From patchwork Mon Nov 17 13:24:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Felix Moessbauer X-Patchwork-Id: 4601 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 17 Nov 2025 14:25:04 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-qv1-f60.google.com (mail-qv1-f60.google.com [209.85.219.60]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 5AHDP2ll025013 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 17 Nov 2025 14:25:03 +0100 Received: by mail-qv1-f60.google.com with SMTP id 6a1803df08f44-8826a2b2d9asf161109976d6.1 for ; Mon, 17 Nov 2025 05:25:03 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1763385897; cv=pass; d=google.com; s=arc-20240605; b=VsjXt48Fe6Oye6gzWLitz+cx1pJOGcZyGT/odWNAVffpccyyCM9RM80JRBaMj3fYPV V/hd92FpNoNjrTeKw9WNDzAmpewa01nQn5BsydK9zLDjFXuUwhyzRlJtiwh51ITIWfUC PK39kGYCmVT3PxQVm/uaippxd3rg7vLR8Smepb6D3TE4ec1p/1aUDJXlRonrn8LCfoz0 Z7aaggeN4YysJtmfHHckBAJYgXUfm1z1GKkPc+4MIz6Qt4Lo7XsmnFyw+9tlEP0p7MHm yQGuk6mcCdYhEyO14BfkJ7L8v+eW3bK4BrqEi+6MjXR1aCZ/RITDZirHyYfY+kozBgNi XCcg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=u9RsXQUYkqP+5BTeR1OoUHXIUqifCen2doSxD+Ch/lA=; fh=XD+vho0fE1DiLf2F67HY588Zbbr55vyDMkdCx9sFimQ=; b=kkyMVuGSLobZS1xnbTrx8MOz5F2d6a8Q2iCy+BUCUWNZy2x8jrH+CKj70KeJVGiEEQ /o8eZqmJNzdNXvCNGMd6QCmb+uHct0OJ7qbXPII1b+J1ficpAwockSNchLQQOuw/1yOS fTKnerBhjSWAyVhjuBLShLBLOmL9RMQrFniAYt4cKBqQiAzRqWgIR+OAM5f9C58lpxRP erzdacg4+8uPoOIAe4Lt/UyLHhXNDN/ZarsdGOM+JAiGd6YfiCiX2KY1TDattLsy2/zC XmYoNEYsqBoLQuFFO5K9oio2muppYScaoTZAKhhENPKH00970bGCxS5r/T/litQoBUu7 7Jvg==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=EplFc0eV; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1763385897; x=1763990697; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=u9RsXQUYkqP+5BTeR1OoUHXIUqifCen2doSxD+Ch/lA=; b=ShOrN8WtBd16WeTSnHiXzAiCXQLBSm3NnMVO7veWVnjXPZlPw2eeF1Lj/1/qB1+Div jKyaPjMma/qcnJ140lede7BOKbQbOnE7TOsQifgYsc66zm6JOUKo7ix5K3VgAlM9QixM mhsYRqf6u9cl8xRf6q9NI4n/R1E0RXUASVjESznA6bAJ3aFzEjXVWOTdQdyX2kWuGLjX zeeQwDliualxQ7Kf/buEW7t7wHNQskVMq1ZbxsIsHQM3OJL8zg6HYa3qpMZJPpnipdw9 du/GUI8MuryHES55rJhrwMos5vNaqkcRH7vGVeewGgPHi6a1uPyT2HIvLBOQf36+K4C6 /eug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763385897; x=1763990697; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=u9RsXQUYkqP+5BTeR1OoUHXIUqifCen2doSxD+Ch/lA=; b=IMZqk1+zFAyb1F0lmba58J5eeN1Sd2rjB6JtJy77bZnGARM+Ht25A93IBGjDzwtw9s BpleC2rgYelNMhAmIb3w9wTUEWEnmhbYFVzDCNWIuEi9zaNMLsGdnrE3k1XnysQtNbOj j/nOB7NWr0hHEyWeW7kovofE78nxrKmflP27tfnw6HyeIhhK/4cdZJmSgvVliwWPu8dC oq6bcIXJW1dGbJPX4nH/jMJsuj+YUOhXXlm8iXiKQXJuB5Lw/rC7FxNhgtuOdIoOb8vi wj4Q7kzCFu1k3aqbNdYzIyomo0Da9xHSVPER+lRIFmkVRkLr1JItbWkCBySUUCuNxIZN xvFg== X-Forwarded-Encrypted: