update version to 0.46.0

[ginglis13]

Description of changes:

• Update version to 0.46.0

Testing done:

• Build SDK x86_64
• Build SDK aarch64
• Build bottlerocket-core-kit aarch64 on x86_64
• Build bottlerocket-core-kit aarch64 on aarch64
• Build bottlerocket-core-kit x86_64 on x86_64
• Build bottlerocket-core-kit x86_64 on aarch64

With the caveat of minor changes to 3 package specs: #213 (comment)

Terms of contribution:

By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.

[ginglis13]

^ rebase off of #209

[ginglis13]

Build failed:

#230 1.532 Error: failed to detect any license from /home/builder/license-scan/license-list-data/json/details/OFL-1.0.json (hash = 0x492895c1), please add a clarification
#230 ERROR: process "/bin/sh -c /usr/libexec/tools/bottlerocket-license-scan     --clarify clarify.toml     --spdx-data /usr/libexec/tools/spdx-data     --out-dir /usr/share/licenses/bottlerocket-license-scan/vendor     cargo --locked Cargo.toml" did not complete successfully: exit code: 1

Looks like there's an issue with scanning licenses in the bottlerocket-license-scan tool itself now that it's published to crates.io via #211

Pulled down license-list-data, ran

cargo run --bin bottlerocket-license-scan -- --clarify clarify.toml  --spdx-data license-list-data/json/details --out-dir test-out cargo --locked Cargo.toml

Locally seeing inconsistent errors between runs such as

Error: failed to detect any license from /home/fedora/bottlerocket-sdk/license-scan/license-list-data/json/details/CC-BY-3.0-DE.json (hash = 0x3a51d219), please add a clarification

I checked out 3737c49 and ran the scan just fine, since that doesn't scan the bottlerocket-license-scan crate

edit: I narrowed the remove of publish: false from license-scan-tool/Cargo.toml to be the culprit but haven't been able to dig deeper as to why.

[cbgbt]

Oddly enough, the crate isn't published yet. I was working on integrating release automation like release-plz. I'll take a look at this too.

[cbgbt]

Thanks for the publish: false pointer. We apparently don't write attributions if publish = false (relevant source code).

Since publish is now unset, license-scan is attempting to scan and attribute itself. Unfortunately, if the license data or output directory are in the same directory as the license-scanner, it treats these as belonging to its own source and becomes thoroughly confused. This is because license-scanner is searching through all sources of its targets searching for license files. I replicated your test command, and basically license-scan is seeing the license files it is writing for other projects, and then becoming alarmed because license-scan knows that its licenses are supposed to be MIT or Apache-2.0, so why is there a CCA license in there?

In the SDK build itself it's failing for similar reasons. We copy the license data into the same directory as the license scan project so there's a bunch of miscellaneous licenses in the source directory for it to become confused about when it scans itself.

The reason the error is inconsistent is due to whatever inode iteration ordering we happen to get when iterating through the "source" files.

[cbgbt]

PR out to fix it here (still testing the build though): #214

I know these failures are very time consuming and am sorry @ginglis13! I tested license-scan using its own Makefile and could not imagine how flipping publish in the Cargo.toml file could have impacted the SDK's build 🫠.

[ginglis13]

nice @cbgbt ! Thanks for digging into this and thanks for the quick fix :D

[ginglis13]

Building the core kit on x86_64 failed:

  #14 107.5 /home/builder/rpmbuild/BUILDROOT/bottlerocket-early-boot-config-0.1-0.1728419136.62450eb4.br1.x86_64/x86_64-bottlerocket-linux-gnu/sys-root/usr/libexec/early-boot-config/bin/ec2-identity-doc-user-da
ta-provider must use aws-lc-rs
  #14 107.8 /home/builder/rpmbuild/BUILDROOT/bottlerocket-early-boot-config-0.1-0.1728419136.62450eb4.br1.x86_64/x86_64-bottlerocket-linux-gnu/sys-root/usr/libexec/early-boot-config/bin/ec2-imds-user-data-provi
der must use aws-lc-rs
  #14 108.3 Found 2 binaries using the wrong crypto.

...  

107.5 /home/builder/rpmbuild/BUILDROOT/bottlerocket-early-boot-config-0.1-0.1728419136.62450eb4.br1.x86_64/x86_64-bottlerocket-linux-gnu/sys-root/usr/libexec/early-boot-config/bin/ec2-identity-doc-user-data-p
rovider must use aws-lc-rs
  107.8 /home/builder/rpmbuild/BUILDROOT/bottlerocket-early-boot-config-0.1-0.1728419136.62450eb4.br1.x86_64/x86_64-bottlerocket-linux-gnu/sys-root/usr/libexec/early-boot-config/bin/ec2-imds-user-data-provider
must use aws-lc-rs
  108.3 Found 2 binaries using the wrong crypto.

[arnaldo2792]

Yes, you need:

%undefine cross_check_fips
%undefine cross_check_fips

In:

• os.spec
• early-boot-config.spec
• netdog.spec