| Message ID | 20250909080528.95765-3-christoph.steiger@siemens.com |
|---|---|
| State | New |
| Headers | show |
| Series | Add SBOM generation with debsbom | expand |
On 9/9/25 10:05, Christoph Steiger wrote: > Package the python tool debsbom for SBOM generation for Debian based > distributions. > > Signed-off-by: Christoph Steiger <christoph.steiger@siemens.com> > --- > ...icense-description-in-pyproject.toml.patch | 28 ++++++++++ > .../files/debsbom-0.1.0.tar.gz | Bin 0 -> 9383 bytes > .../python3-debsbom/files/rules | 8 +++ > .../python3-debsbom/python3-debsbom_0.1.0.bb | 52 ++++++++++++++++++ > 4 files changed, 88 insertions(+) > create mode 100644 meta/recipes-support/python3-debsbom/files/0001-Use-old-license-description-in-pyproject.toml.patch > create mode 100644 meta/recipes-support/python3-debsbom/files/debsbom-0.1.0.tar.gz > create mode 100644 meta/recipes-support/python3-debsbom/files/rules > create mode 100644 meta/recipes-support/python3-debsbom/python3-debsbom_0.1.0.bb > > diff --git a/meta/recipes-support/python3-debsbom/files/0001-Use-old-license-description-in-pyproject.toml.patch b/meta/recipes-support/python3-debsbom/files/0001-Use-old-license-description-in-pyproject.toml.patch > new file mode 100644 > index 00000000..c9137e25 > --- /dev/null > +++ b/meta/recipes-support/python3-debsbom/files/0001-Use-old-license-description-in-pyproject.toml.patch > @@ -0,0 +1,28 @@ > +From 8f926ab0ed1585656ba7de80a82cc802c3ccbdbf Mon Sep 17 00:00:00 2001 > +From: Christoph Steiger <christoph.steiger@siemens.com> > +Date: Mon, 8 Sep 2025 17:17:49 +0200 > +Subject: [PATCH 1/1] Use old license description in pyproject.toml > + > +Older setuptools versions may require a different license field. > + > +Signed-off-by: Christoph Steiger <christoph.steiger@siemens.com> > +--- > + pyproject.toml | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/pyproject.toml b/pyproject.toml > +index cc34bdb..701da4a 100644 > +--- a/pyproject.toml > ++++ b/pyproject.toml > +@@ -22,7 +22,7 @@ maintainers = [ > + ] > + description = "Generate SBOMs for Debian-based distributions." > + readme = "README.md" > +-license = "MIT" > ++license = {text = "MIT"} > + classifiers = [ > + "Intended Audience :: Developers", > + "Operating System :: POSIX :: Linux", > +-- > +2.39.5 > + > diff --git a/meta/recipes-support/python3-debsbom/files/debsbom-0.1.0.tar.gz b/meta/recipes-support/python3-debsbom/files/debsbom-0.1.0.tar.gz > new file mode 100644 > index 0000000000000000000000000000000000000000..7dcc7e43a06e06bad8d097a03294661d51b5e105 > GIT binary patch > literal 9383 > zcmV;YBv{)YiwFpYikxTw17u}lb7F68Eif)IE-)^1VR8WMJZpE`HnRI!zXGeAJ(02! > z{iq+kzN@y1tt8s(*OBCOdmXPrk&wiiBDn-*S)0v&zcT}X1gV$PIPU4WMpKId27|$1 > zUKoIK`9KW9Nqu5_!PcL?P1%NWc(_lWP>P@QytBW(cW|)3zrC{q^*i6~?Hv4R{~OVh > zD^ro!F$@`pVX_WxQ+si8e~{vu>u-&`#2W=+%pY|O<j29m-s<(=+bOR9{@ylxJ}MO} > z%K!8AfAwms-;d^w?TmT9UwUQzD#8Fh_-Iu3f?-(ty$O6S-?ZfP|M=p(*J;1L>b1|` > zS`+uN#@L|$d%NH5E$IKj{_eB>KS6oHj>8~{y}>l`f)PtXrX-?N${NBzFgxbV_Gk87 > zuo?HAaKbIt8+(Gep);NEAYuGI@<ECOOUAr3;sK9spT+!NQ!nNSAXpeMCyz965gMQX > zA;7rYWl_u{JGK#^BoZD8t5kYnk_lLj$K1K~J&}}3bv6~8f#X8jCw5?uIGcylm^ouR > z7;(X_Um4h6-9U$7==<S}UCxs+QRL#xMKbp}3#W<i1we%tu!u+BL+@8=3hpcFY`ZQK > z;3T<Q4~Ih>)b@QA*$Eg>Q3PjD>ImcTIPr#anr!)m-*G>Tc>GeZV`}gmJAuK6>>~C? > zUQn(v!8scM)J)-UaK>!rC1W`|K8gHr&SN$k^MD0m!e(K7ixYt<5kxo({tWa+p-9w> > z>(hwc@mK%{E27H0Asce;4s1ZIh{m<^1oRTXEvTG$z_b`4VT3VaAKOvHkwNw_ffjoJ > z9Ah?!1iyuDL=12UAp<^RL(k`;Mm)2b?>RhxwHk99kydbu{2mq&p$W2D<X>qctJsdU > zQ>s6tluAD%b+~pgAT6FP*A3Vc)5Jmc!e6<Q0I9cJvVz#(P1n0Vm>;nYh;2Awe`hIm > z>~AsE{p9Kzi{IO@MBEDF(GR84RNy3OU1APu5!e&XDnZC1!KZE*%qO57z|H_4!>P#Y > zNwtPuK{Fj6)e!Ydt|%Zqk|e&KgYeV(+qu3deCE_@tZfLRov7|uDs~k#n&-REY@h{5 > zPNYuE#vy7+O!{HR2^+w;ob<SzBEmAZ@3>TLZ!{*|6w|>3v=shLNvN<9I0Y*LTyeM- > zj~o^dKU!}Z8#|zw{5OnmP(4^eHOzNl3+OhD;2T(!I}e$PDnhfaNw%PhfekT71i_lj > z*=-QceD02T4N*BEXbmDGx^0l~2)G%=9!X+0g&ZO+?ZlcQJ2VIEB!$a3gw;7zL^i4Z > z1Z)*)07^v-)eUgQ>lP@7h!(46@L!-9E?ERtnFgSb0w}j9ITRq;KqC&85v=&afVLqp > zDo7^<atq><E@EM6S1qWsLJWcDcOH5O7tDi`_;a%O9A_m$oCorvNUR8nCrai$=nZ0C > zBdGx<;aJ83p&6AdE)ttq27zuBI?