From patchwork Mon Nov 24 11:46:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 4628 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 24 Nov 2025 12:47:12 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-qt1-f190.google.com (mail-qt1-f190.google.com [209.85.160.190]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 5AOBlBnY030468 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 24 Nov 2025 12:47:11 +0100 Received: by mail-qt1-f190.google.com with SMTP id d75a77b69052e-4ed74e6c468sf54065951cf.3 for ; Mon, 24 Nov 2025 03:47:11 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1763984825; cv=pass; d=google.com; s=arc-20240605; b=AlSnwQ/SxoZbG8VizoK7+6zqhHHvdILm2S6eJbQ8lQrUH1uuHhMsbVp1JdX9H3ZpEw +ZMGIup75lb/c1QpxPmcCaTZZG6vlvQDTyEVCJOXfFbfuUA37TWOWu4dv8R8dVchGXgk ydYhKkgarGT+Ec5ZSt1944NXHn70Vd5ja8Pc9DAuREWiKZlQEix7BA/++4MAhnnPXRMZ ek/57A8tnUZiGHHoJF7mRKfXdknjEkIY1eArNmuD68wSGzieoqXeJ2xxyP1b9SzSaAMa h2/QuqPCscePoSWgwAYf+5U2ZqNGlWv7E8UB3UV7dbi89SZy+egjwsuB+rst2YZFgzPA GAew== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=6QUpsenY/8G1XCJvndgDFd5O1YRWO1/DMTS4ndnlWKM=; fh=K1KxS/nfc350aEwzpym5TDWfN0J6EsNJ3kD3uD6bCm0=; b=JlnGHcd9QQvRtXOO+PGViq5Y3q3SXkpPuMmLgTqF103yuSbjtQoAHlWNnOoAhrgbxO oIuL/BbCFbXzezdsQW8CVowG5XXELvkljJKfh9eJkJ9rbUI9YP7dA6ul1ySYnVOsNtPK pSb6tQkhROBGsDOLBjeW7Wl3poupoKFWF2ohGk316+AZvRhYfcnxuDImkeiV5ls5MEuB y4DiB9Fshn8aEqdubcd4uJrHGmNgmBbKW6z0EVxGpVHtRPfupc7SBiKIuhF0ZlF3StEb QEixAWo11JB+kqRhxrztThiCR3lzZbEF75EnuO6RFyDf4epLPBUwkt0DSOA+m9SyNZz9 a4cw==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=QEEPUHel; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1763984825; x=1764589625; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=6QUpsenY/8G1XCJvndgDFd5O1YRWO1/DMTS4ndnlWKM=; b=H87GDLx9QwgNKURGTHTFZczJKEZLN+QgXGEUNpHeqzGWrPgZYd654ekXyUYU7hUTnD 4ZTAPQR3sfIOe6bohZ+xK4kvT6NcrblfMplkVNQg3Js5NaSJJXE1XrKtI1i9APsuH1NL AuLYtjHF9v9jgYB0yk31F0YSLYPcnrttiOmmPQc1i5IkXUSbDLo46Dr+mPsV0UqK19BC 2Hu3JM83pdtSaJt4X2SD1BXrmPYVMDn7QjZG6X+wywtomLJtxb6ZhtXFUV/RsA1oZK0u pG8Ou1GL9gS0emuVFppbTGs492haHtkLCnmRaY5Pxh9XiaTL+tmfPKZwN0gSMXE71Usx qiKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763984825; x=1764589625; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=6QUpsenY/8G1XCJvndgDFd5O1YRWO1/DMTS4ndnlWKM=; b=eKcn70A/xbOtIe4zf7r6lMWrabXuVQwj4gvNDR0KIKwhyutU9ivxjwCcFFHnONmjSK 5/9DUp9zbCKTq5D+eJn9METb9eqLz1FFZASRNiLXKRruI3R5TVza9BLJ575XMy+/hjF8 qtPO86HxHHTFJkAf5aqSeluPCP1WJqFfOjzklLtqnv8zDTJbLKpQp5CC4dBb1wNyN77W jU3EEJWlvcjXoHke3q2tDu4hrwxp4N551Q8C/0nJfndagOIxP6zkuxjaaixC5hbzFOzM BqEO4qmWpjrM3oDdSKIIP2gJiLmbpglUvb4e058ieoHuLp2QPuKsCID2uyHHj+e+YZbk nd/Q== X-Forwarded-Encrypted: i=3; AJvYcCVk83wmQAuAOpqJEuadJSsQn5Al6WBLyIAuAZUS4VFuL0o9T6YbDiwq+QP9Ypb8YbvMKLwj0V8=@isar-build.org X-Gm-Message-State: AOJu0YwaKQHpv7wu4GOYSHZyr6H8lwfGeRNF8jRln8M9NgB0bQMWNP2z DkNiIMC4c/ADXhMHk3qVspYFAvuVRJWD4u8xgyzqlJTFVtvHb86SvVhf X-Google-Smtp-Source: AGHT+IEy5eR2JERZVgAWtn8dIYUdD1pjTKxUq7YbyVC1pSzlo155dJQ+5PEPMVDzagA0HdSexAM7cQ== X-Received: by 2002:ac8:5908:0:b0:4ee:4a1a:8242 with SMTP id d75a77b69052e-4ee5893cf54mr157187871cf.73.1763984825023; Mon, 24 Nov 2025 03:47:05 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="Ae8XA+ZMYIrAog0OPlyNhtDkBTV7vEpE54GvMBfg9jW1xHkj5A==" Received: by 2002:ac8:5d04:0:b0:4ee:1b36:aec4 with SMTP id d75a77b69052e-4ee48fab8a3ls83538991cf.0.