| Message ID | 20260121150719.2719579-1-felix.moessbauer@siemens.com |
|---|---|
| Headers | show
Return-Path: <isar-users+bncBCYIZ4M3XAKRBOWXYPFQMGQEVPDFJYA@googlegroups.com>
Received: from shymkent.ilbers.de ([unix socket])
by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA;
Wed, 21 Jan 2026 16:07:46 +0100
X-Sieve: CMU Sieve 2.4
Received: from mail-yx1-f57.google.com (mail-yx1-f57.google.com
[74.125.224.57])
by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id
60LF7iNQ003791
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
for <iupwgm@isar-build.org>; Wed, 21 Jan 2026 16:07:45 +0100
Received: by mail-yx1-f57.google.com with SMTP id
956f58d0204a3-64680de9f05sf11408616d50.3
for <iupwgm@isar-build.org>; Wed, 21 Jan 2026 07:07:45 -0800 (PST)
ARC-Seal: i=3; a=rsa-sha256; t=1769008059; cv=pass;
d=google.com; s=arc-20240605;
b=a4Xq4QE0lVIn7JOK7fOXOY9W43UE6UlYy9BmjJdyPecNkNwJ2sdlTtOSTFhSEh1cYk
WrfJ4b3PuEeT0n095ePihizt+wzZGeLu11dvDOwp9aomVcGmtkdF9da/pII8+uGAWIJ6
KJEaR6kD0AqWC8NTfwuxVIeoTuHUD4q4VH6R2VVv3MwoNe1U5oMuSDusiN17WNSpGxXl
XP4aIFlNRq9saFUT3nteHG6ClRkx2Ih0ck9YhaAjMJmWp0I2DMeNaMd6Bt6HVR62uuNR
N+v11vrNQpPUANIxWte9J9n+xxuGuxpyFCSeREscYEKhRof0ufVtW8mzsuL/kxB1QFmE
gnoA==
ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to:mime-version:message-id
:date:subject:cc:to:from:dkim-signature;
bh=6MobZbBZ/r3hJfExS1l50Oa9k+zxCq5Gmbx+LdwUhEI=;
fh=dt06Wa39KyrdS+CBtXzyokUrH/J3Q0JXhfvC9HMO+g0=;
b=ayOjM6G/RxTM0vvqTxq0F8qkcsXE6BvKIXl4SkUvuPPeA7jNqurwkb9Tivoo4yY6yh
P36ioZThzr4IZyF2SVNgdtc4HuSuzM6nreO2tUH2jB0e9S1LdCBxcsOMApPkikwCcDSU
LLkcLQZX2a7m8eJjQBv06UWoeytmM/5dddXiRfI+lSiJ0YhAE1NuHscIh5GD1AfC6L60
VJ+SIHBg7q1Eh+88Z+l81zjG/cjmx40C1lBEuCXCI6OVivRVfllpZTG0sYZrJu5zki8M
blitxX0MVUMQDLcc2U4SHEpFilEBiEZK/SakujMFZK0pGXrLzjH9fAwYooBErI6BBjBD
c/Cw==;
darn=isar-build.org
ARC-Authentication-Results: i=3; gmr-mx.google.com;
dkim=pass header.i=@siemens.com header.s=selector2 header.b=Wf1RUFxO;
arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass
dkdomain=siemens.com dmarc=pass fromdomain=siemens.com);
spf=pass (google.com: domain of felix.moessbauer@siemens.com designates
2a01:111:f403:c201::6 as permitted sender)
smtp.mailfrom=felix.moessbauer@siemens.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1769008059; x=1769612859;
darn=isar-build.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender:mime-version
:message-id:date:subject:cc:to:from:from:to:cc:subject:date
:message-id:reply-to;
bh=6MobZbBZ/r3hJfExS1l50Oa9k+zxCq5Gmbx+LdwUhEI=;
b=eiNPljx03R/xhs34XZH+NPydEfy0N0mwuEp80V068hxfPTwg+sc0cDcIwjZ4d1UslU
RTBeJT/HbOMAcPnCqVhpNDaAbNZIHESKdxGVGJ1j2Mi1Z2KHeXZaVx5YR/RH8HOIWg9i
vTz3xvGMx82emfdUAqJFj/bC+17piexo3xLpwZ5BGWjWMRvKWwkUjGFFxZEu7P27TRH1
39T2THlFK8LZEK3uG6T8f2iPQa0UIZ9VJdzTqKeweoHWVuckrWY2ugZmUOwSdlBBLTXI
JtievSqPBvJ36sZx+sjAbScwWec+0PdB+c4X6BGq4KrsMOGClE/pZvgF8x3o3F/fSfv7
FSQA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1769008059; x=1769612859;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender:mime-version
