From patchwork Wed Oct 22 15:39:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 4435 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 22 Oct 2025 17:39:53 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-pj1-f58.google.com (mail-pj1-f58.google.com [209.85.216.58]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 59MFdqVW021272 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 22 Oct 2025 17:39:53 +0200 Received: by mail-pj1-f58.google.com with SMTP id 98e67ed59e1d1-33bb3b235ebsf13918866a91.1 for ; Wed, 22 Oct 2025 08:39:52 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1761147586; cv=pass; d=google.com; s=arc-20240605; b=HFBgmSYoU3miOoXqNIMQfqB/ElUMZHjb5FrLcmMPtwNoWVnB/N8uqNSgUnUdRRdVnY osRZb3dgIa1jxZto2llOSxXpHzdstnJvuDl1eqfFX4rLVLplY74mr2F7JD+Xays+jnqz 70vZRlLFfMTks0nQpjAvSTHkGxvlSa3bEmhRIIjuKTQPM5swOoDd851ZSptfua5SDIlQ cvnIXUBBX8C5V7slVesMNPiIu3jg14JX5+AuaeAKHge95fJZ87gMBFWA6xk+AY1d22HC lC04bSODYEAK8FRWeywnNaFy4AUi1pdHMeWtaFHTg3zYjG1eRKV7tpaOz1kTMmkroOc/ dxGA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=Ap4NwcvvO5DkhgxBXIOVye558nrgz1iXCHOpmYvGLlA=; fh=9/Q+PEAqX4Gx6V/2TRfGnnUAFykpRw296DJeYH66+z8=; b=f2Cxh8TXMjiIzMnLbjg/BqGUhM7TgoSE1wEsgmeC29nLXi8EOOb0WD6+w95rlO5kE8 b4divkWfwmsjUNlclW7tPTfsUNOGFztrBpUvF6CLnAbX05AKBLxIsJPL+4NzJvhCsPk9 IQHxGsH+V9k4OxWhNeyDfolNvcdOTetNNW7BY1+nH8fTB06whhKDS/BZk4TEH60et2Ct 7O3okhz+wyJLZMrNx1rxjkmdgQ/1E5DNa4xXZYg2O6eHsiWkUzgMBJjfeZAp99Cq7WOX zY72JYbMpXLId4LSHPmWzVN6CK3cTJLopuSfAzhIu7+Ao1JfqeASWhbnpUzoRcTmqq/J QuWw==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="kxVMcNf/"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1761147586; x=1761752386; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=Ap4NwcvvO5DkhgxBXIOVye558nrgz1iXCHOpmYvGLlA=; b=lta9/t68DEQIni8svRkmWvbsk+2Srl7wXZCdVzpF+O+KR4Ow4ymrD6X5FJ+xRjmk96 GVPGh+7qC0lrsyf13JVVS8I7T9/HOwwp+y28/z93KQhS97JPQ2rvmJ7hODdZNkVGcWd9 2KIYf3dXL6YbMd+a5MyXqi++Rshj1/cXa+Rd6PsrpZ/g+pcqNZzgMCSp8nST8rnKeH1+ cjCYYil9xNAJ2tgqPRCuaJCVfIJAe6U5v9qddSoho6nEPRVn75noEy2drJTgOayrokAN 0gKk6sIT7T9eIrQ1VJq3rypTXBSSmqgY+tEDRCQn4s2JHt0BCCrFODPOwNpRzrSCKlF9 XkDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761147586; x=1761752386; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Ap4NwcvvO5DkhgxBXIOVye558nrgz1iXCHOpmYvGLlA=; b=b+OECsUReEcXHP9nWSrFyAHfPyoTG5ocwahQA8pq7nJAKm3rvLAKqO21BmOubvZwTG El7uU5qQDtkqiUL6zLEVbVy6J3N+szat9N23ucHm1xxqmqFU7KFF+z4x3FUqq8bX1+1y y9xpb3CfpPGMLp+6DDppNihjopu76FUYOIw7wSMWr4t8hRW99gw2Ksjetu33pu0UO9NF bVyoO8VWpLRhydLuk/ws8uDN6VSlNkKoXsye9uKaIJATutSMq156MuDGfSmmhCdoZZWV 8Th3G8dziNm982H1RHcOORTJnjbf4HxfN41cTSFHKd9GSe2wn2QkSxOHVYolkuzUsFpp 