From 05cc8ee5f43e4dff3f01cf24bc38c7af3d0fdfa5 Mon Sep 17 00:00:00 2001 From: Ludovic Henry Date: Mon, 27 Apr 2026 12:21:41 +0200 Subject: [PATCH] Add support for linux-riscv64 (#4757) --- .goreleaser.yaml | 56 ++++++++++++++++++- Dockerfile | 3 +- Dockerfile.debug | 3 +- Dockerfile.nonroot | 3 +- install.sh | 1 + schema/cyclonedx/cyclonedx.json | 1 + schema/cyclonedx/cyclonedx.xsd | 1 + .../install/1_download_snapshot_asset_test.sh | 4 ++ test/install/3_install_asset_test.sh | 6 ++ .../testdata/assets/invalid/checksums.txt | 4 ++ .../testdata/assets/valid/checksums.txt | 4 ++ 11 files changed, 82 insertions(+), 4 deletions(-) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index eaf89dfc3..3edce4f6d 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -14,7 +14,7 @@ builds: dir: ./cmd/syft binary: syft goos: [linux] - goarch: [amd64, arm64, ppc64le, s390x] + goarch: [amd64, arm64, ppc64le, riscv64, s390x] mod_timestamp: &build-timestamp '{{ .CommitTimestamp }}' ldflags: &build-ldflags | -w @@ -114,6 +114,20 @@ dockers: - "--build-arg=VCS_REF={{.FullCommit}}" - "--build-arg=VCS_URL={{.GitURL}}" + - image_templates: + - anchore/syft:{{.Tag}}-riscv64 + - ghcr.io/anchore/syft:{{.Tag}}-riscv64 + goarch: riscv64 + dockerfile: Dockerfile + use: buildx + build_flag_templates: + - "--platform=linux/riscv64" + - "--build-arg=DEBIAN_VERSION=13" + - "--build-arg=BUILD_DATE={{.Date}}" + - "--build-arg=BUILD_VERSION={{.Version}}" + - "--build-arg=VCS_REF={{.FullCommit}}" + - "--build-arg=VCS_URL={{.GitURL}}" + - image_templates: - anchore/syft:{{.Tag}}-s390x - ghcr.io/anchore/syft:{{.Tag}}-s390x @@ -167,6 +181,20 @@ dockers: - "--build-arg=VCS_REF={{.FullCommit}}" - "--build-arg=VCS_URL={{.GitURL}}" + - image_templates: + - anchore/syft:{{.Tag}}-nonroot-riscv64 + - ghcr.io/anchore/syft:{{.Tag}}-nonroot-riscv64 + goarch: riscv64 + dockerfile: Dockerfile.nonroot + use: buildx + build_flag_templates: + - "--platform=linux/riscv64" + - "--build-arg=DEBIAN_VERSION=13" + - "--build-arg=BUILD_DATE={{.Date}}" + - "--build-arg=BUILD_VERSION={{.Version}}" + - "--build-arg=VCS_REF={{.FullCommit}}" + - "--build-arg=VCS_URL={{.GitURL}}" + - image_templates: - anchore/syft:{{.Tag}}-nonroot-s390x - ghcr.io/anchore/syft:{{.Tag}}-nonroot-s390x @@ -220,6 +248,20 @@ dockers: - "--build-arg=VCS_REF={{.FullCommit}}" - "--build-arg=VCS_URL={{.GitURL}}" + - image_templates: + - anchore/syft:{{.Tag}}-debug-riscv64 + - ghcr.io/anchore/syft:{{.Tag}}-debug-riscv64 + goarch: riscv64 + dockerfile: Dockerfile.debug + use: buildx + build_flag_templates: + - "--platform=linux/riscv64" + - "--build-arg=DEBIAN_VERSION=13" + - "--build-arg=BUILD_DATE={{.Date}}" + - "--build-arg=BUILD_VERSION={{.Version}}" + - "--build-arg=VCS_REF={{.FullCommit}}" + - "--build-arg=VCS_URL={{.GitURL}}" + - image_templates: - anchore/syft:{{.Tag}}-debug-s390x - ghcr.io/anchore/syft:{{.Tag}}-debug-s390x @@ -239,6 +281,7 @@ docker_manifests: - anchore/syft:{{.Tag}}-amd64 - anchore/syft:{{.Tag}}-arm64v8 - anchore/syft:{{.Tag}}-ppc64le + - anchore/syft:{{.Tag}}-riscv64 - anchore/syft:{{.Tag}}-s390x - name_template: ghcr.io/anchore/syft:latest @@ -246,6 +289,7 @@ docker_manifests: - ghcr.io/anchore/syft:{{.Tag}}-amd64 - ghcr.io/anchore/syft:{{.Tag}}-arm64v8 - ghcr.io/anchore/syft:{{.Tag}}-ppc64le + - ghcr.io/anchore/syft:{{.Tag}}-riscv64 - ghcr.io/anchore/syft:{{.Tag}}-s390x - name_template: anchore/syft:{{.Tag}} @@ -253,6 +297,7 @@ docker_manifests: - anchore/syft:{{.Tag}}-amd64 - anchore/syft:{{.Tag}}-arm64v8 - anchore/syft:{{.Tag}}-ppc64le + - anchore/syft:{{.Tag}}-riscv64 - anchore/syft:{{.Tag}}-s390x - name_template: ghcr.io/anchore/syft:{{.Tag}} @@ -260,6 +305,7 @@ docker_manifests: - ghcr.io/anchore/syft:{{.Tag}}-amd64 - ghcr.io/anchore/syft:{{.Tag}}-arm64v8 - ghcr.io/anchore/syft:{{.Tag}}-ppc64le + - ghcr.io/anchore/syft:{{.Tag}}-riscv64 - ghcr.io/anchore/syft:{{.Tag}}-s390x # nonroot images... @@ -268,6 +314,7 @@ docker_manifests: - anchore/syft:{{.Tag}}-nonroot-amd64 - anchore/syft:{{.Tag}}-nonroot-arm64v8 - anchore/syft:{{.Tag}}-nonroot-ppc64le + - anchore/syft:{{.Tag}}-nonroot-riscv64 - anchore/syft:{{.Tag}}-nonroot-s390x - name_template: ghcr.io/anchore/syft:nonroot @@ -275,6 +322,7 @@ docker_manifests: - ghcr.io/anchore/syft:{{.Tag}}-nonroot-amd64 - ghcr.io/anchore/syft:{{.Tag}}-nonroot-arm64v8 - ghcr.io/anchore/syft:{{.Tag}}-nonroot-ppc64le + - ghcr.io/anchore/syft:{{.Tag}}-nonroot-riscv64 - ghcr.io/anchore/syft:{{.Tag}}-nonroot-s390x - name_template: anchore/syft:{{.Tag}}-nonroot @@ -282,6 +330,7 @@ docker_manifests: - anchore/syft:{{.Tag}}-nonroot-amd64 - anchore/syft:{{.Tag}}-nonroot-arm64v8 - anchore/syft:{{.Tag}}-nonroot-ppc64le + - anchore/syft:{{.Tag}}-nonroot-riscv64 - anchore/syft:{{.Tag}}-nonroot-s390x - name_template: ghcr.io/anchore/syft:{{.Tag}}-nonroot @@ -289,6 +338,7 @@ docker_manifests: - ghcr.io/anchore/syft:{{.Tag}}-nonroot-amd64 - ghcr.io/anchore/syft:{{.Tag}}-nonroot-arm64v8 - ghcr.io/anchore/syft:{{.Tag}}-nonroot-ppc64le + - ghcr.io/anchore/syft:{{.Tag}}-nonroot-riscv64 - ghcr.io/anchore/syft:{{.Tag}}-nonroot-s390x # debug images... @@ -297,6 +347,7 @@ docker_manifests: - anchore/syft:{{.Tag}}-debug-amd64 - anchore/syft:{{.Tag}}-debug-arm64v8 - anchore/syft:{{.Tag}}-debug-ppc64le + - anchore/syft:{{.Tag}}-debug-riscv64 - anchore/syft:{{.Tag}}-debug-s390x - name_template: ghcr.io/anchore/syft:debug @@ -304,6 +355,7 @@ docker_manifests: - ghcr.io/anchore/syft:{{.Tag}}-debug-amd64 - ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8 - ghcr.io/anchore/syft:{{.Tag}}-debug-ppc64le + - ghcr.io/anchore/syft:{{.Tag}}-debug-riscv64 - ghcr.io/anchore/syft:{{.Tag}}-debug-s390x - name_template: anchore/syft:{{.Tag}}-debug @@ -311,6 +363,7 @@ docker_manifests: - anchore/syft:{{.Tag}}-debug-amd64 - anchore/syft:{{.Tag}}-debug-arm64v8 - anchore/syft:{{.Tag}}-debug-ppc64le + - anchore/syft:{{.Tag}}-debug-riscv64 - anchore/syft:{{.Tag}}-debug-s390x - name_template: ghcr.io/anchore/syft:{{.Tag}}-debug @@ -318,6 +371,7 @@ docker_manifests: - ghcr.io/anchore/syft:{{.Tag}}-debug-amd64 - ghcr.io/anchore/syft:{{.Tag}}-debug-arm64v8 - ghcr.io/anchore/syft:{{.Tag}}-debug-ppc64le + - ghcr.io/anchore/syft:{{.Tag}}-debug-riscv64 - ghcr.io/anchore/syft:{{.Tag}}-debug-s390x sboms: diff --git a/Dockerfile b/Dockerfile index 9e682b2d6..86ff23db2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,5 @@ -FROM gcr.io/distroless/static-debian12:latest AS build +ARG DEBIAN_VERSION=12 +FROM