$vcc7WdW|0w2Mu4vAZXb)%3CWjgoI+_lEV+z(r > zdx|bAc2OFOoms^T9DhnC7Cg_A`GR@D$UUBrm;kA2nMi^>ko^n+h&tLsv~1uHL=G87 > zgo&-3q05I};3XWGj#N(UIj9a$>4Nzt$^Z(e6z~<-ABV~z%kd;!sr=-Yg1gYa<F56* > z^>~7ki~mpC$F1{j>#@h!5dZIPFUJ3Sd%Mr^|5KFXFq%uBgtl;Zdv_nA9SqkY^tnV^ > zFNAWaU|czv+7U!LpzSp_M1uzg3gYY-9VJG>!Cc$iaDcW$$0N~PnleBm!eKI_%>-Ia > zAwtI^-=((^(r8gQ$SM>rcU6yawI=r`WZ=kz=q55a7>Pm%3--uC9HyPq&AtbQP>zr~ > zV}VFv4^bmJYtjMWC#PwVZ5HDi%S>GjEvm9uHJry5STw<58vqzQpj(-3O<he|_E0%b > z#UdIPT+<{!6JXJB8V4|>^sz3u*^ovg+o|G~H2g!W>v|LqKq!ZP6GHMkPIHm#3Qi43 > zRn7&iaJH(dNsMs|1NK}pOa>CRF`XEPM_-qC!22kS<?gL8O>mLDcP-Yvc+>m2*=ezM > zmtA%)-nUO$C#>A;!gtu${M_!nySVBxfao;Od%v)YH>`R73;Un;`ALnn{&Cr9b-V1M > z!`f$;r|lNhwa<@FuTI+MZ`o_;cYe`hr|q+L50LgQ7!IgVwOd_8cGl_~zk{#M*X`4G > z@0S{T)9#%k&NqOx$u66nUi<j!wAo>oSDnj?ZVQG#0kr4s^EVwBrFGUi?^!S^)Unok > z_`<sHny05URPzd`?+|^*7ni?u+Hc?W*t?6<lNMCIZUJS@*QYHx6in*)wAntZv6JRm > z^KFZIT>zF2fhp>Ke%GQZ7_SNcj(hEkbDRdHV&H2HX4&bbU4L$OTQ%0~w7bZVH=PSW > zkL-jV7lZ`*owp<wWHrmJ2!P=Ct8Oc!<)qa-1zcV1Yy!h-{@%9fxqSPQ^Z#efHYiT} > z9HjXX(|;TD|2vE4Klt$M|DT{7k7Mv_VKiplgnJ`QWjMOZ60+(iAtM6I2`4|W$`v-( > z&z!ejQhl}&fAEsi|4yrUa@KlG)u*yS{||Qe4;SM9!|lUo{eOb;Lg)KgopoPdoH3cW > zPax*Qtmp|Jcy>^i$+R>A#^|q9`lxz-)O{dSL=+IWr_t<d55h=@6VISEhTswQ_lP!! > zNu}x_9+ji%;69l_=!*#!J9e4OX9#xPy*&BHO=X-UkvQ7gn$2dGh}?Tjv&vM?_3_;C > z!+;l|99gYEEee%2-L9Ov3V#K~zFq)h`#!V{yuglOV`DqFHXbO@#>E#QrDf>A<605k > zmB|bZnJ2&{7#w{I_BvbgYds2KBQf7{#&wwqvBt^7ufk?*8e=BShmBJJe~@W7bID-b > z4n!D+Q++yNnX8=OuHc$7@st)55qHw0A#9L*ns5|{1D{Xixen}_DCLq7Jc13=bbtnb > zD@DJR!?Xo^h$$Ca2Rpk}U}s_KgqBkWVB#Ey<#(`uAc6&l*?GwvlY__aTS70m;v#oK > zF$dQ(AtbmHbSX1ukC533fv#Mg8Uv})StVU*Q9==O?zCx9t+<ZGwVi-Dkb}vit^rT; > zq;ePMDXuyovoK4Bd3~Q31_T;B-^J!&IvIdZg+U7=$wRFx0neaGA3v6+_;{3R<8^&} > z1Apr3yat~W_Q`SYYbfruL70p`V`a=b7Z*Kz3UMPqeMq~)I-N0`w7b2|MgP2c)-u~r > zetZuoQ|;ZWOWbaCOc*t^26+!rA#5uM0%;)p0_MX>GHHnJW%Iaolgs=;fet`;U62J( > z965#_-BzdFJUzcUd#wgeJiwUPlZf@&fUMU%ySyot-YP8xc9NQ+2-#X#q@(~h!$@s{ > z8LPu?y<Q)4KQgHh<8UT-z|;aGA;)P^`MrmU@|4?bp&zKrD7Ggrg+4&jD{FRNSRf>W > zylXO#c(Jj_rL@o_sRwNKwTWUCmk;f!pBynnQN{7(+T$SToahT<^e8jrVN5A<KMZfB > z)s1fPoYPLGg47CekklXwOpoAB5(_qx^k6S&h@j0FA7(`3uM)JCGn4S@@GHe9S2Blj > zm3XeioOT$h<T9}V%vS`aD@aV-%f)&nW(~du@mg(I%?y2Rp7yLs^D{t6zq5VMWmlax > ztK=MjWYb1<+B~Z4uEf|J`Rb~Df@bdf`X2qav#Xr1LCLWuWQoRZ9y;p;!?e2>?E8c5 > z9W@BqLNtx1X{t`(cdU>{Q|;_*qg2wB=7EQo1rh?pJ&a{S>*Ll`#9LwvPK6xshgTn7 > zZKY|lkJ3k|naa$T;3^LZc+e;4lW9~cVAaHS#$LedUI4L86!XLek7}_uz@G^ox~EQs > zjE*PdQI0KiE{@O1!D%!xw_U^_Js6&4acVc*&5SA$4ZpXY?Cj9x2`2RdTOWSHBwYw` > zLOS|HmSbji2tiAB!e??!&d1FDQC^SikR}ruz}3+oia-#~EV(f6dEi3DrJ8Q3q$<++ > zJFpa4JcEcl7oO>u&0<*?N#YgRvEY(dWUov*XJgM9gB)?W9*SV;p``;3<)J<etnR14 > zKO+!PaSz~g<ZXo+r)d$A%d5_*R&>FQm;$^!Aji{d!G1+enZ+SqS^&_y!en*QbtVPM > zB!3u#W0!M?c@zqdEObgQS`|P*P%w^tXL~*h1Z88R1gHp+1n@^w-^B$36v9IQSihln > zujLHFGPN?78ZllT5z`5*&9QzY;&b6zwnUU44n{Ra?8LrBC4kva%pt)t>MJd%0wW6P > zU;(n&%#6SArjVW3G&2mIi_;^i4>)&)5=RmQR|Q>CGM|qGAHC%E{~~t2#T{_m4}anP > z@4ema{pb7NPf!-tUsXJ&9Q=m$-#^&heqR44C@a^$-^U9d{k|2=zjlmG`Tr&Be|Wg_ > zod0`@vU2?$-+P3mr?Nr+_Yc9=7uNsaaR0mK^?!o$;?J}#8o=uF;EqLfC;B@GADMA8 > z<hXD%<OMY2X0)!hU-h<*=i?)G*6x)`7%9fE?TAMd#+4|jh4_!--jAtP{ar(gxsZU< > zDeQe!C2mJmZS4Erz#@dY73$;w62wZ=C93^IN^^}iGrf7FD6#aeUV-)ds-oX7l}auj > z((SiO^@ujJG(yZ8>2$1SJff}aCAC!2Eia~t8fB$I<yu<ra^b`tWvCkEhvc(V->Nab > zWxH<QRs&~4meZ_NxyEcq4w2QUr$+fN6(p`I*r(5BOYTW3#<Z&sA1^T`RyGn`Mzu2z > zK{7<+y6m|3Kt&l-B>0J$ukuX>h^e?nc~i#gFZ!`6syVJwWkX?q_zdFw3{bU=8YHA4 > zlDJ6a7i89!5xMmx6oz>U!|6i^T%Wev$iz%!A0~E2_U{42EzkXJB1&q-Zy`%(1Rp@! > zhUDQAy3V2DH_()-<wla$XB{7bqI}M>NRc+H3yb*Ma+Z%kZ!zOpq!``AN@~A4*ZBw& > zNRysL%C#4?&@*`=lmx7t%ev(01IPs01b8w<Eqx%pqEeL?+`S=zSZEFUWRe>VMppbN > z#htbxrfcn4t?b~HAi2LB7a8k~$mp1NEgo_u55kjq|3w-F&rrNjH&kVUE#RPp>U}4b > z0Gx3t<LI5}HoXoAnC)ZwcAlb&Z4YYS+y0cd;y8>e<!OK~l?2)8&XMVf^Yg2!#Yp1$ > zk+GukWU!%wnoPW?nM_O{6|+IujEY(gGUHSud(4BNxsh1#skUq&Z8UR(>B^-&bSPqW > zP;~_YK|=beg^}?2x;#8cXWz69vPZEt-zQZg37me-psGdAr@^IMEpV_Bgx@<nN?40N > z&}iF&8B!I+9+(0h6do~-@{n76T<>)5b7A3mVx_(VLQn$H@6)vVeG>Y99|O~VUkSd9 > zQoklEx^n-AA<ZLg0N3yTcfLD3Sls{b>>fPt|DK?H<vvgE>ukrj1)kevTRT}LA=E(t > zgcTY<9Zg(yPWA3DR(mrrM|gup)t-W#s4?2PsjV9sLDh=Ko}Jd4{w4fr8+N`X4`H*W > z67FbYKAQS=j4vw3T%_?;dWpm35xyiGIP>gA3f5pu&waOa(z<M&pR~@8e*w&3hhvTx > zWFm;VD{;B<<K^E_QGdAp=Ld1~*XjrHs`8<NwaUi*U_oWI`eV6TQfy`I6Cn@1Y<eNt > z_M@>4#tMv<Q)4f!mvs2?vi`C}vuU3!8TR_0&HDe^^?z^I|I7MNzxgX-Fa4CUpZ=<g > zNs8yvbRexquxF8P%qbeFg8heK)F53D?u8>*w~FBYu*&K`7%P|AxN^DN;mI@(vST#$ > za)3UI1BlEyO3(}ug+6_}5*Cc|UabsP=m<=bx-PZ#>GMyYKL2RP&bT2@{8A%|^jYNW > z7(J>PRSkQdP6)kT%!kycmifb@RDNipK+m!n+H4wl|C(}!jvTPy8;?