That's a neat trick, Carsten. Thanks for sharing!
--
Ivan Ribakov
Software Engineer
On Fri, 29 Sept 2023 at 16:29, Carsten Bock via sr-users <
sr-users(a)lists.kamailio.org> wrote:
Hi,
We are using that "ldd" approach for our Docker containers: We are running
ldd on the Kamailio binary and the modules from config (may vary -
depending on system) and use that result to create a slim Kamailio
Container "from scratch" - without any operating system.
Thanks,
Carsten
--
Carsten Bock I Chief Technology Innovation Officer & Founder
ng-voice GmbH
Trostbrücke 1 I 20457 Hamburg I Germany
T +49 1511 5942983 I
www.ng-voice.com
Registry Office at Local Court Hamburg, HRB 120189
Managing Directors: Dr. David Bachmann, Carsten Bock, Quirin Maderspacher
Am Do., 28. Sept. 2023 um 19:22 Uhr schrieb Daniel-Constantin Mierla via
sr-users <sr-users(a)lists.kamailio.org>rg>:
On 28.09.23 13:13, Olle E. Johansson via sr-users wrote:
On 28 Sep 2023, at 12:36, Ivan Ribakov via sr-users
<sr-users(a)lists.kamailio.org> <sr-users(a)lists.kamailio.org> wrote:
Hi Olle,
Yes, I realised by now that taking enabled Kamailio modules into account
when generating SBOM is too much to ask. I'd be ok with obtaining full list
of Kamailio dependencies (with transitive dependencies if possible) and
then manually filtering them based on module usage. Not sure if at any
point during Kamailio build process all sources + dependency
sources/binaries are present in the system for scanning/identification?
I'm mainly interested in listing (and validating licenses) and having a
general inventory. Any recommendations?
I did try a beta of a tool in cyclonedx toolset for scanning C files and
it crashed. Will try again, but so far I haven’t succeeded.
I suggest we would need one SBOM based on a linux distro, like Debian and
one
more generic based on C code and the versions of libraries we recommend.
I have tried to add pointers to the various
third party dependencies in the READMEs over the years in a somewhat
unstructured effort, but the information is there.
Maybe we can add the dependencies in a way that’s parseable in order to
build an SBOM.
C code doesn’t have package management like Python, Perl, Go and others
so it’s tricky to automate creation of SBOMs.
I think that the SBOM tree for the source code and dependencies would
grow quite large.
Anyway - at this time, I failed. :-)
Maybe leveraging ldd in a first phase can help building the chain of
dependencies:
$ ldd src/kamailio
linux-vdso.so.1 (0x0000ffff91745000)
libm.so.6 => /lib/aarch64-linux-gnu/libm.so.6 (0x0000ffff90f30000)
libc.so.6 => /lib/aarch64-linux-gnu/libc.so.6 (0x0000ffff90d80000)
/lib/ld-linux-aarch64.so.1 (0x0000ffff9170c000)
$ ldd src/modules/tls/tls.so
linux-vdso.so.1 (0x0000ffff96e5d000)
libssl.so.3 => /lib/aarch64-linux-gnu/libssl.so.3 (0x0000ffff96ca0000)
libcrypto.so.3 => /lib/aarch64-linux-gnu/libcrypto.so.3
(0x0000ffff968b0000)
libc.so.6 => /lib/aarch64-linux-gnu/libc.so.6 (0x0000ffff96700000)
/lib/ld-linux-aarch64.so.1 (0x0000ffff96e24000)
$ ldd /lib/aarch64-linux-gnu/libcrypto.so.3
linux-vdso.so.1 (0x0000ffff9952c000)
libc.so.6 => /lib/aarch64-linux-gnu/libc.so.6 (0x0000ffff98f50000)
/lib/ld-linux-aarch64.so.1 (0x0000ffff994f3000)
Might take some time, a matter of what modules are used, but if really
needed, the process should be doable manually.
Cheers,
Daniel
--
Daniel-Constantin Mierla (@
asipto.com)twitter.com/miconda --
linkedin.com/in/miconda
Kamailio Consultancy and Development Services
Kamailio Advanced Training - Online - Nov 14-16, 2023 --
asipto.com
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe:
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe: