Hello all,
Anyone knows if there is anyway to download all sourcecode for Rocky9?
Needed for security scanning activities prior to use.
Many thanks
Johan
They are on the mirrors under the source directory for the base repos AppStream, BaseOS, CRB.
I’d be interested to know what kind of scanning, and do you really mean every line of the source code for every package in the whole of Rocky 9.x?
example of downloading a kernel (adjust version as needed)
dnf download --repo "baseos-source" --source kernel-0:5.14.0-427.16.1.el9_4.src
Sorry for being ignorent, but do you mean in github? I couldn’t find the repos…
Yes, every line is scanned for “unwanted code” and the process is also pulling out all licensing
info.
Thanks
Johan
“Security scanning acitivities”?
This doesn’t make any sense and sounds like security theater.
You have two ways of getting the sources.
Rocky Linux GitLab
https://git.rockylinux.org - This only contains the spec files and patch files. No tarballs of source code is stored here. Each package repo has a “metadata” file that lists the checksums of the archives. Archives can be found in one of these.
https://rocky-linux-sources-staging.a1.rockylinux.org/%HASH%
https://sources.build.resf.org/%HASH%
You can also use getsrc.sh.
Obtaining the Source RPM
Every package has an accompanying source RPM. As explained in a previous post, you can use dnf download --source which will get you the the source rpm. This can be unpacked via rpm2cpio <package> | cpio -idmv or another related way.
If you do not want to use dnf download, all source packages can be viewed at Index of /pub/rocky/9/. Pick a repository, click “source”.
1 Like
Many thanks dude!
“security theater” 
agree, but rules needs to be followed.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.