From 1e6e6d9c391afff8b441983ac0a1330f47902cfa Mon Sep 17 00:00:00 2001 From: Javier Romero Date: Thu, 18 Nov 2021 14:24:29 -0600 Subject: [PATCH 01/23] Bump platform API version to 0.8 --- platform.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/platform.md b/platform.md index 45ed367e..71594a2b 100644 --- a/platform.md +++ b/platform.md @@ -87,7 +87,7 @@ Examples of a platform might include: ## Platform API Version -This document specifies Platform API version `0.7`. +This document specifies Platform API version `0.8`. Platform API versions: - MUST be in form `.` or ``, where `` is equivalent to `.0` From d0aaf31408e1a3a16e6e3b6620fe7864600ca52c Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Wed, 15 Dec 2021 12:07:34 -0500 Subject: [PATCH 02/23] Updates platform spec to improve performance when restoring launch sboms from daemon Signed-off-by: Natalie Arellano --- platform.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/platform.md b/platform.md index 71594a2b..90970600 100644 --- a/platform.md +++ b/platform.md @@ -285,10 +285,12 @@ Usage: [-cache-image ] \ [-daemon] \ # sets [-gid ] \ + [-launch-cache ] \ [-layers ] \ [-log-level ] \ [-previous-image ] \ [-run-image ] \ + [-skip-layers ] \ [-stack ] \ [-tag ...] \ [-uid ] \ @@ -304,9 +306,11 @@ Usage: | `` | `CNB_GROUP_ID` | | Primary GID of the build image `User` | `` | `CNB_LAYERS_DIR` | `/layers` | Path to layers directory | `` | | | Tag reference to which the app image will be written +| `` | `CNB_LAUNCH_CACHE_DIR`| | Path to a cache directory containing launch layers | `` | `CNB_LOG_LEVEL` | `info` | Log Level | ``| `CNB_PREVIOUS_IMAGE` | `` | Image reference to be analyzed (usually the result of the previous build) | `` | `CNB_RUN_IMAGE` | resolved from `` | Run image reference +| `` | `CNB_SKIP_LAYERS` | `false` | Do not restore SBOM layer from previous image | `` | `CNB_STACK_PATH` | `/cnb/stack.toml` | Path to stack file (see [`stack.toml`](#stacktoml-toml)) | `...` | | | Additional tag to apply to exported image | `` | `CNB_USER_ID` | | UID of the build image `User` @@ -316,6 +320,7 @@ Usage: - **If** `` is `false` and the platform provides one or more `` inputs, each `` MUST refer to the same registry as ``. - **If** `` is `false`, ``, if provided, MUST be a valid image reference. - **If** `` is `true`, ``, if provided, MUST be either a valid image reference or an imageID. +- **If** `` is `true` the lifecycle MUST NOT restore the SBOM layer (if any) from the previous image. - **If** `` is not provided by the platform the lifecycle MUST [resolve](#run-image-resolution) the run image from the contents of `stack` or fail if `stack` does not contain a valid run image. - The lifecycle MUST accept valid references to non-existent ``, ``, and `` without error. - The lifecycle MUST ensure registry write access to ``, `` and any provided ``s. From 0034fb475c4bec5f48e19cd612b15464a7cab5be Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Wed, 15 Dec 2021 12:18:27 -0500 Subject: [PATCH 03/23] Clarify the definition of -skip-restore Signed-off-by: Natalie Arellano --- platform.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/platform.md b/platform.md index 71594a2b..ed341f0d 100644 --- a/platform.md +++ b/platform.md @@ -645,10 +645,10 @@ Running `creator` SHALL be equivalent to running `detector`, `analyzer`, `restor | Input | Environment Variable| Default Value| Description |-------------------|---------------------|--------------|---------------------- | ``| `CNB_PREVIOUS_IMAGE`| `` | Image reference to be analyzed (usually the result of the previous build) -| `` | `CNB_SKIP_RESTORE` | `false` | Do not write layer metadata or restore cached layers +| `` | `CNB_SKIP_RESTORE` | `false` | Do not write layer metadata, restore sbom layers, or restore cached layers | `...` | | | Additional tag to apply to exported image -- **If** `` is `true` the `creator` SHALL skip layer analysis and skip the entire Restore phase. +- **If** `` is `true` the `creator` SHALL skip sbom layer restoration and skip the entire Restore phase. - **If** the platform provides one or more `` inputs they SHALL be treated as additional `` inputs to the `exporter` ##### Outputs From 9db2976bb01e823f85b756dd8a34877587cbf079 Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Thu, 13 Jan 2022 11:17:50 -0500 Subject: [PATCH 04/23] Makes the platform api less aware of the buildpack api, thus decoupling the two. The platform api doesn't need to care in which buildpack api legacy boms are supported, only that they might be. Signed-off-by: Natalie Arellano --- platform.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/platform.md b/platform.md index 71594a2b..6c12b39d 100644 --- a/platform.md +++ b/platform.md @@ -937,7 +937,7 @@ Where: - `id`, `version`, and `api` MUST be present for each buildpack - `processes` contains the complete set of processes contributed by all buildpacks - `slices` contains the complete set of slices defined by all buildpacks -- `bom` contains the Bill of Materials contributed by buildpacks implementing Buildpack API < 0.7 +- `bom` contains the legacy Bill of Materials contributed by buildpacks (where [supported]((buildpack.md))) #### `order.toml` (TOML) @@ -1020,7 +1020,7 @@ Where: - **If** the app image was exported to a docker daemon - `imageID` MUST contain the imageID - **If** the app image was the result of a build operation - - `build.bom` MUST contain any build Bill of Materials entries returned by buildpacks implementing Buildpack API < 0.7 + - `build.bom` MUST contain any legacy build Bill of Materials entries returned by buildpacks (where [supported]((buildpack.md))) #### `stack.toml` (TOML) @@ -1087,7 +1087,7 @@ Where: Where: - `processes` MUST contain all buildpack contributed processes - `buildpacks` MUST contain the detected group -- `bom` MUST contain the Bill of Materials contributed by buildpacks implementing Buildpack API < 0.7 +- `bom` MUST contain the legacy Bill of Materials contributed by buildpacks (where [supported]((buildpack.md))) - `launcher.version` SHOULD contain the version of the `launcher` binary included in the app - `launcher.source.git.repository` SHOULD contain the git repository containing the `launcher` source code - `launcher.source.git.commit` SHOULD contain the git commit from which the given `launcher` was built From 23d9b6fe891efb037d6483562eac579439f439ac Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Thu, 13 Jan 2022 14:53:41 -0500 Subject: [PATCH 05/23] Update platform.md Signed-off-by: Natalie Arellano Co-authored-by: Emily Casey --- platform.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/platform.md b/platform.md index ed341f0d..c39655c2 100644 --- a/platform.md +++ b/platform.md @@ -645,7 +645,7 @@ Running `creator` SHALL be equivalent to running `detector`, `analyzer`, `restor | Input | Environment Variable| Default Value| Description |-------------------|---------------------|--------------|---------------------- | ``| `CNB_PREVIOUS_IMAGE`| `` | Image reference to be analyzed (usually the result of the previous build) -| `` | `CNB_SKIP_RESTORE` | `false` | Do not write layer metadata, restore sbom layers, or restore cached layers +| `` | `CNB_SKIP_RESTORE` | `false` | Prevent buildpacks from reusing layers from previous builds, by skipping the restoration of any data to each buildpack's layers directory, with the exception of `store.toml`. | `...` | | | Additional tag to apply to exported image - **If** `` is `true` the `creator` SHALL skip sbom layer restoration and skip the entire Restore phase. From 2685b3ffd08e93551dee1fea0321ff5855ada2bb Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Fri, 14 Jan 2022 15:23:25 -0500 Subject: [PATCH 06/23] Update platform.md Signed-off-by: Natalie Arellano Co-authored-by: Anthony Emengo --- platform.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/platform.md b/platform.md index 6c12b39d..9b9f16e3 100644 --- a/platform.md +++ b/platform.md @@ -1087,7 +1087,7 @@ Where: Where: - `processes` MUST contain all buildpack contributed processes - `buildpacks` MUST contain the detected group -- `bom` MUST contain the legacy Bill of Materials contributed by buildpacks (where [supported]((buildpack.md))) +- `bom` MUST contain the legacy Bill of Materials contributed by buildpacks (where [supported](buildpack.md)) - `launcher.version` SHOULD contain the version of the `launcher` binary included in the app - `launcher.source.git.repository` SHOULD contain the git repository containing the `launcher` source code - `launcher.source.git.commit` SHOULD contain the git commit from which the given `launcher` was built From 39cff8268a5c3fe1ade52f4274a3dd807075d326 Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Fri, 14 Jan 2022 15:23:31 -0500 Subject: [PATCH 07/23] Update platform.md Signed-off-by: Natalie Arellano Co-authored-by: Anthony Emengo --- platform.