gcr.io/distroless/static-debian${DEBIAN_VERSION}:latest AS build FROM scratch # needed for version check HTTPS request diff --git a/Dockerfile.debug b/Dockerfile.debug index bfabed8db..936b5ffc1 100644 --- a/Dockerfile.debug +++ b/Dockerfile.debug @@ -1,4 +1,5 @@ -FROM gcr.io/distroless/static-debian12:debug-nonroot +ARG DEBIAN_VERSION=12 +FROM gcr.io/distroless/static-debian${DEBIAN_VERSION}:debug-nonroot # create the /tmp dir, which is needed for image content cache WORKDIR /tmp diff --git a/Dockerfile.nonroot b/Dockerfile.nonroot index 86b6b643f..c6789d4c7 100644 --- a/Dockerfile.nonroot +++ b/Dockerfile.nonroot @@ -1,4 +1,5 @@ -FROM gcr.io/distroless/static-debian12:nonroot +ARG DEBIAN_VERSION=12 +FROM gcr.io/distroless/static-debian${DEBIAN_VERSION}:nonroot # create the /tmp dir, which is needed for image content cache WORKDIR /tmp diff --git a/install.sh b/install.sh index 41d0a22a8..f4921c255 100755 --- a/install.sh +++ b/install.sh @@ -154,6 +154,7 @@ uname_arch_check() ( mipsle) return 0 ;; mips64) return 0 ;; mips64le) return 0 ;; + riscv64) return 0 ;; s390x) return 0 ;; amd64p32) return 0 ;; esac diff --git a/schema/cyclonedx/cyclonedx.json b/schema/cyclonedx/cyclonedx.json index c8d3d5e80..d720cc795 100644 --- a/schema/cyclonedx/cyclonedx.json +++ b/schema/cyclonedx/cyclonedx.json @@ -5132,6 +5132,7 @@ "armv9-a", "armv9-m", "s390x", + "riscv64", "ppc64", "ppc64le", "other", diff --git a/schema/cyclonedx/cyclonedx.xsd b/schema/cyclonedx/cyclonedx.xsd index f90bb8e43..21a591414 100644 --- a/schema/cyclonedx/cyclonedx.xsd +++ b/schema/cyclonedx/cyclonedx.xsd @@ -6471,6 +6471,7 @@ limitations under the License. + diff --git a/test/install/1_download_snapshot_asset_test.sh b/test/install/1_download_snapshot_asset_test.sh index 0590f1ce6..cde979c1c 100755 --- a/test/install/1_download_snapshot_asset_test.sh +++ b/test/install/1_download_snapshot_asset_test.sh @@ -92,6 +92,10 @@ run_test_case test_positive_snapshot_download_asset "linux" "ppc64le" "sbom" run_test_case test_positive_snapshot_download_asset "linux" "ppc64le" "tar.gz" run_test_case test_positive_snapshot_download_asset "linux" "ppc64le" "rpm" run_test_case test_positive_snapshot_download_asset "linux" "ppc64le" "deb" +run_test_case test_positive_snapshot_download_asset "linux" "riscv64" "sbom" +run_test_case test_positive_snapshot_download_asset "linux" "riscv64" "tar.gz" +run_test_case test_positive_snapshot_download_asset "linux" "riscv64" "rpm" +run_test_case test_positive_snapshot_download_asset "linux" "riscv64" "deb" run_test_case test_positive_snapshot_download_asset "linux" "s390x" "sbom" run_test_case test_positive_snapshot_download_asset "linux" "s390x" "tar.gz" run_test_case test_positive_snapshot_download_asset "linux" "s390x" "rpm" diff --git a/test/install/3_install_asset_test.sh b/test/install/3_install_asset_test.sh index 225d5370b..5c1df7762 100755 --- a/test/install/3_install_asset_test.sh +++ b/test/install/3_install_asset_test.sh @@ -43,6 +43,11 @@ test_positive_snapshot_install_asset() { local_suffix="_power8" fi + # note: this is a change made in goreleaser v2.4.0 + if [ "${arch}" == "riscv64" ]; then + local_suffix="_rva20u64" + fi + assertFilesEqual \ "$(snapshot_dir)/${os}-build_${os}_${arch}${local_suffix}/${binary}" \ @@ -95,6 +100,7 @@ trap 'teardown_snapshot_server ${worker_pid}' EXIT run_test_case test_positive_snapshot_install_asset "linux" "amd64" "tar.gz" run_test_case test_positive_snapshot_install_asset "linux" "arm64" "tar.gz" run_test_case test_positive_snapshot_install_asset "linux" "ppc64le" "tar.gz" +run_test_case test_positive_snapshot_install_asset "linux" "riscv64" "tar.gz" run_test_case test_positive_snapshot_install_asset "linux" "s390x" "tar.gz" run_test_case test_positive_snapshot_install_asset "darwin" "amd64" "tar.gz" run_test_case test_positive_snapshot_install_asset "darwin" "arm64" "tar.gz" diff --git a/test/install/testdata/assets/invalid/checksums.txt b/test/install/testdata/assets/invalid/checksums.txt index b38380486..9dbffd946 100644 --- a/test/install/testdata/assets/invalid/checksums.txt +++ b/test/install/testdata/assets/invalid/checksums.txt @@ -14,6 +14,10 @@ ee2b1289a1e4b0de9409c3a78867949ca42788a5f50072b8a6e6e04e6a269f9c syft_1.5.0_lin dc4b8c4a02ffd8dd394ab94695ed44ed2bfceb06bc239835c51e84dd9b84a68c syft_1.5.0_linux_ppc64le.rpm 392044f2951ca6522d0bc71de43763202a548d40bf836098caf286041a7c8fa4 syft_1.5.0_linux_ppc64le.sbom 551d98b67f7476bc2e38453a588177b0b038933850a351a94c4bf360813f01d0 syft_1.5.0_linux_ppc64le.tar.gz +98cd582d9484f428cccd7351031543038f26d4e3f1481c5916e08e65983f1e21 syft_1.5.0_linux_riscv64.deb +3a5197d43a469feaa87c723448a47a2312cf26456eef4580b59eac447baef9d4 syft_1.5.0_linux_riscv64.rpm +5805bfb3e30452c8860665ea88bfdf356e9536a35c1b8ba28ac5b4717f2e6388 syft_1.5.0_linux_riscv64.sbom +ff15f556660cc4c4279ce41e2475bffe2a0f72eb4423c21edf7380b2484fbf68 syft_1.5.0_linux_riscv64.tar.gz 98cd582d9484f428cccd7351031543038f26d4e3f1481c5916e08e65983f1e21 syft_1.5.0_linux_s390x.deb 3a5197d43a469feaa87c723448a47a2312cf26456eef4580b59eac447baef9d4 syft_1.5.0_linux_s390x.rpm 5805bfb3e30452c8860665ea88bfdf356e9536a35c1b8ba28ac5b4717f2e6388 syft_1.5.0_linux_s390x.sbom diff --git a/test/install/testdata/assets/valid/checksums.txt b/test/install/testdata/assets/valid/checksums.txt index b1dfe76b9..fb1a5c692 100644 --- a/test/install/testdata/assets/valid/checksums.txt +++ b/test/install/testdata/assets/valid/checksums.txt @@ -14,6 +14,10 @@ a74549794fa5dac79ab9f6401ee7000db3bd9589435b302583c3ee4ca13fb8e3 syft_1.5.0_lin dc4b8c4a02ffd8dd394ab94695ed44ed2bfceb06bc239835c51e84dd9b84a68c syft_1.5.0_linux_ppc64le.rpm 392044f2951ca6522d0bc71de43763202a548d40bf836098caf286041a7c8fa4 syft_1.5.0_linux_ppc64le.sbom 551d98b67f7476bc2e38453a588177b0b038933850a351a94c4bf360813f01d0 syft_1.5.0_linux_ppc64le.tar.gz +98cd582d9484f428cccd7351031543038f26d4e3f1481c5916e08e65983f1e21 syft_1.5.0_linux_riscv64.deb +3a5197d43a469feaa87c723448a47a2312cf26456eef4580b59eac447baef9d4 syft_1.5.0_linux_riscv64.rpm +5805bfb3e30452c8860665ea88bfdf356e9536a35c1b8ba28ac5b4717f2e6388 syft_1.5.0_linux_riscv64.sbom +ff15f556660cc4c4279ce41e2475bffe2a0f72eb4423c21edf7380b2484fbf68 syft_1.5.0_linux_riscv64.tar.gz 98cd582d9484f428cccd7351031543038f26d4e3f1481c5916e08e65983f1e21 syft_1.5.0_linux_s390x.deb 3a5197d43a469feaa87c723448a47a2312cf26456eef4580b59eac447baef9d4 syft_1.5.0_linux_s390x.rpm 5805bfb3e30452c8860665ea88bfdf356e9536a35c1b8ba28ac5b4717f2e6388 syft_1.5.0_linux_s390x.sbom