From patchwork Wed Oct 22 15:39:13 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 4432 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 22 Oct 2025 17:39:50 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pl1-f187.google.com (mail-pl1-f187.google.com [209.85.214.187]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 59MFdlFm021183 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 22 Oct 2025 17:39:48 +0200 Received: by mail-pl1-f187.google.com with SMTP id d9443c01a7336-28a5b8b12bbsf176772175ad.2 for ; Wed, 22 Oct 2025 08:39:48 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1761147582; cv=pass; d=google.com; s=arc-20240605; b=LkyGlSPOMHxp3nrwWKpn4FIP53OvwzXyaW7WV8OWfgfx75YIzWQA0jNMVXXNdqg+J4 1na4JXJxjW+988QZWbISZYl7xI4lPDxnsPb11VKshS0vjiYyJPIgQz/e7p2lBkaoQC1M wEOaevLXb2hxLRUyg/kcSB6U+b/SAbeu/+QryE5XxMhYKzR15znhtmQlvcarhoaONNVz lUFLuDYZQ2jBAbccjhSbKWLYJpkUl7MtjtHBu1y/pUHN5Z5RzOq3Jb4joduAN9TRqI4k +u9DmctJ9bjuG9QcEB94ldVQs/6XMejyEkPfxuryoaTDiu64es7fj5L5l+Yw3mhXESG+ cHYg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=AQqqpz9hxEw4nZAOj4lg4O9cALUIy6IYDvGSoduz3l0=; fh=1J//NRYTBTzTAE1vTNZXibWaJKyvlZwj5A1s4BMgF7Q=; b=KorPAkNzOYGx6TR//TLbD1uungl0SrZqnfbL/np/tG/Ds5tIjZjXVC1q2KgwYVm3YB Azym+McpYcAWG+FOqtk8iGFbDB19QWKZBGUX3QhhJ/87hxCXtcTFo+eAZgQwO/dWQxiA qsgmjmbU6fToHvtIhor3FbhYZbG6YPHth7tTPSoLh4bgZPCt+P0IYCR4kDuIAWRfuhJq 62kfTLyy4io/00y38JYWH3j4JoRpWdp5EwUWis1p7UkGnKiM+kwAqC0kHu9/FONxJJ1K S7CpLygYGZ86vqHKpQXzWWUlX42RfA4oGZxV3FgyJrQIHoFuTpf3MAifTuw6VM3oDwK2 VrYA==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=V3A71tut; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::5 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1761147582; x=1761752382; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=AQqqpz9hxEw4nZAOj4lg4O9cALUIy6IYDvGSoduz3l0=; b=rzR9Yp8H6cfBpilZZC/fe9i04jNsaUQdEhre2KPoEgYgHfOvGcbY1L2ChFfOgo1gpu Cs8y+XIiDgd4aD+40f6UpuMzRMwK7Y5mUuh96OWok8nha+K5bZ5AxaKVVoeGqg8Sjk2q 2Zy3IhYSI8xjPYO1l9IhhLjB5GiEmBrgvUqqjRZQZ2/r8BKNW0fSj6pxYRbIhMYCsyZU 5EtOr7HnvxClRULCldfol7+WI6Eu4PDjKhTgjDj129nAgAeadeHi8PS7VduwY3o4fGEM zDQPFLznykeG06gMnxzJo9mDd71FF8d4Kq2psyG+AR2L5QSKNHl7LH/6l659iXhLKiMZ IHWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761147582; x=1761752382; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=AQqqpz9hxEw4nZAOj4lg4O9cALUIy6IYDvGSoduz3l0=; b=VOW9J7z6tab90w+bqeJ7sABtmFizs6XvS+DLJhNCKPutMv582xp0gLfu1jbjaa3rWI 3q+QAfYvse3695EwMckxgN05zMqGT1UiO+PfsVg/PLkOrMLizM9prtNFuuYAkiYCl7M1 cIn8tQH+xAVgNhJYUTCf3Mt9eYOPC5OxpmWQba5o3DDGwlAL/KsuVmSO0A/Ka04K6JE6 2CTnGOFEuQMy+jzUXqGlVpVGZAM5akW6sJSolKSoV7mg9W4HRLIZbZ73hgPOnjeBTj0D OVIK72dc0kwUerKxz0+ywKypIP/ukAq6oX0ARWT+9ujgLO1++Ghndis3o9mQ+Xx/7erS HCvg== X-Forwarded-Encrypted: i=3; AJvYcCUOefmWZByayvB8lbWomJtXyrLyJnI3bQu4jggNaHv401w47s4xqMGguidIxLXx3oRPWGSIdZ0=@isar-build.org X-Gm-Message-State: AOJu0Yyw6u6I8tHh56bZz9OAHtQqTNqTF9p5WrWl3MvR45kqFrETCL3l 1IE54pVHcsfOHG5YtDMNgYQsKHYHn4WBGqYiCzcNzALtYplS4VbZgkFq X-Google-Smtp-Source: AGHT+IElnXoGNOp4vvcvAAmSrEnZLlKlor5GJVnvPgXZzF+txZT42kJsWnLz2E6JJXKWtfmM/td3gQ== X-Received: by 2002:a17:903:350d:b0:28b:4ca5:d522 with SMTP id d9443c01a7336-290cb94765fmr316912145ad.39.1761147581957; Wed, 22 Oct 2025 08:39:41 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="ARHlJd7JW6owvzAxSW54pBQZVqDvUDWKEn3o/1U0G7XKx2+m1w==" Received: by 2002:a17:90a:c713:b0:329:e0e8:a90f with SMTP id 98e67ed59e1d1-33bae47790els6136267a91.0.