$Yf?&0CvC3lj > zag=wr5_4Xf*<V@t)8{(aWZ=Q#G_#3OfV6x(l$)hP71U$-SPLilAbDassASRzJ9?|E > z7@jApz;TL_DuU#Tn2Y3HmveGizA>UX2qO}Zb#(mjR4KD^hMV?~4GD9-on1G|g-eE1 > z11$8nehtA{%1%2+H&qMeEvl3&RRgv1<!vwn_Y}CTLYQfY$yIYY6$-_qMC#Bd70M+# > zdXie7FILb$kUW2TL4JUc=Ebr<fsK+E`8oMSzjG~xG+UVR%}tJjmooNeFO{Eo$?(S` > zwDTw?g>o!SeT^qKESVIeO9C$&lM_nizgDj1=PyAT@>9ujUj1^26qrQzpCYn{A;dDF > zA54Hfi0KP0s;yAZ#V$%+3Ff*?>7s=zf`(=(IGrn51T|S_(e})(WNWle?WzkJYvNj_ > zlsT6P>(>s@_4+))OS2e7q;D+J%@gURa!zlFE(=a++N>gd)jH1V(8qZRKu%+`D_NMM > zyro$%5T%SwAkrkt8G~+AYnqYHx{SjKkLVgI)_gPnkND6gFZ1mW_vdIUup!5&oUo{I > z=mU(83>%6=nBA*I@mLX}AjUsnIFYjSce1!Ykxor`G7jB>36^HEk7lys_;}+gt5|B3 > z)0knoMP6%r(_2qDyGscj{7r(2F*eL3E?03!Kg=^j88!05X1&twWlfouFKadBa4BMW > z!EH%PAt*7M3SMSOduj!iHEVmYtPQ=3_I5)HvtRg4RF-%akTGo2K4lTW0D^dq5*@6( > z91P2g^hTwfn*sK(VUkY%h9UEkl_>Dl4KJATr2zS?V6o`XR8C1c)T8pE+tcNi&zA+O > z#d3$aLbQrUt0L9aLjdn+6zHw>Vm19(l=RY=D*?$kXuMr1*BkI=(*Fgh&r-eEfIX)` > zUob$^P^}F^6twV57$mo&8~CG@IOo4*8ook<tzP8ZXzx{Yw0^kEGJL^AR4lszb-}V^ > z;e}O*slQ}aCz&#D9NsisUog9O%A{?;Z&<$N$XDBl7kC$U8tJvx8E*9>YWj67yk?!~ > zOX0%w$$4D1FvBQ~ZIuNz-fW_=<SS)5G+b@ca&S23HN(8X-=0h6()drf9SHiVH$@@c > zQpVp35@UJaU0y0?MfaggdPP_T@+)c7yXuX0t+9CGu`pk0rW)#VJ#c1q8rkFeE~XV} > zm|r%KMa!TPTkAm!JDc^uYA4Vzb#_ya?7oWeyuOpxnTCE?4ZhqSEU#S^Y3Z^i;?iY( > z<fY4|2rM0NWhAD{nutu7O_5m!w>Co4r5LFdH!@ny7LJNmp8x2>u1B~C{2T879`5bz > zKHvX+g0gx2zy2cdru)A;2gUdQcX#%8pYQ)ZMR}C-zry+W18!md-qU_As%+MO$G!i` > zdjK2G|F?Iy7xaI7fA9JC|DK{e&OPt!$2BIQ%YEFn;Po5&vI54!V|)dNKR3P_3UjLl > zBz|25o!*et@Y##nD|<j>=os+ybrrO6LqK)NYBt<)r&a+~+*Q9D0zsmN>Qa4|C#$YN > zEWa0DqnbT^Gs2QD%;qjw=qB^lgnpa8f7$HyTAlOS%6k;*GJML0etPXp2bAh~L5-$v > zb{kjED0!Q!)px|qqf8aH=HQl`c;>+5-LAg8+;t?caxMW&Z+0DJYf}KD+_I7`>vcFu > zPkYi7y}a3){m=^XCrv5SYpsoJ4J+3-RpSIEjq&pU1n~mT4lwI4=+#&C=Bqjo5TSf~ > z9rw`_^+Gr$sqy!}Wp8;NQ9OzQ(Y)pIE+V0Buuq@mc*Z-w@&}^TA{yI;A>9s@c`1Fc > zv3THMo|Fv5HT=1Oeujo3A3M+$9*t8seR^1wKy`qq$IbR@#>F^&NxNYxs&x^M?7;gs > zP2BcdV4V_m1gOptb-%tmcw9u-=P;a~9X#gijq^v$ujJbD2^HP;f9)M>bJ|F9Kl3Xn > z<wGE6E8tghuE@6plax0b;{xYybBUKCpxD~Qh!bM7-c<hkP4`UCOCtd`@m4CD4>r;~ > zHIJTtH-QusFJy?d{IR$B+Zr|<m_3=4u^JM|Yz<K7x9OM3EWuf!Db6xUP#HO=Azb{Q > zPoDQ$y|-p9vD|^&23yWa3EY~Y#KxdeIoTOHGlB}{G9^GXCrhE=vhGspj6TXuE`^>( > zJ6sAL{+WgeTbmxq<zP{>EGT)``5n80n_mTkRF!_2ze%E+J)XLoeIl1Br$bz-|8$=B > zPtH5;7I-j>H1Mb=FI&#)T+@YRzz&q$N!Tv{(Ruf{dkCTz^k~7|2iRVi(1Wlj|022s > zE(<uF0rxs%@Kga|6VO$Z0A?KSkpp$!*t6{;;YbM`S%G(ut4JvAKER+ExAI{10Dp>! > z+1~l*{?n(;{oUP0MZb^;6$!GERqeu)VE3I_EeAfDh3ZC!ZXJ;aBJ>8EY;;=xF<ziU > zvWc4LPa*o;0L&IW1`GdQrnUpLwe&u4jKs;QHBlj7Q^&xmSm8pss23koQfIK`o7tOH > zFM!5b;Y|BDcSCrxZ1pj%7j5zR+J>{jkIBjlxMJC>@W!E5Mo9=ZIa8h1mth}Kk}if5 > zO+R&OiHI{-ya^MA$G3370_}_Ib$iAM0}cvSJ=3wgBUaf8S$L#xKp5RT4?fw2@nh8( > zEyQfakC216j<jxWqmM6pXmk^t!r@^Fw(V_X`Sy5_)snDTFvM3{o0?)Fuct_=70`^O > zI7IiX(`!L^u|fZB|Ge{B&7gru<j!*eKB0fCiQN#E;j%eVGj7lmAen=y(B{a<4mjnd > zSxsqnS$0*G6-XMypT?i4Hn-~02#}h)*T8sE-*+9RL%5d%t%=v{-7$M-o<wE!;xKrD > zB-bslmtVu8G&^6)or4+MFz-C%90Vbo0P6qmW`lgUX*vH-a&^BJ|9^k4X~+NA0S7Q8 > z|L-2shU|X|cwQzmiy>)S)$_${5@va9!em`=*7#Gl)O^Iqf+3aSPh@43UQMD8iUXEj > zN!Jo!KA6Vwgj*8&pOT2-&=~9#{|xvGXcdcU?{ZvHn4*td&Kngl_-}?Uij4GxeOA@} > zYGjeRi^F)U`e$PBMrl;Qtquj^0oH_Enx|helaCtUcCzlUoU|1^gjJL#wm{gJ=C%rN > zVrPc)?}DoIf1veZvI2FkomR-;1KMRwv(Q7nvn>7|;ME5VQwAm)W=jea!_!QwV1y=b > zG|OsKFc$58U0g-IO#RT9UuD`0<cfMQ3!#yJfU{<1Xo~_Ughg!H#gz7e`NCOPL;b8b > z73&L(nMRF9{e{6LGm8rEnYbiC%{!X&KPJOVpuH`PW7~>4Ll=0U+f9|{(orSa({WFh > zXlN%pVte=DgU??c=G!>se6Sp0mQ`X=BIdN&`$-^r`YW@7jx5UGR->8%vuOw<EtI(` > zIs>6xdHOK7zM+C>s9_tQ1+cUxH)*~4xa$2eOdd06i-y9Fc}1mStxW^l5Lp@zZClKP > zVJ^M60oVxHUn588(TM^+(DJ|)uX!-n2+Up9E!5sW7$i~!ZB{0%PFB{TCu9DybgF$^ > z9h9tPKJPk=xwVLraU6HoSWMc%u^Y3M6op{!#v*!K-PS(13KhT8&~aW-3qal5eiw_r > zz_aN8)bE}exqbX6bY1;_HwOpiC<Mm9E_Pu#zz4F$&;J0zcH$i#oF@wi<q1Sc8tm1b > zdlLc0vTcb#p>SVP34LQC%8|D-Ws|ryRZ+*@r0e~g-j>R-g9FTNW<%O297p#C<U>X7 > z7u=0B|KDdUo8|N$?#MeSfGpAfI5^0}f81$2+21Sazk5humHx{izPRLS2yWCQ!G%x7 > z6{HI!szWb?ZiTZF2QTpeyi+8p=JK!4GEU<by)N#WWF*wHcrLD_OQ>W`{bhl_3nY-2 > zdOh5NUyG^cVo@hkZ>1Z;uNKS3Z_9jn+-<*sD2d{=txaMS?({mR?atu*?OA64cA;9X > ztk~_n9JJpEX{B`GQK{4TmO5)R@5R4gHDyx->8iRb#%b`6#SfvzVkxo6C_=uMCv0#q > zzbyd)yvr3KsPpW%;IE0TV8(#^y|W5(2|@2=>-6NmEeK(0-tjJJhA!LZE5wy?q^y*O > zMu$n|x)S72Pme&QFD;kxWo=w-qFX!