| Message ID | 20251022153921.2494749-11-felix.moessbauer@siemens.com |
|---|---|
| State | Under Review |
| Headers | show
Return-Path: <isar-users+bncBCYIZ4M3XAKRBTPV4PDQMGQEM44CRZI@googlegroups.com>
Received: from shymkent.ilbers.de ([unix socket])
by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA;
Wed, 22 Oct 2025 17:40:05 +0200
X-Sieve: CMU Sieve 2.4
Received: from mail-pg1-f186.google.com (mail-pg1-f186.google.com
[209.85.215.186])
by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id
59MFe4Ut021703
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT)
for <iupwgm@isar-build.org>; Wed, 22 Oct 2025 17:40:05 +0200
Received: by mail-pg1-f186.google.com with SMTP id
41be03b00d2f7-b630753cc38sf12335371a12.1
for <iupwgm@isar-build.org>; Wed, 22 Oct 2025 08:40:04 -0700 (PDT)
ARC-Seal: i=3; a=rsa-sha256; t=1761147598; cv=pass;
d=google.com; s=arc-20240605;
b=bqyFnO5fLwcSQffXhpEw9HbOcPKV9WW4u/q6A/WiQMuapJm1ULZZMZ+0mMAAo38Och
TvHzxhJpb32KRRBCVH2832hmnEh1qFFy8or95wum9z350RkKtJTiU2aFS9iS0PvUWKkg
qn5cgvLhKscXI8oS3+J9GHSn5eym/B7kjHB0Tw2WgLCzmNF6ifhKHw8w8M+i3XCtMU3p
RsmDsPFCHDuOEufIKX0Bp0dAPC2kNmTd0yOFUlAUr3JtBqACDlh8J7jtlo04ZbNW4jvF
y2fdUg3dVwvktQ4x07zIspG6cuZzkZj0d6KfuAX2VnTgp2oU97H9xv4lTd8z/s5GIzV8
s5Aw==
ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to:mime-version:references
:in-reply-to:message-id:date:subject:cc:to:from:dkim-signature;
bh=vA9dVDbl2bLzwlhEjA9ub0KckztuHRrkSseY3CxHQ8A=;
fh=ScQKPjth1iW/nXHbP+ohG0Thhtgdtj0nVu7H0/zHUso=;
b=hoq8TsBzb1xdZVJ8kdhMZvvsBjSGkCKXNot/xWHf1rWENZqZOP7NmLL9hGcQt1Rve1
1ikjSwgF83OervDDx+0ZNWQq6zeYOmHnMM5pQxkfPEXrOqfOK44OqfgHK62yYscqwZna
3ew8uS9oFpPHLdkgOyTr+u0Dd1A+0WBp7tMoGomiSE8o9qYO1jeN/SUp/4pmqREyRIAW
9MeBlo34nkWEs3/WNwdDDWpHGOJK4YuvluTVhJY3O8lMFZDNBzuy4BE6snpPLXfU3hyS
Xrde8d6afTeJnf09XylJGNRgzczzn1hAf5+H8BWwX//WifvFGcS1dNx5h5q/yHBNd+/g
WSWQ==;
darn=isar-build.org
ARC-Authentication-Results: i=3; gmr-mx.google.com;
dkim=pass header.i=@siemens.com header.s=selector2 header.b=xpxx1tGq;
arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass
dkdomain=siemens.com dmarc=pass fromdomain=siemens.com);
spf=pass (google.com: domain of felix.moessbauer@siemens.com designates
2a01:111:f403:c207::3 as permitted sender)
smtp.mailfrom=felix.moessbauer@siemens.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1761147598; x=1761752398;
darn=isar-build.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from:from:to
:cc:subject:date:message-id:reply-to;
bh=vA9dVDbl2bLzwlhEjA9ub0KckztuHRrkSseY3CxHQ8A=;
b=eCqlKAj9eMEsc/HjAc0QfNEvFEJhvTDbjXVqE83xIQroBzAzrM8+xC+PlpDz2Fe8tT
BKMs16+X15CpTU3Y97B5VE69+9y4R+/lnJPiDshipM/Ad+lD8eG4GCNjNzg+LVvyeDeI