-pod-prod-08-us; Mon, 24 Nov 2025 03:47:04 -0800 (PST) X-Received: by 2002:a05:620a:29c9:b0:8b2:271e:a560 with SMTP id af79cd13be357-8b33d476f5fmr1138218685a.72.1763984823932; Mon, 24 Nov 2025 03:47:03 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1763984823; cv=pass; d=google.com; s=arc-20240605; b=lb8e6d0I58ABHYe9YP5eIuiqhI3/KKillOxdFib3JNCoXfnq8KO1RBbGthyImFHEik hL82nM1MR9zxySE6QMuy9UVL3qyiol69jYqDSuDIIrLdFLpjeBv2gqfR5frJg3e56KZQ Byo7nEIDW51skbdgBT4MoeZ2QmQBF+wH4cFpKrV2NUaIL+DubEuld2zyYhJPNngm2jio JtFLbpMIdaSC1q5MDInBxdx99PYUDshwPidLpGdVWI/496XdRMklbIOZgD87aKvB2Gta BTHe9iXIrHmcdRNr+moFP0G805GYJ8pBOQL4O8/phmULRivMgY5ubvfs31nuQ9ymoI7K rmXQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=6M05J8cNSbyYYTZwjED5ijYHSbZzsHsJMOQkteSubbA=; fh=lXAfkm/bqUuMyEbZqDnRxjs+8+ouAkuxpMTPCNkgt6k=; b=B5zkYG12tS/MEgJGghVpKoRasXbLNIxigRsRubh+bxAo2TW8j3uO3JSf+MRTad0ylX LilgdVUycZxXKanJ6TiwAoleqNbbEO6bRGXO7b19qEQjZ6xF6swGmSU8nTNJdkJUeH17 doI5K63EJV/872xP6PAPvyimDOForjXfg2j/x46IPqJL1XNB8VHESUgWIM/iq9fY5A9D JcQ/gHKIz0rOyOyxSr19p7U28xMjLiqcRLFqGeuCACamDeWkzv+IViJGBhJg2bcHaocA UpyIRNeJoyLhRa8tO7uEo0OiYc/BmkQtbc3r2iywasygoCE3I4RX6RUJvL44X8GXepXl r9UQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=QEEPUHel; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id af79cd13be357-8b327e874c4si44962285a.0.2025.11.24.03.47.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 24 Nov 2025 03:47:03 -0800 (PST) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=B/x+e+GwIHdc/muFhKkBAqqGX8lwo3BDRkyonbVOitgdGXSmUga+g6xlEmil7cBMu2LMNBq9uYnqjiX+EjyvNGbxdHd+BeXdDCLUVV4kLkAGngA8suWXoIzr8UZnWnEPL9YCbimLxYSshwZHtRKfbBbQP/muw2WZ7M+z2KmfXpINRfNulFJx8Dvkjg1AymAavhktTYZxKv4ALx0adGKk9sRvEUsaSO//IZFIOc9u9a6chF3Pa/Dbt/mCrYt6sy0y8/RMaCTHnjV5tlsj4blLzc7RIMy/z7ScDztDiUOk76m3nYXoIqpYInCNe0cfyU4lZ+T85NNemZy4JNRY1iiz6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6M05J8cNSbyYYTZwjED5ijYHSbZzsHsJMOQkteSubbA=; b=FlEwh1BDyII/k+gyys0jqenaIkDGehNResmm5OKC989uPcccO/oNz+qu/vR+lddbY4K6jD+sxznNAoTciWTo9r3X/2kvZ7umxgIxEIv+CKaKLvgrBAB0+2zBxzoKGcXN8OzPGXOlAbTxgdlOTDyAqkYkVRQLYp1bfJK/itUnVsPbyqSBekwfRa9RIvsOnWRfNxmj2AsXHhT8cQaspSoYVdXxSAdwwsWLINZA6h3mNkZgkTkG0hATmeeDvNRoLdVhXPNuFCcq8irEhLR9IAZZ/8eDIjruLQ1ryPhKqAAgRip5OONOVzrSX0UojCS5BxjaSUabnO02Q80C5+XiJ8il9w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by PA2PR10MB9116.