Added inline SBOM for binaries downloaded outside package manager

Author: LaurentGoderre

.gitignore

@@ -1 +1,2 @@
 .jq-template.awk
+.template-helper-functions.jq

24/cli/Dockerfile

@@ -1,5 +1,6 @@
 {{ include "shared" -}}
-FROM alpine:3.18
+{{ include ".template-helper-functions" -}}
+FROM alpine:{{ .alpine }}
 
 RUN apk add --no-cache \
 		ca-certificates \
@@ -34,7 +35,22 @@ RUN set -eux; \
 	; \
 	rm docker.tgz; \
 	\
-	docker --version
+	docker --version; \
+	\
+	echo {{
+		{
+			name: "docker",
+			version: .version,
+			supplier: "Organization: Docker, Inc",
+			params: {
+				os_name: "alpine",
+				os_version: .alpine
+			},
+			licenses: [
+				"Apache-2.0"
+			]
+		} | sbom | tostring | @sh
+	}} > /usr/local/docker.spdx.json ;
 {{
 	{
 		buildx: .buildx,
@@ -66,7 +82,22 @@ RUN set -eux; \
 	ln -sv "$plugin" /usr/local/bin/; \
 	docker-{{ $key }} --version; \
 {{ ) else "" end -}}
-	docker {{ $key }} version
+	docker {{ $key }} version; \
+	\
+	echo {{
+		{
+			name: $key,
+			version: .version,
+			supplier: "Organization: Docker, Inc",
+			params: {
+				os_name: "alpine",
+				os_version: "3.18"
+			},
+			licenses: [
+				"Apache-2.0"
+			]
+		} | sbom | tostring | @sh
+	}} > /usr/local/docker-{{ $key }}.spdx.json ;
 {{
 		)
 	)

24/dind-rootless/Dockerfile

@@ -35,6 +35,10 @@ RUN set -eux; \
 	; \
 	rm rootless.tgz; \
 	\
+	dockerd --version; \
+	containerd --version; \
+	ctr --version; \
+	runc --version; \
 	rootlesskit --version; \
 	vpnkit --version
 

24/dind/Dockerfile

@@ -1,4 +1,5 @@
 {{ include "shared" -}}
+{{ include ".template-helper-functions" -}}
 FROM docker:{{ env.version }}-cli
 
 # https://github.com/docker/docker/blob/master/project/PACKAGERS.md#runtime-dependencies
@@ -56,7 +57,22 @@ RUN set -eux; \
 	dockerd --version; \
 	containerd --version; \
 	ctr --version; \
-	runc --version
+	runc --version; \
+{{ .version as $version | ["dockerd", "docker-init", "docker-proxy"] | map( . as $binary | ( -}}
+	echo {{
+		{
+			name: $binary,
+			version: $version,
+			supplier: "Organization: Docker, Inc",
+			params: {
+				os_name: "alpine",
+				os_version: "3.18"
+			},
+			licenses: [
+				"Apache-2.0"
+			]
+		} | sbom | tostring | @sh
+	}} > /usr/local/{{ $binary }}.spdx.json;  {{ )) | join("\\\n") }}
 
 # https://github.com/docker/docker/tree/master/hack/dind
 ENV DIND_COMMIT {{ .dindCommit }}

Dockerfile-cli.template

@@ -11,6 +11,13 @@ elif [ "$BASH_SOURCE" -nt "$jqt" ]; then
 	wget -qO "$jqt" 'https://github.com/docker-library/bashbrew/raw/9f6a35772ac863a0241f147c820354e4008edf38/scripts/jq-template.awk'
 fi
 
+jqf='.template-helper-functions.jq'
+if [ -n "${BASHBREW_SCRIPTS:-}" ]; then
+	jqf="$BASHBREW_SCRIPTS/template-helper-functions.jq"
+elif [ "$BASH_SOURCE" -nt "$jqf" ]; then
+	wget -qO "$jqf" 'https://github.com/docker-library/bashbrew/raw/master/scripts/template-helper-functions.jq'
+fi
+
 if [ "$#" -eq 0 ]; then
 	versions="$(jq -r 'keys | map(@sh) | join(" ")' versions.json)"
 	eval "set -- $versions"

Dockerfile-dind-rootless.template

@@ -1,5 +1,6 @@
 {
   "24": {
+    "alpine": "3.18",
     "arches": {
       "amd64": {
         "dockerUrl": "https://download.docker.com/linux/static/stable/x86_64/docker-24.0.7.tgz",

Dockerfile-dind.template

@@ -14,6 +14,8 @@ declare -A dockerArches=(
 
 cd "$(dirname "$(readlink -f "$BASH_SOURCE")")"
 
+defaultAlpine='3.18'
+
 versions=( "$@" )
 if [ ${#versions[@]} -eq 0 ]; then
 	versions=( */ )
@@ -203,9 +205,11 @@ for version in "${versions[@]}"; do
 	echo "$version: $fullVersion (buildx $buildxVersion, compose $composeVersion)"
 
 	export fullVersion dindLatest
+	export defaultAlpine
 	doc="$(
 		jq -nc --argjson buildx "$buildx" --argjson compose "$compose" '{
 			version: env.fullVersion,
+			alpine: env.defaultAlpine,
 			arches: {},
 			dindCommit: env.dindLatest,
 			buildx: $buildx,