i=3; AJvYcCUXO7ygR6enI3AskMQpm7S7Tzhq9sBV0T/8mLvvo7JG6DYljM2V3e9W1FAiyj3Q1s4W4YGULuk=@isar-build.org X-Gm-Message-State: AOJu0Yx+7QfEfIzuE2KRdIV0mQEg9wE6/jFBg0mczxlPYDrtvELMjbhs KYz1d1oWOE4DMHMcczR7I+zn0x+ljEvTiFEu6J9MdDrHuEgFSnv/ybci X-Google-Smtp-Source: AGHT+IE4El+9p5yQpqfkRwlfeZwrbFIZ3ZyAQY3of9SdRp6Tz9z7OYI7X7G2dZhq0IwhUuuNOBbXuw== X-Received: by 2002:a05:6214:ca9:b0:882:63cf:397c with SMTP id 6a1803df08f44-882925e5574mr153153966d6.15.1763385896647; Mon, 17 Nov 2025 05:24:56 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="Ae8XA+Y8L4S9wLLc7n67yJASLAp5uMXMK7iHsYT49zFYkdjlxw==" Received: by 2002:a05:6214:f64:b0:880:57b3:cd12 with SMTP id 6a1803df08f44-88281ae923cls92220566d6.1.-pod-prod-03-us; Mon, 17 Nov 2025 05:24:53 -0800 (PST) X-Received: by 2002:a05:6122:6c05:b0:55b:305b:4e49 with SMTP id 71dfb90a1353d-55b305b7389mr1777076e0c.21.1763385893444; Mon, 17 Nov 2025 05:24:53 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1763385893; cv=pass; d=google.com; s=arc-20240605; b=GZMh+Af5WQELkMrP7vKCrrrfE+TWdFXiGXOK8EPcvR9x8VLN6ml7buPUHZSBkqlB2C zAEkaTib70CEJHWVW7zmqRlFDqLe7bbPMoFHQ5M+7+UlYjcVAraTGUpTYkkyTYnHD3y3 FKXws8mgGdCX9u0kzFsKDXs3pkiPxJcu9RsYA+VXfIDp6RerOSENZ89JplXbmniAe6Nu ZeHuMaucXcqshzvAnVxSsi52Z6mm7yDg6fkpK82egdP0H6d7CADKX0oXPK6S7QIEoDOj jekVXHgct9hw/IhPsfXJbe/wrBQaM5tx/BwT3YwxXgy35nQG43ygsCtsi5dno1cz16qD 3pDg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=RbOEPGBV6ypFrqaNQwUh5as+UoWKt2CXd1QIU68qDWs=; fh=U8bm4dTYQmv4LpgB7HlcKSsNa947JBNKOeDeOLKSao8=; b=dPC0oCsU/f+zX0Bs2QmnUYwO/7oIO3vRtR72xZ8jHz2HW7+U3EVcPg2sb/zNcdfXQT EW9t8FgphLnAF9Kf3who5ulIZ/rZM0WMBy+YJKxHxcK+mswVPkjSejxiCRJygvOYXf+6 lu0IeoKry6tPzgBcUgBvc0kiCuOXdkbMvDzYTHITDWRqJu2yCiNhPJrXgO+n78YB/dP6 /dliue4Q5uMt5lyDEO5DqdEEKabAHWZ1gzKI86MtFZlkV8uofgU8bYGKQPGvky5NT6pq HVRwXlzGiEFU48A4r1Hm9buKodM6Ar5QalmAVJykFQI04Q/Er2GV8qtj+pWSZsKboLXh nsdQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=EplFc0eV; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from MRWPR03CU001.outbound.protection.outlook.com (mail-francesouthazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c207::3]) by gmr-mx.google.com with ESMTPS id 71dfb90a1353d-55b0f8ec887si629239e0c.3.2025.11.17.05.24.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 17 Nov 2025 05:24:53 -0800 (PST) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) client-ip=2a01:111:f403:c207::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=nBTv+7FkSwU44QudWQYkhKLXJm1QWAhRRkIp+rz6+OQMZtwsL7WRs/7786G7x8ycVCGNqZxcQw2OKV0/FlQzGaIkEYcu5R3wapSveIKO9OyfOxCkPWUQUzOQysXO2/qzRGKI/hoGImceqPIPJ0/Tmyc4MIeVxqBsQdIRTag2BFLUQSpQsPhWT/KMeSgopJH8LHa/xPB2ETRektsMQZ44cj1jAEP2Bgcc7O8frcDMWb0KsWt3QFl4DMLp+pdBM2Rzdn+qZXqt2tJfO6r/3j9a1xh0y7WQIa4+zTJXvuw5IVpPNJXVD