Started by upstream project "build-scripts/jobs/jdk8u/jdk8u-mac-x64-temurin" build number 646 originally caused by: Started by upstream project "build-scripts/openjdk8-pipeline" build number 3084 originally caused by: Started by upstream project "build-scripts/utils/betaTrigger_8ea" build number 388 originally caused by: Started by timer Running as SYSTEM Building remotely on jenkins-hetzner-worker (jsfsignX x64 git-hg gpgsign worker master) in workspace /home/jenkins/workspace/sbom_validator_job [WS-CLEANUP] Deleting project workspace... [WS-CLEANUP] Deferred wipeout is used... The recommended git tool is: git No credentials specified Cloning the remote Git repository Cloning repository https://github.com/adoptium/temurin-build > git init /home/jenkins/workspace/sbom_validator_job/temurin-build # timeout=10 Fetching upstream changes from https://github.com/adoptium/temurin-build > git --version # timeout=10 > git --version # 'git version 2.43.0' > git fetch --tags --force --progress -- https://github.com/adoptium/temurin-build +refs/heads/*:refs/remotes/origin/* # timeout=10 > git config remote.origin.url https://github.com/adoptium/temurin-build # timeout=10 > git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # timeout=10 Avoid second fetch > git rev-parse refs/remotes/origin/master^{commit} # timeout=10 Checking out Revision a73dd1f61b103c053cc94ec5649f3fcccd95558a (refs/remotes/origin/master) > git config core.sparsecheckout # timeout=10 > git checkout -f a73dd1f61b103c053cc94ec5649f3fcccd95558a # timeout=10 Commit message: "Disable PCH for Temurin jdk-21+ for consistent reproducible linux builds (#4431)" > git rev-list --no-walk a73dd1f61b103c053cc94ec5649f3fcccd95558a # timeout=10 Copied 2 artifacts from "build-scripts » jobs » jdk8u » jdk8u-mac-x64-temurin" build number 646 [sbom_validator_job] $ /bin/sh -xe /tmp/jenkins1759989403587822523.sh + ls /home/jenkins/workspace/sbom_validator_job/sboms OpenJDK8U-sbom_x64_mac_hotspot_8u492b08-ea.json OpenJDK8U-sbom_x64_mac_hotspot_8u492b08-ea-metadata.json + ls -1 /home/jenkins/workspace/sbom_validator_job/sboms/OpenJDK8U-sbom_x64_mac_hotspot_8u492b08-ea-metadata.json /home/jenkins/workspace/sbom_validator_job/sboms/OpenJDK8U-sbom_x64_mac_hotspot_8u492b08-ea.json + grep -v metadata + sh /home/jenkins/workspace/sbom_validator_job/temurin-build/tooling/validateSBOM.sh 8 jdk8u492-b08_adopt /home/jenkins/workspace/sbom_validator_job/sboms/OpenJDK8U-sbom_x64_mac_hotspot_8u492b08-ea.json validateSBOM.sh: Setting up workspace directory /home/jenkins/workspace/sbom_validator_job/sbom_validation JDK_MAJOR_VERSION='8' SOURCE_TAG='jdk8u492-b08_adopt' SBOM_LOCATION='/home/jenkins/workspace/sbom_validator_job/sboms/OpenJDK8U-sbom_x64_mac_hotspot_8u492b08-ea.json' validateSBOM.sh: Downloading CycloneDX CLI binary ... validateSBOM.sh: Downloaded CycloneDX CLI binary to 'cyclonedx-linux-x64' validateSBOM.sh: SBOM validation start. validateSBOM.sh: Running general SBOM validation from https://github.com/CycloneDX/cyclonedx-cli validateSBOM.sh: Running cyclonedx-linux-x64 ... Command: "/home/jenkins/workspace/sbom_validator_job/sbom_validation/cyclonedx-linux-x64" validate --input-file "/home/jenkins/workspace/sbom_validator_job/sboms/OpenJDK8U-sbom_x64_mac_hotspot_8u492b08-ea.json" --input-format json BOM validated successfully. validateSBOM.sh: Passed CycloneDX validation check. validateSBOM.sh: Running command: sh validateSBOMcontent.sh "/home/jenkins/workspace/sbom_validator_job/sboms/OpenJDK8U-sbom_x64_mac_hotspot_8u492b08-ea.json" "8" "jdk8u492-b08_adopt" SBOMFILE='/home/jenkins/workspace/sbom_validator_job/sboms/OpenJDK8U-sbom_x64_mac_hotspot_8u492b08-ea.json' MAJORVERSION='8' EXPECTED_SCM_REF='jdk8u492-b08_adopt' /home/jenkins/workspace/sbom_validator_job/sboms/OpenJDK8U-sbom_x64_mac_hotspot_8u492b08-ea.json /home/jenkins/workspace/sbom_validator_job/sboms/OpenJDK8U-sbom_x64_mac_hotspot_8u492b08-ea.json BOOTJDK is 1.8.0_482-b08 ERROR: FreeType version not 2.13.3 (SBOM has 2.14.2) FREETYPE is 2.14.2 Checking for JDK source SHA validity... 856c936875542f69249dec6fab251eb6e2209364 refs/heads/release 856c936875542f69249dec6fab251eb6e2209364 refs/tags/jdk8u492-b08_adopt^{} SBOM SHA is a valid repository tag commit SHA: 856c936875542f69249dec6fab251eb6e2209364 Checking for temurin-build SHA validity: Checking for temurin-build SHA a73dd1f61b103c053cc94ec5649f3fcccd95558a in https://github.com/adoptium/temurin-build a73dd1f61b103c053cc94ec5649f3fcccd95558a HEAD a73dd1f61b103c053cc94ec5649f3fcccd95558a refs/heads/master ERROR: Overall return code from validateSBOMcontent.sh is non-zero - something failed validation. validateSBOMcontent.sh: ERROR: FAILED with return code 1 Build step 'Execute shell' marked build as failure [WS-CLEANUP] Deleting project workspace... [WS-CLEANUP] Deferred wipeout is used... [WS-CLEANUP] done Finished: FAILURE