-pod-prod-03-us; Wed, 22 Oct 2025 08:39:40 -0700 (PDT) X-Received: by 2002:a05:6a21:1584:b0:334:a93d:83ad with SMTP id adf61e73a8af0-334a93d83b5mr28084279637.8.1761147580258; Wed, 22 Oct 2025 08:39:40 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1761147580; cv=pass; d=google.com; s=arc-20240605; b=jlg+CkTiwZLlJGxTrFQTUPwEsYt3S5+rKpiphzBMv9PsXCq+8cBlaKtbL248rutX+C pQSAG0rHvDjTU4res/MeQRQxPHwf4XqnhIiN1SXsfFbmGPU5DJGjTdtFxr6sAFhTJdRX Et3GNOgYR1VAZPmmksEFX96WM0tokDG0Roo6GLXvyVFG9+E5/jbhISLIfQPwcP/2VBU8 b8dSWfLztN27KOemIjCAUlZ0glBl1ngpr7R2vHnMUGWJkCLQttdCHiDacHzB+FKnxduI 77gC66nw4ru5n8YJkHjAhZyPRUEFaK9je60CzW2BG8e6hqwlYWwKksyyY759lep0bvIZ nYKg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=6M05J8cNSbyYYTZwjED5ijYHSbZzsHsJMOQkteSubbA=; fh=zpIZCuRUq+NRP8FVcTlT37OsigfSlMKhj97kagpZeyo=; b=JZdjbMfkgD8dvv01Xo/bdlvJ3gxmd6/hocEz7n8EF8Q01tJvlfjqTlfuyTk27OMLRT 9YvZHw+R0lBrb9vH9P2oZlCP/U6ATnZZTAdzliIE3z9mkm0Pelho4HR6ZGbO4SDJOfP9 1+JOZziX/V1GuEgQ/xfGJeuYEBJSBDIehZ+KfvRWbHXluP93GWlQy3I2UHsHYWC3A/dg tCn/h5IljIpi1hVbLDddiwWKJLbli2jrifTzmR07bRtVUWgs7QsKPiixc4W6AFJKEn7I hE4oF9Fk0q0enaA9XkYwttZnUEb8yDg8a196fRwqmAnMFMiobSQbqDBG1rhMX1KXZgeu dwfA==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=V3A71tut; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::5 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DUZPR83CU001.outbound.protection.outlook.com (mail-northeuropeazlp170120005.outbound.protection.outlook.com. [2a01:111:f403:c200::5]) by gmr-mx.google.com with ESMTPS id 41be03b00d2f7-b6a76b44c95si955577a12.5.2025.10.22.08.39.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Oct 2025 08:39:40 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::5 as permitted sender) client-ip=2a01:111:f403:c200::5; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=XHL6UsAvQ6W1oKq/vQpS727/mc0hYj2Q7r+BPIEQ5Y0Fd5ywFuqkFvzQM1Pnt0I+Ua7NsKrsr4IA5RccqKGhjYqxj8r/lKJH0td5hkNDUDsT/lt0Al3029eYerM1G+x/ExOTRtx3VIzzSVjwiPy8mNXWmd+GBAIOLl9g+1To6Dzi+dIFgDM3WZvlUnL5/FNkMd1OA1RqICuY4QdViBA6mNpFKT7i5ZAsY0FXsqCt42ZZmHjnSMv184FpVRSbADaQnRYAbQAbDEvMIHjqHRSFrqJzGHrpXllahm/mS2v2VyTgz7ROiKeF3ZZ1Kn+JAALKZhmhJqXtToJwTL2kqXI15w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6M05J8cNSbyYYTZwjED5ijYHSbZzsHsJMOQkteSubbA=; b=X0hL4546dl1DbFSWc3SEFh/8WEABAC1h6a7RMaL9HTpvjmBzGk8lrUQqTP5pPzlz2gslqz7Uv5J0acvJb/SmOtl8VizpWKZEqAMH9N2rTioCgG95l7GsBjRyokVoVhQC1xrwH5iCiQE/2orzZ9NZl5B+XtDP3lDt5xQkgsSV08fxC/pw82vUPQOS30vEHlSwvI+C4dQS81xupm9U3/W21U1dr45CisinjwXutK+av9l8dmffWksnGjOZ7y0i6GitnKWmSeIfU4zWwwe5pt5yLBibfW60JFmF2RWndKUYenG3dniyS+PVR0ebfRKotqyPgEvJmQHf4nuw46mNaITZlg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by PRAPR10MB5178.