7BXAmOrxBmKc/42qWI78rDSvb3qXqGroTqkCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RbOEPGBV6ypFrqaNQwUh5as+UoWKt2CXd1QIU68qDWs=; b=vweBRe8UTvtq3ZwxVK68Z4SgaWJr2fGFRFvlAjgRvfSD13HWgJokoH8hO8ET4a750vUF9umdS5L6TyiuTRB/LHhR/wzgeT8EsJvFknSW0bZkpVgmZjikE4OVCucgwwks45FOli9MMWoHlnC1ETSA5rV6dGpIygKRWK/57PLqnQi9aH0HQ7L+urOEb06olOA+6Sp/3k2MRqHZGJtDTA24t35TNYe5fXue8zbXPW/5rrIXhKdIjePXF7TmDiAzWN3sVJBBz4jIl8qo8FfEmMzLXFIjpz69Zuy1cGoY8D2iG5iuDSfYWqzRl14P1v1wT8pZVZU43Hzj+OYxZsMvdu7oBQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by PAWPR10MB8044.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:383::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9320.21; Mon, 17 Nov 2025 13:24:49 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::8198:b4e0:8d12:3dfe]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::8198:b4e0:8d12:3dfe%4]) with mapi id 15.20.9320.021; Mon, 17 Nov 2025 13:24:49 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: Felix Moessbauer To: isar-users@googlegroups.com Cc: christoph.steiger@siemens.com, cedric.hombourger@siemens.com, jan.kiszka@siemens.com, Felix Moessbauer Subject: [PATCH v4 04/10] meta: add SBOM generation with debsbom Date: Mon, 17 Nov 2025 14:24:30 +0100 Message-ID: <20251117132436.511686-5-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251117132436.511686-1-felix.moessbauer@siemens.com> References: <20251117132436.511686-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR5P281CA0026.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f1::11) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|PAWPR10MB8044:EE_ X-MS-Office365-Filtering-Correlation-Id: cdd518ba-d655-4de2-2557-08de25dcaec8 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|1800799024|376014; X-Microsoft-Antispam-Message-Info: +tdO3p1BHD9h15snIxptxGBe4oCS0NTQGrM50uwOuiVozVY3ZYvuol4w66R/ywAjiJuYxiikZqbAr9zthnacIAKQKatUwetueGKAuOSRe0j44ZW56HiJSNyupQ/pDvvL+n4U/wrrNaC1810UFqh51mTzTeqyRlj5x5c5v1A9GQZDfqo69vuyzQMRs0oRKTbFjhNV7fPdB3p3YIOkxeD4KVE/Vu9N17eM/ctDLHs0sSSQWZRlx5rZ/MoLlSB9SY9oP+BL4aX6FIhPc0ILt7qJmYOUkm2Z+da0jePnTS26R/oltQWHfONJdGty4Jxt/gQzAvgMrdPElbmrCB/nWMmFGPcEikiiYL9ibxG93bVtasRv5YAF+MpAZk1ytIUrbagRZ2PC1d76jA1L/jNAv6bSJBk6Zjg14Mx0Gm03ymYn6PXcmBpTA8uPdMBM7CcqDRfZcx12nvgbn+SIFo628b25lOttkvdVqt+wE94HiiOcSvHp8T7EZmfbX5w72s+lMgbWPTyhYB3u8MPXY/K+X/0B+IGKou9i3DyjbQTm6XL+0zc6YzMi7QAbQRUEU2fEujfuig5LspOtv8yGp3/KA4S4VB1BoklT4pGrAE6MtrNAlLrKDROGTbRLMqPOvr6/WVAQnXrNmCVkv2mG9U4U4F0X8RoRA3Y4jZXKP9Am5l7RLXgS1G8zDA2R3wegHuorTQQIfVVuoTYNRmRa1NGHvXDcUsp6XRmTjFrE7pRe41C0Bz5wAycLYy8TG/mYDpRwkG8rFvRwahrHbx19ouCg91WzwBRciaa8gkD1EiPiPcUTW1fJM6vfcNSOZF7GtOyL4V5E/Vsl9tlhSgR1ekToB5/Qa1cVAHLV69Fpst9UWiGxVrzAyzR8gtToaya5RaVbl9guTf85s0E9Tc2U6dRsFooUp