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/platform.md b/platform.md index 9b9f16e3..9807e54e 100644 --- a/platform.md +++ b/platform.md @@ -937,7 +937,7 @@ Where: - `id`, `version`, and `api` MUST be present for each buildpack - `processes` contains the complete set of processes contributed by all buildpacks - `slices` contains the complete set of slices defined by all buildpacks -- `bom` contains the legacy Bill of Materials contributed by buildpacks (where [supported]((buildpack.md))) +- `bom` contains the legacy Bill of Materials contributed by buildpacks (where [supported](buildpack.md)) #### `order.toml` (TOML) From afb61bb4711176c8ead5af0322e845c2d3f842a2 Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Fri, 14 Jan 2022 15:23:38 -0500 Subject: [PATCH 08/23] Update platform.md Signed-off-by: Natalie Arellano Co-authored-by: Anthony Emengo --- platform.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/platform.md b/platform.md index 9807e54e..69fa8868 100644 --- a/platform.md +++ b/platform.md @@ -1020,7 +1020,7 @@ Where: - **If** the app image was exported to a docker daemon - `imageID` MUST contain the imageID - **If** the app image was the result of a build operation - - `build.bom` MUST contain any legacy build Bill of Materials entries returned by buildpacks (where [supported]((buildpack.md))) + - `build.bom` MUST contain any legacy build Bill of Materials entries returned by buildpacks (where [supported](buildpack.md)) #### `stack.toml` (TOML) From a2358f32fa548a73a37f33de4077675633b6c445 Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Thu, 27 Jan 2022 11:51:37 -0500 Subject: [PATCH 09/23] Process specific working directory Signed-off-by: Natalie Arellano --- platform.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/platform.md b/platform.md index ebbb5434..563dec55 100644 --- a/platform.md +++ b/platform.md @@ -746,27 +746,31 @@ Usage: | `` | | | Process execution strategy | `` | | | Command to execute | `` | | | Arguments to command +| `` | | | Process working directory | `/config/metadata.toml` | | | Build metadata (see [`metadata.toml`](#metadatatoml-toml) | `///` | | | Launch Layers -A command (``), arguments to that command (``), and an execution strategy (``) comprise a process definition. Processes MAY be buildpack-defined or user-defined. +A command (``), arguments to that command (``), a working directory (``), and an execution strategy (``) comprise a process definition. Processes MAY be buildpack-defined or user-defined. The launcher: -- MUST derive the values of ``, ``, and `` as follows: +- MUST derive the values of ``, ``, ``, and `` as follows: - **If** the final path element in `$0`, matches the type of any buildpack-provided process type - `` SHALL be the final path element in `$0` - The lifecycle: - MUST select the process with type equal to `` from `/config/metadata.toml` - MUST append any user-provided `` to process arguments + - MUST set `` to `` if not defined - **Else** - **If** `$1` is `--` - `` SHALL be `true` - `` SHALL be `$2` - `` SHALL be `${@3:}` + - `` SHALL be `` - **Else** - `` SHALL be `false` - `` SHALL be `$1` - `` SHALL be `${@2:}` + - `` ##### Outputs If the launcher errors before executing the process it will have one of the following error codes: @@ -931,6 +935,7 @@ type = "" command = "" args = [""] direct = false +working-directory = "" [[slices]] paths = [""] @@ -1056,7 +1061,8 @@ Where: "args": [ "" ], - "direct": false + "direct": false, + "working-directory": "", } ], "buildpacks": [ From f56cf851b6f2ce7d6758db940b417f5974095a2a Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Wed, 9 Feb 2022 14:07:33 -0500 Subject: [PATCH 10/23] Update platform.md Signed-off-by: Natalie Arellano Co-authored-by: Emily Casey --- platform.md | 1 - 1 file changed, 1 deletion(-) diff --git a/platform.md b/platform.md index 563dec55..d99c6b33 100644 --- a/platform.md +++ b/platform.md @@ -746,7 +746,6 @@ Usage: | `` | | | Process execution strategy | `` | | | Command to execute | `` | | | Arguments to command -| `` | | | Process working directory | `/config/metadata.toml` | | | Build metadata (see [`metadata.toml`](#metadatatoml-toml) | `///` | | | Launch Layers From 61351819c1c100b499cc4802964d80b32c0e2e16 Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Fri, 11 Feb 2022 09:58:52 -0500 Subject: [PATCH 11/23] Add mechanism for platform to provide image creation time. Signed-off-by: Natalie Arellano --- platform.