Skip to content

Commit

Permalink
lint fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@gdams
gdams committed Jan 25, 2024
1 parent 686e476 commit f2a9073
Show file tree
Hide file tree
Showing 23 changed files with 1,230 additions and 1,051 deletions.
24 changes: 12 additions & 12 deletions content/blog/slsabuild3-temurin/index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,19 +12,19 @@ tags:

Supply-chain Levels for Software Artifacts, or [SLSA](https://slsa.dev), is a framework with individual levels that software
producers can work towards to make their software more secure, and consumers
can use to make decisions based on the software package’s security posture. The
can use to make decisions based on the software package’s security posture. The
Adoptium project has worked closely with the Eclipse Foundation security
team to work towards making the Eclipse Temurin compliant with the SLSA
specification's build requirements.

[At the end](https://adoptium.net/blog/2022/11/slsa2-temurin/)
[of 2022](https://newsroom.eclipse.org/eclipse-newsletter/2022/december/eclipse-temurin-slsa-level-two-compliant)
we achieved compliance with level 2 of the SLSA v0.1 specification. In
we achieved compliance with level 2 of the SLSA v0.1 specification. In
April 2023 SLSA version 1.0 was released and split the specification into
multiple "tracks", of which the build track is the only one currently
published. If you're not familiar with the changes, check out
published. If you're not familiar with the changes, check out
[this lightning talk](https://youtu.be/uLXzyutZEmQ?si=XjD9H6uO_GEjJVBG) from one
of my colleagues. We have been able to build on our work done previously to
of my colleagues. We have been able to build on our work done previously to
meet build level 3 for Linux and macOS for Eclipse Temurin's build and
distribution.

Expand Down Expand Up @@ -54,16 +54,16 @@ claiming SLSA build level 3 for those builds.

We have introduced a build verification step which can take the Software
Bill of Materials (SBoM) produced as part of the build output and verify its
contents as far as is practical. This will do some checks to ensure that
contents as far as is practical. This will do some checks to ensure that
the fields are valid and match expectations about how the product has been
built. This job is stored in
built. This job is stored in
https://github.com/adoptium/temurin-build/blob/master/tooling as
release_download_test.sh which performs SHA and GPG checks as well as
running some basic checks on the downloads. It also calls
running some basic checks on the downloads. It also calls
validateSBOMcontent.sh to check the SBoM contents to make sure the
dependencies, including compilers, listed in there match expectations. The
dependencies, including compilers, listed in there match expectations. The
SBoM contents now also includes the SHA256 checksums of all of the build
artifacts in the `components` section. There is information on
artifacts in the `components` section. There is information on
programatically verifying the GPG signatures in
[an earlier blog](https://adoptium.net/blog/2022/07/gpg-signed-releases/)

Expand All @@ -78,7 +78,7 @@ then these will be trapped early on.
We expect that all of these checks will be enhanced over time, particularly
as we add more details into the SBoM.

The current SBoM can be downloaded via the adoptium API. If you are already
The current SBoM can be downloaded via the adoptium API. If you are already
familiar with the API for downloading JDKs, then replacing `jdk` with `sbom`
in the URL will let you download the SBoM. For example, this will download
the latest GA SBoM for Temurin 21 on Linux/x64:
Expand All @@ -87,7 +87,7 @@ the latest GA SBoM for Temurin 21 on Linux/x64:

Note that there is an enhanced version of the SBoM which includes more
details on the artifacts that is already in the nightly builds and will be
included for the January 2024 GA releases and beyond. We will not (and
included for the January 2024 GA releases and beyond. We will not (and
should not) regenerate the SBoM for older releases.