@U<eGj;Af0gFgF?ps+Uy+7vuQTbP^B8gGtOq > z)`11JbmfL3DF+^lB)T3ZH#Ek<Y>~|3xmX2j;AcFqKwMKGh{2c{gW+^Ix%n#`2QMJ( > zgvu51CqQt;o%$Dj6BQnZqY0z!3(Lw-9)mReGtDchZ4(k?n@cHG8q$Ql5D^fp@J`Vf > z#k0ccTXi@dqwbcdNHI6Y>}+G;d)#^?a_3FSRe+}Cc3mot-+=xUagp5WQQ6{aXh#jF > zH??=81&-Zl*9UG)Qsc4TL;>d&a8Y;bR4s)nkZuoI<S8^poh{>1&B~)gvIc@1{TOyI > z`(N`j)OQFKvtsy$-zQ*Pu7n?bfjVG%zE0X&01(nj3S~=_(u(01B+_@vjmAR2jR2U6 > zGi0@+g@-}Q^%1s)euYE-(uad$g)MrN)7DyWRj;rLY=yKMd{uLN4Y$p5g*{TS8%W<5 > z^B}7>Y3x4Ic@w)3)To?nT!6ioF&o5^+HFzJKWnvLwO)1xuUn_=U(c;RC&$T8XECB{ > zC)~$zVreM)X-uv~99n;t@~5Tmc#B&-qsY0oUZiGjXct$=i+088%7Rum!lR7~l4z|9 > z3uQM*vDt7`oyUlB+_(-VT&4^ST{M=pO`RvB!Ro-#`m{j&ckdDdDvD3fw`#Uwo@veP > zuCoLLQd$lQDXk5D?24;`Axdjs4V2b{V`{=UJoCs;KgS41jMA4V+ry=TB}k5Sb(YN; > z$ZGIX4*NE6Q_j>^fuEG_1V<^^@Kj9dDqxk8+v?n*g9zz1;I`j=(`!3)v9lfPAX9=D > z0XB8U(O1$2rjO!*a#<HTVwOjotVp>S!*{9>XV_zYPkV5PJfM6y36Z0}CfaF_NJF%9 > zN5Ii;vBSGBavBWB1AAaDn%`Xi)fJxC(Psw6PB`O>r^@ryb?YA+9Lr$s71`9v+-Zfl > zW5WKxMI0FoyH?7j)m<=1H|TI~b^T?wT9G#yt`d$6df|+oEi4^(9`#t)4UaUf5<Shp > zsUbZq!N2af5AxQ(5Q*E+0e#sy1(sE(zxw%HXM5Ij=P75Uv#>h@{MMOXd+a$p`8!SF > zai`zzojkXva2@bQ(S#~uvl+@jCTm$&DI&Rs<pY{bdQi3!Cztqx(ZX{QR&Ia(vaR`b > z%&fd7G01KUp~#&No9QF&py7>NXy_m4eL7K+Vc!<H5ZTz;7BYMjis5$rT}_FONQr_y > zP{djmvT!AiSF)s<e5vzSVU%%VW1DwpWu14s4lECc?x_WK2Cd3lv<qw4jI6K}2ZSjG > zi4^T6AsI@|Y=@RGFrG9XyTE%aZFuAS2gZ{_A6|+z??e8ZEB{9&)BA}3&}i;9ZT}C= > zC(Yeb{(m276Y~FXx{&hY4*RV|bf{RSl0nsDZy3$E?O_(-)16<=p%hYm!gv+Reqx(3 > zN<*(wu_bcgaq)~=%0NJ;2+yNjRlz1U(JL{7gC2xv7%f5`C7TgXv1VRH{=GG?Vo1b0 > zB^uHQ+*8Hp0*HH;NxYzVPz==l5l+AcR%WN+kRq~qvn2j49HlaAILF9yGIW;*gzoR5 > z`A&c%)#75#A1*K+#%u^mdKmtl3zpDfUwnPdzR~+BzM58#<FNYdH}>ntag0$Xj@aB; > zvL`bl1@8yKUKm1%qhH_s`t0ISz4re7Gb0m)4@dr^`uq1s^?!Mlx>Q{!G^_?&O2~zj > z{%BCGHMTg|M2R+gZf<>_DqMF;x$s|HvYWU9mcakUjsyN5?3ez(?jzk1{wrh*5FrRs > z1?RHb+^RO}S|+^reBs#mdN`|r=1tYETrbb>y(i=R&u+vu<EQcUWMh5c`QO9y-+Z#) > z(ElU;w|CIQ^Z%sT*xzX!`~dDB_nSXd@Adru)oAS9%#++RzAXP6J^$}METYMHn};2~ > zs3hV47E!{vzuuhDBQsQM^e!sA+y{nHgj0~rX}Lb;4ZsYUAx`ha9=fOqO%oXpxuV76 > zY4}aQ;Z<xG7wkg!qy@${k4C*ci9Q?!O;(=O07QoH8iuHeB1Zvh?|`x~wkeJb-akd6 > zS$&$Q0)sdTcKv44s|*+HO+o|sENIX6Rl+Fecy?9or(tvnF-L{!gg2rrf6lXhoO6%~ > zc#v290{v<D-ewy%UBaqx(tt2=gq6#v*kaAYv7zZU_q__}Eb(>eby~--JO1_9<0uyb > zcDW2E(-f9wTx~7J5y)w(hli|X14;F|Gw2)C7W=q^pv+mf&+zR-P`{imcwA=hEQv3Z > z;q^6?{CPONT!5ee%JQ{fzc^>ZJCA442%c4YnLb`Iq&1w(RTovW>YFs0L@C=*9Mh!@ > z>GNru!wga=P1>9OXc8U5iophkt>b@~uuXPR0Wa6vlW=;Og5K5Br{xV*rZSbOOl2xl > hnaWhAGL@-JWhzsd%2cK@mFZha{|8tslE?ta003kVNV)(3 This is a leftover from one of my internal first prototypes. I remove this in the following commit. Rebasing is hard sometimes. This will disappear in the eventual v2. > > literal 0 > HcmV?d00001 > > diff --git a/meta/recipes-support/python3-debsbom/files/rules b/meta/recipes-support/python3-debsbom/files/rules > new file mode 100644 > index 00000000..a414114d > --- /dev/null > +++ b/meta/recipes-support/python3-debsbom/files/rules > @@ -0,0 +1,8 @@ > +#!/usr/bin/make -f > + > +#export DH_VERBOSE = 1 > +export PYBUILD_NAME = debsbom > +export PYBUILD_SYSTEM = pyproject > + > +%: > + dh $@ --with python3 --buildsystem=pybuild > diff --git a/meta/recipes-support/python3-debsbom/python3-debsbom_0.1.0.bb b/meta/recipes-support/python3-debsbom/python3-debsbom_0.1.0.bb > new file mode 100644 > index 00000000..a1e54e97 > --- /dev/null > +++ b/meta/recipes-support/python3-debsbom/python3-debsbom_0.1.0.bb > @@ -0,0 +1,52 @@ > +# This software is a part of ISAR. > +# Copyright (c) Siemens, 2025 > +# > +# SPDX-License-Identifier: MIT > + > +inherit dpkg > + > +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" > + > +S = "${WORKDIR}/git" > + > +DEPENDS = "python3-cyclonedx-python-lib python3-spdx-tools python3-packageurl-python" > + > +MAINTAINER = "Christoph Steiger <christoph.steiger@siemens.com>" > +DPKG_ARCH = "all" > +DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), \ > + dh-python, \ > + python3-all, \ > + python3-setuptools, \ > + pybuild-plugin-pyproject, \ > + python3-packageurl-python, \ > + python3-cyclonedx-python-lib, \ > + python3-spdx-tools, \ > + python3-beartype, \ > + python3-license-expression, \ > + python3-uritools, \ > + python3-py-serializable, \ > + python3-defusedxml, \ > + python3-sortedcontainers, \ > + python3-debian, \ > + python3-requests, \ > + " > + > +DEBIAN_DEPENDS = "python3-cyclonedx-python-lib, \ > + python3-spdx-tools, \ > + python3-packageurl-python, \ > + python3-requests, \ > + python3-debian, \ > + " > + > +DESCRIPTION = "debsbom generates SBOMs for Debian based distributions." > + > +SRC_URI = "git://github.com/siemens/debsbom.git;protocol=https;branch=main; \ > + file://rules \ > + file://0001-Use-old-license-description-in-pyproject.toml.patch \ > + " > +SRCREV = "8fb87567514d461e2db49e0485b890ef108c824a" > + > +do_prepare_build[cleandirs] += "${S}/debian" > +do_prepare_build() { > + deb_debianize > +}
