Thanks Sergey, looks like exactly what I was looking for! Now just need to solve the dependency source version problem...
-- Ivan Ribakov Software Engineer www.zaleos.net On Fri, 29 Sept 2023 at 20:59, Sergey Safarov via sr-users < sr-users@lists.kamailio.org> wrote: > Here a example of function used to pool lib dependency > > https://github.com/kamailio/kamailio-ci/blob/master/alpine/build.sh#L80-L103 > > On Fri, Sep 29, 2023 at 5:41 PM Carsten Bock via sr-users < > sr-users@lists.kamailio.org> wrote: > >> Hi, >> >> We are using that "ldd" approach for our Docker containers: We are >> running ldd on the Kamailio binary and the modules from config (may vary - >> depending on system) and use that result to create a slim Kamailio >> Container "from scratch" - without any operating system. >> >> Thanks, >> Carsten >> >> >> -- >> Carsten Bock I Chief Technology Innovation Officer & Founder >> >> ng-voice GmbH >> >> Trostbrücke 1 I 20457 Hamburg I Germany >> T +49 1511 5942983 I www.ng-voice.com >> >> Registry Office at Local Court Hamburg, HRB 120189 >> Managing Directors: Dr. David Bachmann, Carsten Bock, Quirin Maderspacher >> >> >> Am Do., 28. Sept. 2023 um 19:22 Uhr schrieb Daniel-Constantin Mierla via >> sr-users <sr-users@lists.kamailio.org>: >> >>> >>> On 28.09.23 13:13, Olle E. Johansson via sr-users wrote: >>> >>> >>> >>> On 28 Sep 2023, at 12:36, Ivan Ribakov via sr-users >>> <sr-users@lists.kamailio.org> <sr-users@lists.kamailio.org> wrote: >>> >>> Hi Olle, >>> >>> Yes, I realised by now that taking enabled Kamailio modules into account >>> when generating SBOM is too much to ask. I'd be ok with obtaining full list >>> of Kamailio dependencies (with transitive dependencies if possible) and >>> then manually filtering them based on module usage. Not sure if at any >>> point during Kamailio build process all sources + dependency >>> sources/binaries are present in the system for scanning/identification? >>> >>> I'm mainly interested in listing (and validating licenses) and having a >>> general inventory. Any recommendations? >>> >>> I did try a beta of a tool in cyclonedx toolset for scanning C files and >>> it crashed. Will try again, but so far I haven’t succeeded. >>> I suggest we would need one SBOM based on a linux distro, like Debian >>> and one >>> more generic based on C code and the versions of libraries we recommend. >>> I have tried to add pointers to the various >>> third party dependencies in the READMEs over the years in a somewhat >>> unstructured effort, but the information is there. >>> Maybe we can add the dependencies in a way that’s parseable in order to >>> build an SBOM. >>> >>> C code doesn’t have package management like Python, Perl, Go and others >>> so it’s tricky to automate creation of SBOMs. >>> >>> I think that the SBOM tree for the source code and dependencies would >>> grow quite large. >>> >>> Anyway - at this time, I failed. :-) >>> >>> Maybe leveraging ldd in a first phase can help building the chain of >>> dependencies: >>> >>> $ ldd src/kamailio >>> linux-vdso.so.1 (0x0000ffff91745000) >>> libm.so.6 => /lib/aarch64-linux-gnu/libm.so.6 (0x0000ffff90f30000) >>> libc.so.6 => /lib/aarch64-linux-gnu/libc.so.6 (0x0000ffff90d80000) >>> /lib/ld-linux-aarch64.so.1 (0x0000ffff9170c000) >>> >>> $ ldd src/modules/tls/tls.so >>> linux-vdso.so.1 (0x0000ffff96e5d000) >>> libssl.so.3 => /lib/aarch64-linux-gnu/libssl.so.3 >>> (0x0000ffff96ca0000) >>> libcrypto.so.3 => /lib/aarch64-linux-gnu/libcrypto.so.3 >>> (0x0000ffff968b0000) >>> libc.so.6 => /lib/aarch64-linux-gnu/libc.so.6 (0x0000ffff96700000) >>> /lib/ld-linux-aarch64.so.1 (0x0000ffff96e24000) >>> >>> $ ldd /lib/aarch64-linux-gnu/libcrypto.so.3 >>> linux-vdso.so.1 (0x0000ffff9952c000) >>> libc.so.6 => /lib/aarch64-linux-gnu/libc.so.6 (0x0000ffff98f50000) >>> /lib/ld-linux-aarch64.so.1 (0x0000ffff994f3000) >>> >>> Might take some time, a matter of what modules are used, but if really >>> needed, the process should be doable manually. >>> >>> Cheers, >>> Daniel >>> >>> -- >>> Daniel-Constantin Mierla (@ asipto.com)twitter.com/miconda -- >>> linkedin.com/in/miconda >>> Kamailio Consultancy and Development Services >>> Kamailio Advanced Training - Online - Nov 14-16, 2023 -- asipto.com >>> >>> __________________________________________________________ >>> Kamailio - Users Mailing List - Non Commercial Discussions >>> To unsubscribe send an email to sr-users-le...@lists.kamailio.org >>> Important: keep the mailing list in the recipients, do not reply only to >>> the sender! >>> Edit mailing list options or unsubscribe: >>> >> __________________________________________________________ >> Kamailio - Users Mailing List - Non Commercial Discussions >> To unsubscribe send an email to sr-users-le...@lists.kamailio.org >> Important: keep the mailing list in the recipients, do not reply only to >> the sender! >> Edit mailing list options or unsubscribe: >> > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions > To unsubscribe send an email to sr-users-le...@lists.kamailio.org > Important: keep the mailing list in the recipients, do not reply only to > the sender! > Edit mailing list options or unsubscribe: >
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