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/platform.md b/platform.md index ebbb5434..159706db 100644 --- a/platform.md +++ b/platform.md @@ -872,6 +872,9 @@ To achieve reproducibility the lifecycle SHOULD set the following to a constant, - file modification times in generated layers - image creation time +The platform MAY set `SOURCE_DATE_EPOCH` in the lifecycle execution environment, where the value of `SOURCE_DATE_EPOCH` MUST be a [UNIX timestamp](https://reproducible-builds.org/specs/source-date-epoch/). +If `SOURCE_DATE_EPOCH` is set, the lifecycle SHOULD set the image creation time to its value. + Because compressions algorithms and manifest whitespace affect the image digest, an app image exported to the docker daemon and subsequently pushed to a registry MAY have a different digest than an app image exported directly to a registry by the lifecycle, even when all other inputs are held constant. If buildpacks do not generate layer contents or layer metadata reproducibly, builds MAY NOT be reproducibile even when identical source code and buildpacks are provided to the lifecycle. From 57ea1c94646045161897b64384b2100416cafeb4 Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Wed, 16 Feb 2022 10:57:46 -0500 Subject: [PATCH 12/23] Further clarification Signed-off-by: Natalie Arellano --- platform.md | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/platform.md b/platform.md index d99c6b33..b0a1b4c2 100644 --- a/platform.md +++ b/platform.md @@ -738,16 +738,16 @@ Usage: /cnb/lifecycle/launcher [--] [ ...] ``` ##### Inputs -| Input | Environment Variable | Default Value | Description -|---------------------|-----------------------|----------------|--------------------------------------- -| `` | `CNB_APP_DIR` | `/workspace` | Path to application directory -| `` | `CNB_LAYERS_DIR` | `/layers` | Path to layer directory -| `` | | | `type` of process to launch -| `` | | | Process execution strategy -| `` | | | Command to execute -| `` | | | Arguments to command -| `/config/metadata.toml` | | | Build metadata (see [`metadata.toml`](#metadatatoml-toml) -| `///` | | | Launch Layers +| Input | Environment Variable | Default Value | Description | +|------------------------------------|----------------------|---------------|-----------------------------------------------------------| +| `` | `CNB_APP_DIR` | `/workspace` | Path to application directory | +| `` | `CNB_LAYERS_DIR` | `/layers` | Path to layer directory | +| `` | | | `type` of process to launch | +| `` | | | Process execution strategy | +| `` | | | Command to execute | +| `` | | | Arguments to command | +| `/config/metadata.toml` | | | Build metadata (see [`metadata.toml`](#metadatatoml-toml) | +| `///` | | | Launch Layers | A command (``), arguments to that command (``), a working directory (``), and an execution strategy (``) comprise a process definition. Processes MAY be buildpack-defined or user-defined. @@ -757,8 +757,8 @@ The launcher: - `` SHALL be the final path element in `$0` - The lifecycle: - MUST select the process with type equal to `` from `/config/metadata.toml` + - MUST set `` to the value defined for the process in `/config/metadata.toml`, or to `` if not defined - MUST append any user-provided `` to process arguments - - MUST set `` to `` if not defined - **Else** - **If** `$1` is `--` - `` SHALL be `true` @@ -774,11 +774,11 @@ The launcher: ##### Outputs If the launcher errors before executing the process it will have one of the following error codes: -| Exit Code | Result| -|-----------|-------| -| `11` | Platform API incompatibility error -| `12` | Buildpack API incompatibility error -| `80-89`| Launch-specific lifecycle errors +| Exit Code | Result | +|-----------|-------------------------------------| +| `11` | Platform API incompatibility error | +| `12` | Buildpack API incompatibility error | +| `80-89` | Launch-specific lifecycle errors | Otherwise, the exit code shall be the exit code of the launched process. From d6060b7c0b3a86b7cec27d901b66d84a7f925be2 Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Wed, 16 Feb 2022 13:56:02 -0500 Subject: [PATCH 13/23] Add details for exporter Signed-off-by: Natalie Arellano --- platform.