diff --git a/meta/recipes-support/python3-debsbom/files/0001-Use-old-license-description-in-pyproject.toml.patch b/meta/recipes-support/python3-debsbom/files/0001-Use-old-license-description-in-pyproject.toml.patch new file mode 100644 index 00000000..c9137e25 --- /dev/null +++ b/meta/recipes-support/python3-debsbom/files/0001-Use-old-license-description-in-pyproject.toml.patch @@ -0,0 +1,28 @@ +From 8f926ab0ed1585656ba7de80a82cc802c3ccbdbf Mon Sep 17 00:00:00 2001 +From: Christoph Steiger <christoph.steiger@siemens.com> +Date: Mon, 8 Sep 2025 17:17:49 +0200 +Subject: [PATCH 1/1] Use old license description in pyproject.toml + +Older setuptools versions may require a different license field. + +Signed-off-by: Christoph Steiger <christoph.steiger@siemens.com> +--- + pyproject.toml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/pyproject.toml b/pyproject.toml +index cc34bdb..701da4a 100644 +--- a/pyproject.toml ++++ b/pyproject.toml +@@ -22,7 +22,7 @@ maintainers = [ + ] + description = "Generate SBOMs for Debian-based distributions." + readme = "README.md" +-license = "MIT" ++license = {text = "MIT"} + classifiers = [ + "Intended Audience :: Developers", + "Operating System :: POSIX :: Linux", +-- +2.39.5 + diff --git a/meta/recipes-support/python3-debsbom/files/debsbom-0.1.0.tar.gz b/meta/recipes-support/python3-debsbom/files/debsbom-0.1.0.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..7dcc7e43a06e06bad8d097a03294661d51b5e105 GIT binary patch literal 9383 zcmV;YBv{)YiwFpYikxTw17u}lb7F68Eif)IE-)^1VR8WMJZpE`HnRI!zXGeAJ(02! z{iq+kzN@y1tt8s(*OBCOdmXPrk&wiiBDn-*S)0v&zcT}X1gV$PIPU4WMpKId27|$1 zUKoIK`9KW9Nqu5_!PcL?P1%NWc(_lWP>P@QytBW(cW|)3zrC{q^*i6~?Hv4R{~OVh zD^ro!F$@`pVX_WxQ+si8e~{vu>u-&`#2W=+%pY|O<j29m-s<(=+bOR9{@ylxJ}MO} z%K!8AfAwms-;d^w?TmT9UwUQzD#8Fh_-Iu3f?-(ty$O6S-?ZfP|M=p(*J;1L>b1|` zS`+uN#@L|$d%NH5E$IKj{_eB>KS6oHj>8~{y}>l`f)PtXrX-?N${NBzFgxbV_Gk87 zuo?HAaKbIt8+(Gep);NEAYuGI@<ECOOUAr3;sK9spT+!NQ!nNSAXpeMCyz965gMQX zA;7rYWl_u{JGK#^BoZD8t5kYnk_lLj$K1K~J&}}3bv6~8f#X8jCw5?uIGcylm^ouR z7;(X_Um4h6-9U$7==<S}UCxs+QRL#xMKbp}3#W<i1we%tu!u+BL+@8=3hpcFY`ZQK z;3T<Q4~Ih>)b@QA*$Eg>Q3PjD>ImcTIPr#anr!)m-*G>Tc>GeZV`}gmJAuK6>>~C? zUQn(v!8scM)J)-UaK>!rC1W`|K8gHr&SN$k^MD0m!e(K7ixYt<5kxo({tWa+p-9w> z>(hwc@mK%{E27H0Asce;4s1ZIh{m<^1oRTXEvTG$z_b`4VT3VaAKOvHkwNw_ffjoJ z9Ah?!1iyuDL=12UAp<^RL(k`;Mm)2b?>RhxwHk99kydbu{2mq&p$W2D<X>qctJsdU zQ>s6tluAD%b+~pgAT6FP*A3Vc)5Jmc!e6<Q0I9cJvVz#(P1n0Vm>;nYh;2Awe`hIm z>~AsE{p9Kzi{IO@MBEDF(GR84RNy3OU1APu5!e&XDnZC1!KZE*%qO57z|H_4!>P#Y zNwtPuK{Fj6)e!Ydt|%Zqk|e&KgYeV(+qu3deCE_@tZfLRov7|uDs~k#n&-REY@h{5 zPNYuE#vy7+O!{HR2^+w;ob<SzBEmAZ@3>TLZ!{*|6w|>3v=shLNvN<9I0Y*LTyeM- zj~o^dKU!}Z8#|zw{5OnmP(4^eHOzNl3+OhD;2T(!I}e$PDnhfaNw%PhfekT71i_lj z*=-QceD02T4N*BEXbmDGx^0l~2)G%=9!X+0g&ZO+?ZlcQJ2VIEB!$a3gw;7zL^i4Z z1Z)*)07^v-)eUgQ>lP@7h!(46@L!-9E?ERtnFgSb0w}j9ITRq;KqC&85v=&afVLqp zDo7^<atq><E@EM6S1qWsLJWcDcOH5O7tDi`_;a%O9A_m$oCorvNUR8nCrai$=nZ0C zBdGx<;aJ83p&6AdE)ttq27zuBI?$vcc7WdW|0w2Mu4vAZXb)%3CWjgoI+_lEV+z(r zdx|bAc2OFOoms^T9DhnC7Cg_A`GR@D$UUBrm;kA2nMi^>ko^n+h&tLsv~1uHL=G87 zgo&-3q05I};3XWGj#N(UIj9a$>4Nzt$^Z(e6z~<-ABV~z%kd;!sr=-Yg1gYa<F56* z^>~7ki~mpC$F1{j>#@h!5dZIPFUJ3Sd%Mr^|5KFXFq%uBgtl;Zdv_nA9SqkY^tnV^ zFNAWaU|czv+7U!LpzSp_M1uzg3gYY-9VJG>!Cc$iaDcW$$0N~PnleBm!eKI_%>-Ia zAwtI^-=((^(r8gQ$SM>rcU6yawI=r`WZ=kz=q55a7>Pm%3--uC9HyPq&AtbQP>zr~ zV}VFv4^bmJYtjMWC#PwVZ5HDi%S>GjEvm9uHJry5STw<58vqzQpj(-3O<he|_E0%b z#UdIPT+<{!6JXJB8V4|>^sz3u*^ovg+o|G~H2g!W>v|LqKq!ZP6GHMkPIHm#3Qi43 zRn7&iaJH(dNsMs|1NK}pOa>CRF`XEPM_-qC!22kS<?gL8O>mLDcP-Yvc+>m2*=ezM zmtA%)-nUO$C#>A;!gtu${M_!nySVBxfao;Od%v)YH>`R73;Un;`ALnn{&Cr9b-V1M z!