search

envoyproxy / envoy

Cloud-native high-performance edge/middle/service proxy
https://www.envoyproxy.io
Apache License 2.0
24.71k stars 4.75k forks source link

Add Meta-Data to Build for more accurate Container SBOM generation #33931

Open officerNordberg opened 4 months ago

officerNordberg commented 4 months ago

Title: Add a JSON payload as a .note.package ELF section

Description: add a JSON payload as a .note.package ELF section. It looks like there are already bazel rules in envoy that add ELF notes, another rule could be added during the release to include name and version information.

[optional Relevant Links:]

Related issue: Envoy currently missing from SBOM

adisuissa commented 4 months ago

cc @phlax

phlax commented 4 months ago

sounds reasonable @officerNordberg

phlax commented 4 months ago

one problem you might hit @officerNordberg if you were to follow up on this - im not sure if our linker is sufficiently new

docs here say https://systemd.io/ELF_PACKAGE_METADATA/

They make use of the new --package-metadata flag that is available in the bfd, gold, mold and lld linkers (versions 2.39, 1.3.0 and 15.0 respectively).

checking our current lld im seeing

$ /opt/llvm/bin/ld.lld --version
LLD 14.0.0 (compatible with GNU linkers)

not 100% that im checking the right thing but this might need to wait for a compiler upgrade