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:27b::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9253.12; Wed, 22 Oct 2025 15:39:37 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::8198:b4e0:8d12:3dfe]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::8198:b4e0:8d12:3dfe%4]) with mapi id 15.20.9253.011; Wed, 22 Oct 2025 15:39:37 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: christoph.steiger@siemens.com, cedric.hombourger@siemens.com, jan.kiszka@siemens.com Subject: [PATCH v3 02/10] meta: package python libraries for SBOM generation Date: Wed, 22 Oct 2025 17:39:13 +0200 Message-ID: <20251022153921.2494749-3-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251022153921.2494749-1-felix.moessbauer@siemens.com> References: <20251022153921.2494749-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: CH0PR03CA0035.namprd03.prod.outlook.com (2603:10b6:610:b3::10) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|PRAPR10MB5178:EE_ X-MS-Office365-Filtering-Correlation-Id: 1c96ca2e-a178-4e68-e385-08de11813544 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024; X-Microsoft-Antispam-Message-Info: fmHWjxdhD1j8lyqsGtqRLDKkHLq5nWTzSc2vPd5QbI4Cz1JPBlRjuMVHYAkwDX6Rz6sM9XWGUSIRAafCt5XQhb2k7r4g29eM64HMHLmAiDjNqF5vhX26ZbF0IIlXi2F2+nlQJgV7zS8CH/yy3hGj1xSs1pVt/8+ikRPgo9bi+5fv4mlegPJQFXgRsCJ8pHtP26M0X472bppdRD9RYrI8LO4+Rh3KELvL/Sevolb0JeGuWYtp7+vsP9nwuuUVihe1sNieTNvUZOrBH2F/oXxMOjyxUjZoH/FRr7xVYmWMSykEITknFnX0UEzx2ayaeKufYWCXJMIk68SfjVawypSwQB0J3lU91CMeQogRO5v2BZchX5HYNTU5r089MVUYDcjJGI6oeKHHvbHjEofB4m3kZHWC+Mxo2l+oXW/JQC69xiAxNcq0vaf+7Pj/U+/IH/Jkx/xKzEscKzJ3unA3BrHgDuVJZMvkTATUU+lF5fhPP9I2TQ9HgFOaeghdWuzrRV7ajq/FRKPpRTfg37adEsiy9nSVFkb4dSVrvQjyqV1vFooAWHFbm7tFfJgqTI3k0/SMyUHJUZ1KDIW3uChD6YWDmWDY4w2kHgdrfeN1G1REcPMgndl/c/3RhRbpwjnSVNcrq7tGeXSGibUcwYW2OSgpHRd6b2J5rtdOfjgKyEFRKIEVVA7gLFA0wWfHMi3Gyj6D7CU6FexrL13Mjj/51dfjzg3bebEUqUq24zk4dP/Xias6ElXK+KnMbewQqjeSgZ+gifPCgSRxFQZcV3CJwkCM5+mwwCYFxNrfl5epXMOn0huloAjDuWCY3RFP/ChObOcvmgQNLFYbOy68FQvgJRmC874D/Gv074ZmS/n1dOqzrRNwPeTHFuRoq0pVZCBV5ZY1LmIOBVoYIPcgTMMQQDe9qYB3qPOx7ndvV51hQ4NabGLfeo3rbGPk85QUAEVorMBpUYudug3aI6qVV79RQWPZLb4ZsGwTbJLgNryoZvK/YuEVQrEYDpZF6hAxlzI/LaW0tbWd2TQ+0dN71NVnXMihcXIQkgGV7ZFYsMcjQvMqOtNzkIlG53n6AISL2XZWjV5DtQOlQkflSdZ+bnxZ1LTSvLud51S8qXggfbGNkkcTL53n8sYvPTHA+gk5rPvToDDY9tQkrmEVwchqKIt9YNaIxpUcx3yaNwzAH0FwPJz8gFbJou4H5HSOQkeON1xM4y1MF0cFQyvXPIRRM52CoXpHvk+UPjoPbm2eauAA90g4J2nGY8mD7dWNM4MoPmsKv/jjBRLdgofeYybuwDak4LHWSKUEdFxNjJ3MDuHjL0JeHUD4NXoLSuuYKMp7QrulLy403J8ipNaltaylLsfOgM+e0f0wiRcwp6Fku1HzIDTV82wBGrRJnj65DgpAGd+Z21UO/WdCiU+/W1KvGG81/XsQY2DTI1v5oSiFbKJx725C5VE= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: bltTOiX8W6DenLeeE1l+4WpMnJbY3xyod46Ch3Z2HZA8LgWUOpDwiYKu3i2+m9mFXZbi7zLvTTAlx/hHRB4sxNK1zFvcy0X7gAgPwgw5mJQ5Rtk1++TpqWsJhYXBFTyztdm5GcVwsYqFXZnY3Lgd9eTfhOZ9wgjCQzx4Wzn0tmWRNk884dfJZjaLtiXhGoYscrMyWQjsQVB3Z3Q+MwQXwlqw+xwOZQnyzGtA7zX5J/1TVboTtRsNQPlWXcD3YCL+sUNlSg6IvDBcjiy6NgeHvOSzNiGxGiIZ/RkzGU8seJvlGQn8Kdo/OtXgtugkQbU7eFh51Qb4pURXwS4jmlMK7ALAkFOKUcwgg0wsoWIHYd80lbFbReC9svOImop/2RGujq4NiwBF39KfrEduWA0o1UGbT2AKKvis/S9/2dwezH5w8byfpfZm6cD9GHxnuDnoxv+lICpu7Tt45tR350IN+dJlFo0PJsk1wIqNr5H2iF7ldoSOk26Nkl7Q6awDiGMa+Y0nr5YFwnA/W1PdRK5f4xcrJO7VNQjpEQmYjOiAHAgos1WG7AATi+SkCUvT546kgiKTV9yaaKyiLDV72MVnoEwKG5njPCXNRu647FETut0vze9OyWgkPNv8sPuXLYUkhgJfNer8utHb2VmwNOC4N0p2IZ9do+uRP14sAVDDeKx64ER90pkOBZ3znPXqll54X6fLh6A6mNHrSwrqZ1RV/BPfuhm27kgYANhpvYJOlFk2GXFG5QaNeognGHQWUK85Oib1SgyJVju8AYiUysO+4bSecNoSHbvGC44y+4hgLjmg9qHPrxDpydzIgpexxdzNkSIdbwvf9BC4dfXJ1W4Poks1tPb+gOJE44PO16Bjt67JtVHwBfJ5TvMvg3rWfJ8hXtLjKWVGJUIubWMOZuFCqvDUaymV0ZXbgKrsGTEZ31bkgWr38siCur9KhmH/u6L/ElaRX7o+rfdTPji5CdQevKm9YmUz6RjhILOLN23LZk6UJ/N1yOQL3M+PoExr6QpfqKqw+uwiZRX57LP2YpjOcuPDVRjTSJR520bcnfDo5tPOYwRnaP1eUQJC2M3tv1SjsXJGgzSIrYwCUIZPJHrR50391xirO45E2AfbxohETjsbElBKM++tD2KD6DRTBTsZlxobQAKpwvKPScrvVPizuKjepPlEA7WpH+6poKuzMRpea++j81s2DjX35TgDye5xhKMVUgtd4PvF//DCXzHsZdh1BwWYwHYGriIvGD/zpmF1+HvNl5FGVycg3fhoz47WhtCa1kipx7A5ibGt3m24LcOfVsVaPmmEx2LssAPZBRVPJDbY374YP4KYjGOISwN3FfDPNZWsY+cfs7Ujakhp6I63qBTDqqfC/6gsnQP94q8gotMDhHpcBb/yhaha0TsbB3YaYmTLDB1vsTpbPyHQ+JnvlnJgJxUdCghtqv/BFsf6O3VzG5DlKNC/XfI/2Aq1shZykwbJn/XESnOpGULuQGsKBU6oouTBceFFNjemJtVGU9HagkqNAps18VdJhzExL3hG/awyGBNsFJhKtBubRbaTZHA6aLR17cOQswZfwkCWkVygDIhhkX0t3yFtHMmTUDXgky20a1n77BJ3gbEErw== X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1c96ca2e-a178-4e68-e385-08de11813544 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Oct 2025 15:39:37.7884 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: WUwSnW+tT/yz6H3QQSTqkudflZJWgIDyM95cIILhcEjIntkC9hSBlzOzDZw9Z7tf9cUT4LJv50qAd6lmZ4WVaQk+LnoloJHnUommRl9kUlY= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PRAPR10MB5178 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=V3A71tut; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::5 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= From: Christoph Steiger Package python libraries for SBOM generation in isar. The packages are unfortunately not (yet) packaged in Debian, thats why we need to do it here. With these libraries it is now possible to easily create CDX and SPDX SBOMs in different file formats. Signed-off-by: Christoph Steiger --- .../python3-beartype/files/rules | 8 ++++ .../python3-beartype_0.19.0.bb | 29 +++++++++++ .../files/pybuild.testfiles | 1 + .../python3-cyclonedx-lib/files/rules | 8 ++++ .../python3-cyclonedx-lib_9.1.0.bb | 48 +++++++++++++++++++ .../python3-packageurl/files/rules | 8 ++++ .../python3-packageurl_0.16.0.bb | 33 +++++++++++++ .../python3-py-serializable/files/rules | 8 ++++ .../python3-py-serializable_2.0.0.bb | 38 +++++++++++++++ .../python3-spdx-tools/files/rules | 25 ++++++++++ .../python3-spdx-tools_0.8.3.bb | 46 ++++++++++++++++++ 11 files changed, 252 insertions(+) create mode 100644 meta/recipes-support/python3-beartype/files/rules create mode 100644 meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb create mode 100644 meta/recipes-support/python3-cyclonedx-lib/files/pybuild.testfiles create