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:41e::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9343.17; Mon, 24 Nov 2025 11:47:01 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::8198:b4e0:8d12:3dfe]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::8198:b4e0:8d12:3dfe%4]) with mapi id 15.20.9343.016; Mon, 24 Nov 2025 11:47:01 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: christoph.steiger@siemens.com, cedric.hombourger@siemens.com, jan.kiszka@siemens.com, quirin.gylstorff@siemens.com Subject: [PATCH v5 02/10] meta: package python libraries for SBOM generation Date: Mon, 24 Nov 2025 12:46:30 +0100 Message-ID: <20251124114638.2238090-3-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251124114638.2238090-1-felix.moessbauer@siemens.com> References: <20251124114638.2238090-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: SG2PR04CA0182.apcprd04.prod.outlook.com (2603:1096:4:14::20) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|PA2PR10MB9116:EE_ X-MS-Office365-Filtering-Correlation-Id: 7447ee65-5528-433e-f353-08de2b4f2e49 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024; X-Microsoft-Antispam-Message-Info: QUYPuY7u7BAv9SZE4E5M29IZyqvV/8BMGmrdqKavlIAuuhzMr9GHPkKx6Cb0FNcwhKOCV7cnroRYy0rbu3/P6nPtRABJYeazWtAHXWsCSiTRBnOhG3IPjjAe+emuV27tr58vI5GBU1H+efj3zCQhf3rOOna4m9AEWGdMTe4HXAdR+Uw01kYNSQIhE31JAbeRt074JkT8tK0SHV9WpNu8LspMrEnlLlsqknyfzqXW3DvUefb3TQoaoY0D5Fk2Fa0Uqh6FOmoF4x5wBPARim/KdLlswyOUpwVdvzoKCvvW2HNTgSaz3+C+7vgNgBgz3KggMwM0wP66583tIUfctgTmX9rG2Os11jSv6I7OlyMWY16WQ3ojoFqZKuCo3lyeIJX0W5VRg9aSfw+fNZ9fi79NJl0xUDtktt6e6ix0vey4DEpQfR+LG4ItwcJtonH3fWtwHpfOeMYmpX92qXkNRb93wAUf6A9wef14K7RzDgbyHt2jWVIHmXmthiKs9oaqzGK2mFcJR+4F7sp0CYSKxDJU42RiX4dlRUBucli5pDp2NLe2NUItVUb1HK6UeQXZhxY5szPpy+5R3eg4b75VNRVpFLcFP6VacyGd/e5PQCipmqZqxOOYAlQj9puJkha2iLwrz48uFs+bKPJqBmPSotAEwJGTpX+tCQEsof8yMF92f7wTzHJNnv72LNhB2he9o2MJbGXthPI/6j9Q5q/MYDGHUzVdH3aYlf+w0bMPgr5s7EY6bWuJDoUdUuyneelvLw3/5GD4/6IR6/v/kc4mMdqnsPUlyGLssM9+AhHVgxyX/ASwQvfaSngkO2VmlYCPlj5PiuKwbv4/OuYEEYj1ZPcJKIRk34jE/T48hlmCJppNpNHMkmM4Q/omQsDFk1dTRW1o3elu3WdBnMQ5TFcWoq2EiLc5L8WBYmTm4ifZjZyO+QBAJM4J5ieSg6visgeQX7wsUaeL2cQB0BW0agCPa/UdGaNPn8Ku/y7ZrnNjqJf9WNzqqu0mmI6k3JonSAg6yrxMpr9CZiYXD3r03IYzn+f+02ceYnZD5dPpIwEG3qzzljICisKQG74EJWLFtZwOX4d2UCKTssqnf9maxpSOArRJIWpaL8MqqtVOKPVhuu42XI12LgkBsL7PEDg6Sta0WEklCRUDzIsDB2yc7vDJ0PcQ+FKyafJUtWHG72MkxV9Fqqmrc5BWo2FXaCYs2jHc7MFvACOAlVHtstz9VnDwYgvUJeIxJlv0GTNxkzKSNimN7QeNvog8KhtZEH05KyGxe2Baom0uQiMEbSlQy/EWodyuax84GgE8fiCDAyla1T4veYK/8ZmZzY1MKhkd6Kezj7qn4FpjPzsybIQq15KvCVvOzUhqPQGgeXq8JtnRtmcw+sWGniq1U0iyYKG9aF28kS4GjoGF/q3FXZEY8MEy9/V1RDWSv2LJmk4dhESWP9Klipb9091ugzdpllxFAToLy6kcuOmAG8NnDCr/fC5M1kcvaA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: Vvu7YQY/28sRbJ1nLd57ZCSMfThxy9a5mdGoUzKN127aUBFCNJLvceDAB2q4wazAU8lRLuVQ0kzA5NZXaUYCs3iLdRQt/QN98MUPW/n6mTHz7+2akHPyMSKVz+w2SHxy4zjUrCKMjM//6xydd8BcoKztpOpEVR4Yu6XnKdx9lctFD1H4Q2nSY1ajfHMnkncXaGPFnluuBkNOPXDU3DcRpQPusTNRtG3Oy3sY43G4Wyhext3vs/n9/+Z3Ssjsv0ZfZGUzfl8+erM1MZWVRGX0QijqWUMAacc9iKLywuCbwQKQvx/6hMb/bTuSX7B+UmHCzdAN4zNKWsGOsgOqsSr+fu/0qX7rXdIod837Uj++Xnuye0gW+lH2fqo6YyVSZrSOoJfR7Jbdn8VPAKjtKXKUqsTT6KMg/2NN97tO0BsnuVWrNcjU369Xyr7aQzCKRmqGQD4PuC3E5S+8mzS4nh3XtO5f1l7/E3kS00Wz8ZNty2ok9ra53DGDYlLjDCATVhY8TkvYFofq+yCBfWsv3rZApW60DH45MUxWkI4OXsH8Gkzhd0yBM546rqDagWZApYLHUmiaD4QDVWNoAPvcIdnkOVS5LbW3/OyHWhXJZQl2eNGCC889BE1xGVGOfvk4u9LNPDM44euOiE+G6RdGb7AYb4iaDhurvgCwNEfqFKGT4ZOukOtZtQKUX3Tm1FvhroP4Ey6FwNGsfVIXs0Ed9/8qoWSOz0Ks6oL6nhFCreOmGgLr6It9E+LcCEdVUlMpR9sGo+z/lTlKTI5OYSi6p4amun4dqFKA73c7uhVApyPdz4dOjgX1vrDO0X2gC21Pf4xKTUDFW1XK2pLyaQ5jdpJmqCNijO4qdA6LCpXgSZELc40vjKoGaIpKFt/N1+Caj+5X27RnEInEq0fLISDUC/T7c7GmmuU43K8TjO35bA2HW6T4DWkde08g94L+8DkTZcBbAcd+LxpxZiDYWv6Xn3eLr38G8saTDKo6aLaHk/fL9yfstWLlla8dClVGk/DvHY9WN3noEHUaQyYMPBGGLY5d5//E/QZJL2F/hPmDxb/VmZd+328sdjYwfoQnJXDWmudPzj3H8cGk2VmdUi7+YFGaoZNsWrg8IDlfupiMTzwACkHkt6e+2Yvlkhu6vksB8wh7cudweow6x+dBVZONmyb759WaSSE/art0J3zOsJN0m/K+vO0cGhMS0ufwmEngc91q3sRSZGPdOphjhCiZpzVbPYHXP3nPmHoHAF/x7Bkb3PtaPcPbe1YEQh4m0CNzpVwvqa2b+shgtR/58/yJoawMi52H7+e+yTjw8RzPtsOon37/iQ7b4NBw0betM3+520PC5pu4CTOVSPoT3NWPkbU4uHGqp1DB6C8MklxjIH6f3ruWZ8SX24ulNBvIWxGeiU/54G5nuoxu7W2zOYPZxKNr9TtLDS13tyvuvAYdEyNBxvzA8Muk3WSBMQaG3owWBCeOfTH951F9wGmv1BKc4uHU+OjM0efMMQUkuWkETr0+GKqLE4xMwj/71PVbaUsd+cr8HDHRIG6GbvNw5fGw7jxhcBALJfmYkGhRR+P9eZ57emx4L4OeeSzFCvJsqNTv9mNwVH2s80XJYTAbRiYJ7utI3Q== X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7447ee65-5528-433e-f353-08de2b4f2e49 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Nov 2025 11:47:01.7307 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: SaQm6jN074J1bnYILaueqPCZhqdpfTtuZZy4AFuzaeW1OCck6Diu9vwvgTSJEt7Db82k1ethaA7NhYg5YId0jnQQKvukPqFukpUl64K3eL4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA2PR10MB9116 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=QEEPUHel; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= From: Christoph Steiger Package python libraries for SBOM generation in isar. The packages are unfortunately not (yet) packaged in Debian, thats why we need to do it here. With these libraries it is now possible to easily create CDX and SPDX SBOMs in different file formats. Signed-off-by: Christoph Steiger --- .../python3-beartype/files/rules | 8 ++++ .../python3-beartype_0.19.0.bb | 29 +++++++++++ .../files/pybuild.testfiles | 1 + .../python3-cyclonedx-lib/files/rules | 8 ++++ .../python3-cyclonedx-lib_9.1.0.bb | 48 +++++++++++++++++++ .../python3-packageurl/files/rules | 8 ++++ .../python3-packageurl_0.16.0.bb | 33 +++++++++++++ .../python3-py-serializable/files/rules | 8 ++++ .../python3-py-serializable_2.0.0.bb | 38 +++++++++++++++ .../python3-spdx-tools/files/rules | 25 ++++++++++ .../python3-spdx-tools_0.8.3.bb | 46 ++++++++++++++++++ 11 files changed, 252 insertions(+) create mode 100644 meta/recipes-support/python3-beartype/files/rules create mode 100644 meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb create mode 100644 meta/recipes-support/python3-cyclonedx-lib/files/pybuild.testfiles create mode 100644 meta/recipes-support/python3-cyclonedx-lib/files/rules create mode 100644 meta/recipes-support/python3-cyclonedx-lib/python3-cyclonedx-lib_9.1.0.bb