:message-id:date:subject:cc:to:from:x-beenthere:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=6MobZbBZ/r3hJfExS1l50Oa9k+zxCq5Gmbx+LdwUhEI=;
b=hkbFqJrEh1rDvviBGKFWyxnUxZhZWotqcv0MnAECoRA2FZZXKgMTEN13rQpkkxOFUj
kQpFJ0nvs8sZ2231E21jC6oYu23WhIP5FDdexJobP4Ufdb7Wsg5KQVYj4VfV0qujbQlQ
2tKLN1K7yvH5Eaf5xubix7fdEpAJ6GYP7gxg2LfACJqMggijMDAugvsQilb7ertDqeAj
vZLsTKLvpc0tvgSO7HFpIxVi0dBzDOdlPBYYb5sqNT9y2p/N/+X3gj06d0qzhcZHcaB9
Ars74SWfVVC0dwH/oLdlS14v3ajfTVk4KxNr1TAmkA95rEKC5s1CXK3uWwZsJ2UJWGjF
6MXw==
X-Forwarded-Encrypted: i=3;
AJvYcCWNTrltEbkhSYjUNBKTdMndADcoDxOv3qVSZlhLmi009SNpspjAhX2DRWnDub2fZP82v9PkoWk=@isar-build.org
X-Gm-Message-State: AOJu0YxohDB0OUEWlUU+j8jspwPYop9S1NLoWIXckJ1ZQ5JLhUVbysYY
frkpdOZJe5tV40d458xHBkiIX5RCdsOo/2oMcIk6AJsbQJ3m0hCROOUt
X-Received: by 2002:a05:690e:151c:b0:647:fee5:5d24 with SMTP id
956f58d0204a3-6493c84902cmr4495162d50.51.1769008058741;
Wed, 21 Jan 2026 07:07:38 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com;
h="AV1CL+GH/Ge88VMJ72YdTHCBSjK3+NeRcJIPsJK3ClLL3Srn0A=="
Received: by 2002:a05:6214:2b9a:b0:894:6476:2ca with SMTP id
6a1803df08f44-8946476043cls31015236d6.2.-pod-prod-07-us; Wed, 21 Jan 2026
07:07:37 -0800 (PST)
X-Received: by 2002:a05:6122:8702:b0:566:24fc:94f2 with SMTP id
71dfb90a1353d-56624fc988emr378340e0c.9.1769008057105;
Wed, 21 Jan 2026 07:07:37 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1769008057; cv=pass;
d=google.com; s=arc-20240605;
b=Atm7IEd1rVGIdFNtmtNmWUHai8HlchZaLTmfi7fLvcHs91xS3cgLS1KacE0BRj4VNE
OWxdNx4+7mTia/jN4tJjoBHz7E8u2JVPu9V1WEWML2Qnwnoc2mdJtnpnsMaXwlP206M0
HSje2n+EWkok/LjNr0clQOaZLglMp+Tkk6SM4g2u34cKqFfJ3kJGY7FLUX6e2fLb41nR
G7jJCXKUPYfAA8gQeHZIThi0oNDr/C2bt7MZC+o3gJpoLJJzwawCcXi9rfHGE9ylLzGJ
A9XYKOxWNS0PQdXyw4QRb/s1Yt2ng2ZPE/0sVSBmpokUGxNFy7mhOxibyJXZpiOOSBD6
Er2g==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=mime-version:content-transfer-encoding:message-id:date:subject:cc
:to:from:dkim-signature;
bh=cEWuq5mN608KoNzZZ3Ubt5YInmzJfwviTsFwSrEhp3E=;
fh=3TZ2kfKzTV0uAG2uKD8NJHxpu4kGHzyonq8tLR1Voro=;
b=Mt6bkE68sAEQODNHeW+MK57A9nkblbU3we2cHHFwenCROuhXg5h2AkqE5wDsZGX4+x
IpTEt0Mcsqg6no1tg6O2YnyVM6MqOJo0Op/pyGLtRZ0YbYvvuNRcEKzCPR68A8V9vFPc
N6AbIh8zzXHLlPKM2p7JZbuMQcYzMSMbOB5Zfaj6NCW19iTYkrkxFnH5S8F/KbMfO/tU
jwFHPRrd+lDCJ7fVu5SpQJqFlGzrs16/NDP7kIFFwf+gjLyx1MsXzAz6OCcTCPy5RIaW
QwQI/u5EWLkfubD4fVSKCI7OYS+DihPOxXB5phAP8TiCV7z1N5AzSSAEKDf4ts7boUVl
d2WA==;
dara=google.com
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@siemens.com header.s=selector2 header.b=Wf1RUFxO;
arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass
dkdomain=siemens.com dmarc=pass fromdomain=siemens.com);
spf=pass (google.com: domain of felix.moessbauer@siemens.com designates
2a01:111:f403:c201::6 as permitted sender)
smtp.mailfrom=felix.moessbauer@siemens.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
Received: from AM0PR02CU008.outbound.protection.outlook.com
(mail-westeuropeazlp170130006.outbound.protection.outlook.com.