mode 100644 meta/recipes-support/python3-cyclonedx-lib/files/rules create mode 100644 meta/recipes-support/python3-cyclonedx-lib/python3-cyclonedx-lib_9.1.0.bb create mode 100644 meta/recipes-support/python3-packageurl/files/rules create mode 100644 meta/recipes-support/python3-packageurl/python3-packageurl_0.16.0.bb create mode 100644 meta/recipes-support/python3-py-serializable/files/rules create mode 100644 meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb create mode 100644 meta/recipes-support/python3-spdx-tools/files/rules create mode 100644 meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb diff --git a/meta/recipes-support/python3-beartype/files/rules b/meta/recipes-support/python3-beartype/files/rules new file mode 100644 index 00000000..0ca517a1 --- /dev/null +++ b/meta/recipes-support/python3-beartype/files/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = beartype +export PYBUILD_SYSTEM = pyproject + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb b/meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb new file mode 100644 index 00000000..b8bc2708 --- /dev/null +++ b/meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb @@ -0,0 +1,29 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +S = "${WORKDIR}/beartype-${PV}" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), dh-python, python3-all, python3-setuptools, pybuild-plugin-pyproject, python3-hatchling" +DEBIAN_DEPENDS = "\${python3:Depends}, \${misc:Depends}" +# this is 01/01/1980, any earlier and zip in the wheel building process will not accept it +DEBIAN_CHANGELOG_TIMESTAMP = "315532800" +DESCRIPTION = "Unbearably fast near-real-time hybrid runtime-static type-checking in pure Python." + +SRC_URI = "\ + https://github.com/beartype/beartype/archive/refs/tags/v0.19.0.tar.gz \ + file://rules \ + " +SRC_URI[sha256sum] = "e7ad00eebf527d60f30e0b391209b561dabd2074b608c50e26c94c2d8250a6cd" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + deb_debianize +} diff --git a/meta/recipes-support/python3-cyclonedx-lib/files/pybuild.testfiles b/meta/recipes-support/python3-cyclonedx-lib/files/pybuild.testfiles new file mode 100644 index 00000000..cc736a36 --- /dev/null +++ b/meta/recipes-support/python3-cyclonedx-lib/files/pybuild.testfiles @@ -0,0 +1 @@ +pyproject.toml diff --git a/meta/recipes-support/python3-cyclonedx-lib/files/rules b/meta/recipes-support/python3-cyclonedx-lib/files/rules new file mode 100644 index 00000000..fe72dd1a --- /dev/null +++ b/meta/recipes-support/python3-cyclonedx-lib/files/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = cyclonedx-python-lib +export PYBUILD_SYSTEM = pyproject + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-cyclonedx-lib/python3-cyclonedx-lib_9.1.0.bb b/meta/recipes-support/python3-cyclonedx-lib/python3-cyclonedx-lib_9.1.0.bb new file mode 100644 index 00000000..738ed1b3 --- /dev/null +++ b/meta/recipes-support/python3-cyclonedx-lib/python3-cyclonedx-lib_9.1.0.bb @@ -0,0 +1,48 