Project

General

Profile

The swidGenerator Tool

swidGenerator is an open source Python-based tool written by the HSR students Danilo Bargen, Christian Fässler and Jonas Furrer which is able to generate the new ISO/IEC 19770-2:2014 Software Identification (SWID) tag format for all installed software packages managed by the Linux dpkg and rpm package managers.

Installation

Download

Download the latest swidGenerator tarball from https://github.com/strongswan/swidGenerator/archive/master.zip and unpack the archive with the command

unzip swidGenerator-master.zip

Required Packages under Debian, Ubuntu, Fedora or RedHat Enterprise Linux

Make sure that the python and python-setuptools are present on your system. Otherwise install them with

sudo apt-get install python python-setuptools

Installation

Change into the unpacked archive and execute the command

sudo python setup.py install

and the swid_generator executable program usually installed in /usr/local/bin becomes available.

Usage

Generate Software IDs

The command

swid_generator software-id

creates a list of Unique Software Identifications of the form
regid.2004-03.org.strongswan_debian_7.4-x86_64-acpi-support-base-0.140-5
regid.2004-03.org.strongswan_debian_7.4-x86_64-acpid-1:2.0.16-1+deb7u1
regid.2004-03.org.strongswan_debian_7.4-x86_64-adduser-3.113+nmu3
regid.2004-03.org.strongswan_debian_7.4-x86_64-apache2-2.2.22-13+deb7u1
...
regid.2004-03.org.strongswan_debian_7.4-x86_64-xz-utils-5.1.1alpha+20120614-2
regid.2004-03.org.strongswan_debian_7.4-x86_64-zlib1g-1:1.2.7.dfsg-13
regid.2004-03.org.strongswan_debian_7.4-x86_64-zlib1g-dev-1:1.2.7.dfsg-13

By default the regid.2004-03.org.strongswan regid is used as the tagcreator.

With the --regid <tagcreator> option an arbitrary regid can be configured

swid_generator software-id --regid regid.1999-03.org.debian

which generates the list
regid.1999-03.org.debian_debian_7.4-x86_64-acpi-support-base-0.140-5
regid.1999-03.org.debian_debian_7.4-x86_64-acpid-1:2.0.16-1+deb7u1
...
regid.1999-03.org.debian_debian_7.4-x86_64-zlib1g-1:1.2.7.dfsg-13
regid.1999-03.org.debian_debian_7.4-x86_64-zlib1g-dev-1:1.2.7.dfsg-13

The --doc-separator <separator string> option allows to define a single character or a character string separating the individual Software IDs.

  • swid_generator software-id --doc-separator '@'
    regid.2004-03.org.strongswan_debian_7.4-x86_64-acpi-support-base-0.140-5@regid.2004-03.org.strongswan_debian_7.4-x86_64-acpid-1:2.0.16-1+deb7u1@...
  • swid_generator software-id --doc-separator '::'
    regid.2004-03.org.strongswan_debian_7.4-x86_64-acpi-support-base-0.140-5::regid.2004-03.org.strongswan_debian_7.4-x86_64-acpid-1:2.0.16-1+deb7u1::...
  • swid_generator software-id --doc-separator $'\n' (which is the default)
    regid.2004-03.org.strongswan_debian_7.4-x86_64-acpi-support-base-0.140-5
    regid.2004-03.org.strongswan_debian_7.4-x86_64-acpid-1:2.0.16-1+deb7u1
    ...
    

Generate SWID Tags

The simple command

swid_generator swid

generates SWID tags for all installed packages

<?xml version='1.0' encoding='UTF-8'?><SoftwareIdentity name="account-plugin-aim" uniqueId="Ubuntu_13.10-x86_64-account-plugin-aim-3.8.4-1ubuntu2" version="3.8.4-1ubuntu2" versionScheme="alphanumeric" xmlns="http://standards.iso.org/iso/19770/-2/2014/schema.xsd"><Entity name="strongSwan" regid="regid.2004-03.org.strongswan" role="tagcreator" /></SoftwareIdentity>
<?xml version='1.0' encoding='UTF-8'?><SoftwareIdentity name="account-plugin-facebook" uniqueId="Ubuntu_13.10-x86_64-account-plugin-facebook-0.11+13.10.20130802-0ubuntu1" version="0.11+13.10.20130802-0ubuntu1" versionScheme="alphanumeric" xmlns="http://standards.iso.org/iso/19770/-2/2014/schema.xsd"><Entity name="strongSwan" regid="regid.2004-03.org.strongswan" role="tagcreator" /></SoftwareIdentity>
...
<?xml version='1.0' encoding='UTF-8'?><SoftwareIdentity name="zlib1g" uniqueId="Ubuntu_13.10-x86_64-zlib1g-1:1.2.8.dfsg-1ubuntu1" version="1:1.2.8.dfsg-1ubuntu1" versionScheme="alphanumeric" xmlns="http://standards.iso.org/iso/19770/-2/2014/schema.xsd"><Entity name="strongSwan" regid="regid.2004-03.org.strongswan" role="tagcreator" /></SoftwareIdentity>
<?xml version='1.0' encoding='UTF-8'?><SoftwareIdentity name="zlib1g-dev" uniqueId="Ubuntu_13.10-x86_64-zlib1g-dev-1:1.2.8.dfsg-1ubuntu1" version="1:1.2.8.dfsg-1ubuntu1" versionScheme="alphanumeric" xmlns="http://standards.iso.org/iso/19770/-2/2014/schema.xsd"><Entity name="strongSwan" regid="regid.2004-03.org.strongswan" role="tagcreator" /></SoftwareIdentity>