`f$;r|lNhwa<@FuTI+MZ`o_;cYe`hr|q+L50LgQ7!IgVwOd_8cGl_~zk{#M*X`4G z@0S{T)9#%k&NqOx$u66nUi<j!wAo>oSDnj?ZVQG#0kr4s^EVwBrFGUi?^!S^)Unok z_`<sHny05URPzd`?+|^*7ni?u+Hc?W*t?6<lNMCIZUJS@*QYHx6in*)wAntZv6JRm z^KFZIT>zF2fhp>Ke%GQZ7_SNcj(hEkbDRdHV&H2HX4&bbU4L$OTQ%0~w7bZVH=PSW zkL-jV7lZ`*owp<wWHrmJ2!P=Ct8Oc!<)qa-1zcV1Yy!h-{@%9fxqSPQ^Z#efHYiT} z9HjXX(|;TD|2vE4Klt$M|DT{7k7Mv_VKiplgnJ`QWjMOZ60+(iAtM6I2`4|W$`v-( z&z!ejQhl}&fAEsi|4yrUa@KlG)u*yS{||Qe4;SM9!|lUo{eOb;Lg)KgopoPdoH3cW zPax*Qtmp|Jcy>^i$+R>A#^|q9`lxz-)O{dSL=+IWr_t<d55h=@6VISEhTswQ_lP!! zNu}x_9+ji%;69l_=!*#!J9e4OX9#xPy*&BHO=X-UkvQ7gn$2dGh}?Tjv&vM?_3_;C z!+;l|99gYEEee%2-L9Ov3V#K~zFq)h`#!V{yuglOV`DqFHXbO@#>E#QrDf>A<605k zmB|bZnJ2&{7#w{I_BvbgYds2KBQf7{#&wwqvBt^7ufk?*8e=BShmBJJe~@W7bID-b z4n!D+Q++yNnX8=OuHc$7@st)55qHw0A#9L*ns5|{1D{Xixen}_DCLq7Jc13=bbtnb zD@DJR!?Xo^h$$Ca2Rpk}U}s_KgqBkWVB#Ey<#(`uAc6&l*?GwvlY__aTS70m;v#oK zF$dQ(AtbmHbSX1ukC533fv#Mg8Uv})StVU*Q9==O?zCx9t+<ZGwVi-Dkb}vit^rT; zq;ePMDXuyovoK4Bd3~Q31_T;B-^J!&IvIdZg+U7=$wRFx0neaGA3v6+_;{3R<8^&} z1Apr3yat~W_Q`SYYbfruL70p`V`a=b7Z*Kz3UMPqeMq~)I-N0`w7b2|MgP2c)-u~r zetZuoQ|;ZWOWbaCOc*t^26+!rA#5uM0%;)p0_MX>GHHnJW%Iaolgs=;fet`;U62J( z965#_-BzdFJUzcUd#wgeJiwUPlZf@&fUMU%ySyot-YP8xc9NQ+2-#X#q@(~h!$@s{ z8LPu?y<Q)4KQgHh<8UT-z|;aGA;)P^`MrmU@|4?bp&zKrD7Ggrg+4&jD{FRNSRf>W zylXO#c(Jj_rL@o_sRwNKwTWUCmk;f!pBynnQN{7(+T$SToahT<^e8jrVN5A<KMZfB z)s1fPoYPLGg47CekklXwOpoAB5(_qx^k6S&h@j0FA7(`3uM)JCGn4S@@GHe9S2Blj zm3XeioOT$h<T9}V%vS`aD@aV-%f)&nW(~du@mg(I%?y2Rp7yLs^D{t6zq5VMWmlax ztK=MjWYb1<+B~Z4uEf|J`Rb~Df@bdf`X2qav#Xr1LCLWuWQoRZ9y;p;!?e2>?E8c5 z9W@BqLNtx1X{t`(cdU>{Q|;_*qg2wB=7EQo1rh?pJ&a{S>*Ll`#9LwvPK6xshgTn7 zZKY|lkJ3k|naa$T;3^LZc+e;4lW9~cVAaHS#$LedUI4L86!XLek7}_uz@G^ox~EQs zjE*PdQI0KiE{@O1!D%!xw_U^_Js6&4acVc*&5SA$4ZpXY?Cj9x2`2RdTOWSHBwYw` zLOS|HmSbji2tiAB!e??!&d1FDQC^SikR}ruz}3+oia-#~EV(f6dEi3DrJ8Q3q$<++ zJFpa4JcEcl7oO>u&0<*?N#YgRvEY(dWUov*XJgM9gB)?W9*SV;p``;3<)J<etnR14 zKO+!PaSz~g<ZXo+r)d$A%d5_*R&>FQm;$^!Aji{d!G1+enZ+SqS^&_y!en*QbtVPM zB!3u#W0!M?c@zqdEObgQS`|P*P%w^tXL~*h1Z88R1gHp+1n@^w-^B$36v9IQSihln zujLHFGPN?78ZllT5z`5*&9QzY;&b6zwnUU44n{Ra?8LrBC4kva%pt)t>MJd%0wW6P zU;(n&%#6SArjVW3G&2mIi_;^i4>)&)5=RmQR|Q>CGM|qGAHC%E{~~t2#T{_m4}anP z@4ema{pb7NPf!-tUsXJ&9Q=m$-#^&heqR44C@a^$-^U9d{k|2=zjlmG`Tr&Be|Wg_ zod0`@vU2?$-+P3mr?Nr+_Yc9=7uNsaaR0mK^?!o$;?J}#8o=uF;EqLfC;B@GADMA8 z<hXD%<OMY2X0)!hU-h<*=i?)G*6x)`7%9fE?TAMd#+4|jh4_!--jAtP{ar(gxsZU< zDeQe!C2mJmZS4Erz#@dY73$;w62wZ=C93^IN^^}iGrf7FD6#aeUV-)ds-oX7l}auj z((SiO^@ujJG(yZ8>2$1SJff}aCAC!2Eia~t8fB$I<yu<ra^b`tWvCkEhvc(V->Nab zWxH<QRs&~4meZ_NxyEcq4w2QUr$+fN6(p`I*r(5BOYTW3#<Z&sA1^T`RyGn`Mzu2z zK{7<+y6m|3Kt&l-B>0J$ukuX>h^e?nc~i#gFZ!`6syVJwWkX?q_zdFw3{bU=8YHA4 zlDJ6a7i89!5xMmx6oz>U!|6i^T%Wev$iz%!A0~E2_U{42EzkXJB1&q-Zy`%(1Rp@! zhUDQAy3V2DH_()-<wla$XB{7bqI}M>NRc+H3yb*Ma+Z%kZ!zOpq!``AN@~A4*ZBw& zNRysL%C#4?&@*`=lmx7t%ev(01IPs01b8w<Eqx%pqEeL?+`S=zSZEFUWRe>VMppbN z#htbxrfcn4t?b~HAi2LB7a8k~$mp1NEgo_u55kjq|3w-F&rrNjH&kVUE#RPp>U}4b z0Gx3t<LI5}HoXoAnC)ZwcAlb&Z4YYS+y0cd;y8>e<!OK~l?2)8&XMVf^Yg2!#Yp1$ zk+GukWU!%wnoPW?nM_O{6|+IujEY(gGUHSud(4BNxsh1#skUq&Z8UR(>B^-&bSPqW zP;~_YK|=beg^}?2x;#8cXWz69vPZEt-zQZg37me-psGdAr@^IMEpV_Bgx@<nN?40N z&}iF&8B!I+9+(0h6do~-@{n76T<>)5b7A3mVx_(VLQn$H@6)vVeG>Y99|O~VUkSd9 zQoklEx^n-AA<ZLg0N3yTcfLD3Sls{b>>fPt|DK?H<vvgE>ukrj1)kevTRT}LA=E(t zgcTY<9Zg(yPWA3DR(mrrM|gup)t-W#s4?2PsjV9sLDh=Ko}Jd4{w4fr8+N`X4`H*W z67FbYKAQS=j4vw3T%_?;dWpm35xyiGIP>gA3f5pu&waOa(z<M&pR~@8e*w&3hhvTx zWFm;VD{;B<<K^E_QGdAp=Ld1~*XjrHs`8<NwaUi*U_oWI`eV6TQfy`I6Cn@1Y<eNt z_M@>4#tMv<Q)4f!mvs2?vi`C}vuU3!8TR_0&HDe^^?z^I|I7MNzxgX-Fa4CUpZ=<g zNs8yvbRexquxF8P%qbeFg8heK)F53D?u8>*w~FBYu*&K`7%P|AxN^DN;mI@(vST#$ za)3UI1BlEyO3(}ug+6_}5*Cc|UabsP=m<=bx-PZ#>GMyYKL2RP&bT2@{8A%|^jYNW z7(J>PRSkQdP6)kT%!kycmifb@RDNipK+m!n+H4wl|C(}!jvTPy8;?$Yf?&0CvC3lj zag=wr5_4Xf*<V@t)8{(aWZ=Q#G_#3OfV6x(l$)hP71U$-SPLilAbDassASRzJ9?|E z7@jApz;TL_DuU#Tn2Y3HmveGizA>UX2qO}Zb#(mjR4KD^hMV?~4GD9-on1G|g-eE1 z11$8nehtA{%1%2+H&qMeEvl3&RRgv1<!vwn_Y}CTLYQfY$yIYY6$-_qMC#Bd70M+# zdXie7FILb$kUW2TL4JUc=Ebr<fsK+E`8oMSzjG~xG+UVR%}tJjmooNeFO{Eo$?(S` zwDTw?g>o!SeT^qKESVIeO9C$&lM_nizgDj1=PyAT@>9ujUj1^26qrQzpCYn{A;dDF zA54Hfi0KP0s;yAZ#V$%+3Ff*?