1uwA== X-Forwarded-Encrypted: i=3; AJvYcCVJCy/kmJrZ6DSZkwZyonYLTrsXXNnAxESky7vyrxCt8EBwiQaOItYd+M5vzG8NtPjwwmA+VwY=@isar-build.org X-Gm-Message-State: AOJu0YzghB0I7LWf+CN9himXbwMjAOYA6rZAxx7DVWPVbv59lq2laygY RydfvrvSalW2jhqBEvG30Ve71Xn/C7hpgD3A64bChmJxkRpnsXAAYKgx X-Google-Smtp-Source: AGHT+IEU2J3wwL1sKLBJXP9yQCcE1dkQGgtPxWm8qxoigG5KuZN08Yo/1UnEW61JkiV9WkOlrwmlmA== X-Received: by 2002:a17:90b:55cf:b0:329:d8d2:3602 with SMTP id 98e67ed59e1d1-33bcf8f9c49mr29314325a91.17.1761147586280; Wed, 22 Oct 2025 08:39:46 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="ARHlJd735YKIZM8XiWcMp/RpaGCnjEdaMiSCCZyrdahQmwk/Pw==" Received: by 2002:a17:90a:c713:b0:329:e0e8:a90f with SMTP id 98e67ed59e1d1-33bae47790els6136305a91.0.-pod-prod-03-us; Wed, 22 Oct 2025 08:39:44 -0700 (PDT) X-Received: by 2002:a17:90b:3909:b0:332:84c1:31de with SMTP id 98e67ed59e1d1-33bcf913ebcmr24780016a91.25.1761147584453; Wed, 22 Oct 2025 08:39:44 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1761147584; cv=pass; d=google.com; s=arc-20240605; b=KR2vmOgafxXU51Miuk6348Sr8afz2RLv42q2fdyXHKxro87/dVNRXJbmYN/KAwdQJc fUC+9S1Kt+4/s7KnNOt52wPW91sCtjyrBhzG0AceB9YtJiey1nOAnw3TlvII94/8OtgX IjqGRoAXr7tyWaMCQdAdA9q6ZbUYMsULl8YdL+/jX3MxydoSdqdf//QoLmkl8WF3IYGi U98qHxTyUHNLaaIs8DEs6ddk0kYIhnaKNAT2haQrzIMZpPW2LBcjShGPpINSjQqRzSv5 9COYUPgJBCTjBx9rFOrW0zHpoFdvp8gaJ0WDG4dR6KokhHNAUvGY7IF80G0fpHMb9/QQ tULw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=xZT4SOHEJSUKfGMI/J1ryEaE7W1Of2FbU+qj/9aWrCE=; fh=U8bm4dTYQmv4LpgB7HlcKSsNa947JBNKOeDeOLKSao8=; b=X/KNGSG77MnCEO+1w8WY2eyw+R5I0S87B+2SxwzMB60uHJeXwLLqlj4btVodoht13G igIWSklyDAbMbsDZofiHGXn90Lb7uLqg+k0xvXtGn4fXAFaEQy3/zmhCisJqzXSE+RUd Y0kyJ1VY1YTiP823N+vt7StljhRmv2pF4x7AxaHrkara1SnyjODYZNdh51TR3rGonyyA u922/LX8oFkUDgr/1eneyJ5+Pn6/fXg9aXAA/4hfS60rRwoMdmnVuRJvlXx9ro0nUj1G 1MRofzGD3pmW++V/hyj1ynHWpuMJA6oISWEttpVZ29ZUeqLil5xMALR1o8jUkEuFcGdd w4xw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="kxVMcNf/"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AS8PR04CU009.outbound.protection.outlook.com (mail-westeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c201::3]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-33e222d666fsi25422a91.0.2025.10.22.08.39.44 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Oct 2025 08:39:44 