With the following --doc-separator option

swid_generator swid --doc-separator $'\n\n'

an extra empty line separating the tags is inserted

<?xml version='1.0' encoding='UTF-8'?><SoftwareIdentity name="account-plugin-aim" uniqueId="Ubuntu_13.10-x86_64-account-plugin-aim-3.8.4-1ubuntu2" version="3.8.4-1ubuntu2" versionScheme="alphanumeric" xmlns="http://standards.iso.org/iso/19770/-2/2014/schema.xsd"><Entity name="strongSwan" regid="regid.2004-03.org.strongswan" role="tagcreator" /></SoftwareIdentity>

<?xml version='1.0' encoding='UTF-8'?><SoftwareIdentity name="account-plugin-facebook" uniqueId="Ubuntu_13.10-x86_64-account-plugin-facebook-0.11+13.10.20130802-0ubuntu1" version="0.11+13.10.20130802-0ubuntu1" versionScheme="alphanumeric" xmlns="http://standards.iso.org/iso/19770/-2/2014/schema.xsd"><Entity name="strongSwan" regid="regid.2004-03.org.strongswan" role="tagcreator" /></SoftwareIdentity>

...

<?xml version='1.0' encoding='UTF-8'?><SoftwareIdentity name="zlib1g" uniqueId="Ubuntu_13.10-x86_64-zlib1g-1:1.2.8.dfsg-1ubuntu1" version="1:1.2.8.dfsg-1ubuntu1" versionScheme="alphanumeric" xmlns="http://standards.iso.org/iso/19770/-2/2014/schema.xsd"><Entity name="strongSwan" regid="regid.2004-03.org.strongswan" role="tagcreator" /></SoftwareIdentity>

<?xml version='1.0' encoding='UTF-8'?><SoftwareIdentity name="zlib1g-dev" uniqueId="Ubuntu_13.10-x86_64-zlib1g-dev-1:1.2.8.dfsg-1ubuntu1" version="1:1.2.8.dfsg-1ubuntu1" versionScheme="alphanumeric" xmlns="http://standards.iso.org/iso/19770/-2/2014/schema.xsd"><Entity name="strongSwan" regid="regid.2004-03.org.strongswan" role="tagcreator" /></SoftwareIdentity>

Manual inspection of the SWID tags is facilitated by applying the pretty print option

swid_generator swid --pretty

which generates
<?xml version="1.0" encoding="UTF-8"?>
<SoftwareIdentity name="account-plugin-aim" uniqueId="Ubuntu_13.10-x86_64-account-plugin-aim-3.8.4-1ubuntu2" version="3.8.4-1ubuntu2" versionScheme="alphanumeric" xmlns="http://standards.iso.org/iso/19770/-2/2014/schema.xsd">
  <Entity name="strongSwan" regid="regid.2004-03.org.strongswan" role="tagcreator"/>
</SoftwareIdentity>

<?xml version="1.0" encoding="UTF-8"?>
<SoftwareIdentity name="account-plugin-facebook" uniqueId="Ubuntu_13.10-x86_64-account-plugin-facebook-0.11+13.10.20130802-0ubuntu1" version="0.11+13.10.20130802-0ubuntu1" versionScheme="alphanumeric" xmlns="http://standards.iso.org/iso/19770/-2/2014/schema.xsd">
  <Entity name="strongSwan" regid="regid.2004-03.org.strongswan" role="tagcreator"/>
</SoftwareIdentity>

...