create mode 100644 meta/recipes-support/python3-packageurl/files/rules create mode 100644 meta/recipes-support/python3-packageurl/python3-packageurl_0.16.0.bb create mode 100644 meta/recipes-support/python3-py-serializable/files/rules create mode 100644 meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb create mode 100644 meta/recipes-support/python3-spdx-tools/files/rules create mode 100644 meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb diff --git a/meta/recipes-support/python3-beartype/files/rules b/meta/recipes-support/python3-beartype/files/rules new file mode 100644 index 00000000..0ca517a1 --- /dev/null +++ b/meta/recipes-support/python3-beartype/files/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = beartype +export PYBUILD_SYSTEM = pyproject + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb b/meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb new file mode 100644 index 00000000..b8bc2708 --- /dev/null +++ b/meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb @@ -0,0 +1,29 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +S = "${WORKDIR}/beartype-${PV}" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), dh-python, python3-all, python3-setuptools, pybuild-plugin-pyproject, python3-hatchling" +DEBIAN_DEPENDS = "\${python3:Depends}, \${misc:Depends}" +# this is 01/01/1980, any earlier and zip in the wheel building process will not accept it +DEBIAN_CHANGELOG_TIMESTAMP = "315532800" +DESCRIPTION = "Unbearably fast near-real-time hybrid runtime-static type-checking in pure Python." + +SRC_URI = "\ + https://github.com/beartype/beartype/archive/refs/tags/v0.19.0.tar.gz \ + file://rules \ + " +SRC_URI[sha256sum] = "e7ad00eebf527d60f30e0b391209b561dabd2074b608c50e26c94c2d8250a6cd" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + deb_debianize +} diff --git a/meta/recipes-support/python3-cyclonedx-lib/files/pybuild.testfiles b/meta/recipes-support/python3-cyclonedx-lib/files/pybuild.testfiles new file mode 100644 index 00000000..cc736a36 --- /dev/null +++ b/meta/recipes-support/python3-cyclonedx-lib/files/pybuild.testfiles @@ -0,0 +1 @@ +pyproject.toml diff --git a/meta/recipes-support/python3-cyclonedx-lib/files/rules b/meta/recipes-support/python3-cyclonedx-lib/files/rules new file mode 100644 index 00000000..fe72dd1a --- /dev/null +++ b/meta/recipes-support/python3-cyclonedx-lib/files/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = cyclonedx-python-lib +export PYBUILD_SYSTEM = pyproject + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-cyclonedx-lib/python3-cyclonedx-lib_9.1.0.bb b/meta/recipes-support/python3-cyclonedx-lib/python3-cyclonedx-lib_9.1.0.bb new file mode 100644 index 00000000..738ed1b3 --- /dev/null +++ b/meta/recipes-support/python3-cyclonedx-lib/python3-cyclonedx-lib_9.1.0.bb @@ -0,0 +1,48 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +DEPENDS:append:bookworm = " python3-packageurl python3-py-serializable" +DEPENDS:append:noble = " python3-packageurl python3-py-serializable" + +S = "${WORKDIR}/cyclonedx_python_lib-${PV}" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), \ + dh-python, \ + python3-all, \ + python3-setuptools, \ + pybuild-plugin-pyproject, \ + python3-poetry, \ + python3-py-serializable, \ + python3-packageurl, \ + python3-sortedcontainers, \ + python3-ddt, \ + python3-defusedxml, \ + python3-license-expression, \ + python3-jsonschema, \ + python3-lxml, \ + " + +DEBIAN_DEPENDS = "\${python3:Depends}, \${misc:Depends}" + +DESCRIPTION = "Library for serializing and deserializing Python Objects to and from JSON and XML." + +SRC_URI = "\ + https://github.com/CycloneDX/cyclonedx-python-lib/releases/download/v9.1.0/cyclonedx_python_lib-9.1.0.tar.gz \ + file://rules \ + file://pybuild.testfiles \ + " +SRC_URI[sha256sum] = "86935f2c88a7b47a529b93c724dbd3e903bc573f6f8bd977628a7ca1b5dadea1" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + cp "${WORKDIR}"/pybuild.testfiles "${S}"/debian + deb_debianize +} diff --git a/meta/recipes-support/python3-packageurl/files/rules b/meta/recipes-support/python3-packageurl/files/rules new file mode 100644 index 00000000..50e1b74c --- /dev/null +++ b/meta/recipes-support/python3-packageurl/files/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = packageurl-python +export PYBUILD_SYSTEM = distutils + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-packageurl/python3-packageurl_0.16.0.bb b/meta/recipes-support/python3-packageurl/python3-packageurl_0.16.0.bb new file mode 100644 index 00000000..27209429 --- /dev/null +++ b/meta/recipes-support/python3-packageurl/python3-packageurl_0.16.0.bb @@ -0,0 +1,33 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +S = "${WORKDIR}/packageurl_python-${PV}" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), \ + dh-python, \ + python3-all, \ + python3-setuptools, \ + " + +DEBIAN_DEPENDS = "\${python3:Depends}, \${misc:Depends}" + +DESCRIPTION = "A purl aka. Package URL parser and builder" + +SRC_URI = "\ + https://github.com/package-url/packageurl-python/releases/download/v0.16.0/packageurl_python-0.16.0.tar.gz \ + file://rules \ + " +SRC_URI[sha256sum] = "69e3bf8a3932fe9c2400f56aaeb9f86911ecee2f9398dbe1b58ec34340be365d" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + deb_debianize +} diff --git a/meta/recipes-support/python3-py-serializable/files/rules b/meta/recipes-support/python3-py-serializable/files/rules new file mode 100644 index 00000000..0cf845dd --- /dev/null +++ b/meta/recipes-support/python3-py-serializable/files/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = py-serializable +export PYBUILD_SYSTEM = pyproject + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb b/meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb new file mode 100644 index 00000000..5bc48c0f --- /dev/null +++ b/meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb @@ -0,0 +1,38 