+fW+LJCDTR48T2CloB2fn3hEMjyzScNVz289Niy55tbcxaWlAxYFWLWoiBeBE8hDljr4
PAEsg5SgVELvbNhvxZxTcMVjo8Se0p90fEpD7VrtakngZDMLsxf5iwwmfaWmz60jy1Gr
ql+01PYKlx/n8p2VJatmDdlgyZhTCWUpPB8MCQJdtFL/s1NX0Yx9yC4RmDRSEJyDxpv8
ds8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1761147598; x=1761752398;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=vA9dVDbl2bLzwlhEjA9ub0KckztuHRrkSseY3CxHQ8A=;
b=AsR1LXIdclevKNHVtmbiBYMS8uDAMF4miE5Q7aNQOwzsljTzaAzDUzRGlbEQEmp7mO
fE5FSdJwjQ9MOTIeb40wY7x4OGE365ZLthcYKSenF+3eYCqHrI+1KFqsoD62eF2JAUvR
w5leAqE8uri9xMoHBoA6lt3Yz0M68YCymWv5WeK9lEIeEYerecj56QUUChAzEo6x05qk
CUinVC8+cXSoYtyUBFrmLHYfOBEALWwequjW10NocjIWSCs96T0g/q91R1BhkAYmEZmY
s31aanvBsyE9p4jkLY41AUolTBAtBx+JXf/vW+Xroa/CwFss2K6YpNLHIPYdeKSu7fvZ
QQ2g==
X-Forwarded-Encrypted: i=3;
AJvYcCWirZnDOCYx4CnbEfyr9vZ2kqaLcxk9/QFy66Y8NYPkBt0PM+iSPy2yMQEXLu2Z58bIPLjfcCo=@isar-build.org
X-Gm-Message-State: AOJu0YyriR/fjEXvxb8eQM76EWH632lXe4fpjBIiElIthQr1Hq5YGii3
phyqJ3VSczo+u15GVKDB+lUxvJyAHuBPLSXjl50uC3dRZP4x0+0FwBKq
X-Google-Smtp-Source:
AGHT+IG8KHBWcCQXiLcnJ7/eZEcxy0nHL7WqinbGABmj0cvVd5IbkUYMchq5VtZdPaOUFpOP28jZ9A==
X-Received: by 2002:a17:903:b4f:b0:25b:a5fc:8664 with SMTP id
d9443c01a7336-290cbe2c382mr206138575ad.51.1761147598356;
Wed, 22 Oct 2025 08:39:58 -0700 (PDT)
X-BeenThere: isar-users@googlegroups.com;
h="ARHlJd4f6Fw89U8A6aoizcZfWNeFhs6iJM5LfR49FU9l542Fjg=="
Received: by 2002:a17:902:f7d6:b0:263:df8b:ff32 with SMTP id
d9443c01a7336-290a8de3de6ls60943095ad.0.-pod-prod-03-us; Wed, 22 Oct 2025
08:39:56 -0700 (PDT)
X-Received: by 2002:a17:903:1c3:b0:274:777b:ca6d with SMTP id
d9443c01a7336-290cbb49f9cmr296019695ad.43.1761147596125;
Wed, 22 Oct 2025 08:39:56 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1761147596; cv=pass;
d=google.com; s=arc-20240605;
b=KmA86EDH+eANyImISXOQ7ZbR5GJlJmFnYu9d9GfwBideT/EkDIwrosseeo+uZ+859d
AUgg0lqAiBvv/nM8N+Em1X6wvHklc3tOEvxCRCgSlYY83bJ4meDgCoChPWfdAPcT8rLl
pWeMXJHGhgzOz9pl10lGCwgZB1jnR757VVpqAV2BsjVc+YXJRnNzMDGX/Lc3nQuDMLkq
7jKI1ZS//w+BWDct8cJhQqovGieAg5Fgukrcy665T+vPDKCag0pl14SLmvUJQ0qW9TEL
cSLc9rFlpMjlHLnOKhdQITkpxF+YVlhWlAJs1J0mWJA1a6NIeGnSbxtrjKPIZPvYMOcb
XDTA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=mime-version:content-transfer-encoding:references:in-reply-to
:message-id:date:subject:cc:to:from:dkim-signature;
bh=SmU/8gC5EUv1uyFYD1v8Hu71ZaXjyH3m2mqru/SUfuI=;
fh=U8bm4dTYQmv4LpgB7HlcKSsNa947JBNKOeDeOLKSao8=;
b=IlujmlN2jkfzH2qH6N3h83xUSONVsgo//L4H1TnHKz1r2M7xapMH9h1/OmDvAIa2IZ
RfcyccZHDGMYvBExeLSSy7IuP8sqwYCzZmokpXY6EuRxSFx0JQRx3/ECU3NeFFW/OKkm
k/yXi2AfcFn46N6zT5z4oz2DL5bVws/5Mwb+Ggj2nlo/XlFcXCxOCeYSRpaItZkawUbo
RQj1OsutgN9F+yevtXRVO6QVsItgMTM1ysiiJyZEQG4FGXKBNNHYm868WkzHr32UkxHF