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/platform.md b/platform.md index 159706db..ea8f592f 100644 --- a/platform.md +++ b/platform.md @@ -546,6 +546,7 @@ Usage: | `` | `CNB_STACK_PATH` | `/cnb/stack.toml` | Path to stack file (see [`stack.toml`](#stacktoml-toml) | `` | `CNB_USER_ID` | | UID of the build image `User` | `/config/metadata.toml` | | | Build metadata (see [`metadata.toml`](#metadatatoml-toml) +| | `SOURCE_DATE_EPOCH` | | Timestamp for `created` time in app image config | - At least one `` must be provided - Each `` MUST be a valid tag reference @@ -601,7 +602,7 @@ Usage: - `io.buildpacks.build.metadata`: see [build metadata](#iobuildpacksbuildmetadata-json) - To ensure [build reproducibility](#build-reproducibility), the lifecycle: - SHOULD set the modification time of all files in newly created layers to a constant value - - SHOULD set the `created` time in image config to a constant value + - SHOULD set the `created` time in image config to `SOURCE_DATE_EPOCH`, or to a constant value if not defined - The lifecycle SHALL write a [report](#reporttoml-toml) to `` describing the exported app image From 843dfdec90c07469f0b579d411000847242ad459 Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Thu, 17 Feb 2022 11:10:17 -0500 Subject: [PATCH 14/23] Fix incorrect layer sbom paths in platform spec Signed-off-by: Natalie Arellano --- platform.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/platform.md b/platform.md index ebbb5434..41ba9a7f 100644 --- a/platform.md +++ b/platform.md @@ -575,8 +575,8 @@ Usage: - All run-image config values SHALL be preserved unless this conflicts with another requirement - MUST contain all buildpack-provided launch layers as determined by the [Buildpack Interface Specfication](buildpack.md) - MUST contain a layer containing all buildpack-provided Software Bill of Materials (SBOM) files for `launch` as determined by the [Buildpack Interface Specfication](buildpack.md) if they are present - - `/sbom//launch.sbom.` MUST contain the buildpack-provided `launch` SBOM - - `/sbom///launch.sbom.` MUST contain the buildpack-provided layer SBOM if `` is a `launch` layer + - `/sbom/launch//sbom.` MUST contain the buildpack-provided `launch` SBOM + - `/sbom/launch///sbom.` MUST contain the buildpack-provided layer SBOM if `` is a `launch` layer - MUST contain one or more app layers as determined by the [Buildpack Interface Specfication](buildpack.md) - MUST contain one or more launcher layers that include: - A file with the contents of the `` file at path `/cnb/lifecycle/launcher` @@ -607,8 +607,8 @@ Usage: - The `` directory: - MUST include all buildpack-provided Software Bill of Materials (SBOM) files for `build` as determined by the [Buildpack Interface Specfication](buildpack.md) if they are present - - `/sbom//build.sbom.` MUST contain the buildpack-provided `build` SBOM - - `/sbom///build.sbom.` MUST contain the buildpack-provided layer SBOM if `` is not a `launch` layer + - `/sbom/build//sbom.` MUST contain the buildpack-provided `build` SBOM + - `/sbom/build///sbom.` MUST contain the buildpack-provided layer SBOM if `` is not a `launch` layer - *If* a cache is provided the lifecycle: - SHALL write the contents of all cached layers and any provided layer-associated SBOM files to the cache From 7261f55aad4bdcb10a5ebb6d73b580de16c3573b Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Wed, 2 Mar 2022 17:59:32 -0500 Subject: [PATCH 15/23] Update platform.md Signed-off-by: Natalie Arellano --- platform.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/platform.md b/platform.md index b0a1b4c2..053f4587 100644 --- a/platform.md +++ b/platform.md @@ -934,7 +934,7 @@ type = "" command = "" args = [""] direct = false -working-directory = "" +working-dir = "" [[slices]] paths = [""] From 968f7c4a589186ea46bb1165492d4360d6f617d3 Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Wed, 2 Mar 2022 18:01:59 -0500 Subject: [PATCH 16/23] Change working-directory to working-dir Signed-off-by: Natalie Arellano --- platform.