47sNHz+zre5ZludjR2gmpb1ETGIKUvbIGeaqMANSy+Jzb0nF1Jf1ZRD5RvUAvgJWGCAhFPt7ToEdj+A5neYOx6GdVmxNZR7oHfsdz8ycqdL3dLsdOHDmFLlP5i19X6iAB1XKvChI/P6Y9JecV/QbwdU7W9vbHEkGo43ELOhf5OWEYykQ/Iauh/4u8FhLsdMADv9jJuhWyo10SAXBNjMfVPs6R5WKxO42ZfV//2yOo1y2KNkY1vMpj+KyWFUmZ+5ob3lc5qbOScDI+B7XYpF0y9IttA2DpqjDE/KJavvf7Z2XjeVgsRYQJdVlfzOJIuliUZMhX0ULwoc6lc82gnHCcVqGfpXIH5dm6uxZWHDlG2IKdBDQq0oYU2tQkZGEN0UAbBpBAByMWnmm14B4Fpse0wmtX6QRlVyP2yDSesKwF3KWFuBeDrUOmwZPUuz04GYCXXUJUtm0eD11C0nG2fTQBl6LGftVLEzhWVu/FnYPvldrAOc1lF4H8lD1hD91MzuXQ== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: bDs4O16XDeh/vWScTNmtxcqAxaEP4HYlcq9Al4XVI65JQCcCyjq5DdVxkjkjg+TcYVhf5mMlGsACo5nwf5loXSzOBP0NZLh7dRyamkrTAIiMJCQLWy/hV3uyzqZsmQm6GEHZRdUjdwLEkVbV+mJxWsEX4G9UgKj5hgoxQWueuDJA3TPS7fdDylemZonCkRESj6B8dnI1AO9RZbbSyVu+7yjTYH5NIHzN3BPZSRM13ihfmL+d1+UcTLNjpgzERibN/lfONUhmArxjYLN+6K05a9G8+b0HswFfBaWLhpnnq4QUIyUgf3p3qZjqnopKARyaRCAZ+FGCSF8LYxMjK5oZSHT2AL0jvNgE8h47Tanrqiz8pKI3VzSTjJ0nfF+YC7zZss8bokFpKyRZa+ZqlBaAPOFFie13z9qf8Wd6BTYTp1MPKY2TU0JIQ+8zGd4K2OcddpZ+5ARijAt0gqXOP8TK3/TCue/mfkXqN67kmfIM8LOlUQF82S2wIHru/1Mwyq/aRiFKk8pDIUy098zbQLwP7UW1AnR4yRVjE/3eWBi3SRml8JM6Tz2G9GvUzr5SwUYHhyHjFmtgRS+ydG3VkRkHZZGJhLtCdxxg4oDYQWQc5XWQidW/I2xiECvZfwo+7o1EjrXZLBxyPMCLGUJ1YFzc/rGMITnBXKyw077Sa00MdstlUNTIu+wovDFdX+lnUcHjTPB8kiK6OFL1KN3Iv4JU0VpzHj8fuHXTHmUtnHpjMQAuzo0tu50EZtOMqPBukw7oxTvLJbGwfaxw90L/fbYz2rsk9eHAx5fN0qqFdavMbn2oBfxRPid+c6crO1yKabrbHngB+D0MgqIYJdigOj6YzibDEtz+JsdpxvtR1EaLVB1j40hS327rpimwi8S9VoOqNga2e5SxZ+M4BxguZU8YWT29A2EurOTSpzHhPUK2BK6c0jXjcOVkP0qcxmbO/TNVnh3OTZ1l70VQLAu540y9dvtxIdAgMKuD9PbFpFritv4MxRsmjH0qiS7WX8n1Uh03ytQvS9yfrWzKhgvvaWo5nIdxgKK1sV/WmRYgU9PRV2JE44pEcQmo6po+xOOSEUEnsjY8ex7KFbOYFtYEjg9b2Icg+rBqVIhhPSLe/v5RSywcWPw0sS3ajds8vHX5I9jDBAZ0TyL8hw/2q55BUsd31wyhp1kSbRPGWuhHRo6lmMNV9isY71N5GsOkTs4g1425fFHn4LgsddsWT8kc9xMC4QY/rfM48O9I4Cjac6tqCXaGdzrw3ahe5NM1I5fvHzsvnc3OguvSHWXrqxdhfmpHewgvwP0KODN3yPgOmvIeGGgCVVXcGDTYx99TZLrdCSGwTm6qz9g6rZZ9CXmGqe3zol83o260p+H2Tnng0NLKlZuhzcKZGCo0UynLuoJbedYEH1f1fYdeCNFJNgnyMVAfKAknaQNFec1/fE4mmK5vBHLCvPIrWYkvSb4CypoVSujBqQFlMTBufkQu+r8F9l7ArEf6X+Dy3KhF2QbZ5y3u/A0Dov1Y9JE5OtFmcnpUVF3pcGcjh6grNTprSDblUxOFYeBJzbQNnA6eDMZdRx45gbaGkkx0uGkhVDbifhd/qSrmMaPU8I/Sztf/MwX5KSI5+Q== X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: cdd518ba-d655-4de2-2557-08de25dcaec8 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2025 13:24:49.0435 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 4aJRRc9XiuwmY8IMDhlD9Wjj6MuU5Fn+6XJy66CFSz1SPS8IiNmUxT/vrqX77e5wQIiQ/wqhL7JRON3gQ3HVyRRCLv62o0Axglz+Q/A0eeM= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR10MB8044 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=EplFc0eV; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= From: Christoph Steiger Generate SBOMs for every rootfs that is created. These SBOMs are placed in the image deploy directory. For the generation a small chroot with debsbom installed is created and from that the rootfs of the image is scanned. The sbom generation is bound to the rootfs feature `generate-sbom` which is activated per default now. Signed-off-by: Christoph Steiger Signed-off-by: Felix Moessbauer --- meta/classes/image.bbclass | 1 + meta/classes/initramfs.bbclass | 3 +- meta/classes/rootfs.bbclass | 14 +++- meta/classes/sbom.bbclass | 64 +++++++++++++++++++ meta/classes/sdk.bbclass | 2 +- .../sbom-chroot/sbom-chroot.bb | 30 +++++++++ 6 files changed, 111 insertions(+), 3 deletions(-) create mode 100644 meta/classes/sbom.bbclass create mode 100644 meta/recipes-devtools/sbom-chroot/sbom-chroot.bb diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index 1fa71c17..29324920 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -99,6 +99,7 @@ ROOTFS_FEATURES += "\ clean-log-files \ clean-debconf-cache \ populate-systemd-preset \ + generate-sbom \ " ROOTFS_PACKAGES += "${IMAGE_PREINSTALL} ${@isar_multiarch_packages('IMAGE_INSTALL', d)}" ROOTFS_MANIFEST_DEPLOY_DIR ?= "${DEPLOY_DIR_IMAGE}" diff --git a/meta/classes/initramfs.bbclass b/meta/classes/initramfs.bbclass index 862bd873..570780e1 100644 --- a/meta/classes/initramfs.bbclass +++ b/meta/classes/initramfs.bbclass @@ -22,11 +22,12 @@ INITRAMFS_FULLNAME = "${PN}-${DISTRO}-${MACHINE}" # Bill-of-material ROOTFS_MANIFEST_DEPLOY_DIR = "${DEPLOY_DIR_IMAGE}" ROOTFS_PACKAGE_SUFFIX = "${INITRAMFS_FULLNAME}" +SBOM_DISTRO_NAME:append = "-initramfs" DEPENDS += "${INITRAMFS_INSTALL}" ROOTFSDIR = "${INITRAMFS_ROOTFS}" -ROOTFS_FEATURES = "generate-manifest" +ROOTFS_FEATURES = "generate-manifest generate-sbom" ROOTFS_PACKAGES = "${INITRAMFS_GENERATOR_PKG} ${INITRAMFS_PREINSTALL} ${INITRAMFS_INSTALL}" # validate if have incompatible packages in the installation list diff --git a/meta/classes/rootfs.bbclass b/meta/classes/rootfs.bbclass index c045bfc0..b3ca9e16 100644 --- a/meta/classes/rootfs.bbclass +++ b/meta/classes/rootfs.bbclass @@ -3,6 +3,8 @@ inherit deb-dl-dir +inherit sbom + ROOTFS_ARCH ?= "${DISTRO_ARCH}" ROOTFS_DISTRO ?= "${DISTRO}" @@ -28,11 +30,18 @@ INITRD_IMAGE ?= "" # available features are: # 'clean-package-cache' - delete package cache from rootfs # 'generate-manifest' - generate a package manifest of the rootfs into ${ROOTFS_MANIFEST_DEPLOY_DIR} +# 'generate-sbom' - generate a SBOM of the rootfs into ${DEPLOY_DIR_SBOM} # 'export-dpkg-status' - exports /var/lib/dpkg/status file to ${ROOTFS_DPKGSTATUS_DEPLOY_DIR} # 'clean-log-files' - delete log files that are not owned by packages # 'populate-systemd-preset' - enable systemd units according to systemd presets + # 'generate-initrd' - generate debian default initrd ROOTFS_FEATURES += "${@ 'generate-initrd' if d.getVar('INITRD_IMAGE') == '' else ''}" +# only supported from bookworm / jammy on +ROOTFS_FEATURES:remove:buster = "generate-sbom" +ROOTFS_FEATURES:remove:bullseye = "generate-sbom" +ROOTFS_FEATURES:remove:jammy = "generate-sbom" +ROOTFS_FEATURES:remove:focal = "generate-sbom" ROOTFS_APT_ARGS="install --yes -o Debug::pkgProblemResolver=yes" @@ -478,6 +487,9 @@ cache_dbg_pkgs() { fi } +# The sbom generator needs the apt-cache, hence run before cleaning it +ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'do_generate_sbom', '', d)}" + ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-package-cache', 'rootfs_postprocess_clean_package_cache', '', d)}" rootfs_postprocess_clean_package_cache() { sudo -E chroot '${ROOTFSDIR}' \ @@ -647,7 +659,7 @@ python do_rootfs() { } addtask rootfs before do_build -do_rootfs_postprocess[depends] = "base-apt:do_cache isar-apt:do_cache_config" +do_rootfs_postprocess[depends] = "base-apt:do_cache isar-apt:do_cache_config ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'sbom-chroot:do_sbomchroot_deploy', '', d)}" SSTATETASKS += "do_rootfs_install" SSTATECREATEFUNCS += "rootfs_install_sstate_prepare" diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass new file mode 100644 index 00000000..fd41296c --- /dev/null +++ b/meta/classes/sbom.bbclass @@ -0,0 +1,64 @@ +# This software is a part of ISAR. +# Copyright (C) 2025 Siemens +# +# SPDX-License-Identifier: MIT + +# sbom type to generate, accepted are "cdx" or "spdx" +SBOM_TYPES ?= "spdx cdx" + +SBOM_DEBSBOM_TYPE_ARGS = "${@"-t " + " -t ".join(d.getVar("SBOM_TYPES").split())}" + +# general user variables +SBOM_DISTRO_SUPPLIER ?= "ISAR" +SBOM_DISTRO_NAME ?= "ISAR-Debian-GNU-Linux" +SBOM_DISTRO_VERSION ?= "1" +SBOM_DISTRO_SUMMARY ?= "Linux distribution built with ISAR" +SBOM_BASE_DISTRO_VENDOR ??= "debian" +SBOM_DOCUMENT_UUID ?= "" + +# SPDX specific user variables +SBOM_SPDX_NAMESPACE_PREFIX ?= "https://spdx.org/spdxdocs" + +DEPLOY_DIR_SBOM = "${DEPLOY_DIR_IMAGE}" + +SBOM_DIR = "${DEPLOY_DIR}/sbom" +SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot" + +# adapted from the isar-cip-core image_uuid.bbclass +def generate_document_uuid(d, warn_not_repr=True): + import uuid + + base_hash = d.getVar("BB_TASKHASH") + if base_hash is None: + if warn_not_repr: + bb.warn("no BB_TASKHASH available, SBOM UUID is not reproducible") + return uuid.uuid4() + return str(uuid.UUID(base_hash[:32], version=4)) + +def sbom_doc_uuid(d): + if not