odOWF66/Ou/OWxOflo7BDb+k+D4kFvYOLJ8yUkbStNNhcCPEQck53MBwl4Hlr90t8OJT
56Hg==;
dara=google.com
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@siemens.com header.s=selector2 header.b=xpxx1tGq;
arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass
dkdomain=siemens.com dmarc=pass fromdomain=siemens.com);
spf=pass (google.com: domain of felix.moessbauer@siemens.com designates
2a01:111:f403:c207::3 as permitted sender)
smtp.mailfrom=felix.moessbauer@siemens.com;
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
Received: from MRWPR03CU001.outbound.protection.outlook.com
(mail-francesouthazlp170110003.outbound.protection.outlook.com.
[2a01:111:f403:c207::3])
by gmr-mx.google.com with ESMTPS id
41be03b00d2f7-b6cb341a8c7si801522a12.1.2025.10.22.08.39.55
for <isar-users@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 22 Oct 2025 08:39:56 -0700 (PDT)
Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com
designates 2a01:111:f403:c207::3 as permitted sender)
client-ip=2a01:111:f403:c207::3;
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=n6MERXzow5zXdwWCzTE+tHrMxmOkRUlnECVRQQyYjiTW62AMwf04P4yPOuEjj5yFyeFUD22dngvQfq8HS5ey/1Aur6inCq1vQIMYWcD8O4ii8yuUCcc6TSvp6sMizn7HIiRre3vwyghVSXveZwRZkO/HOY63qyOJ88muz3Gt0fElBIC9nWDMz+AKd/tmFm65cgxg+9CQDRGE63gypHOU/Sw4JnOH5JNpqlnqlq8NIqFL8VglYOVS07us24JzL7m1ETB9XKxsNiz94TMvtkj7rzxLT7sjyDBR9HTEv/3MvSni5Grv5cMAhRwJY+2HTYLe4rBHiYd8HMXP89/mjn9DXw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=SmU/8gC5EUv1uyFYD1v8Hu71ZaXjyH3m2mqru/SUfuI=;
b=vlhvr87YcUEXhrY2uR2p5ofajW0o3iRU1H6u9dvtQTIxNyOjb1uyJMthEwLPmtrtcYHZWkj1sucjYv/Ec8kTMWtFlCsEGrVQGBuzYI8fnTbetvaS8EV/3dQTb7rX1rr1EsEtVleaHeEtixwCxjQgNqOdxBGH8irVVFoECxh0/3dm6WNL0xnBN/AeUe+wXttlQHbp9qB85sVmDNs9VHfcUGpu0LzI66KdvD5+57gXUv0W5/ZAPV9oqSgwD10kJa10vByKM4UGBdG8nS/O68AXJsI+sCjk29Q+9B09OVz/XY/oYqX9Y9HJwuCF08BbgBBNssXq6YW4y7McCv+oZhNTww==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com;
dkim=pass header.d=siemens.com; arc=none
Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13)
by DBAPR10MB4027.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:1b4::13) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9253.12; Wed, 22 Oct
2025 15:39:53 +0000
Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM
([fe80::8198:b4e0:8d12:3dfe]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM
([fe80::8198:b4e0:8d12:3dfe%4]) with mapi id 15.20.9253.011; Wed, 22 Oct 2025
15:39:53 +0000
From: "'Felix Moessbauer' via isar-users" <isar-users@googlegroups.com>
To: isar-users@googlegroups.com
Cc: christoph.steiger@siemens.com, cedric.hombourger@siemens.com,
jan.kiszka@siemens.com,
Felix Moessbauer <felix.moessbauer@siemens.com>