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) client-ip=2a01:111:f403:c201::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=xXZCz1XW4asNEGVhq3TiPP9jkVHqDq2jNvUMXauYm6Wm4jxexzzv2x3bOndV5gMj6YWQAllHA/vkMUJe31mQWEt94suJMA70JFBI4f2Nd/t0csJWoIDWfDFU0xJJaBiqvFICtwkiPU+cLOrznVhWJhuFQPmXHB7Xyp8rHxbcfWnnaIM9SQlpmeEGXctD2cLy0Je0UakZo6pz6uxxyJUMHU71N5Tq4Vtcx9Ti8xhvNVDJ7V4JH5c8/r4NB9hTB4MEfecA3+6+sZkBMT/1bGGBpoacXuiKWzUtokTPDlAJ2G0e61VS2HSPdB7wn94FlM5ODceSn2U113f44/z3OByXDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xZT4SOHEJSUKfGMI/J1ryEaE7W1Of2FbU+qj/9aWrCE=; b=pzIOWCdS5ShYr4R07+vtS/0ou8rHFG+udFrHb8fyT1yJeptuPbVL5fxhVd+Ean+6PCZ0ngC+AXEyFFoISA6xVpb0a/4Yt1aqHp4yYweAgQHkf3pfxVRjQgfvb+PuatgMKAJOezRwFjxLEIgOvbDiqYuV6zgglVCJdby4hjfJikeb2pYDR/penOwD809H3xOC/Rdfb4yhq1+kof7WbD67sW++n8QknGFuWzuUylbcGXLmIPO4qrNBhbU70Rv5lZnsRBVyk0KH+okN8nRRwIxBXvywsPjwS6qWc5jmigcFpCk30bnZqJlJpPWV+BrWDBUpkgavQHF60HOHfSz+Ig2i1Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by PRAPR10MB5178.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:27b::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9253.12; Wed, 22 Oct 2025 15:39:41 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::8198:b4e0:8d12:3dfe]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::8198:b4e0:8d12:3dfe%4]) with mapi id 15.20.9253.011; Wed, 22 Oct 2025 15:39:41 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: christoph.steiger@siemens.com, cedric.hombourger@siemens.com, jan.kiszka@siemens.com, Felix Moessbauer Subject: [PATCH v3 04/10] meta: add SBOM generation with debsbom Date: Wed, 22 Oct 2025 17:39:15 +0200 Message-ID: <20251022153921.2494749-5-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251022153921.2494749-1-felix.moessbauer@siemens.com> References: <20251022153921.2494749-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: CH0PR03CA0035.namprd03.prod.outlook.com (2603:10b6:610:b3::10) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|PRAPR10MB5178:EE_ X-MS-Office365-Filtering-Correlation-Id: d5cd7e2a-bb1a-40ff-b1c5-08de1181376d X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024; X-Microsoft-Antispam-Message-Info: Udim4Fw9Jb3aIsdmBhxzWtl8whuqmAbxZ1OjPuKJdbqi7Eu8sbQMay8QZW/UsIUiCcKRBaDYmnIV6jC2JO7mxzItdPYUk0+OQlDTOtCAXD/n7sehjS7rJy+v03bAoPS8vHHT5nURzSYu3YU3n7i/WpezeNldagfmJLs0ShSYMkPpjVVmjOUY7jJgYrpPBCd8Gf5EidZN9hFMTRNfr4vqfGH3P94oQCeIrrAwFi5BN7c7PgXxTTSgDelgIPzrH5axOD0QkgoZTWDuagowZTSKjJj5Y+pKnYzUCfT7eW4nHNEiKY+my9fNOsElRP8MrAcEAkMA5PU1sbq5W1gpqSLuxY1kM1URX9Q4GwXIIW97Mympx9ggF00VCbc8KUitS3RW65qwk2PAJlCeUxzyJmqOBTIAN0A2RGQy29vvUdvsngRsqZUBDkQSvOf5HZRTg4dT3JyMOFiiIxtgirXNIIklRgkt2M0spldLrXyDC54zUtwJqnu7pvmOGCaIvMz3xO/oUZ+fQPfIyP+z+ibea/bgUr+8gO0fHrDaCcpxnxlsucM1jTSf17gzGCmr1i30o4hqa9mPKW0v+qYErZutTX8BzYARFA9xmooiUfKTBsgUHouOkjp5jTrZbyXWdll/emdrK+69Z0B6TvRZcr8UCxw2y+HOg34QEo+pVAqccq4I2iQlmNnNnOmdGMq1dlJcfEsIgU6LlfjOf/RbqCcvR0frTHqUzhpyM9jXn7/7TNYp7crafaMJIpTrRw9EM5HsjsTRKafumitzzik/f6xjRCTA0w8Ah3sLYrPZdFvLEY+w6mfWdY8zNbF71NjRE3BhifMdX6BiZmryOzG7yTeHoRRYDjp/gleELRnpYH0k1OViUKHzbkUSV3bdoA3g1ALP4AOTboLZ8XBHs3zK2094jq81iWSiTAJ88yW/QQOBl2ahwHsGsbs2DYMJ0CsUikCd/sXQPlGmvUUzWLrrbQnJsAWfa6AXa8FjkVWI2rgDt5R/agJVMdngk1iToT77qDEc+0HtQKKBSxvI8Xryf234Dlo3rOPgocumA9CV266j7NNML3qEVDQ3j50TBScwb/R3u3sooQJLemxBoTaskNreMo74klUhb0trtRk8C/ELp2tC498BtjiLwR8viynbBTFsanuJvR0Yi/I5M2rlj977UWQXpxdqhu6y9UfY26ew5+QiDchv+SYmGZYYGtRm5zMmQ3MzphzL/gPJ/zdUnFRZD/uZxSoqvCqWnUGj1unHQBPuqu0Z2RhnyfVvKpkwNDzUQqZs9FJE4x4r6JF1H4dvfVCUDPYXXZMIQ8Hm/mhvb5Ygj3CKLfycXBcMGzg2ZJ7bR9iVet4PBOMiv+H5OTKfhBBQb6jwYQxOr+gGVwt9d60h2O3/xWacYgms295IelgTZzuLAKi54Rbl7IGjiNyWP6GlsQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 9qx+N+KT58DrpoviZvNv9J/Aw6hRWcDPZJtMbLo8P8GqR43vwQUYjqh5pb588YWw00meWhZ69GaqTAcbprfWDXVLTyl9S83WxO4ny7qyBVAoYJ4vmY3GG/IeqQ8QAoU4XryWWRGmyTQL4zTryGl9ExLjMYUjE9d7ePrc4FjjippCrbnKEmbB4Byh2ZOeHZsnNmRAhkkPZ4RN0povAfIjWApuKqDoKmGow1JqqagEUpaaEz7Rz1IitnBna7wsPNorpZdwcTHLWbL/iEk0NFME9U858SsjhKuYCwab7bUtJlyiIrpPnAcJYT2Bh75xySEzqmTZCXvLFiwoinHpvMugL5LNsGR4doo0PE6zyhF1nNqRLv4buVODwsewc30AO3eNksoY/J9m1vEh73/U0qtsFkSsn8KHHKyRJ9T48usSMVAVPvLPkG44ssZ9BH/xPkiXy9ZREXk6gEe5bjfEwSSofnCnLSkYY+yu+P9BjrV9sYz6FiWH5i8Yj3oiUU0HLWUaR4fxin1gqBaiLYMhQvnqQ3SQoQEHiQIG68wkB7MytVbleErM7KwPEsv5dQTak4MoGtT+pgGOaYQQKMvKWmPtcuHcrDwXcWnBt5q+Nbhf9cssTopu3Fp7n4GumFXpUUHOrTsDV3Mazb+STzWlJ83hJ9GbQ7KOSADgCWYZbEUVjX2fsIgIKqf0AYLYLCzofpETbyrD6GFMto3U7iJwmLSjPYFH3P4D0axrAD3PjKwU9B6u8FUtr3NCCC3Yzw6GekmlE5nJ2EV3lTJ2iptX9HmGsyAnspTB75l8TXn8YV0B+y3CoZmOTd7PR2Cy0cdZe/WtN5fcUWFnUboDemRSGfA35t86ZX7vFe7cgfunPcdxWYj4lkihH/4LqJ4ldnIyq7zr+wOATiO6jKS76s034prSDgmi2xGxmsQmHv3XfRilPM7LDhC629g6cBQCby8TJluS/xH/tKFKujIjdeGAg4fpLiIXxuENrBf+VlLmbtC0CAC51Fon7Qdfo4R53wSnXi4RoxZ7uQOVkrMnGWYqSpFinbTCs/iIKkSZLQMxuS+KQyVsfNkqVwWVLZlCFkx937Vjei77BkBZavRy7SgsuKgADU/M7Uxf+e3urvGfVLYX9pccaJTd2EaQWtu7w5Ps27qVj5ApFCmGbw4mYkSZnJvKlbthiILp3bvsQ+a6ZgAYrSmMqiVCkX0nK5w1qOvhAnBNLhx9J2i1ChfSMusgeLNks0n0BR5YnvkJRXplPL7SPAsWwipgSTGKF365Duvhh8Ke8aYd7Ip0kJsteTVsiskxLkoe8lpohQiFCYqPylt1IeOqY6ZZ53KZUX40030ctNLlzXzGhjsVcP2w0cI+/pLDPyiyZLOyuhOndBuHUBGt62XNTs3d3mPtxscWP6cPkCbTpsIsywk66WNpOuRDlIsKDUA0EWae9Fy4SZZgCP9oPLQ6Y99LI153dVo8B2KBfyS0+H3nfFdMkWuABJq0E38J6RGtrSsXCPqRM3Y5MUA/1RwaLdHH6d9K4rseaCaYjmVeNwMuX9wZFqXXpOiGl5Ji1FXyCcc4tLeyW8dZJXbC7nhOSV7uQBwlfXHx0+POVigzm+iwHDGnC33EJSlW3eU3+A== X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: d5cd7e2a-bb1a-40ff-b1c5-08de1181376d X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Oct 2025 15:39:41.7405 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: SJvlMXnqTQOOBU+/Pev2xWfCM+kJEwSuJJW5bj+a5U8VpaqIgMOkicOKw8N1NTP/iPA4aU8DfPKmULpNCaSqbgfPDDTWgXWRAhHKK58ENqw= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PRAPR10MB5178 