drbd/0006-build-CycloneDX-fix-bom-ref-add-purl.patch

From 18795749745baa4b8b37cb56eb12a57a7bd55da7 Mon Sep 17 00:00:00 2001
From: Roland Kammerer <roland.kammerer@linbit.com>
Date: Tue, 27 Aug 2024 09:08:31 +0200
Subject: [PATCH 06/32] build: CycloneDX: fix bom-ref, add purl

---
 Makefile              | 4 ++--
 drbd-kmod.cdx.json.in | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 83a2ed8a42f7..3f58568cc138 100644
--- a/Makefile
+++ b/Makefile
@@ -238,11 +238,11 @@ drbd-kmod_rhel.spdx drbd-kmod_sles.spdx:
 # only call this wrapper from drbd-kmod.cdx.json
 .PHONY: cdx-sub
 cdx-sub:
-	cat $(CDX_FILE).in | jq --args '.metadata.timestamp = "$(CDX_DATE)" | .metadata.component.version = "$(FDIST_VERSION)" | .metadata.component."bom-ref" = "https://github.com/LINBIT/drbd/releases/tag/drbd-$(FDIST_VERSION)"' > $(CDX_FILE)
+	cat $(CDX_FILE).in | jq --args '.metadata.timestamp = "$(CDX_DATE)" | .metadata.component.version = "$(FDIST_VERSION)" | .metadata.component."bom-ref" = "$(PURL)" | .metadata.component.purl = "$(PURL)"' > $(CDX_FILE)
 
 .PHONY: drbd-kmod.cdx.json
 drbd-kmod.cdx.json:
-	$(MAKE) -s cdx-sub CDX_DATE="$$(date --utc +%FT%TZ)" CDX_FILE="$@"
+	$(MAKE) -s cdx-sub CDX_DATE="$$(date --utc +%FT%TZ)" PURL="pkg:github/LINBIT/drbd@drbd-$(FDIST_VERSION)" CDX_FILE="$@"
 	! grep -q __PLACEHOLDER__ $@
 
 # update of .filelist is forced:
diff --git a/drbd-kmod.cdx.json.in b/drbd-kmod.cdx.json.in
index f7a4c4a46aa6..ab4e05a43187 100644
--- a/drbd-kmod.cdx.json.in
+++ b/drbd-kmod.cdx.json.in
@@ -18,6 +18,7 @@
       "name": "kmod-drbd",
       "version": "__PLACEHOLDER__",
       "bom-ref": "__PLACEHOLDER__",
+      "purl": "__PLACEHOLDER__",
       "licenses": [
         {
           "licenses": {
-- 
2.35.3