>7s=zf`(=(IGrn51T|S_(e})(WNWle?WzkJYvNj_ zlsT6P>(>s@_4+))OS2e7q;D+J%@gURa!zlFE(=a++N>gd)jH1V(8qZRKu%+`D_NMM zyro$%5T%SwAkrkt8G~+AYnqYHx{SjKkLVgI)_gPnkND6gFZ1mW_vdIUup!5&oUo{I z=mU(83>%6=nBA*I@mLX}AjUsnIFYjSce1!Ykxor`G7jB>36^HEk7lys_;}+gt5|B3 z)0knoMP6%r(_2qDyGscj{7r(2F*eL3E?03!Kg=^j88!05X1&twWlfouFKadBa4BMW z!EH%PAt*7M3SMSOduj!iHEVmYtPQ=3_I5)HvtRg4RF-%akTGo2K4lTW0D^dq5*@6( z91P2g^hTwfn*sK(VUkY%h9UEkl_>Dl4KJATr2zS?V6o`XR8C1c)T8pE+tcNi&zA+O z#d3$aLbQrUt0L9aLjdn+6zHw>Vm19(l=RY=D*?$kXuMr1*BkI=(*Fgh&r-eEfIX)` zUob$^P^}F^6twV57$mo&8~CG@IOo4*8ook<tzP8ZXzx{Yw0^kEGJL^AR4lszb-}V^ z;e}O*slQ}aCz&#D9NsisUog9O%A{?;Z&<$N$XDBl7kC$U8tJvx8E*9>YWj67yk?!~ zOX0%w$$4D1FvBQ~ZIuNz-fW_=<SS)5G+b@ca&S23HN(8X-=0h6()drf9SHiVH$@@c zQpVp35@UJaU0y0?MfaggdPP_T@+)c7yXuX0t+9CGu`pk0rW)#VJ#c1q8rkFeE~XV} zm|r%KMa!TPTkAm!JDc^uYA4Vzb#_ya?7oWeyuOpxnTCE?4ZhqSEU#S^Y3Z^i;?iY( z<fY4|2rM0NWhAD{nutu7O_5m!w>Co4r5LFdH!@ny7LJNmp8x2>u1B~C{2T879`5bz zKHvX+g0gx2zy2cdru)A;2gUdQcX#%8pYQ)ZMR}C-zry+W18!md-qU_As%+MO$G!i` zdjK2G|F?Iy7xaI7fA9JC|DK{e&OPt!$2BIQ%YEFn;Po5&vI54!V|)dNKR3P_3UjLl zBz|25o!*et@Y##nD|<j>=os+ybrrO6LqK)NYBt<)r&a+~+*Q9D0zsmN>Qa4|C#$YN zEWa0DqnbT^Gs2QD%;qjw=qB^lgnpa8f7$HyTAlOS%6k;*GJML0etPXp2bAh~L5-$v zb{kjED0!Q!)px|qqf8aH=HQl`c;>+5-LAg8+;t?caxMW&Z+0DJYf}KD+_I7`>vcFu zPkYi7y}a3){m=^XCrv5SYpsoJ4J+3-RpSIEjq&pU1n~mT4lwI4=+#&C=Bqjo5TSf~ z9rw`_^+Gr$sqy!}Wp8;NQ9OzQ(Y)pIE+V0Buuq@mc*Z-w@&}^TA{yI;A>9s@c`1Fc zv3THMo|Fv5HT=1Oeujo3A3M+$9*t8seR^1wKy`qq$IbR@#>F^&NxNYxs&x^M?7;gs zP2BcdV4V_m1gOptb-%tmcw9u-=P;a~9X#gijq^v$ujJbD2^HP;f9)M>bJ|F9Kl3Xn z<wGE6E8tghuE@6plax0b;{xYybBUKCpxD~Qh!bM7-c<hkP4`UCOCtd`@m4CD4>r;~ zHIJTtH-QusFJy?d{IR$B+Zr|<m_3=4u^JM|Yz<K7x9OM3EWuf!Db6xUP#HO=Azb{Q zPoDQ$y|-p9vD|^&23yWa3EY~Y#KxdeIoTOHGlB}{G9^GXCrhE=vhGspj6TXuE`^>( zJ6sAL{+WgeTbmxq<zP{>EGT)``5n80n_mTkRF!_2ze%E+J)XLoeIl1Br$bz-|8$=B zPtH5;7I-j>H1Mb=FI&#)T+@YRzz&q$N!Tv{(Ruf{dkCTz^k~7|2iRVi(1Wlj|022s zE(<uF0rxs%@Kga|6VO$Z0A?KSkpp$!*t6{;;YbM`S%G(ut4JvAKER+ExAI{10Dp>! z+1~l*{?n(;{oUP0MZb^;6$!GERqeu)VE3I_EeAfDh3ZC!ZXJ;aBJ>8EY;;=xF<ziU zvWc4LPa*o;0L&IW1`GdQrnUpLwe&u4jKs;QHBlj7Q^&xmSm8pss23koQfIK`o7tOH zFM!5b;Y|BDcSCrxZ1pj%7j5zR+J>{jkIBjlxMJC>@W!E5Mo9=ZIa8h1mth}Kk}if5 zO+R&OiHI{-ya^MA$G3370_}_Ib$iAM0}cvSJ=3wgBUaf8S$L#xKp5RT4?fw2@nh8( zEyQfakC216j<jxWqmM6pXmk^t!r@^Fw(V_X`Sy5_)snDTFvM3{o0?)Fuct_=70`^O zI7IiX(`!L^u|fZB|Ge{B&7gru<j!*eKB0fCiQN#E;j%eVGj7lmAen=y(B{a<4mjnd zSxsqnS$0*G6-XMypT?i4Hn-~02#}h)*T8sE-*+9RL%5d%t%=v{-7$M-o<wE!;xKrD zB-bslmtVu8G&^6)or4+MFz-C%90Vbo0P6qmW`lgUX*vH-a&^BJ|9^k4X~+NA0S7Q8 z|L-2shU|X|cwQzmiy>)S)$_${5@va9!em`=*7#Gl)O^Iqf+3aSPh@43UQMD8iUXEj zN!Jo!KA6Vwgj*8&pOT2-&=~9#{|xvGXcdcU?{ZvHn4*td&Kngl_-}?Uij4GxeOA@} zYGjeRi^F)U`e$PBMrl;Qtquj^0oH_Enx|helaCtUcCzlUoU|1^gjJL#wm{gJ=C%rN zVrPc)?}DoIf1veZvI2FkomR-;1KMRwv(Q7nvn>7|;ME5VQwAm)W=jea!_!QwV1y=b zG|OsKFc$58U0g-IO#RT9UuD`0<cfMQ3!#yJfU{<1Xo~_Ughg!H#gz7e`NCOPL;b8b z73&L(nMRF9{e{6LGm8rEnYbiC%{!X&KPJOVpuH`PW7~>4Ll=0U+f9|{(orSa({WFh zXlN%pVte=DgU??c=G!>se6Sp0mQ`X=BIdN&`$-^r`YW@7jx5UGR->8%vuOw<EtI(` zIs>6xdHOK7zM+C>s9_tQ1+cUxH)*~4xa$2eOdd06i-y9Fc}1mStxW^l5Lp@zZClKP zVJ^M60oVxHUn588(TM^+(DJ|)uX!-n2+Up9E!5sW7$i~!ZB{0%PFB{TCu9DybgF$^ z9h9tPKJPk=xwVLraU6HoSWMc%u^Y3M6op{!#v*!K-PS(13KhT8&~aW-3qal5eiw_r zz_aN8)bE}exqbX6bY1;_HwOpiC<Mm9E_Pu#zz4F$&;J0zcH$i#oF@wi<q1Sc8tm1b zdlLc0vTcb#p>SVP34LQC%8|D-Ws|ryRZ+*@r0e~g-j>R-g9FTNW<%O297p#C<U>X7 z7u=0B|KDdUo8|N$?#MeSfGpAfI5^0}f81$2+21Sazk5humHx{izPRLS2yWCQ!G%x7 z6{HI!szWb?ZiTZF2QTpeyi+8p=JK!4GEU<by)N#WWF*wHcrLD_OQ>W`{bhl_3nY-2 zdOh5NUyG^cVo@hkZ>1Z;uNKS3Z_9jn+-<*sD2d{=txaMS?({mR?atu*?OA64cA;9X ztk~_n9JJpEX{B`GQK{4TmO5)R@5R4gHDyx->8iRb#%b`6#SfvzVkxo6C_=uMCv0#q zzbyd)yvr3KsPpW%;IE0TV8(#^y|W5(2|@2=>-6NmEeK(0-tjJJhA!LZE5wy?q^y*O zMu$n|x)S72Pme&QFD;kxWo=w-qFX!@U<eGj;Af0gFgF?ps+Uy+7vuQTbP^B8gGtOq z)`11JbmfL3DF+^lB)T3ZH#Ek<Y>~|3xmX2j;AcFqKwMKGh{2c{gW+^Ix%n#`2QMJ( zgvu51CqQt;o%$Dj6BQnZqY0z!3(Lw-9)mReGtDchZ4(k?n@cHG8q$Ql5D^fp@J`Vf z#k0ccTXi@dqwbcdNHI6Y>}+G;d)#^?a_3FSRe+}Cc3mot-+=xUagp5WQQ6{aXh#jF zH??=81&-Zl*9UG)Qsc4TL;>d&a8Y;bR4s)nkZuoI<S8^poh{>1&B~)gvIc@1{TOyI z`(N`j)OQFKvtsy$-zQ*Pu7n?bfjVG%zE0X&01(nj3S~=_(u(01B+_@vjmAR2jR2U6 zGi0@+g@-}Q^%1s)euYE-(uad$g)MrN)7DyWRj;rLY=yKMd{uLN4Y$p5g*{TS8%W<5 z^B}7>Y3x4Ic@w)3)To?nT!6ioF&o5^+HFzJKWnvLwO)1xuUn_=U(c;RC&$T8XECB{ zC)~$zVreM)X-uv~99n;t@~5Tmc#B&-qsY0oUZiGjXct$=i+088%7Rum!lR7~l4z|9 z3uQM*vDt7`oyUlB+_(-VT&4^ST{M=pO`RvB!Ro-#`m{j&ckdDdDvD3fw`#Uwo@veP zuCoLLQd$lQDXk5D?24;`Axdjs4V2b{V`{=UJoCs;KgS41jMA4V+ry=TB}k5Sb(YN; z$ZGIX4*NE6Q_j>^fuEG_1V<^^@Kj9dDqxk8+v?n*g9zz1;I`j=(`!3)v9lfPAX9=D z0XB8U(O1$2rjO!