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="kxVMcNf/"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= From: Christoph Steiger Generate SBOMs for every rootfs that is created. These SBOMs are placed in the image deploy directory. For the generation a small chroot with debsbom installed is created and from that the rootfs of the image is scanned. The sbom generation is bound to the rootfs feature `generate-sbom` which is activated per default now. Signed-off-by: Christoph Steiger Signed-off-by: Felix Moessbauer --- meta/classes/image.bbclass | 8 ++- meta/classes/initramfs.bbclass | 3 +- meta/classes/rootfs.bbclass | 7 +- meta/classes/sbom.bbclass | 64 +++++++++++++++++++ meta/classes/sdk.bbclass | 2 +- .../sbom-chroot/sbom-chroot.bb | 30 +++++++++ 6 files changed, 110 insertions(+), 4 deletions(-) create mode 100644 meta/classes/sbom.bbclass create mode 100644 meta/recipes-devtools/sbom-chroot/sbom-chroot.bb diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index bd1b8552..220f5aa3 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -66,7 +66,13 @@ inherit multiarch inherit essential ROOTFSDIR = "${IMAGE_ROOTFS}" -ROOTFS_FEATURES += "clean-package-cache clean-pycache generate-manifest export-dpkg-status clean-log-files clean-debconf-cache" +ROOTFS_FEATURES += "clean-package-cache clean-pycache generate-manifest export-dpkg-status clean-log-files clean-debconf-cache generate-sbom" +# only supported from bookworm / jammy on +ROOTFS_FEATURES:remove:buster = "generate-sbom" +ROOTFS_FEATURES:remove:bullseye = "generate-sbom" +ROOTFS_FEATURES:remove:jammy = "generate-sbom" +ROOTFS_FEATURES:remove:focal = "generate-sbom" + # when using a custom initrd, do not generate one as part of the image rootfs ROOTFS_FEATURES += "${@ '' if d.getVar('INITRD_IMAGE') == '' else 'no-generate-initrd'}" ROOTFS_PACKAGES += "${IMAGE_PREINSTALL} ${@isar_multiarch_packages('IMAGE_INSTALL', d)}" diff --git a/meta/classes/initramfs.bbclass b/meta/classes/initramfs.bbclass index 658ef0ac..e9b66646 100644 --- a/meta/classes/initramfs.bbclass +++ b/meta/classes/initramfs.bbclass @@ -21,11 +21,12 @@ INITRAMFS_FULLNAME = "${PN}-${DISTRO}-${MACHINE}" # Bill-of-material ROOTFS_MANIFEST_DEPLOY_DIR = "${DEPLOY_DIR_IMAGE}" ROOTFS_PACKAGE_SUFFIX = "${INITRAMFS_FULLNAME}" +SBOM_DISTRO_NAME:append = "-initramfs" DEPENDS += "${INITRAMFS_INSTALL}" ROOTFSDIR = "${INITRAMFS_ROOTFS}" -ROOTFS_FEATURES = "generate-manifest" +ROOTFS_FEATURES = "generate-manifest generate-sbom" ROOTFS_PACKAGES = "initramfs-tools ${INITRAMFS_PREINSTALL} ${INITRAMFS_INSTALL}" inherit rootfs diff --git a/meta/classes/rootfs.bbclass b/meta/classes/rootfs.bbclass index 6413c057..13b04a8c 100644 --- a/meta/classes/rootfs.bbclass +++ b/meta/classes/rootfs.bbclass @@ -3,6 +3,8 @@ inherit deb-dl-dir +inherit sbom + ROOTFS_ARCH ?