Revert "GP-1782: Software Bill of Materials (SBOM)"

This reverts commit c89f45d399.
2026-05-30 07:09:41 +08:00 · 2022-03-23 12:33:02 -04:00
parent 51efbf877f
commit 8598f28b23
7 changed files with 32 additions and 157 deletions
@@ -188,8 +188,8 @@ plugins.withType(JavaPlugin) {
 		
 			// External Libraries
 		gradle.taskGraph.whenReady { taskGraph ->
-			def libs = getExternalRuntimeDependencies(p)
-			libs.each { path, dep ->
+			List<String> externalPaths = getExternalRuntimeDependencies(p)
+			externalPaths.each { path ->
 				from (path) {
 					into {zipPath + "/lib" }
 				}
@@ -226,43 +226,7 @@ task zipJavadocs(type: Zip) {
 	description "Zips javadocs for Ghidra api.  [gradle/root/distribution.gradle]"
 }

-/******************************************************************************************
- * TASK generateSoftwareBillOfMaterials
- *
- * Summary: Creates a file that lists the libraries used by each module.  
- ******************************************************************************************/
-import groovy.json.JsonOutput
-import groovy.json.JsonSlurper

-task generateSoftwareBillOfMaterials {
-
-	doFirst {
-		// Create an SBOM map for each project.
-		// TODO: Write each SBOM to its project directory and use it as a replacement for 
-		// the Module.manifest.
-		def projectSboms = []
-		subprojects { p ->
-			p.plugins.withType(JavaPlugin) {
-				projectSboms << generateSoftwareBillOfMaterials(p)
-			}
-		}
-
-		// Generate aggregated SBOM file for all of Ghidra
-		def sbom = ["bomFormat" : "CycloneDX", "specVersion" : "1.4", "version" : 1]
-		sbom.components = []
-		projectSboms.each { projectSbom ->
-			sbom.components += projectSbom.components
-		}
-		
-		// Write SBOM to JSON file
-		def buildDir = file("$buildDir")
-		if (!buildDir.exists()) {
-			buildDir.mkdirs()
-		}
-		def sbomFile = file("$buildDir/bom.json")
-		sbomFile.write(JsonOutput.prettyPrint(JsonOutput.toJson(sbom)))
-	}
-}

 /**********************************************************************************************
 *
@@ -275,8 +239,6 @@ task assembleDistribution (type: Copy) {
 	// Not sure why this is necessary, but without it, gradle thinks this task is "up to date"
 	// every other time it is run even though in both cases the output directory has been removed
 	outputs.upToDateWhen {false}
-	
-	dependsOn generateSoftwareBillOfMaterials

 	group 'private'
 	description "Copies core files/folders to the distribution location."
@@ -396,13 +358,6 @@ task assembleDistribution (type: Copy) {
 		include "settings.gradle"
 		into "Ghidra"
 	}
-	
-	/////////////////////////////////////
-	// Software Bill of Materials (SBOM)
-	/////////////////////////////////////
-	from (ROOT_PROJECT_DIR + "/build") {
-		include "bom.json"
-	}

 }

@@ -473,13 +428,6 @@ task createExternalExtensions(type: Copy) {
 			
 }

-/*********************************************************************************
- * Update sla file timestamps to current time plus timeOffsetMinutes value.
- * 
- * distributionDirectoryPath - Contains files/folders used by gradle zip task.
- * timeOffsetMinutes - Number of minutes to increase sla file timestamp.
- * 
-**********************************************************************************/
 import groovy.io.FileType
 import java.nio.file.Path
 import java.nio.file.Files
@@ -488,6 +436,13 @@ import java.time.OffsetDateTime
 import java.util.concurrent.TimeUnit
 import java.time.ZoneId

+/*********************************************************************************
+ * Update sla file timestamps to current time plus timeOffsetMinutes value.
+ * 
+ * distributionDirectoryPath - Contains files/folders used by gradle zip task.
+ * timeOffsetMinutes - Number of minutes to increase sla file timestamp.
+ * 
+**********************************************************************************/
 def updateSlaFilesTimestamp(String distributionDirectoryPath, int timeOffsetMinutes) {
 	logger.debug("updateSlaFilesTimestamp: distributionDirectoryPath = '$distributionDirectoryPath' and timeOffsetMinutes = '$timeOffsetMinutes',")

@@ -76,8 +76,8 @@ task zipExtensions (type: Zip) {
 	/////////////////
 	gradle.taskGraph.whenReady { taskGraph ->
 		if (project.plugins.withType(JavaPlugin)) {
-			def libs = getExternalRuntimeDependencies(p)
-			libs.each { path, dep ->
+			List<String> externalPaths = getExternalRuntimeDependencies(p)
+			externalPaths.each { path ->
 				from (path) {
 					into { getBaseProjectName(p) + "/lib" }
 				}
@@ -96,9 +96,9 @@ def Map<String, String> getModuleManifestIp(Project project) {
 *********************************************************************************/
 def checkExternalLibsInMap(Map<String, String> map, Project project) {
 	if (project.plugins.withType(JavaPlugin)) {
-		def libs = getExternalRuntimeDependencies(project)
-		libs.each { path, dep ->
-			String libName = new File(path).getName()  // get just the filename without the path
+		List<String> libs = getExternalRuntimeDependencies(project)
+		libs.each { lib ->
+			String libName = new File(lib).getName()  // get just the filename without the path
 			String relativePath = "lib/"+libName;
 			assert map.containsKey(relativePath) : "No License specified for external library: "+relativePath+ " in module "+project.projectDir
 		}