------------------------------------------| -| name | selenium | -| version | no known constraints (3.141.0 used in development) | -| copyright | 2011-2021 Software Freedom Conservancy; 2004-2011 Selenium committers | -| license | Apache-2.0 | -| upstream url | https://www.selenium.dev/ | - -Selenium Python library is used in automated tests of the extension. - -### Web browser -A Firefox-derived web browser with at least version 60 **or** a Chromium-derived browser with at least version 90 (although older Chromium versions are likely to work as well) is needed to use the extensions. - -In addition, a Firefox-derived web browser with at least version 60 is needed to run the automated test suite. - -### geckodriver -| field | value | -|--------------+------------------------------------------------------------------------| -| name | geckodriver | -| version | no known constraints (0.30.0 used in development) | -| copyright | ??? | -| license | MPL-2.0 | -| upstream url | https://firefox-source-docs.mozilla.org/testing/geckodriver/index.html | - -Geckodriver compatible with the Firefox-derived browser used is needed to run the automated test suite. - -### Inkscape -| field | value | -|--------------+---------------------------------------------------| -| name | Inkscape | -| version | no known constraints (0.92.4 used in development) | -| copyright | Inkscape Authors | -| license | GPL-3.0-only | -| upstream url | https://inkscape.org/ | - -Inkscape is an optional build dependency used to generate png icons from an svg file. - - -# Software Bill of Materials - Hydrilla - -*Note: This SBoM corresponds to the upcoming Hydrilla version 1.0 written in Python.* -*Note: This SBoM lists both the dependencies of the actual Hydrilla server and of Hydrilla Builder (which the server relies upon).* - -## Incorporated code - -*Currently none* - -## External dependencies - -### Python3 -Python is needed to both build and run Hydrilla. At least version 3.7 is required. - -### Pytest -| field | value | -|--------------+--------------------------------------------------| -| name | pytest | -| version | no known constraints (6.0.2 used in development) | -| copyright | 2004-2020 Holger Krekel and others | -| license | MIT (Expat) | -| upstream url | https://pytest.org | - -Pytest is used in automated tests of Hydrilla. - -### Setuptools -| field | value | -|--------------+---------------------------------------| -| name | setuptools | -| version | >=45 (52.0.0 used in development) | -| copyright | Jason R. Coombs | -| license | MIT (Expat) | -| upstream url | https://setuptools.pypa.io/en/latest/ | - -Setuptools are used to build Hydrilla. - -### setuptools_scm -| field | value | -|--------------+-----------------------------------------------------------------------| -| name | setuptools_scm | -| version | >=5.0 (5.0 used in development) | -| copyright | Ronny Pfannschmidt <opensource@ronnypfannschmidt.de> and contributors | -| license | MIT (Expat) | -| upstream url | https://github.com/pypa/setuptools_scm | - -setuptools_scm is used as a setuptools plugin to extract some VCS data when building from git repo. - -### wheel -| field | value | -|--------------+--------------------------------------------------------| -| name | wheel | -| version | no known constraints (0.34.2 used in development) | -| copyright | 2012-2020 Daniel Holth, Alex Grönholm and contributors | -| license | MIT (Expat) | -| upstream_url | https://github.com/pypa/wheel | - -wheel is used as a setuptools plugit to facilitate creation of .whl builds. - -### Babel (Python library) -| field | value | -|--------------+--------------------------------------------------| -| name | babel | -| version | no known constraints (2.8.0 used in development) | -| copyright | 2013-2019 the Babel Team | -| license | BSD-3-Clause | -| upstream url | http://babel.pocoo.org/ | - -Babel is used as a setuptools plugin to work with message catalogs. It is required when building Hydrilla but not in runtime. - -### jsonschema (Python library) -| field | value | -|--------------+------------------------------------------| -| name | jsonschema | -| version | >=3.0 (3.2.0 used in development) | -| copyright | 2011-2019 Julian Berman and contributors | -| license | MIT (Expat) | -| upstream url | https://github.com/Julian/jsonschema | - -This library is used to validate JSON documents loaded by Hydrilla. - -### Flask -| field | value | -|--------------+--------------------------------------------------| -| name | flask | -| version | no known constraints (1.0.2 used in development) | -| copyright | 2010-2021 Pallets | -| license | BSD-3-Clause | -| upstream url | https://flask.palletsprojects.com/en/2.0.x/ | - -### Click -| field | value | -|--------------+--------------------------------------------------| -| name | click | -| version | no known constraints (7.1.2 used in development) | -| copyright | 2014-2020 Pallets | -| license | BSD-3-Clause | -| upstream url | https://click.palletsprojects.com/en/8.0.x/ | diff --git a/SBoM_hydrilla_haketilo-3.x.md b/SBoM_hydrilla_haketilo-3.x.md new file mode 100644 index 0000000..2f7cf4a --- /dev/null +++ b/SBoM_hydrilla_haketilo-3.x.md @@ -0,0 +1,187 @@ +Last updated: 2022-10-14 + +You may also want to look at SBoMs of Haketilo and Hydrilla on Redmine-powered wiki at +- https://hydrillabugs.koszko.org/projects/haketilo/wiki/Haketilo_Software_Bill_of_Materials + +# Hydrilla&Haketilo Software Bill of Materials + +This is the SBoM of Hydrilla and Haketilo proxy versions 3.x. + +## Incorporated code + +*Currently none* + +## External dependencies + +### Python3 +| field | value | +|-----------------|---------------------------------------------------------------------------------------------------------------------------------------------------------| +| name | cpython | +| version | >=3.7 (>=3.9 for Haketilo proxy) | +| copyright | 2001-now Python Software Foundation; 2000 BeOpen.com; 1995-2001 Corporation for National Research Initiatives; 1991-1995 Stichting Mathematisch Centrum | +| license | PSF 2; BeOpen.com License Agreement for Python 2.0; CNRI License Agreement for Python 1.6.1; CWI License Agreement for Python 0.9.0 through 1.2 | +| upstream url | https://www.python.org | +| dependency type | runtime | + +### Pytest (Python library/application) +| field | value | +|-----------------|-----------------------------------| +| name | pytest | +| version | no known constraints | +| copyright | 2004-now Holger Krekel and others | +| license | MIT (Expat) | +| upstream url | https://pytest.org | +| dependency type | development/build-time | + +### Setuptools (Python library) +| field | value | +|-----------------|---------------------------------------| +| name | setuptools | +| version | >=44 | +| copyright | Jason R. Coombs | +| license | MIT (Expat) | +| upstream url | https://setuptools.pypa.io/en/latest/ | +| dependency type | development/build-time | + +### setuptools_scm (Python library) +| field | value | +|-----------------|---------------------------------------------------------------------------| +| name | setuptools_scm | +| version | >=5.0 | +| copyright | Ronny Pfannschmidt `<`opensource@ronnypfannschmidt.de`>` and contributors | +| license | MIT (Expat) | +| upstream url | https://github.com/pypa/setuptools_scm | +| dependency type | development/build-time | + +### wheel (Python library) +| field | value | +|-----------------|-------------------------------------------------------| +| name | wheel | +| version | no known constraints | +| copyright | 2012-now Daniel Holth, Alex Grönholm and contributors | +| license | MIT (Expat) | +| upstream_url | https://github.com/pypa/wheel | +| dependency type | development/build-time | + +### Babel (Python library) +| field | value | +|-----------------|--------------------------| +| name | babel | +| version | no known constraints | +| copyright | 2013-2019 the Babel Team | +| license | BSD-3-Clause | +| upstream url | http://babel.pocoo.org/ | +| dependency type | development/build-time | + +### jsonschema (Python library) +| field | value | +|-----------------|-----------------------------------------| +| name | jsonschema | +| version | >=3.0 | +| copyright | 2011-now Julian Berman and contributors | +| license | MIT (Expat) | +| upstream url | https://github.com/Julian/jsonschema | +| dependency type | runtime | + +### Flask (Python library) +| field | value | +|-----------------|-----------------------------------| +| name | flask | +| version | >=1.1 | +| copyright | 2010-now Pallets | +| license | BSD-3-Clause | +| upstream url | https://flask.palletsprojects.com | +| dependency type | runtime | + +### Click (Python library) +| field | value | +|-----------------|-----------------------------------| +| name | click | +| version | no known constraints | +| copyright | 2014-now Pallets | +| license | BSD-3-Clause | +| upstream url | https://click.palletsprojects.com | +| dependency type | runtime | + +### ItsDangerous (Python library) +| field | value | +|-----------------|------------------------------------------| +| name | itsdangerous | +| version | no known constraints | +| copyright | 2011-now Pallets | +| license | BSD-3-Clause | +| upstream url | https://itsdangerous.palletsprojects.com | +| dependency type | runtime | + +### immutables (Python