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/platform.md b/platform.md index 053f4587..ab752139 100644 --- a/platform.md +++ b/platform.md @@ -749,27 +749,27 @@ Usage: | `/config/metadata.toml` | | | Build metadata (see [`metadata.toml`](#metadatatoml-toml) | | `///` | | | Launch Layers | -A command (``), arguments to that command (``), a working directory (``), and an execution strategy (``) comprise a process definition. Processes MAY be buildpack-defined or user-defined. +A command (``), arguments to that command (``), a working directory (``), and an execution strategy (``) comprise a process definition. Processes MAY be buildpack-defined or user-defined. The launcher: -- MUST derive the values of ``, ``, ``, and `` as follows: +- MUST derive the values of ``, ``, ``, and `` as follows: - **If** the final path element in `$0`, matches the type of any buildpack-provided process type - `` SHALL be the final path element in `$0` - The lifecycle: - MUST select the process with type equal to `` from `/config/metadata.toml` - - MUST set `` to the value defined for the process in `/config/metadata.toml`, or to `` if not defined + - MUST set `` to the value defined for the process in `/config/metadata.toml`, or to `` if not defined - MUST append any user-provided `` to process arguments - **Else** - **If** `$1` is `--` - `` SHALL be `true` - `` SHALL be `$2` - `` SHALL be `${@3:}` - - `` SHALL be `` + - `` SHALL be `` - **Else** - `` SHALL be `false` - `` SHALL be `$1` - `` SHALL be `${@2:}` - - `` + - `` ##### Outputs If the launcher errors before executing the process it will have one of the following error codes: @@ -1061,7 +1061,7 @@ Where: "" ], "direct": false, - "working-directory": "", + "working-dir": "", } ], "buildpacks": [ From 6f6491046af56e9ca6342e0cf4c6920a8fa36449 Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Thu, 27 Jan 2022 11:16:09 -0500 Subject: [PATCH 17/23] Remove legacy bom for platform/0.9 Legacy boms output by older buildpacks will be ignored by the platform. Signed-off-by: Natalie Arellano --- platform.md | 31 +------------------------------ 1 file changed, 1 insertion(+), 30 deletions(-) diff --git a/platform.md b/platform.md index 41ba9a7f..74c18306 100644 --- a/platform.md +++ b/platform.md @@ -498,7 +498,7 @@ Usage: - The lifecycle SHALL execute all buildpacks in the order defined in `` according to the process outlined in the [Buildpack Interface Specification](buildpack.md). - The lifecycle SHALL add all invoked buildpacks to`/config/metadata.toml`. -- The lifecycle SHALL aggregate all `processes`, `slices` and `bom` entries returned by buildpacks in `/config/metadata.toml`. +- The lifecycle SHALL aggregate all `processes` and `slices` returned by buildpacks in `/config/metadata.toml`. - The lifecycle SHALL record the buildpack-provided default process type in `/config/metadata.toml`. - The lifecycle SHALL treat `web` processes defined by buildpacks implementing Buildpack API < 0.6 as `default = true`. @@ -934,15 +934,12 @@ direct = false [[slices]] paths = [""] - -[bom] ``` Where: - `id`, `version`, and `api` MUST be present for each buildpack - `processes` contains the complete set of processes contributed by all buildpacks - `slices` contains the complete set of slices defined by all buildpacks -- `bom` contains the legacy Bill of Materials contributed by buildpacks (where [supported](buildpack.md)) #### `order.toml` (TOML) @@ -1005,17 +1002,6 @@ tags = [""] digest = "" image-id = "" manifest-size = "" - -[build] -[[build.bom]] -name = "" - -[build.bom.metadata] -version = "" - -[build.bom.buildpack] -id = "" -version = "" ``` Where: - `tags` MUST contain all tag references to the exported app image @@ -1024,8 +1010,6 @@ Where: - `manifest-size` MUST contain the manifest size in bytes - **If** the app image was exported to a docker daemon - `imageID` MUST contain the imageID -- **If** the app image was the result of a build operation - - `build.bom` MUST contain any legacy build Bill of Materials entries returned by buildpacks (where [supported](buildpack.md)) #### `stack.toml` (TOML) @@ -1066,18 +1050,6 @@ Where: "homepage": "" } ], - "bom": [ - { - "name": "", - "metadata": { - // arbitrary buildpack provided metadata - }, - "buildpack": { - "id": "", - "version": "" - } - }, - ], "launcher": { "version": "", "source": { @@ -1092,7 +1064,6 @@ Where: Where: - `processes` MUST contain all buildpack contributed processes - `buildpacks` MUST contain the detected group -- `bom` MUST contain the legacy Bill of Materials contributed by buildpacks (where [supported](buildpack.md)) - `launcher.version` SHOULD contain the version of the `launcher` binary included in the app - `launcher.source.git.repository` SHOULD contain the git repository containing the `launcher` source code - `launcher.source.git.commit` SHOULD contain the git commit from which the given `launcher` was built From 69ca1c31b54df915e1a5632adfc4e7639361f329 Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Tue, 8 Mar 2022 14:11:41 -0500 Subject: [PATCH 18/23] Specify where legacy boms can be found by the platform Signed-off-by: Natalie Arellano --- platform.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/platform.md b/platform.md index 74c18306..3ada0c59 100644 --- a/platform.md +++ b/platform.md @@ -577,6 +577,7 @@ Usage: - MUST contain a layer containing all buildpack-provided Software Bill of Materials (SBOM) files for `launch` as determined by the [Buildpack Interface Specfication](buildpack.md) if they are present - `/sbom/launch//sbom.` MUST contain the buildpack-provided `launch` SBOM - `/sbom/launch///sbom.` MUST contain the buildpack-provided layer SBOM if `` is a `launch` layer + - `/sbom/launch//sbom.legacy.json` MAY contain the legacy non-standard Bill of Materials for `launch` (where [supported](buildpack.md)) - MUST contain one or more app layers as determined by the [Buildpack Interface Specfication](buildpack.md) - MUST contain one or more launcher layers that include: - A file with the contents of the `` file at path `/cnb/lifecycle/launcher` @@ -608,8 +609,8 @@ Usage: - The `` directory: - MUST include all buildpack-provided Software Bill of Materials (SBOM) files for `build` as determined by the [Buildpack Interface Specfication](buildpack.md) if they are present - `/sbom/build//sbom.` MUST contain the buildpack-provided `build` SBOM - - `/sbom/build///sbom.` MUST contain the buildpack-provided layer SBOM if `` is not a `launch` layer - + - `/sbom/build///sbom.` MUST contain the buildpack-provided layer SBOM if `` is not a `launch` layer - `/sbom/build//sbom.legacy.json` MAY contain the legacy non-standard Bill of Materials for `build` (where [supported](buildpack.md)) + - `/sbom/build//sbom.legacy.json` MAY contain the legacy non-standard Bill of Materials for `build` (where [supported](buildpack.md)) - *If* a cache is provided the lifecycle: - SHALL write the contents of all cached layers and any provided layer-associated SBOM files to the cache - SHALL record the diffID and layer content metadata of all cached layers in the cache From 4ecdae57a9ab88caae93036f2862fdff7c6d3ea8 Mon Sep 17 00:00:00 2001 From: Sambhav Kothari Date: Wed, 9 Mar 2022 23:19:05 +0000 Subject: [PATCH 19/23] Change legacy sbom location to a top level combined one Signed-off-by: Sambhav Kothari --- platform.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/platform.md b/platform.md index 3eb707c6..ee821eb7 100644 --- a/platform.md +++ b/platform.md @@ -577,7 +577,7 @@ Usage: - MUST contain a layer containing all buildpack-provided Software Bill of Materials (SBOM) files for `launch` as determined by the [Buildpack Interface Specfication](buildpack.md) if they are present - `/sbom/launch//sbom.` MUST contain the buildpack-provided `launch` SBOM - `/sbom/launch///sbom.` MUST contain the buildpack-provided layer SBOM if `` is a `launch` layer - - `/sbom/launch//sbom.legacy.json` MAY contain the legacy non-standard Bill of Materials for `launch` (where [supported](buildpack.md)) + - `/sbom/launch/sbom.legacy.json` MAY contain the legacy non-standard Bill of Materials for `launch` (where [supported](buildpack.md)) - MUST contain one or more app layers as determined by the [Buildpack Interface Specfication](buildpack.md) - MUST contain one or more launcher layers that include: - A file with the contents of the `` file at path `/cnb/lifecycle/launcher` @@ -609,8 +609,8 @@ Usage: - The `` directory: - MUST include all buildpack-provided Software Bill of Materials (SBOM) files for `build` as determined by the [Buildpack Interface Specfication](buildpack.md) if they are present - `/sbom/build//sbom.