From 1773245c9b6c976e014fbf1dcf7a8b3c8d05fcab Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Wed, 23 Feb 2022 19:06:42 +0100 Subject: Add babel to SBoM + minor changes --- SBoM_haketilo-1.0_hydrilla-1.0.txt | 122 ++++++++++++++++++++----------------- make_markdown.sh | 4 +- 2 files changed, 69 insertions(+), 57 deletions(-) diff --git a/SBoM_haketilo-1.0_hydrilla-1.0.txt b/SBoM_haketilo-1.0_hydrilla-1.0.txt index d29acab..4c51139 100644 --- a/SBoM_haketilo-1.0_hydrilla-1.0.txt +++ b/SBoM_haketilo-1.0_hydrilla-1.0.txt @@ -7,7 +7,7 @@ You may also want to look at SBoMs of Haketilo and Hydrilla on Redmine-powered w # Software Bill of Materials - Haketilo -*Note: This SBOM corresponds to the upcoming Haketilo version 1.0.* +*Note: This SBoM corresponds to the upcoming Haketilo version 1.0.* ## Incorporated code Software parts that have been copied over to Haketilo source tree with only slight or no modification (code that has been mostly rewritten and non-software artworks are not mentioned here). @@ -57,13 +57,13 @@ Make build system is an **optional requirement for building** Haketilo and a **s Python in at least version 3.7 is needed to run the automated test suite. ### Pytest -| field | value | -|--------------+------------------------------------| -| name | pytest | -| version | no known constraints (6.0.2 used) | -| copyright | 2004-2021 Holger Krekel and others | -| license | MIT (Expat) | -| upstream url | https://pytest.org | +| field | value | +|--------------+--------------------------------------------------| +| name | pytest | +| version | no known constraints (6.0.2 used in development) | +| copyright | 2004-2021 Holger Krekel and others | +| license | MIT (Expat) | +| upstream url | https://pytest.org | Pytest library is used in automated tests of the extension. @@ -71,7 +71,7 @@ Pytest library is used in automated tests of the extension. | field | value | |--------------+-----------------------------------------------------------------------| | name | selenium | -| version | no known constraints (3.141.0 used) | +| version | no known constraints (3.141.0 used in development) | | copyright | 2011-2021 Software Freedom Conservancy; 2004-2011 Selenium committers | | license | Apache-2.0 | | upstream url | https://www.selenium.dev/ | @@ -87,7 +87,7 @@ In addition, a Firefox-derived web browser with at least version 60 is needed to | field | value | |--------------+------------------------------------------------------------------------| | name | geckodriver | -| version | no known constraints (0.30.0 used for development) | +| version | no known constraints (0.30.0 used in development) | | copyright | ??? | | license | MPL-2.0 | | upstream url | https://firefox-source-docs.mozilla.org/testing/geckodriver/index.html | @@ -95,20 +95,21 @@ In addition, a Firefox-derived web browser with at least version 60 is needed to Geckodriver compatible with the Firefox-derived browser used is needed to run the automated test suite. ### Inkscape -| field | value | -|--------------+----------------------------------------------------| -| name | Inkscape | -| version | no known constraints (0.92.4 used for development) | -| copyright | Inkscape Authors | -| license | GPL-3.0-only | -| upstream url | https://inkscape.org/ | +| field | value | +|--------------+---------------------------------------------------| +| name | Inkscape | +| version | no known constraints (0.92.4 used in development) | +| copyright | Inkscape Authors | +| license | GPL-3.0-only | +| upstream url | https://inkscape.org/ | Inkscape is an optional build dependency used to generate png icons from an svg file. # Software Bill of Materials - Hydrilla -*Note: This SBOM corresponds to the upcoming Hydrilla version 1.0 written in Python.* +*Note: This SBoM corresponds to the upcoming Hydrilla version 1.0 written in Python.* +*Note: This SBoM lists both the dependencies of the actual Hydrilla server and of Hydrilla Builder (which the server relies upon).* ## Incorporated code @@ -120,24 +121,24 @@ Inkscape is an optional build dependency used to generate png icons from an svg Python is needed to both build and run Hydrilla. At least version 3.7 is required. ### Pytest -| field | value | -|--------------+------------------------------------| -| name | pytest | -| version | no known constraints (6.0.2 used) | -| copyright | 2004-2020 Holger Krekel and others | -| license | MIT (Expat) | -| upstream url | https://pytest.org | +| field | value | +|--------------+--------------------------------------------------| +| name | pytest | +| version | no known constraints (6.0.2 used in development) | +| copyright | 2004-2020 Holger Krekel and others | +| license | MIT (Expat) | +| upstream url | https://pytest.org | Pytest is used in automated tests of Hydrilla. ### Setuptools -| field | value | -|--------------+-------------------------------------------------| -| name | setuptools | -| version | >=45 (52.0.0 used for development) | -| copyright | Jason R. Coombs | -| license | MIT (Expat) | -| upstream url | https://setuptools.pypa.io/en/latest/ | +| field | value | +|--------------+---------------------------------------| +| name | setuptools | +| version | >=45 (52.0.0 used in development) | +| copyright | Jason R. Coombs | +| license | MIT (Expat) | +| upstream url | https://setuptools.pypa.io/en/latest/ | Setuptools are used to build Hydrilla. @@ -145,38 +146,49 @@ Setuptools are used to build Hydrilla. | field | value | |--------------+-----------------------------------------------------------------------| | name | setuptools_scm | -| version | >=5.0 (5.0 used for development) | +| version | >=5.0 (5.0 used in development) | | copyright | Ronny Pfannschmidt and contributors | | license | MIT (Expat) | | upstream url | https://github.com/pypa/setuptools_scm | -Needed to extract some VCS data when building from git repo. +setuptools_scm is used as a setuptools plugin to extract some VCS data when building from git repo. + +### Babel (Python library) +| field | value | +|--------------+--------------------------------------------------| +| name | babel | +| version | no known constraints (2.8.0 used in development) | +| copyright | 2013-2019 the Babel Team | +| license | BSD-3-Clause | +| upstream url | http://babel.pocoo.org/ | + +Babel is used as a setuptools plugin to work with message catalogs. It is required when building Hydrilla but not in runtime. ### jsonschema (Python library) -| field | value | -|--------------+----------------------------------------------------------| -| name | jsonschema | -| version | >=3.0 (3.2.0 used for development) | -| copyright | 2011-2019 Julian Berman and contributors | -| license | MIT (Expat) | -| upstream url | https://github.com/Julian/jsonschema | +| field | value | +|--------------+------------------------------------------| +| name | jsonschema | +| version | >=3.0 (3.2.0 used in development) | +| copyright | 2011-2019 Julian Berman and contributors | +| license | MIT (Expat) | +| upstream url | https://github.com/Julian/jsonschema | This library is used to validate JSON documents loaded by Hydrilla. ### Flask -| field | value | -|--------------+---------------------------------------------------| -| name | flask | -| version | no known constraints (1.0.2 used for development) | -| copyright | 2010-2021 Pallets | -| license | BSD-3-Clause | -| upstream url | https://flask.palletsprojects.com/en/2.0.x/ | +| field | value | +|--------------+--------------------------------------------------| +| name | flask | +| version | no known constraints (1.0.2 used in development) | +| copyright | 2010-2021 Pallets | +| license | BSD-3-Clause | +| upstream url | https://flask.palletsprojects.com/en/2.0.x/ | ### Click -| field | value | -|--------------+---------------------------------------------------| -| name | click | -| version | no known constraints (7.1.2 used for development) | -| copyright | 2014-2020 Pallets | -| license | BSD-3-Clause | -| upstream url | https://click.palletsprojects.com/en/8.0.x/ | +| field | value | +|--------------+--------------------------------------------------| +| name | click | +| version | no known constraints (7.1.2 used in development) | +| copyright | 2014-2020 Pallets | +| license | BSD-3-Clause | +| upstream url | https://click.palletsprojects.com/en/8.0.x/ | diff --git a/make_markdown.sh b/make_markdown.sh index 92beed2..7c4c312 100755 --- a/make_markdown.sh +++ b/make_markdown.sh @@ -22,9 +22,9 @@ for WHICH_ONE in haketilo hydrilla; do OTHER_CAP=$(printf $OTHER_ONE | tr h H) export NOTE=" -[Software Bill of Materials (SBOM)](https://en.wikipedia.org/wiki/Software_bill_of_materials) lists external components used or included in a given software product. +[Software Bill of Materials (SBoM)](https://en.wikipedia.org/wiki/Software_bill_of_materials) lists external components used or included in a given software product. -You may also want to look at the [SBOM of $OTHER_CAP](/projects/hydrilla/wiki/${OTHER_CAP}_Software_Bill_of_Materials) and [a concatenated plain text version](https://git.koszko.org/haketilo-hydrilla-sbom/plain/$PLAIN_FILENAME)." +You may also want to look at the [SBoM of $OTHER_CAP](/projects/hydrilla/wiki/${OTHER_CAP}_Software_Bill_of_Materials) and [a concatenated plain text version](https://git.koszko.org/haketilo-hydrilla-sbom/plain/$PLAIN_FILENAME)." AWK_EXTRACT_HALF=" /^#[[:space:]].*Haketilo/ {haketilo_part = 1; hydrilla_part = 0;} -- cgit v1.2.3