<?xml version="1.0" encoding="UTF-8"?>
<SoftwareIdentity name="zlib1g" uniqueId="Ubuntu_13.10-x86_64-zlib1g-1:1.2.8.dfsg-1ubuntu1" version="1:1.2.8.dfsg-1ubuntu1" versionScheme="alphanumeric" xmlns="http://standards.iso.org/iso/19770/-2/2014/schema.xsd">
  <Entity name="strongSwan" regid="regid.2004-03.org.strongswan" role="tagcreator"/>
</SoftwareIdentity>

<?xml version="1.0" encoding="UTF-8"?>
<SoftwareIdentity name="zlib1g-dev" uniqueId="Ubuntu_13.10-x86_64-zlib1g-dev-1:1.2.8.dfsg-1ubuntu1" version="1:1.2.8.dfsg-1ubuntu1" versionScheme="alphanumeric" xmlns="http://standards.iso.org/iso/19770/-2/2014/schema.xsd">
 <Entity name="strongSwan" regid="regid.2004-03.org.strongswan" role="tagcreator"/>
</SoftwareIdentity>

For the last example the output of the dpkg package manager on an Ubuntu 13.10 platform was used.

The --entity-name and --regid options

swid_generator swid --pretty --entity-name "Canonical" --regid regid.2004-05.com.ubuntu

can be used to modify the contents of the tagcreator entity:
<?xml version="1.0" encoding="UTF-8"?>
<SoftwareIdentity name="account-plugin-aim" uniqueId="Ubuntu_13.10-x86_64-account-plugin-aim-3.8.4-1ubuntu2" version="3.8.4-1ubuntu2" versionScheme="alphanumeric" xmlns="http://standards.iso.org/iso/19770/-2/2014/schema.xsd">
  <Entity name="Canonical" regid="regid.2004-05.com.ubuntu" role="tagcreator"/>
</SoftwareIdentity>
...
<?xml version="1.0" encoding="UTF-8"?>
<SoftwareIdentity name="zlib1g-dev" uniqueId="Ubuntu_13.10-x86_64-zlib1g-dev-1:1.2.8.dfsg-1ubuntu1" version="1:1.2.8.dfsg-1ubuntu1" versionScheme="alphanumeric" xmlns="http://standards.iso.org/iso/19770/-2/2014/schema.xsd">
  <Entity name="Canonical" regid="regid.2004-05.com.ubuntu" role="tagcreator"/>
</SoftwareIdentity>

Targeted Requests

With the --match <unique software id> option

 swid_generator swid --pretty --match regid.2004-03.org.strongswan_Ubuntu_13.10-x86_64-firefox-28.0+build2-0ubuntu0.13.10.1

the SWID tag for a given Software ID can be retrieved:
<?xml version="1.0" encoding="UTF-8"?>
<SoftwareIdentity name="firefox" uniqueId="Ubuntu_13.10-x86_64-firefox-28.0+build2-0ubuntu0.13.10.1" version="28.0+build2-0ubuntu0.13.10.1" versionScheme="alphanumeric" xmlns="http://standards.iso.org/iso/19770/-2/2014/schema.xsd">
  <Entity name="strongSwan" regid="regid.2004-03.org.strongswan" role="tagcreator"/>
</SoftwareIdentity>

The --full option generates the full information about a software package

swid_generator swid --pretty --full --match regid.2004-03.org.strongswan_Ubuntu_13.10-x86_64-firefox-28.0+build2-0ubuntu0.13.10.1