### Prevent secret material used to sign the provenance from being accessible to user-defined build steps
Expand All @@ -107,6 +107,6 @@ source code.
We are also continuing to work on our [reproducible builds](https://adoptium.net/blog/2023/09/Reproducible-Comparison-Builds/) which gives an
extra layer of confidence that any customers of Temurin are able to rebuild
from source code in order to independently verify that nothing in our build
systems have been tampered with or introduced any unexpected code. Anyone
systems have been tampered with or introduced any unexpected code. Anyone
(yes, even you!) can use our fully open-source setup and build scripts to
rebuild the Temurin JDK, and we encourage you to give it a try!
306 changes: 177 additions & 129 deletions src/components/TemurinDownloadTable/index.tsx
View file
Original file line number Diff line number Diff line change
@@ -1,137 +1,185 @@
import * as React from "react"
import { Link, Trans, useI18next } from 'gatsby-plugin-react-i18next';
import { FaDownload } from 'react-icons/fa';
import { MdNotes } from 'react-icons/md';
import { MdVerifiedUser } from 'react-icons/md';
import { capitalize } from '../../util/capitalize';
import { localeDate } from '../../util/localeDate';
import { IoMdHelpBuoy } from 'react-icons/io';
import { PiFiles } from 'react-icons/pi';
import LinkText from '../LinkText'
import { Link, Trans, useI18next } from "gatsby-plugin-react-i18next"
import { FaDownload } from "react-icons/fa"
import { MdNotes } from "react-icons/md"
import { MdVerifiedUser } from "react-icons/md"
import { capitalize } from "../../util/capitalize"
import { localeDate } from "../../util/localeDate"
import { IoMdHelpBuoy } from "react-icons/io"
import { PiFiles } from "react-icons/pi"
import LinkText from "../LinkText"

const TemurinDownloadTable = ({results}) => {
const { language } = useI18next();
const TemurinDownloadTable = ({ results }) => {
const { language } = useI18next()

let source
if (results && results.source) {
source = results.source
}
let source
if (results && results.source) {
source = results.source
}

return (
return (
<>
{source &&
<p className='release-notes'>
<Link to={`/temurin/release-notes?version=${source.release_name}`}><MdNotes /><Trans>Release Notes</Trans></Link>
<Link to="/installation/"><IoMdHelpBuoy /><Trans>Installation Guide</Trans></Link>
<LinkText href={source.binary.package.link}><PiFiles /><Trans>Source Code</Trans></LinkText>
</p>
}
<table id="download-table" className="table table-bordered releases-table" style={{borderSpacing: '0 10px', borderCollapse: 'separate'}}>
<tbody className="table-light">
{results ? (
results.map(
(pkg, i): string | JSX.Element =>
pkg && (
<tr key={i}>
<td className="table-secondary py-4 align-middle w-25">
<a href={pkg.release_link} className="link-light">
<span className="text-white">{pkg.release_name}</span>
</a>
<span className="text-white d-block m-2">
Temurin <MdVerifiedUser data-toggle="tooltip" data-placement="bottom" title="This build is JCK certified" size={25} style={{ color: '#537FB9' }}/>
<Link to='/aqavit'>
<img
src='/images/aqavit-icon.png'
width={25}
alt='AQAvit logo'
data-toggle="tooltip"
data-placement="bottom"
title="This build is AQAvit Verified"
className='img-fluid'
/>
</Link>
</span>
<span className="text-white">{localeDate(pkg.release_date, language)}</span>
</td>
<td className="align-middle w-20">{capitalize(pkg.os)}</td>
<td className="align-middle w-20">{pkg.architecture === 'x32' ? 'x86' : pkg.architecture}</td>
<td className="align-middle">
<table className="table parent mb-0 w-auto">
{pkg.binaries.map(
(binary, i): string | JSX.Element =>
binary && (
<tbody key={i} className="table-light">
{binary.installer_link && (
<BinaryTable
checksum={binary.installer_checksum}
link={binary.installer_link}
extension={binary.installer_extension}
type={binary.type}
size={binary.installer_size}
os={capitalize(pkg.os)}
arch={pkg.architecture}
version={pkg.release_name}
/>
)}
<BinaryTable
checksum={binary.checksum}
link={binary.link}
extension={binary.extension}
type={binary.type}
size={binary.size}
os={capitalize(pkg.os)}
arch={pkg.architecture}
version={pkg.release_name}
/>
</tbody>
)
)}
</table>
</td>
</tr>
)
)
) :
<tr></tr>
}
</tbody>
</table>
</>
);
};

export default TemurinDownloadTable;