d.getVar("SBOM_DOCUMENT_UUID"): + d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) + +generate_sbom() { + sudo mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + + TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) + bwrap \ + --unshare-user \ + --unshare-pid \ + --bind ${SBOM_CHROOT} / \ + --bind ${ROOTFSDIR} /mnt/rootfs \ + --bind ${DEPLOY_DIR_SBOM} /mnt/deploy-dir \ + -- debsbom -v generate ${SBOM_DEBSBOM_TYPE_ARGS} -r /mnt/rootfs -o /mnt/deploy-dir/'${PN}-${DISTRO}-${MACHINE}' \ + --distro-name '${SBOM_DISTRO_NAME}' --distro-supplier '${SBOM_DISTRO_SUPPLIER}' \ + --distro-version '${SBOM_DISTRO_VERSION}' --distro-arch '${DISTRO_ARCH}' \ + --base-distro-vendor '${SBOM_BASE_DISTRO_VENDOR}' \ + --cdx-serialnumber '${SBOM_DOCUMENT_UUID}' \ + --spdx-namespace '${SBOM_SPDX_NAMESPACE_PREFIX}'-'${SBOM_DOCUMENT_UUID}' \ + --timestamp $TIMESTAMP +} + +python do_generate_sbom() { + sbom_doc_uuid(d) + bb.build.exec_func("generate_sbom", d) +} diff --git a/meta/classes/sdk.bbclass b/meta/classes/sdk.bbclass index 00cae0da..d57269e5 100644 --- a/meta/classes/sdk.bbclass +++ b/meta/classes/sdk.bbclass @@ -47,7 +47,7 @@ SDK_PREINSTALL += " \ ROOTFS_ARCH:class-sdk = "${HOST_ARCH}" ROOTFS_DISTRO:class-sdk = "${@get_rootfs_distro(d)}" ROOTFS_PACKAGES:class-sdk = "sdk-files ${SDK_TOOLCHAIN} ${SDK_PREINSTALL} ${@isar_multiarch_packages('SDK_INSTALL', d)}" -ROOTFS_FEATURES:append:class-sdk = " clean-package-cache generate-manifest export-dpkg-status" +ROOTFS_FEATURES:append:class-sdk = " clean-package-cache generate-manifest export-dpkg-status generate-sbom" ROOTFS_MANIFEST_DEPLOY_DIR:class-sdk = "${DEPLOY_DIR_SDKCHROOT}" ROOTFS_DPKGSTATUS_DEPLOY_DIR:class-sdk = "${DEPLOY_DIR_SDKCHROOT}" diff --git a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb new file mode 100644 index 00000000..58200382 --- /dev/null +++ b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb @@ -0,0 +1,30 @@ +# This software is a part of ISAR. +# +# Copyright (C) 2025 Siemens + +LICENSE = "gpl-2.0" +LIC_FILES_CHKSUM = "file://${LAYERDIR_core}/licenses/COPYING.GPLv2;md5=751419260aa954499f7abaabaa882bbe" + +PV = "1.0" + +inherit rootfs + +ROOTFS_ARCH = "${HOST_ARCH}" +ROOTFS_DISTRO = "${@get_rootfs_distro(d)}" +ROOTFS_BASE_DISTRO = "${HOST_BASE_DISTRO}" + +ROOTFS_FEATURES = "no-generate-initrd" +ROOTFS_INSTALL_COMMAND:remove = "rootfs_restore_initrd_tooling" + +# additional packages for the SBOM chroot +SBOM_IMAGE_INSTALL = "python3-debsbom" +DEPENDS += "python3-debsbom" + +ROOTFSDIR = "${WORKDIR}/rootfs" +ROOTFS_PACKAGES = "${SBOM_IMAGE_INSTALL}" + +do_sbomchroot_deploy[dirs] = "${SBOM_DIR}" +do_sbomchroot_deploy() { + ln -Tfsr "${ROOTFSDIR}" "${SBOM_CHROOT}" +} +addtask do_sbomchroot_deploy before do_build after do_rootfs