which currently consists of a list of all files installed by the package
<?xml version="1.0" encoding="UTF-8"?>
<SoftwareIdentity name="firefox" uniqueId="Ubuntu_13.10-x86_64-firefox-28.0+build2-0ubuntu0.13.10.1" version="28.0+build2-0ubuntu0.13.10.1" versionScheme="alphanumeric" xmlns="http://standards.iso.org/iso/19770/-2/2014/schema.xsd">
  <Entity name="strongSwan" regid="regid.2004-03.org.strongswan" role="tagcreator"/>
  <Payload>
    <File location="/etc/apparmor.d" name="usr.bin.firefox"/>
    <File location="/etc/apport/native-origins.d" name="firefox"/>
    <File location="/etc/apport/blacklist.d" name="firefox"/>
    <File location="/etc/firefox" name="syspref.js"/>
    <File location="/usr/share/apport/package-hooks" name="source_firefox.py"/>
    <File location="/usr/share/man/man1" name="firefox.1.gz"/>
    <File location="/usr/share/doc/firefox" name="MPL.gz"/>
    <File location="/usr/share/doc/firefox" name="README.Debian"/>
    <File location="/usr/share/doc/firefox" name="copyright"/>
    <File location="/usr/share/doc/firefox" name="changelog.Debian.gz"/>
    <File location="/usr/share/applications" name="firefox.desktop"/>
    <File location="/usr/share/lintian/overrides" name="firefox"/>
    <File location="/usr/lib/firefox-addons/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}" name="install.rdf"/>
    <File location="/usr/lib/firefox-addons/extensions/{972ce4c6-7e08-4474-a285-3208198ce6fd}" name="icon.png"/>
    <File location="/usr/lib/firefox" name="crashreporter"/>
    <File location="/usr/lib/firefox/browser" name="blocklist.xml"/>
    <File location="/usr/lib/firefox/browser" name="chrome.manifest"/>
    <File location="/usr/lib/firefox/browser/defaults/preferences" name="vendor-firefox.js"/>
    <File location="/usr/lib/firefox/browser" name="omni.ja"/>
    <File location="/usr/lib/firefox/browser/chrome/icons/default" name="default32.png"/>
    <File location="/usr/lib/firefox/browser/chrome/icons/default" name="default48.png"/>
    <File location="/usr/lib/firefox/browser/chrome/icons/default" name="default16.png"/>
    <File location="/usr/lib/firefox/browser/components" name="libbrowsercomps.so"/>
    <File location="/usr/lib/firefox/browser/components" name="components.manifest"/>
    <File location="/usr/lib/firefox/browser/icons" name="mozicon128.png"/>
    <File location="/usr/lib/firefox" name="crashreporter.ini"/>
    <File location="/usr/lib/firefox" name="libplds4.so"/>
    <File location="/usr/lib/firefox" name="libfreebl3.chk"/>
    <File location="/usr/lib/firefox" name="libsoftokn3.chk"/>
    <File location="/usr/lib/firefox" name="firefox.sh"/>
    <File location="/usr/lib/firefox" name="application.ini"/>
    <File location="/usr/lib/firefox" name="libnssdbm3.so"/>
    <File location="/usr/lib/firefox/webapprt/defaults/preferences" name="vendor-webapprt.js"/>
    <File location="/usr/lib/firefox/webapprt" name="webapprt.ini"/>
    <File location="/usr/lib/firefox/webapprt" name="omni.ja"/>
    <File location="/usr/lib/firefox" name="libplc4.so"/>
    <File location="/usr/lib/firefox" name="chrome.manifest"/>
    <File location="/usr/lib/firefox" name="libfreebl3.so"/>
    <File location="/usr/lib/firefox" name="webapprt-stub"/>
    <File location="/usr/lib/firefox/defaults/pref" name="vendor-gre.js"/>
    <File location="/usr/lib/firefox/defaults/pref" name="channel-prefs.js"/>
    <File location="/usr/lib/firefox" name="libmozalloc.so"/>
    <File location="/usr/lib/firefox" name="libnss3.so"/>
    <File location="/usr/lib/firefox" name="dependentlibs.list"/>
    <File location="/usr/lib/firefox/distribution" name="distribution.ini"/>
    <File location="/usr/lib/firefox/distribution/searchplugins/locale/en-US" name="eBay.xml"/>
    <File location="/usr/lib/firefox/distribution/searchplugins/locale/en-US" name="duckduckgo.xml"/>
    <File location="/usr/lib/firefox/distribution/searchplugins/locale/en-US" name="bing.xml"/>
    <File location="/usr/lib/firefox/distribution/searchplugins/locale/en-US" name="yahoo.xml"/>
    <File location="/usr/lib/firefox/distribution/searchplugins/locale/en-US" name="twitter.xml"/>
    <File location="/usr/lib/firefox/distribution/searchplugins/locale/en-US" name="google.xml"/>
    <File location="/usr/lib/firefox/distribution/searchplugins/locale/en-US" name="amazondotcom.xml"/>
    <File location="/usr/lib/firefox/distribution/searchplugins/locale/en-US" name="wikipedia.xml"/>
    <File location="/usr/lib/firefox" name="libnssdbm3.chk"/>
    <File location="/usr/lib/firefox" name="libnssckbi.so"/>
    <File location="/usr/lib/firefox" name="libsoftokn3.so"/>
    <File location="/usr/lib/firefox" name="platform.ini"/>
    <File location="/usr/lib/firefox" name="libnssutil3.so"/>
    <File location="/usr/lib/firefox" name="omni.ja"/>
    <File location="/usr/lib/firefox" name="libxul.so"/>
    <File location="/usr/lib/firefox" name="plugin-container"/>
    <File location="/usr/lib/firefox" name="libssl3.so"/>
    <File location="/usr/lib/firefox" name="Throbber-small.gif"/>
    <File location="/usr/lib/firefox" name="libnspr4.so"/>
    <File location="/usr/lib/firefox" name="libmozsqlite3.so"/>
    <File location="/usr/lib/firefox" name="firefox"/>
    <File location="/usr/lib/firefox" name="libsmime3.so"/>
    <File location="/usr/lib/firefox/components" name="components.manifest"/>
    <File location="/usr/lib/firefox/components" name="libmozgnome.so"/>
    <File location="/usr/lib/firefox/components" name="libdbusservice.so"/>
    <File location="/usr/share/pixmaps" name="firefox.png"/>
    <File location="/usr/lib/firefox/browser/defaults/preferences" name="syspref.js"/>
    <File location="/usr/bin" name="firefox"/>
  </Payload>
</SoftwareIdentity>