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +DEPENDS:append:bookworm = " python3-packageurl python3-py-serializable" +DEPENDS:append:noble = " python3-packageurl python3-py-serializable" + +S = "${WORKDIR}/cyclonedx_python_lib-${PV}" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), \ + dh-python, \ + python3-all, \ + python3-setuptools, \ + pybuild-plugin-pyproject, \ + python3-poetry, \ + python3-py-serializable, \ + python3-packageurl, \ + python3-sortedcontainers, \ + python3-ddt, \ + python3-defusedxml, \ + python3-license-expression, \ + python3-jsonschema, \ + python3-lxml, \ + " + +DEBIAN_DEPENDS = "\${python3:Depends}, \${misc:Depends}" + +DESCRIPTION = "Library for serializing and deserializing Python Objects to and from JSON and XML." + +SRC_URI = "\ + https://github.com/CycloneDX/cyclonedx-python-lib/releases/download/v9.1.0/cyclonedx_python_lib-9.1.0.tar.gz \ + file://rules \ + file://pybuild.testfiles \ + " +SRC_URI[sha256sum] = "86935f2c88a7b47a529b93c724dbd3e903bc573f6f8bd977628a7ca1b5dadea1" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + cp "${WORKDIR}"/pybuild.testfiles "${S}"/debian + deb_debianize +} diff --git a/meta/recipes-support/python3-packageurl/files/rules b/meta/recipes-support/python3-packageurl/files/rules new file mode 100644 index 00000000..50e1b74c --- /dev/null +++ b/meta/recipes-support/python3-packageurl/files/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = packageurl-python +export PYBUILD_SYSTEM = distutils + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-packageurl/python3-packageurl_0.16.0.bb b/meta/recipes-support/python3-packageurl/python3-packageurl_0.16.0.bb new file mode 100644 index 00000000..27209429 --- /dev/null +++ b/meta/recipes-support/python3-packageurl/python3-packageurl_0.16.0.bb @@ -0,0 +1,33 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +S = "${WORKDIR}/packageurl_python-${PV}" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), \ + dh-python, \ + python3-all, \ + python3-setuptools, \ + " + +DEBIAN_DEPENDS = "\${python3:Depends}, \${misc:Depends}" + +DESCRIPTION = "A purl aka. Package URL parser and builder" + +SRC_URI = "\ + https://github.com/package-url/packageurl-python/releases/download/v0.16.0/packageurl_python-0.16.0.tar.gz \ + file://rules \ + " +SRC_URI[sha256sum] = "69e3bf8a3932fe9c2400f56aaeb9f86911ecee2f9398dbe1b58ec34340be365d" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + deb_debianize +} diff --git a/meta/recipes-support/python3-py-serializable/files/rules b/meta/recipes-support/python3-py-serializable/files/rules new file mode 100644 index 00000000..0cf845dd --- /dev/null +++ b/meta/recipes-support/python3-py-serializable/files/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = py-serializable +export PYBUILD_SYSTEM = pyproject + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb b/meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb new file mode 100644 index 00000000..5bc48c0f --- /dev/null +++ b/meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb @@ -0,0 +1,38 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +S = "${WORKDIR}/py_serializable-${PV}" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = " \ + dh-sequence-python3, \ + pybuild-plugin-pyproject, \ + python3-all, \ + python3-defusedxml, \ + python3-lxml, \ + python3-poetry-core, \ + python3-setuptools, \ + xmldiff, \ +" + +DEBIAN_DEPENDS = "\${python3:Depends}, \${misc:Depends}" + +DESCRIPTION = "Library for serializing and deserializing Python Objects to and from JSON and XML." + +SRC_URI = "\ + https://github.com/madpah/serializable/releases/download/v2.0.0/py_serializable-2.0.0.tar.gz \ + file://rules \ + " +SRC_URI[sha256sum] = "e9e6491dd7d29c31daf1050232b57f9657f9e8a43b867cca1ff204752cf420a5" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + deb_debianize +} diff --git a/meta/recipes-support/python3-spdx-tools/files/rules b/meta/recipes-support/python3-spdx-tools/files/rules new file mode 100644 index 00000000..ac87528a --- /dev/null +++ b/meta/recipes-support/python3-spdx-tools/files/rules @@ -0,0 +1,25 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = spdx-tools +export PYBUILD_SYSTEM = distutils + +# skip tests that require hard-to-package dependencies and tests that rely on relative file paths +# TODO: figure out a way to make these tests work +export PYBUILD_TEST_ARGS=--ignore tests/spdx3/validation/json_ld/test_shacl_validation.py \ + -k 'not test_examples \ + and not test_parse_from_file \ + and not test_annotation_parser \ + and not test_snippet_parser \ + and not test_creation_info_parser \ + and not test_json_ld_writer \ + and not test_extracted_licensing_info_parser \ + and not test_parse_file \ + and not test_package_parser \ + and not test_relationship_parser \ + and not test_graph_parsing_function \ + and not test_license_expression_parser \ + ' + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb b/meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb new file mode 100644 index 00000000..30d090a9 --- /dev/null +++ b/meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb @@ -0,0 +1,46 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +S = "${WORKDIR}/tools-python-${PV}" + +DEPENDS:append:bookworm = " python3-beartype" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = "dh-python, \ + python3-all, \ + python3-setuptools, \ + python3-beartype, \ + python3-semantic-version, \ + python3-license-expression, \ + python3-pytest , \ + python3-rdflib, \ + python3-uritools, \ + python3-ply, \ + python3-click, \ + python3-xmltodict, \ + python3-yaml, \ + " + +DEBIAN_DEPENDS = "\${python3:Depends}, \${misc:Depends}" +DEB_BUILD_PROFILES += "nocheck" +DEB_BUILD_OPTIONS += "nocheck" + +DESCRIPTION = "SPDX parser and tools." + +SRC_URI = "\ + https://github.com/spdx/tools-python/archive/refs/tags/v0.8.3.tar.gz \ + file://rules \ + " +SRC_URI[sha256sum] = "17cb0140adbaefb58819c9d5d56060dc6a70c673a854fa9bd882ecfa4e062a7f" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + deb_debianize +}