` MUST contain the buildpack-provided `build` SBOM - - `/sbom/build///sbom.` MUST contain the buildpack-provided layer SBOM if `` is not a `launch` layer - `/sbom/build//sbom.legacy.json` MAY contain the legacy non-standard Bill of Materials for `build` (where [supported](buildpack.md)) - - `/sbom/build//sbom.legacy.json` MAY contain the legacy non-standard Bill of Materials for `build` (where [supported](buildpack.md)) + - `/sbom/build///sbom.` MUST contain the buildpack-provided layer SBOM if `` is not a `launch` layer. + - `/sbom/build/sbom.legacy.json` MAY contain the legacy non-standard Bill of Materials for `build` (where [supported](buildpack.md)) - *If* a cache is provided the lifecycle: - SHALL write the contents of all cached layers and any provided layer-associated SBOM files to the cache - SHALL record the diffID and layer content metadata of all cached layers in the cache From a3ff2cbe3897309f2ce0dccd74828372276b5c6f Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Wed, 16 Mar 2022 10:09:25 -0400 Subject: [PATCH 20/23] Remove superfluous wording in reproducibility Signed-off-by: Natalie Arellano --- platform.md | 3 --- 1 file changed, 3 deletions(-) diff --git a/platform.md b/platform.md index ea8f592f..1384d15a 100644 --- a/platform.md +++ b/platform.md @@ -873,9 +873,6 @@ To achieve reproducibility the lifecycle SHOULD set the following to a constant, - file modification times in generated layers - image creation time -The platform MAY set `SOURCE_DATE_EPOCH` in the lifecycle execution environment, where the value of `SOURCE_DATE_EPOCH` MUST be a [UNIX timestamp](https://reproducible-builds.org/specs/source-date-epoch/). -If `SOURCE_DATE_EPOCH` is set, the lifecycle SHOULD set the image creation time to its value. - Because compressions algorithms and manifest whitespace affect the image digest, an app image exported to the docker daemon and subsequently pushed to a registry MAY have a different digest than an app image exported directly to a registry by the lifecycle, even when all other inputs are held constant. If buildpacks do not generate layer contents or layer metadata reproducibly, builds MAY NOT be reproducibile even when identical source code and buildpacks are provided to the lifecycle. From e5db594303c96ff53e671ec4aa098e4d869d1e55 Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Wed, 30 Mar 2022 15:05:18 -0400 Subject: [PATCH 21/23] Bump platform version Signed-off-by: Natalie Arellano --- platform.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/platform.md b/platform.md index 6dcfe62c..4cbf40cf 100644 --- a/platform.md +++ b/platform.md @@ -87,7 +87,7 @@ Examples of a platform might include: ## Platform API Version -This document specifies Platform API version `0.8`. +This document specifies Platform API version `0.9`. Platform API versions: - MUST be in form `.` or ``, where `` is equivalent to `.0` From 58cd5509d555c7335ed94e7d0b1b3f03550bdac2 Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Wed, 30 Mar 2022 15:55:03 -0400 Subject: [PATCH 22/23] Bump versions in README Signed-off-by: Natalie Arellano --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8ba3162e..025ab99e 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,6 @@ When the specification refers to a path in the context of an OCI layer tar (e.g. These documents currently specify: -- Buildpack API: `0.6` +- Buildpack API: `0.8` - Distribution API: `0.3` -- Platform API: `0.7` +- Platform API: `0.9` From 31b1cf7707ae2f061d2066f8d55271958b75e365 Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Wed, 6 Apr 2022 13:46:07 -0400 Subject: [PATCH 23/23] Move buildpack api version bump to other PR Signed-off-by: Natalie Arellano --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 025ab99e..5cab2152 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,6 @@ When the specification refers to a path in the context of an OCI layer tar (e.g. These documents currently specify: -- Buildpack API: `0.8` +- Buildpack API: `0.6` - Distribution API: `0.3` - Platform API: `0.9`