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +S = "${WORKDIR}/py_serializable-${PV}" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = " \ + dh-sequence-python3, \ + pybuild-plugin-pyproject, \ + python3-all, \ + python3-defusedxml, \ + python3-lxml, \ + python3-poetry-core, \ + python3-setuptools, \ + xmldiff, \ +" + +DEBIAN_DEPENDS = "\${python3:Depends}, \${misc:Depends}" + +DESCRIPTION = "Library for serializing and deserializing Python Objects to and from JSON and XML." + +SRC_URI = "\ + https://github.com/madpah/serializable/releases/download/v2.0.0/py_serializable-2.0.0.tar.gz \ + file://rules \ + " +SRC_URI[sha256sum] = "e9e6491dd7d29c31daf1050232b57f9657f9e8a43b867cca1ff204752cf420a5" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + deb_debianize +} diff --git a/meta/recipes-support/python3-spdx-tools/files/rules b/meta/recipes-support/python3-spdx-tools/files/rules new file mode 100644 index 00000000..ac87528a --- /dev/null +++ b/meta/recipes-support/python3-spdx-tools/files/rules @@ -0,0 +1,25 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = spdx-tools +export PYBUILD_SYSTEM = distutils + +# skip tests that require hard-to-package dependencies and tests that rely on relative file paths +# TODO: figure out a way to make these tests work +export PYBUILD_TEST_ARGS=--ignore tests/spdx3/validation/json_ld/test_shacl_validation.py \ + -k 'not test_examples \ + and not test_parse_from_file \ + and not test_annotation_parser \ + and not test_snippet_parser \ + and not test_creation_info_parser \ + and not test_json_ld_writer \ + and not test_extracted_licensing_info_parser \ + and not test_parse_file \ + and not test_package_parser \ + and not test_relationship_parser \ + and not test_graph_parsing_function \ + and not test_license_expression_parser \ + ' + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb b/meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb new file mode 100644 index 00000000..30d090a9 --- /dev/null +++ b/meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb @@ -0,0 +1,46 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +S = "${WORKDIR}/tools-python-${PV}" + +DEPENDS:append:bookworm = " python3-beartype" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = "dh-python, \ + python3-all, \ + python3-setuptools, \ + python3-beartype, \ + python3-semantic-version, \ + python3-license-expression, \ + python3-pytest , \ + python3-rdflib, \ + python3-uritools, \ + python3-ply, \ + python3-click, \ + python3-xmltodict, \ + python3-yaml, \ + " + +DEBIAN_DEPENDS = "\${python3:Depends}, \${misc:Depends}" +DEB_BUILD_PROFILES += "nocheck" +DEB_BUILD_OPTIONS += "nocheck" + +DESCRIPTION = "SPDX parser and tools." + +SRC_URI = "\ + https://github.com/spdx/tools-python/archive/refs/tags/v0.8.3.tar.gz \ + file://rules \ + " +SRC_URI[sha256sum] = "17cb0140adbaefb58819c9d5d56060dc6a70c673a854fa9bd882ecfa4e062a7f" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + deb_debianize +}