Subject: [PATCH v3 10/10] wic: create uniform SBOM describing all image
components
Date: Wed, 22 Oct 2025 17:39:21 +0200
Message-ID: <20251022153921.2494749-11-felix.moessbauer@siemens.com>
X-Mailer: git-send-email 2.51.0
In-Reply-To: <20251022153921.2494749-1-felix.moessbauer@siemens.com>
References: <20251022153921.2494749-1-felix.moessbauer@siemens.com>
Content-Type: text/plain; charset="UTF-8"
X-ClientProxiedBy: CH0PR03CA0035.namprd03.prod.outlook.com
(2603:10b6:610:b3::10) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM
(2603:10a6:10:47f::13)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|DBAPR10MB4027:EE_
X-MS-Office365-Filtering-Correlation-Id: a48ab687-7851-4187-acc5-08de11813eb5
X-MS-Exchange-AtpMessageProperties: SA
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|366016|376014;
X-Microsoft-Antispam-Message-Info:
0qXWWOCLDemrTYDW7U8e0Dw5z1gJXh3bGEq/RimUxsehXHftDZv+gvOjT+LeKe9wzQAw6xYBoSsqTn5X7OE/cbnacJGUqxFWLewyJoOJmtO1p6EHbYTqXNtYagpWmYYVpFezv/r+by5wvI9Vfgdc3NBcX7zIAVa+m01FHFgCLetY4S4wXHxbJEHzniKuZeWp6UBnDxwfFtoRp3nAAV7AVvi3QaXoFqzgl9wJtK1PrC2MVO+b0SA+Mr3c+ikrgZtLZF4l6SuuDewHB5xN3Ng+40BwHZ7HpVVgENMyDGuJiXslKlbzOOVTqU8CRFubqyOZ6qcjroSILjMwwtmmS5FYvbICn+wj69CLGLgo7JrCBJSQEukbE+dK7SlMX8hYW24bm9ENUul02FZ6PqdhYJQ7rDcr5lFEMdTUsEK10g0GDlP3AU37DlOjAJEbSRJCAEEGWJ7qFGqHa8RvPxA1zVYlBw7fgKvAJZk8hH652W3pNbu71PhD4MpUA3WUeU5OUg1nq4t5Ualr4OwYk3rg7isWOi5wjkMWy3BWkm14KlM8wIyzJcOzMHdmVfaWgC1UxpSZi+tdUCkHoPB9KPFsoPYJeBc9TLuAKn1BxxMuW0CW1EKQMTtAv1pw4B/WclYAOtkB3CAPt5hyO63srU3W6lyWocz6cuz1FcIEmCZ+83oOhROXNy1UVIRub+xLZEzafoGESk4yBbvnNSd8ukeSVMTKYkLfhrAkLSkxASo9c7YyB/1eXW27OiG2uANFtjIQ1bBr39SpDP0VOsElpIZuXaHszY4SbzxzDtczC+ArzXh+uPtAQYLZncPs6mSDfbrXd8m79kvJsqJQWUQ9OOWx9drM8MdlQ33w3kJyXEQXauyLuZYQ8OXBrE/C7NieqW17lTzJ+846Il5xnVqjRmwlQ/6ZkzDAT1uALbfmTZn7OFBjJuFQ1ygcpYViWCKAtNUUU6PBHeXwa1xF7es6OhBQrH90XRD/IGOKWL1/npK/6kskauorPgBTHkGp46K3YVBkJWj4xsIPUK+IdTfPk3GkYwKvUYwKw5MEq7szI/qydNLrfY8lwilEVsnfdtgrp7kbv/C+bL+kJp9iLoztc7ry5vqQJtMti0h7otMHuY796tkBK6IHK5ibR0+2NUndy+XhhN2BpcLMeCUoBXzLXSyg0bBI6wk8k/En2w6ISC1FdJAXoUK1FoHHtlX5QiDHenDBcTf2BARJryHE686jZy1HvUE7unT1jWY58dpTUj/mDXwwXEF7r4X7QadvKj33ZJHkqHuw8mSv7sLJu7LOVkbKqnCbRlGFVPKfV+5yzdig+0fd9I6xHVKMk5r9OL2zrZMBswvQqhNn75lbM1v2Eeh1m2wVxeV2ySLQhip77QYSGWW0gukzmSqng8Aw4YIuBUAoBHE9y3FKskHQ/pHR+hUy0NdRZ23Iz1+JiUwzqgV9bBZBiZ4Yd6k3txawTiuEw46Znoo1
X-Forefront-Antispam-Report:
CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(366016)(376014);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0:
s055bCCxoLpUdFhueD/pcpVAZWjB81pmdvTVE9T1ESJU+xIk+KxiIgDHLZ7r/0jPS4d3dOx4By/k7WVzZhsCU3j9prCmsIGrve7VPuE/SLgsk+nJ5oBfN0SGIOhmODrxoaRMex5i/QKGJg4li9BKnNEZlsJOc/cBHaenjGi3fj7kKCULGqaAJLBYZ3+Gnuvjn5XRqpuTC40c5DNm/Y7HZshdFd99zrx3f9R6aA3Y5tYe38kZV/DEpBBV24TgDMpneXCy2IWdzQ4pB8bLMKMyIMg+awbra5IUNS95RKgjKR4pipt53lbGimMYGlId69kBGlNBHDFseo6HlgOv5X68GjJscRU7+wzlVrveaauHqrHIkSjCtNWLpNfH1RnYqfUyDXBvzM7S42Uj21+YjO6TWdY6Vpx/JZktTLkpHdSw5q2QthTUbrEY+iPU5kmpoJlCnPY7eIsfgRsODbrlYMr54Q10vvg2UFuQWYM5j4Nez+r4HPnxYTzwnfC5h1Pl5QVVY2TyTFgPmDTOjR0gN9qhjH8hbB+eY+u3RV+1b8EvJVGC0l/Xs8s4WmFwch0rdAENvRQGuzRFVt/l7WjsTcnFy3FeXUo5dDxmeADWomsaC5In4GMu39vs09uDOdpvFyEw9eOqf9ezuviQsJqwHxaZZPN0bcHtkYMz764hnlDMjE86kZCOzFlMdsI0ZlJER61JnXqlNXOVn4OgPMOf7NpwHxpcfOhxaWt1vP6o5rSBvblkAH2wip69t61RQJqbYag+702RthJ6QQd5CA//6BoUi7yZ9KwQVNj7NeNr70LQA237OYOBSRYPL+2ho7KrQO1WNydQKLXD9YuxVM8Ys6DdK9dYeYGmimVTRarQv9L8rMyadHGStq3nhCiFSmR3mjM7FA/AgFDj7o7HFQAkgZ1Il9EwANW63tLaP6CcXl4y8GlmQ0u7mGHZ4tHWZ7OZ2dMMW7jD84SP/4aLdY2QZufum5mnhtCTvAOJiNQzf20DmeuibBNuJFuCxlVj98CcM2sVtZJg9uUp8zK5cI+qKZkkbUXT4xrcLWogqCpjLFveUdoWnwbGLcYpHrpCkprXWXpDsdPGSEaVqABHALgmstBzl/lHUE+wE0TufuWjwPmZ+FceWIaN5ZhkK9KLnhCwVlW/ihG7oJ1FnQKYJvOAZFFuCg+kjqdtmp07FR3yq7CZjT6vdA10qhWjfMu87l0w3ck/bB7CLb8cNFwaYcGTZKgibFq6wOkhBpn/+vHU962GBuLXVxl0DekPlck0zRAmfZH6kSOoJFfZB9OjHOm8TUvS/16eyCgFMSfSiziLOZmzELbtVbmmhOupS8OgeGAAFXiuWvYKQ6tb+mQbhKVykwhD714bJTDyn0d3pPXo9ytFdyad181vyyteQg+VnxuMJ1ADH4hVu3qt9V+Yn9MY7eaBgD9H/BLPpwhRsom1OUXDcS+7gnRiXa6O/dF+lIJDY3oSJesni1h8fpu9KrpIU+/k1xfh5bCZUQid6MJ2k5ceFIx9wQUIhZh0G2FsLjy9O3RT5b2JUzIDz9tJlEROqRFkjf5rn6Q/wUtgRTdSqW1U3FyKBPzMKbwEX/R4thy19aBsfCCarsjLfuWbV86DWvy0Nw==
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-Network-Message-Id:
a48ab687-7851-4187-acc5-08de11813eb5
X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Oct 2025 15:39:53.6268
(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName:
QvwqSup3vCs5yDPJyg43/Ax+lgYxdG/YYfSZLb903o1ZoU2qIv/huCYIfpid79tbjkdC3c/X4gRMWtfFa6rlzPwSnSS+85+Zw5RgH/lTBhE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBAPR10MB4027
X-Original-Sender: felix.moessbauer@siemens.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@siemens.com header.s=selector2 header.b=xpxx1tGq; arc=pass
(i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass
fromdomain=siemens.com); spf=pass (google.com: domain of
felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted
sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass
(p=REJECT sp=REJECT dis=NONE) header.from=siemens.com
X-Original-From: Felix Moessbauer <felix.moessbauer@siemens.com>
Reply-To: Felix Moessbauer <felix.moessbauer@siemens.com>
Precedence: list
Mailing-list: list isar-users@googlegroups.com;
contact isar-users+owners@googlegroups.com
List-ID: <isar-users.googlegroups.com>
X-Spam-Checked-In-Group: isar-users@googlegroups.com