*a#<HTVwOjotVp>S!*{9>XV_zYPkV5PJfM6y36Z0}CfaF_NJF%9 zN5Ii;vBSGBavBWB1AAaDn%`Xi)fJxC(Psw6PB`O>r^@ryb?YA+9Lr$s71`9v+-Zfl zW5WKxMI0FoyH?7j)m<=1H|TI~b^T?wT9G#yt`d$6df|+oEi4^(9`#t)4UaUf5<Shp zsUbZq!N2af5AxQ(5Q*E+0e#sy1(sE(zxw%HXM5Ij=P75Uv#>h@{MMOXd+a$p`8!SF zai`zzojkXva2@bQ(S#~uvl+@jCTm$&DI&Rs<pY{bdQi3!Cztqx(ZX{QR&Ia(vaR`b z%&fd7G01KUp~#&No9QF&py7>NXy_m4eL7K+Vc!<H5ZTz;7BYMjis5$rT}_FONQr_y zP{djmvT!AiSF)s<e5vzSVU%%VW1DwpWu14s4lECc?x_WK2Cd3lv<qw4jI6K}2ZSjG zi4^T6AsI@|Y=@RGFrG9XyTE%aZFuAS2gZ{_A6|+z??e8ZEB{9&)BA}3&}i;9ZT}C= zC(Yeb{(m276Y~FXx{&hY4*RV|bf{RSl0nsDZy3$E?O_(-)16<=p%hYm!gv+Reqx(3 zN<*(wu_bcgaq)~=%0NJ;2+yNjRlz1U(JL{7gC2xv7%f5`C7TgXv1VRH{=GG?Vo1b0 zB^uHQ+*8Hp0*HH;NxYzVPz==l5l+AcR%WN+kRq~qvn2j49HlaAILF9yGIW;*gzoR5 z`A&c%)#75#A1*K+#%u^mdKmtl3zpDfUwnPdzR~+BzM58#<FNYdH}>ntag0$Xj@aB; zvL`bl1@8yKUKm1%qhH_s`t0ISz4re7Gb0m)4@dr^`uq1s^?!Mlx>Q{!G^_?&O2~zj z{%BCGHMTg|M2R+gZf<>_DqMF;x$s|HvYWU9mcakUjsyN5?3ez(?jzk1{wrh*5FrRs z1?RHb+^RO}S|+^reBs#mdN`|r=1tYETrbb>y(i=R&u+vu<EQcUWMh5c`QO9y-+Z#) z(ElU;w|CIQ^Z%sT*xzX!`~dDB_nSXd@Adru)oAS9%#++RzAXP6J^$}METYMHn};2~ zs3hV47E!{vzuuhDBQsQM^e!sA+y{nHgj0~rX}Lb;4ZsYUAx`ha9=fOqO%oXpxuV76 zY4}aQ;Z<xG7wkg!qy@${k4C*ci9Q?!O;(=O07QoH8iuHeB1Zvh?|`x~wkeJb-akd6 zS$&$Q0)sdTcKv44s|*+HO+o|sENIX6Rl+Fecy?9or(tvnF-L{!gg2rrf6lXhoO6%~ zc#v290{v<D-ewy%UBaqx(tt2=gq6#v*kaAYv7zZU_q__}Eb(>eby~--JO1_9<0uyb zcDW2E(-f9wTx~7J5y)w(hli|X14;F|Gw2)C7W=q^pv+mf&+zR-P`{imcwA=hEQv3Z z;q^6?{CPONT!5ee%JQ{fzc^>ZJCA442%c4YnLb`Iq&1w(RTovW>YFs0L@C=*9Mh!@ z>GNru!wga=P1>9OXc8U5iophkt>b@~uuXPR0Wa6vlW=;Og5K5Br{xV*rZSbOOl2xl hnaWhAGL@-JWhzsd%2cK@mFZha{|8tslE?ta003kVNV)(3 literal 0 HcmV?d00001 diff --git a/meta/recipes-support/python3-debsbom/files/rules b/meta/recipes-support/python3-debsbom/files/rules new file mode 100644 index 00000000..a414114d --- /dev/null +++ b/meta/recipes-support/python3-debsbom/files/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = debsbom +export PYBUILD_SYSTEM = pyproject + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-debsbom/python3-debsbom_0.1.0.bb b/meta/recipes-support/python3-debsbom/python3-debsbom_0.1.0.bb new file mode 100644 index 00000000..a1e54e97 --- /dev/null +++ b/meta/recipes-support/python3-debsbom/python3-debsbom_0.1.0.bb @@ -0,0 +1,52 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +S = "${WORKDIR}/git" + +DEPENDS = "python3-cyclonedx-python-lib python3-spdx-tools python3-packageurl-python" + +MAINTAINER = "Christoph Steiger <christoph.steiger@siemens.com>" +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), \ + dh-python, \ + python3-all, \ + python3-setuptools, \ + pybuild-plugin-pyproject, \ + python3-packageurl-python, \ + python3-cyclonedx-python-lib, \ + python3-spdx-tools, \ + python3-beartype, \ + python3-license-expression, \ + python3-uritools, \ + python3-py-serializable, \ + python3-defusedxml, \ + python3-sortedcontainers, \ + python3-debian, \ + python3-requests, \ + " + +DEBIAN_DEPENDS = "python3-cyclonedx-python-lib, \ + python3-spdx-tools, \ + python3-packageurl-python, \ + python3-requests, \ + python3-debian, \ + " + +DESCRIPTION = "debsbom generates SBOMs for Debian based distributions." + +SRC_URI = "git://github.com/siemens/debsbom.git;protocol=https;branch=main; \ + file://rules \ + file://0001-Use-old-license-description-in-pyproject.toml.patch \ + " +SRCREV = "8fb87567514d461e2db49e0485b890ef108c824a" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + deb_debianize +}
Package the python tool debsbom for SBOM generation for Debian based distributions. Signed-off-by: Christoph Steiger <christoph.steiger@siemens.com> --- ...icense-description-in-pyproject.toml.patch | 28 ++++++++++ .../files/debsbom-0.1.0.tar.gz | Bin 0 -> 9383 bytes .../python3-debsbom/files/rules | 8 +++ .../python3-debsbom/python3-debsbom_0.1.0.bb | 52 ++++++++++++++++++ 4 files changed, 88 insertions(+) create mode 100644 meta/recipes-support/python3-debsbom/files/0001-Use-old-license-description-in-pyproject.toml.patch create mode 100644 meta/recipes-support/python3-debsbom/files/debsbom-0.1.0.tar.gz create mode 100644 meta/recipes-support/python3-debsbom/files/rules create mode 100644 meta/recipes-support/python3-debsbom/python3-debsbom_0.1.0.bb