library) +| field | value | +|-----------------|--------------------------------------------------| +| name | immutables | +| version | >=0.16 | +| copyright | 2018-now Contributors to the immutables project. | +| license | Apache-2.0; MIT (Expat) | +| upstream url | https://github.com/MagicStack/immutables | +| dependency type | runtime | + +### gnupg (Python library) +| field | value | +|-----------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| name | gnupg | +| version | no known constraints | +| copyright | 2013-now Isis Lovecruft <isis@leap.se>; 2013 Andrej B.; 2013 LEAP Encryption Access Project; 2008-2012 Vinay Sajip; 2005 Steve Traugott; 2004 A.M. Kuchling; contributors | +| license | GPL-3.0-or-later | +| upstream url | https://github.com/isislovecruft/python-gnupg | +| dependency type | runtime | + +### reuse (Python library/application) +| field | value | +|-----------------|------------------------------------------------------------| +| name | reuse | +| version | no known constraints | +| copyright | Carmen Bianca Bakker <carmenbianca@fsfe.org>; contributors | +| license | Apache-2.0; CC-BY-SA-4.0; CC0-1.0; GPL-3.0-or-later | +| upstream url | https://reuse.software/ | +| dependency type | runtime | + +### Beautiful Soup (Python library) +| field | value | +|-----------------|------------------------------------------------| +| name | beautifulsoup4 | +| version | no known constraints | +| copyright | 2004-now Leonard Richardson | +| license | MIT (Expat) | +| upstream url | https://www.crummy.com/software/BeautifulSoup/ | +| dependency type | runtime | + +### html5lib (Python library) +| field | value | +|-----------------|----------------------------------------------| +| name | html5lib | +| version | no known constraints | +| copyright | 2006-now James Graham and other contributors | +| license | MIt (Expat) | +| upstream url | https://github.com/html5lib/html5lib-python | +| dependency type | runtime | + +### mitmproxy (Python library/application) +| field | value | +|-----------------|---------------------------------| +| name | mitmproxy | +| version | >=8.0; <9.0 | +| copyright | 2013 Aldo Cortesi; contributors | +| license | MIT (Expat) | +| upstream url | mitmproxy.org/ | +| dependency type | runtime | + +## Optional dependencies + +### GNU Guix +| field | value | +|--------------|---------------------------------------------------------------------| +| name | guix | +| version | no known constraints | +| copyright | Ludovic Courtès; Guix contributors; Eelco Dolstra; Nix contributors | +| license | GPL-3.0-or-later | +| upstream url | https://guix.gnu.org/ | + +Guix is used to produce the standalone, relocatable release tarball of Haketilo&Hydrilla. diff --git a/SBoM_haketilo-1.0_hydrilla-1.0.txt.license b/SBoM_hydrilla_haketilo-3.x.md.license index 257015a..257015a 100644 --- a/SBoM_haketilo-1.0_hydrilla-1.0.txt.license +++ b/SBoM_hydrilla_haketilo-3.x.md.license diff --git a/make_markdown.sh b/make_markdown.sh deleted file mode 100755 index 6b287eb..0000000 --- a/make_markdown.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/sh - -# Copyright (C) 2022 Wojtek Kosior -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the CC0 1.0 Universal License as published by -# the Creative Commons Corporation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# CC0 1.0 Universal License for more details. - -PLAIN_FILENAME=SBoM_haketilo-1.0_hydrilla-1.0.txt - -for WHICH_ONE in haketilo hydrilla; do - if [ $WHICH_ONE = haketilo ]; then - OTHER_ONE=hydrilla - else - OTHER_ONE=haketilo - fi - OTHER_CAP=$(printf $OTHER_ONE | tr h H) - - export NOTE=" -[Software Bill of Materials (SBoM)](https://en.wikipedia.org/wiki/Software_bill_of_materials) lists external components used or included in a given software product. - -You may also want to look at the [SBoM of $OTHER_CAP](/projects/$OTHER_ONE/wiki/${OTHER_CAP}_Software_Bill_of_Materials) and [a concatenated plain text version](https://git.koszko.org/haketilo-hydrilla-sbom/plain/$PLAIN_FILENAME)." - - AWK_EXTRACT_HALF=" -/^#[[:space:]].*Haketilo/ {haketilo_part = 1; hydrilla_part = 0;} -/^#[[:space:]].*Hydrilla/ {hydrilla_part = 1; haketilo_part = 0;} -/^##[[:space:]]/ { - if (${WHICH_ONE}_part && printed_note && !printed_toc) { - print \"{{toc}}\\n\" - printed_toc = 1; - } -} -{ - if (${WHICH_ONE}_part) { - if (!printed_note) { - print \$0; - print ENVIRON[\"NOTE\"]; - printed_note = 1; - } else { - print \$0; - } - } -} -" - - awk -- "$AWK_EXTRACT_HALF" $PLAIN_FILENAME | - # email addresses - sed 's_<\([^[:space:]]\+@[^[:space:]]\+\)>_`<`\1`>`_g' | - # tables - sed 's_|\(-\+\)+\(-\+\)_|\1|\2_g' > SBoM_$WHICH_ONE-1.0.md -done |