[2a01:111:f403:c201::6])
by gmr-mx.google.com with ESMTPS id
71dfb90a1353d-563b7114810si455032e0c.5.2026.01.21.07.07.35
for <isar-users@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 21 Jan 2026 07:07:36 -0800 (PST)
Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com
designates 2a01:111:f403:c201::6 as permitted sender)
client-ip=2a01:111:f403:c201::6;
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=kz9Vl9wgMj/xr2G9jE5lgGRf6uc88vjmFqTO7oRD83X+hu3wGOuYpGvbQud30kpuMLhi+BNEsbXVu5WTz9mkeBeVhfCPQYRsU0JrHa3/BEbmgHgQ1YjIq6MlnweidlMx9dfyFRgksRBlNiEKvKoxiH2/H7UlLahkl9rYemFumedfvGocdxXLSpFA6Z3GjrdN3y0S+q36NUdBSde69ILFtE/saOKp7rRT2zenAtUQ0pUIrLVLAYIlnUC1SQzoO9V5ccHn62FDDPwCFqJdolpNF/suwFz2EMcsrjhoI71lk0BaZRSPVu2NdsylDrUc2EsD7L6BYB+Igi1hUatIrBiGIA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=cEWuq5mN608KoNzZZ3Ubt5YInmzJfwviTsFwSrEhp3E=;
b=rp50IfFXV2sZM2VciJB+tRgZXU1URvXfQhCS5fZlS8OE/5/KW2emheFqVnIydreM8JfzhM8ZDvQm+HQQ+5OD2GCNZsC16kg7jmydG+iAB5wBzXrP7ma4ScLlbZD74JkXuR8PG4OcUQ9RrvMRlQWr//pu4GKG17gr2xVGuyxutshYGls8vNSGpDmtaoj2Gg7Fs7lbWQvjWYoEce7axUta7jMoVNvkLv6yeFNVIoGwE7TKIZuwJA7QnCX2dBWJEyiWnUuygFcYjdTmC6QmaTTopi27SJj068PKTzgI4ey4Ysj0coS4WqzaTiZ4w9aVYgDRH2Jw32KSjc23A+Pskxx15A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com;
dkim=pass header.d=siemens.com; arc=none
Received: from AS2PR10MB6823.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:5f6::12)
by VE1PR10MB3806.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:800:148::15) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9542.9; Wed, 21 Jan
2026 15:07:31 +0000
Received: from AS2PR10MB6823.EURPRD10.PROD.OUTLOOK.COM
([fe80::349d:731e:a849:b4a5]) by AS2PR10MB6823.EURPRD10.PROD.OUTLOOK.COM
([fe80::349d:731e:a849:b4a5%6]) with mapi id 15.20.9542.008; Wed, 21 Jan 2026
15:07:31 +0000
From: "'Felix Moessbauer' via isar-users" <isar-users@googlegroups.com>
To: isar-users@googlegroups.com
Cc: christoph.steiger@siemens.com, cedric.hombourger@siemens.com,
jan.kiszka@siemens.com, quirin.gylstorff@siemens.com,
stefan-koch@siemens.com,
Felix Moessbauer <felix.moessbauer@siemens.com>
Subject: [PATCH v7 0/7] Add SBOM generation with debsbom
Date: Wed, 21 Jan 2026 16:07:12 +0100
Message-ID: <20260121150719.2719579-1-felix.moessbauer@siemens.com>
X-Mailer: git-send-email 2.51.0
Content-Type: text/plain; charset="UTF-8"
X-ClientProxiedBy: CH2PR17CA0026.namprd17.prod.outlook.com
(2603:10b6:610:53::36) To AS2PR10MB6823.EURPRD10.PROD.OUTLOOK.COM
(2603:10a6:20b:5f6::12)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: AS2PR10MB6823:EE_|VE1PR10MB3806:EE_
X-MS-Office365-Filtering-Correlation-Id: 78e86e01-c7a4-418c-2750-08de58fecc57
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|1800799024|376014;
X-Microsoft-Antispam-Message-Info:
KpmkJj2z6yMXBH5Ilp07HoBr4eQRRQVyXRnIApNugXLpqm5j/MD+zoTmCjPMNqpDOGS8t47pEKrtkfhJwFeT9dDPPqFJc4lwckOf8sZQpla83UJ1ZPTP/y6e+q/V8ft5X88M8rB2eqlhsT0/9WIoGSZrFekiS/+HlrjTWUlw86uIngusqNPcI6q+0pSh/JbByk+XF3pp4qfChrdbcLJUD66MgJS08deTPko5X5PHheMXGweBV0nD6Ud3+74hP0qT+I/GfqNtKUnozRweV866eLrXWd32PMdYi2iPGFtbFhWHCtN8eTxwt9swzuS45EQ4UEaYjdZC+oIaZhhYQ8IKmRjV5yl4ukQh0rl9E1FJ2ZqtIWFn9rNWzhJ283IIecENGjMhZKM7T8S/R56Hv2mzaROURZXcD6anWkuBeA5byKZbs6MNYoC47F1hOZG/6YUYgalctg/4m4SQLeK1x2w7KzItW495TqvDPD+xsPO2EdUYAaBWZQUxz0dP+As9icXmHpR5gcNahyNIz0MB//TK5s8VBymbO+/mDf30VQxz2aODNa+HDUIxoP0L7ejPgW5lSLS7SdiurU2OcVUwBpcVeS2dU8BXODJq+IruPpCtLA6wVjGfHu/YlEHdc8BYO5VFthtkUEXOz83HSLY25Nwllu+0IMIy+OMayV6rXeHL9v9wlbUnK5vhkY6DN6SISVSxtL8aCd208VW60gitLx0AhB3btY1BJNqJ1O2HEL9H4ef1wNdouqO/5ZXL9t65l8Clk9DfZ3ggtImn5VkVJrseQHG7RxCYmfkEU5PF0TxegGS2d8FVbPdUYjO1iIYvg5lNwy9MX25Zg8zdMFfEKrbRVCcUB2q+76hr8o/ukrcoUHeWtMX1JebAhC83tHxg/PMLMd6xP8iEGbJR7QnobWk/p5zlA80Sk5v2kSQyoLFWTdL8zPgrQq6+XH+Au3IONzAbhi/fVAwC7d0wRi+JfGj3G9oj89t6ggTJWcFFi9GotbTJY5XuZWKra2CGna5xlaDPVYRyHqMqqs2Bj42PLq1bcs56P67g44PImGkFJiX2rbwbX9p4T5pssLNx2BtCS7VPxWckZyPbXcx2azm56IX+z8p5MupBqRqnqFzsiXHq3OdGNjnoQoJxaRgCs81zMpCav8u4TkRh/RCmJS2sCDt1Q4qVOrHQjTCLq8XLJzWK8BjVmSqR6QXQJN8mIts7tmhv+BilSSoaexGOBHv+y1aa7u6JS/gk6b3LMcK8+r+yYvjbaTdfEaPWkkpl2IPOObMMBJT3ASm6VfAczVkdl2O9q8GC6u2gtoZ2ATa7YsMT7+W1efKjBPiSoU9EJ8NdapnQzdX8ibufDGDere+F263DKiGa2AEG22yYAMvp1uTseCVmm59LANeMEXG0eZTsBfj+RQ4OsbIJVP2Wy+lyLT6rA9IavbTQ4BcX3kWKiE5SC6QouU3ujiSkXLQg/9L7H/MngQHMT+pWWrsADyQeaDvgdbpteTZJ6690NzmRcEmx+0E9KVOzT/9tsYoMADdnbD8G
X-Forefront-Antispam-Report:
CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS2PR10MB6823.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0:
vGKpZAcoW7JPf7i1gkbdM9xqcPSqHYifXTQl3WU+vPEQU4wUvy5NUKEXMD2MWzDJ9WYfxbOxNi602uJOJSKVTUMX5SOAvAEhEmD+7/7YUX1JgNeuRihT44D/BguCpC3+jMLRNCigCSZwjHEZBpf1VR7qfbLG2O4rVIbPJ68ME9BqBafWn3CxI+wWP/uIxTnjVaDcteaXBsCXaJMgHVxzvFr2Q9K+ALbdjretkJw5zhlCg/lch02IgvkntdRF76rR3zbiTLBIRae9172+dSgJfgBiUoyoMqP6QnZYAQjevF7P2zm5KsbkpVaaxN4u5Jksuiyr8hFQQKoNv6HFOXnzgbaZi75zyqy9dupHi2GrTGIEiYRI/ZUrIyXlRni7n/XBhTBYZkZCzv5l0runCAgONYGyofZ07mJr6/1HR+1/Xol/9/cAP/FpUEg2LwEtZkmNEgtc1ysz+vdcaKs88lqyzUuzADZnyk5SGzBho/yl/4B3I3a2KcRSBx2PpoaM6fe3HMXvwVucF3Fp3fp5OXaZarPEJ0+A5CKDOSAO352kV+WKRifXKlHKX0HFbt7GWxLPq42HSyLaUkgByG9Csvl3EAVQ4dhLMlFcNFqiSTlY5+KCmBycYYpgNpwsPkRuB6nn4WuJ8G3xZZ675aEiYdczsy49iv3gRU3z5L0MNhdz6eaUa9NF7AvF1yNvM2oZjdupv1Qe+UlyOGj9e7YQrr7rK4Eo7jxUN5Q5gH+VrrntsHo/77c432+izvZqEMuFJ+UEbkXYd3jNflo1gpVIwZi0dHcz6xmQ70L5OpV2JvxxsvQnbX3OQO22GTi09lWBdbDHn9o1O59E9YAoDJIOVn931GaFopm8luuQKzrx/Hfa9Mo7E/L5boFFbDqdq9iIAMHEXJqf2How6DRGfVOJ4ZM+kUWyeM81mBxPLa/tYiHt+UAlbzmGz95PfDQ/b9/9ZgQVcTPrKD4iIbsYuAYJjffsZL+S5O67LlSseEOxvCs/xzgVq2/OGDgx81RtQgt9SyugBdQPtQAhrs8g2U0Z0dUQ625Be1esIk/LdcM8UCZFvrDO3mJoW/7d3g4iD8/mhEg6eDAIcTA5vKMUjJpvp8K70FP6x3E5XEs5LAHCErSErrsI79ww9aOwGcJyQnh8AnCk6XlQ9DyXCVHy9Y93RnVEreoBgcCBIy8IBZXb3mbl+OW6uMzE9ljHWQLjbPCHJx3MKHSEDsXsIFogpdj9o0voAos3RPjWDtmhFiUS0SsFm4RlevUPh78eF30e7zwYtmDJrQWH13u+8yEPYVHQCs1Vc/grOW1FkBJiInmma9NxLjj5gsGgTfX+FNKbxq44qcO/uk/AFHeEazAnLJD3+nB5y6NZtn15BlPtMOdXFVVLr3gHdWig2fo4xXBu5jmimQ65yM0L7FuboN/QylCqj31kbTR+ebS7n9FoR65BNqnIWSBAY0hkH8Hjm+z16rXkbQGWild1TLppTjK3XDkQKBnmekmGLKHdiFqjpEdB4VjaQ14Ym7DctAEkWsxVfkzKz1ggQORbCEsAG3QHSRibBI7Nlyt8voKvxTk9hligvc7ztOQljRwpQYcX1ll8kV8TkxhWbkQOfZ2+eaAJlCKXjuF+1dJnjJFmmXdAM07wZgvRJ/ZtcdHfSQx2ZwI4z6sJgDft+iUtDO/Hf5dUvKoeaXkcNJCoh3h2hzUL3IshdIR2Hp49gLSfY98QdzvH7VISexjY0dbL8UsQWMo8y5SRtQHq1A8eh5aLiXZ3aDiI2mdxcAE=
