|
1
|
Last updated: 2022-02-23
|
|
2
|
|
|
3
|
You may also want to look at SBoMs of Haketilo and Hydrilla on Redmine-powered wiki:
|
|
4
|
- https://hydrillabugs.koszko.org/projects/haketilo/wiki/Haketilo_Software_Bill_of_Materials
|
|
5
|
- https://hydrillabugs.koszko.org/projects/hydrilla/wiki/Hydrilla_Software_Bill_of_Materials
|
|
6
|
|
|
7
|
|
|
8
|
# Software Bill of Materials - Haketilo
|
|
9
|
|
|
10
|
*Note: This SBOM corresponds to the upcoming Haketilo version 1.0.*
|
|
11
|
|
|
12
|
## Incorporated code
|
|
13
|
Software parts that have been copied over to Haketilo source tree with only slight or no modification (code that has been mostly rewritten and non-software artworks are not mentioned here).
|
|
14
|
|
|
15
|
### js-sha256
|
|
16
|
| field | value |
|
|
17
|
|--------------+---------------------------------------------|
|
|
18
|
| name | js-sha256 |
|
|
19
|
| version | 0.9.0 |
|
|
20
|
| copyright | 2014-2017 Chen, Yi-Cyuan <emn178@gmail.com> |
|
|
21
|
| license | MIT (Expat) |
|
|
22
|
| upstream url | https://github.com/emn178/js-sha256 |
|
|
23
|
|
|
24
|
This JavaScript implementation of SHA256 is included in the browser extension itself. It is used to derive nonces used internally by Haketilo. This library is only used in contexts where synchronous computation of SHA256 digest is required. In other cases (e.g. verification of integrity of downloaded files), the asynchronous crypto.subtle JavaScript API is used.
|
|
25
|
|
|
26
|
### Reset CSS
|
|
27
|
| field | value |
|
|
28
|
|--------------+--------------------------------------------|
|
|
29
|
| name | Reset CSS |
|
|
30
|
| version | 2.0 |
|
|
31
|
| copyright | 2008,2011 Eric A. Meyer |
|
|
32
|
| license | public domain |
|
|
33
|
| upstream url | https://meyerweb.com/eric/tools/css/reset/ |
|
|
34
|
|
|
35
|
The CSS Reset style sheet is used on pages displayed by Haketilo.
|
|
36
|
|
|
37
|
### jsonschema (JavaScript library)
|
|
38
|
| field | value |
|
|
39
|
|--------------+----------------------------------------------------------|
|
|
40
|
| name | jsonschema |
|
|
41
|
| version | 1.4.0 |
|
|
42
|
| copyright | 2012-2021 Tom de Grunt <tom@degrunt.nl> and contributors |
|
|
43
|
| license | MIT (Expat) |
|
|
44
|
| upstream url | https://github.com/tdegrunt/jsonschema |
|
|
45
|
|
|
46
|
This library shall be used to validate external JSON documents (e.g. those downloaded from Hydrilla repository).
|
|
47
|
|
|
48
|
## External dependencies
|
|
49
|
|
|
50
|
### POSIX environment
|
|
51
|
Standard UNIX tools (sh, awk, etc.) are needed to **build** Haketilo. There's no known dependency on specific implementations of those (e.g. gawk should work just as well as nawk).
|
|
52
|
|
|
53
|
### Make
|
|
54
|
Make build system is an **optional requirement for building** Haketilo and a **strict requirement for running the test suite**. There's no known dependency on specific Make implementation.
|
|
55
|
|
|
56
|
### Python3
|
|
57
|
Python in at least version 3.7 is needed to run the automated test suite.
|
|
58
|
|
|
59
|
### Pytest
|
|
60
|
| field | value |
|
|
61
|
|--------------+------------------------------------|
|
|
62
|
| name | pytest |
|
|
63
|
| version | no known constraints (6.0.2 used) |
|
|
64
|
| copyright | 2004-2021 Holger Krekel and others |
|
|
65
|
| license | MIT (Expat) |
|
|
66
|
| upstream url | https://pytest.org |
|
|
67
|
|
|
68
|
Pytest library is used in automated tests of the extension.
|
|
69
|
|
|
70
|
### Selenium webdriver (Python)
|
|
71
|
| field | value |
|
|
72
|
|--------------+-----------------------------------------------------------------------|
|
|
73
|
| name | selenium |
|
|
74
|
| version | no known constraints (3.141.0 used) |
|
|
75
|
| copyright | 2011-2021 Software Freedom Conservancy; 2004-2011 Selenium committers |
|
|
76
|
| license | Apache-2.0 |
|
|
77
|
| upstream url | https://www.selenium.dev/ |
|
|
78
|
|
|
79
|
Selenium Python library is used in automated tests of the extension.
|
|
80
|
|
|
81
|
### Web browser
|
|
82
|
A Firefox-derived web browser with at least version 60 **or** a Chromium-derived browser with at least version 90 (although older Chromium versions are likely to work as well) is needed to use the extensions.
|
|
83
|
|
|
84
|
In addition, a Firefox-derived web browser with at least version 60 is needed to run the automated test suite.