const BinaryTable = ({ checksum, link, extension, type, size, os, arch, version }) => {
return (
<tr>
<td className="align-middle text-center">
<table><tbody>
<tr>
<td>
{`${type} - ${size} MB`}
{source && (
<p className="release-notes">
<Link to={`/temurin/release-notes?version=${source.release_name}`}>
<MdNotes />
<Trans>Release Notes</Trans>
</Link>
<Link to="/installation/">
<IoMdHelpBuoy />
<Trans>Installation Guide</Trans>
</Link>
<LinkText href={source.binary.package.link}>
<PiFiles />
<Trans>Source Code</Trans>
</LinkText>
</p>
)}
<table
id="download-table"
className="table table-bordered releases-table"
style={{ borderSpacing: "0 10px", borderCollapse: "separate" }}
>
<tbody className="table-light">
{results ? (
results.map(
(pkg, i): string | JSX.Element =>
pkg && (
<tr key={i}>
<td className="table-secondary py-4 align-middle w-25">
<a href={pkg.release_link} className="link-light">
<span className="text-white">{pkg.release_name}</span>
</a>
<span className="text-white d-block m-2">
Temurin{" "}
<MdVerifiedUser
data-toggle="tooltip"
data-placement="bottom"
title="This build is JCK certified"
size={25}
style={{ color: "#537FB9" }}
/>
<Link to="/aqavit">
<img
src="/images/aqavit-icon.png"
width={25}
alt="AQAvit logo"
data-toggle="tooltip"
data-placement="bottom"
title="This build is AQAvit Verified"
className="img-fluid"
/>
</Link>
</span>
<span className="text-white">
{localeDate(pkg.release_date, language)}
</span>
</td>
</tr>
<tr>
<td>
<span className="fw-light">
<a href=""
data-bs-toggle="modal"
data-bs-target="#checksumModal"
data-bs-checksum={checksum}>
<small><Trans>Checksum</Trans></small>
</a>
</span>
<td className="align-middle w-20">{capitalize(pkg.os)}</td>
<td className="align-middle w-20">
{pkg.architecture === "x32" ? "x86" : pkg.architecture}
</td>
</tr>
<td className="align-middle">
<table className="table parent mb-0 w-auto">
{pkg.binaries.map(
(binary, i): string | JSX.Element =>
binary && (
<tbody key={i} className="table-light">
{binary.installer_link && (
<BinaryTable
checksum={binary.installer_checksum}
link={binary.installer_link}
extension={binary.installer_extension}
type={binary.type}
size={binary.installer_size}
os={capitalize(pkg.os)}
arch={pkg.architecture}
version={pkg.release_name}
/>
)}
<BinaryTable
checksum={binary.checksum}
link={binary.link}
extension={binary.extension}
type={binary.type}
size={binary.size}
os={capitalize(pkg.os)}
arch={pkg.architecture}
version={pkg.release_name}
/>
</tbody>
),
)}
</table>
</td>
</tr>
),
)
) : (
<tr></tr>
)}
</tbody>
</table>
</>
)
}

</tbody></table>
</td>
<td className="align-middle">
<Link to="/download" state={{ link: link, checksum: checksum, os: os, arch: arch, pkg_type: type, java_version: version }} className="btn btn-primary" style={{width: "6em"}}>
<FaDownload /> {extension}
</Link>
</td>
</tr>
)
}
export default TemurinDownloadTable

const BinaryTable = ({
checksum,
link,
extension,
type,
size,
os,
arch,
version,
}) => {
return (
<tr>
<td className="align-middle text-center">
<table>
<tbody>
<tr>
<td>{`${type} - ${size} MB`}</td>
</tr>
<tr>
<td>
<span className="fw-light">
<a
href=""
data-bs-toggle="modal"
data-bs-target="#checksumModal"
data-bs-checksum={checksum}
>
<small>
<Trans>Checksum</Trans>
</small>
</a>
</span>
</td>
</tr>
</tbody>
</table>
</td>
<td className="align-middle">
<Link
to="/download"
state={{
link: link,
checksum: checksum,
os: os,
arch: arch,
pkg_type: type,
java_version: version,
}}
className="btn btn-primary"
style={{ width: "6em" }}
>
<FaDownload /> {extension}
</Link>
</td>
</tr>
)
}
Loading

0 comments on commit f2a9073

Please sign in to comment.