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-Network-Message-Id:
78e86e01-c7a4-418c-2750-08de58fecc57
X-MS-Exchange-CrossTenant-AuthSource: AS2PR10MB6823.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jan 2026 15:07:30.9231
(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName:
ysZc0hISm0OBAr99W7wJqMCVQbnqH32RCSEX+qGWqsyJHuH4JviYmIJfJd7kzzzmHzZeCp2nnnEKivXjGRVxQZaDtMKlh7amajkdDiDMKOA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR10MB3806
X-Original-Sender: felix.moessbauer@siemens.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@siemens.com header.s=selector2 header.b=Wf1RUFxO; arc=pass
(i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass
fromdomain=siemens.com); spf=pass (google.com: domain of
felix.moessbauer@siemens.com designates 2a01:111:f403:c201::6 as permitted
sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass
(p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
X-Original-From: Felix Moessbauer <felix.moessbauer@siemens.com>
Reply-To: Felix Moessbauer <felix.moessbauer@siemens.com>
Precedence: list
Mailing-list: list isar-users@googlegroups.com;
contact isar-users+owners@googlegroups.com
List-ID: <isar-users.googlegroups.com>
X-Spam-Checked-In-Group: isar-users@googlegroups.com
X-Google-Group-Id: 914930254986
List-Post: <https://groups.google.com/group/isar-users/post>,
<mailto:isar-users@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
<mailto:isar-users+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/isar-users
List-Subscribe: <https://groups.google.com/group/isar-users/subscribe>,
<mailto:isar-users+subscribe@googlegroups.com>
List-Unsubscribe:
<mailto:googlegroups-manage+914930254986+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/isar-users/subscribe>
X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,
RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED,
RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable
autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
|
| Series |
Add SBOM generation with debsbom
|
expand
|
This patchset adds proper SBOM generation in the two standard formats SPDX and CycloneDX during the rootfs generation process. The generation is itself is handled by a SBOM generator `debsbom` [1] which is developed as an open source project at Siemens. It is still early in development, but it has enough features for what we require in isar. The required dependencies which are not yet available as Debian packages were minimally packaged directly in isar too. This is a followup of the previous RFC [2]. Since then the series has changed a lot. The SBOM generation was