X-Google-Group-Id: 914930254986
List-Post: <https://groups.google.com/group/isar-users/post>,
<mailto:isar-users@googlegroups.com>
List-Help: <https://groups.google.com/support/>,
<mailto:isar-users+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/isar-users
List-Subscribe: <https://groups.google.com/group/isar-users/subscribe>,
<mailto:isar-users+subscribe@googlegroups.com>
List-Unsubscribe:
<mailto:googlegroups-manage+914930254986+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/isar-users/subscribe>
X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI,
RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,
RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS
autolearn=unavailable autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
|
| Series |
Add SBOM generation with debsbom
|
expand
|
diff --git a/meta/classes/imagetypes_wic.bbclass b/meta/classes/imagetypes_wic.bbclass index c75d481d..fe31e4e6 100644 --- a/meta/classes/imagetypes_wic.bbclass +++ b/meta/classes/imagetypes_wic.bbclass @@ -201,4 +201,29 @@ EOIMAGER ${DEPLOY_DIR_IMAGE}/${INITRD_DEPLOY_FILE}.manifest \ ${WORKDIR}/imager.manifest 2>/dev/null \ | sort | uniq > "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic.manifest" + + for bomtype in ${SBOM_TYPES}; do + merge_wic_sbom $bomtype + done +} + +merge_wic_sbom() { + BOMTYPE="$1" + TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) + sbom_document_uuid="${@d.getVar('SBOM_DOCUMENT_UUID') or generate_document_uuid(d, False)}" + + cat ${IMAGE_FULLNAME}.${bomtype}.json \ + ${INITRD_DEPLOY_FILE}.${bomtype}.json \ + ${WORKDIR}/imager.${bomtype}.json 2>/dev/null | \ + bwrap \ + --unshare-user \ + --unshare-pid \ + --bind ${SBOM_CHROOT} / \ + -- debsbom -v merge -t $BOMTYPE \ + --distro-name '${SBOM_DISTRO_NAME}-Image' --distro-supplier '${SBOM_DISTRO_SUPPLIER}' \ + --distro-version '${SBOM_DISTRO_VERSION}' --base-distro-vendor '${SBOM_BASE_DISTRO_VENDOR}' \ + --cdx-serialnumber $sbom_document_uuid \ + --spdx-namespace '${SBOM_SPDX_NAMESPACE_PREFIX}'-$sbom_document_uuid \ + --timestamp $TIMESTAMP - -o - \ + > ${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic.$bomtype.json }
A wic image consists of potentially many different components. All these should be covered by a single SBOM. After creating the wic image, we collect the individual sbom files (rootfs, initrd, imaging) and semantically merge it with the debsbom tool. The merge SBOM is then deployed as .wic.(spdx|cdx).json next to the wic image. Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com> --- meta/classes/imagetypes_wic.bbclass | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+)