|
|
85
|
|
|
86
|
### geckodriver
|
|
87
|
| field | value |
|
|
88
|
|--------------+------------------------------------------------------------------------|
|
|
89
|
| name | geckodriver |
|
|
90
|
| version | no known constraints (0.30.0 used for development) |
|
|
91
|
| copyright | ??? |
|
|
92
|
| license | MPL-2.0 |
|
|
93
|
| upstream url | https://firefox-source-docs.mozilla.org/testing/geckodriver/index.html |
|
|
94
|
|
|
95
|
Geckodriver compatible with the Firefox-derived browser used is needed to run the automated test suite.
|
|
96
|
|
|
97
|
### Inkscape
|
|
98
|
| field | value |
|
|
99
|
|--------------+----------------------------------------------------|
|
|
100
|
| name | Inkscape |
|
|
101
|
| version | no known constraints (0.92.4 used for development) |
|
|
102
|
| copyright | Inkscape Authors |
|
|
103
|
| license | GPL-3.0-only |
|
|
104
|
| upstream url | https://inkscape.org/ |
|
|
105
|
|
|
106
|
Inkscape is an optional build dependency used to generate png icons from an svg file.
|
|
107
|
|
|
108
|
|
|
109
|
# Software Bill of Materials - Hydrilla
|
|
110
|
|
|
111
|
*Note: This SBOM corresponds to the upcoming Hydrilla version 1.0 written in Python.*
|
|
112
|
|
|
113
|
## Incorporated code
|
|
114
|
|
|
115
|
*Currently none*
|
|
116
|
|
|
117
|
## External dependencies
|
|
118
|
|
|
119
|
### Python3
|
|
120
|
Python is needed to both build and run Hydrilla. At least version 3.7 is required.
|
|
121
|
|
|
122
|
### Pytest
|
|
123
|
| field | value |
|
|
124
|
|--------------+------------------------------------|
|
|
125
|
| name | pytest |
|
|
126
|
| version | no known constraints (6.0.2 used) |
|
|
127
|
| copyright | 2004-2020 Holger Krekel and others |
|
|
128
|
| license | MIT (Expat) |
|
|
129
|
| upstream url | https://pytest.org |
|
|
130
|
|
|
131
|
Pytest is used in automated tests of Hydrilla.
|
|
132
|
|
|
133
|
### Setuptools
|
|
134
|
| field | value |
|
|
135
|
|--------------+-------------------------------------------------|
|
|
136
|
| name | setuptools |
|
|
137
|
| version | >=45 (52.0.0 used for development) |
|
|
138
|
| copyright | Jason R. Coombs |
|
|
139
|
| license | MIT (Expat) |
|
|
140
|
| upstream url | https://setuptools.pypa.io/en/latest/ |
|
|
141
|
|
|
142
|
Setuptools are used to build Hydrilla.
|
|
143
|
|
|
144
|
### setuptools_scm
|
|
145
|
| field | value |
|
|
146
|
|--------------+-----------------------------------------------------------------------|
|
|
147
|
| name | setuptools_scm |
|
|
148
|
| version | >=5.0 (5.0 used for development) |
|
|
149
|
| copyright | Ronny Pfannschmidt <opensource@ronnypfannschmidt.de> and contributors |
|
|
150
|
| license | MIT (Expat) |
|
|
151
|
| upstream url | https://github.com/pypa/setuptools_scm |
|
|
152
|
|
|
153
|
Needed to extract some VCS data when building from git repo.
|
|
154
|
|
|
155
|
### jsonschema (Python library)
|
|
156
|
| field | value |
|
|
157
|
|--------------+----------------------------------------------------------|
|
|
158
|
| name | jsonschema |
|
|
159
|
| version | >=3.0 (3.2.0 used for development) |
|
|
160
|
| copyright | 2011-2019 Julian Berman and contributors |
|
|
161
|
| license | MIT (Expat) |
|
|
162
|
| upstream url | https://github.com/Julian/jsonschema |
|
|
163
|
|
|
164
|
This library is used to validate JSON documents loaded by Hydrilla.
|
|
165
|
|
|
166
|
### Flask
|
|
167
|
| field | value |
|
|
168
|
|--------------+---------------------------------------------------|
|
|
169
|
| name | flask |
|
|
170
|
| version | no known constraints (1.0.2 used for development) |
|
|
171
|
| copyright | 2010-2021 Pallets |
|
|
172
|
| license | BSD-3-Clause |
|
|
173
|
| upstream url | https://flask.palletsprojects.com/en/2.0.x/ |
|
|
174
|
|
|
175
|
### Click
|
|
176
|
| field | value |
|
|
177
|
|--------------+---------------------------------------------------|
|
|
178
|
| name | click |
|
|
179
|
| version | no known constraints (7.1.2 used for development) |
|
|
180
|
| copyright | 2014-2020 Pallets |
|
|
181
|
| license | BSD-3-Clause |
|
|
182
|
| upstream url | https://click.palletsprojects.com/en/8.0.x/ |
|