moved from a simple OE lib to `debsbom`. This also meant the introduction of a separate chroot was necessary. The SBOM generation process was also moved from the image step to the rootfs step, along with a lot of minor changes and improvements. [1] https://github.com/siemens/debsbom [2] https://groups.google.com/g/isar-users/c/8L-CF4BJY0I/m/p0N3o_zfAAAJ Changes since v6: - fixed imager bom failure on transitive image types (detected in isar-cip, wic -> squashfs). - updated debsbom to 0.6.0+git - add support for license information - rebased onto next Note: I'm still not able to run the full testsuite. The related patches to cleanup the testsuite are pending on the list for quite some time. I did some extensive local testing with isar-cip core and product layers, but any additional testing is highly welcome. Changes since v5: - fix isar-image-ci on qemuamd64-bullseye (set IMAGER_BOM according to machine changes made in image file) - rebased onto next Changes since v4: - rebased onto next - fix race condition on creation of ${DEPLOY_DIR_SBOM} (aka ${DEPLOY_DIR_IMAGE}) Changes since v3: - fix issue on external bullseye initramfs (we now disable sbom generation on all unsupported distros rootfs instances) - update debsbom to v0.4.0 - rebased onto next Changes since v2: - fix issues when HOST_ARCH != DISTRO_ARCH on derived distributions - update debsbom to v0.3.0, which fixes the Origin: bug reported in v2 - generate SBOM for imager as well and create merged sbom of .wic image - resend imager manifest + wic manifest patches to reduce conflicts Note, that the patches p1-p5 are most important as they add basic SBOM support. The remaining patches address the imager + .wic bom part, which also can be merged later on. Changes since v1: - remove tarball - refactor packaging (auto-derive python dependencies) - only build missing packages (varies on bookworm, trixie, noble) - add ubuntu support - only generate sboms for supported distributions (bookworm/jammy and onwards) - update debsbom (includes bug fixes and more information for source packages) Felix Moessbauer (7): debsbom: update to version 0.6.0 feat: add license information to SBOM as well add support to add imager dependencies to BOM wic: create uniform manifest describing all image components qemuamd64: add IMAGER_BOM entries imager: create SBOM of IMAGER_BOM packages wic: create uniform SBOM describing all image components doc/user_manual.md | 1 + meta-isar/conf/machine/qemuamd64.conf | 1 + .../recipes-core/images/isar-image-ci.bb | 1 + .../image-tools-extension.bbclass | 29 ++++++++++++++++++ meta/classes-recipe/image.bbclass | 9 ++++++ meta/classes-recipe/imagetypes_wic.bbclass | 30 +++++++++++++++++++ meta/classes/sbom.bbclass | 3 +- ..._0.5.1.bb => python3-debsbom_0.6.0+git.bb} | 3 +- 8 files changed, 75 insertions(+), 2 deletions(-) rename meta/recipes-support/python3-debsbom/{python3-debsbom_0.5.1.bb => python3-debsbom_0.6.0+git.bb} (91%)