For maintenance of a product, tools are required. Many components have common dependencies such as compiler, but there is also requirement of addition components. Openssl for instance, requires perl during build. The purpose of this issue is to autogenerate a desired Bill-of-material based on the the complete SBOM from the product.
Build a small product container capable of serving static content ( apk packages )
Generate the complete SBOM for the product above
Download ALL source code and APKBUILD required for rebuild
Generate a tailored build tool for the above product
Create ( or use existing PEM formatted ) keys for signing of packages and APKINDEX.
Preflight check prior to rebuild
Rebuild all packages in product, based on downloaded source code using the newly created tool
Sign all packages
Rebuild the original product from packages created by the rebuild process.
For maintenance of a product, tools are required. Many components have common dependencies such as compiler, but there is also requirement of addition components. Openssl for instance, requires perl during build. The purpose of this issue is to autogenerate a desired Bill-of-material based on the the complete SBOM from the product.