= "${DISTRO_ARCH}" ROOTFS_DISTRO ?= "${DISTRO}" ROOTFS_PACKAGES ?= "" @@ -450,6 +452,9 @@ cache_dbg_pkgs() { fi } +# The sbom generator needs the apt-cache, hence run before cleaning it +ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'do_generate_sbom', '', d)}" + ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-package-cache', 'rootfs_postprocess_clean_package_cache', '', d)}" rootfs_postprocess_clean_package_cache() { sudo -E chroot '${ROOTFSDIR}' \ @@ -614,7 +619,7 @@ python do_rootfs() { } addtask rootfs before do_build -do_rootfs_postprocess[depends] = "base-apt:do_cache isar-apt:do_cache_config" +do_rootfs_postprocess[depends] = "base-apt:do_cache isar-apt:do_cache_config ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'sbom-chroot:do_sbomchroot_deploy', '', d)}" SSTATETASKS += "do_rootfs_install" SSTATECREATEFUNCS += "rootfs_install_sstate_prepare" diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass new file mode 100644 index 00000000..fd41296c --- /dev/null +++ b/meta/classes/sbom.bbclass @@ -0,0 +1,64 @@ +# This software is a part of ISAR. +# Copyright (C) 2025 Siemens +# +# SPDX-License-Identifier: MIT + +# sbom type to generate, accepted are "cdx" or "spdx" +SBOM_TYPES ?= "spdx cdx" + +SBOM_DEBSBOM_TYPE_ARGS = "${@"-t " + " -t ".join(d.getVar("SBOM_TYPES").split())}" + +# general user variables +SBOM_DISTRO_SUPPLIER ?= "ISAR" +SBOM_DISTRO_NAME ?= "ISAR-Debian-GNU-Linux" +SBOM_DISTRO_VERSION ?= "1" +SBOM_DISTRO_SUMMARY ?= "Linux distribution built with ISAR" +SBOM_BASE_DISTRO_VENDOR ??= "debian" +SBOM_DOCUMENT_UUID ?= "" + +# SPDX specific user variables +SBOM_SPDX_NAMESPACE_PREFIX ?= "https://spdx.org/spdxdocs" + +DEPLOY_DIR_SBOM = "${DEPLOY_DIR_IMAGE}" + +SBOM_DIR = "${DEPLOY_DIR}/sbom" +SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot" + +# adapted from the isar-cip-core image_uuid.bbclass +def generate_document_uuid(d, warn_not_repr=True): + import uuid + + base_hash = d.getVar("BB_TASKHASH") + if base_hash is None: + if warn_not_repr: + bb.warn("no BB_TASKHASH available, SBOM UUID is not reproducible") + return uuid.uuid4() + return str(uuid.UUID(base_hash[:32], version=4)) + +def sbom_doc_uuid(d): + if not d.getVar("SBOM_DOCUMENT_UUID"): + d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) + +generate_sbom() { + sudo mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + + TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) + bwrap \ + --unshare-user \ + --unshare-pid \ + --bind ${SBOM_CHROOT} / \ + --bind ${ROOTFSDIR} /mnt/rootfs \ + --bind ${DEPLOY_DIR_SBOM} /mnt/deploy-dir \ + -- debsbom -v generate ${SBOM_DEBSBOM_TYPE_ARGS} -r /mnt/rootfs -o /mnt/deploy-dir/'${PN}-${DISTRO}-${MACHINE}' \ + --distro-name '${SBOM_DISTRO_NAME}' --distro-supplier '${SBOM_DISTRO_SUPPLIER}' \ + --distro-version '${SBOM_DISTRO_VERSION}' --distro-arch '${DISTRO_ARCH}' \ + --base-distro-vendor '${SBOM_BASE_DISTRO_VENDOR}' \ + --cdx-serialnumber '${SBOM_DOCUMENT_UUID}' \ + --spdx-namespace '${SBOM_SPDX_NAMESPACE_PREFIX}'-'${SBOM_DOCUMENT_UUID}' \ + --timestamp $TIMESTAMP +} + +python do_generate_sbom() { + sbom_doc_uuid(d) + bb.build.exec_func("generate_sbom", d) +} diff --git a/meta/classes/sdk.bbclass b/meta/classes/sdk.bbclass index 00cae0da..d57269e5 100644 --- a/meta/classes/sdk.bbclass +++ b/meta/classes/sdk.bbclass @@ -47,7 +47,7 @@ SDK_PREINSTALL += " \ ROOTFS_ARCH:class-sdk = "${HOST_ARCH}" ROOTFS_DISTRO:class-sdk = "${@get_rootfs_distro(d)}" ROOTFS_PACKAGES:class-sdk = "sdk-files ${SDK_TOOLCHAIN} ${SDK_PREINSTALL} ${@isar_multiarch_packages('SDK_INSTALL', d)}" -ROOTFS_FEATURES:append:class-sdk = " clean-package-cache generate-manifest export-dpkg-status" +ROOTFS_FEATURES:append:class-sdk = " clean-package-cache generate-manifest export-dpkg-status generate-sbom" ROOTFS_MANIFEST_DEPLOY_DIR:class-sdk = "${DEPLOY_DIR_SDKCHROOT}" ROOTFS_DPKGSTATUS_DEPLOY_DIR:class-sdk = "${DEPLOY_DIR_SDKCHROOT}" diff --git a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb new file mode 100644 index 00000000..58200382 --- /dev/null +++ b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb @@ -0,0 +1,30 @@ +# This software is a part of ISAR. +# +# Copyright (C) 2025 Siemens + +LICENSE = "gpl-2.0" +LIC_FILES_CHKSUM = "file://${LAYERDIR_core}/licenses/COPYING.GPLv2;md5=751419260aa954499f7abaabaa882bbe" + +PV = "1.0" + +inherit rootfs + +ROOTFS_ARCH = "${HOST_ARCH}" +ROOTFS_DISTRO = "${@get_rootfs_distro(d)}" +ROOTFS_BASE_DISTRO = "${HOST_BASE_DISTRO}" + +ROOTFS_FEATURES = "no-generate-initrd" +ROOTFS_INSTALL_COMMAND:remove = "rootfs_restore_initrd_tooling" + +# additional packages for the SBOM chroot +SBOM_IMAGE_INSTALL = "python3-debsbom" +DEPENDS += "python3-debsbom" + +ROOTFSDIR = "${WORKDIR}/rootfs" +ROOTFS_PACKAGES = "${SBOM_IMAGE_INSTALL}" + +do_sbomchroot_deploy[dirs] = "${SBOM_DIR}" +do_sbomchroot_deploy() { + ln -Tfsr "${ROOTFSDIR}" "${SBOM_CHROOT}" +} +addtask do_sbomchroot_deploy before do_build after do_rootfs