From patchwork Mon Dec 1 08:58:13 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 4693 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 01 Dec 2025 09:58:49 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-qv1-f57.google.com (mail-qv1-f57.google.com [209.85.219.57]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 5B18wmNS012720 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 1 Dec 2025 09:58:48 +0100 Received: by mail-qv1-f57.google.com with SMTP id 6a1803df08f44-882376d91besf108250006d6.3 for ; Mon, 01 Dec 2025 00:58:48 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1764579522; cv=pass; d=google.com; s=arc-20240605; b=e0LBwi4C6nRaWNGA+uwA+JTGVc/lyrsxihnKSMU7LiMhUqaAscDbozFk4hwmDxLPS2 eqmW/QVNDoBq+coiNBjXoESLKJCes3Mw+dJRfI1n3OzVuMpNdC/7zXvsxDPH5eN3iAkc X2cipaO0OWhIfe5pcWSTQ691nRgbI+lU9UHT+EHqf6bPTPzjyyN5XhsAkF7BQw+3zaF8 Lmaas31+6DZdk5Q0ZZCieQYM8M2DaZb3VquppGwm/GaTOzG01WG8DSug9XogzPkgY7yD DSQJJ04aYkdMBYViiqFbFTkVbQECeYXS64+zQ8J/ilaHF0fAusmLgBpDwV2r0H4W3jWg nHHA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=+YN5OadmWicDaHMVum5f0qUp2G59B3c+0u0Vszo9WAs=; fh=Bx5J2ynzkJ/OwWk57p8FRFKofETenvrpoMJkwxsULwA=; b=cVKNKlTSCU2k+Ua5O+SCq/v8i2rXW7Eky/oQjYuhl9JVd4oVD37Wyk0R2uycGasvF5 zmVWIFTOXWXuiwvjar0Nn9lvsX7AXyBW4bhvrqEAom3gjJIM9TzClM0d8iEPtLCqp2Ak YT0cgHIrKT+8+y1PPpYZXIZRW+0M/agKG9Vofu7SQDDmfc9mgoxNdPvdMFAyhpzNTkxK QTt6g2uUeVpiqTmBrCODthFePSgCeceVcASlyM43Tpy2Ae1ubNeg0Dky4v12kFBe+Bey qvDrESjTLwH9AYCxN/kvaT0/ngQfflw2uyQizPr0f+eMExcGnN++nurZvZr4KYIG339J Bzwg==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=f8fhtHXM; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1764579522; x=1765184322; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=+YN5OadmWicDaHMVum5f0qUp2G59B3c+0u0Vszo9WAs=; b=Gx0VzRO6BURxsSAGTkhtMyuywrpKrxL3btdZQ4+f6WPrUd1vgGlo2bo8ecHslz4rAs VR/BAeG3HShAN8wo6Xe6MY/gt75EoqFlfndpkMlKl/lvHquqW+sb7B1NkiPeEShzv9JL PX/9s0xLGcXMJw5OR1cuSWCkwXhB3eqg+JqSotEbsDNX/XWH8gjFOjePJqDwMF1ZL3Vn u7MqIx2/5ogQFeEsOn/bfuwDWFb5OQdEhDOP3WIRM4QhxVxuZ8dCMg/205dU4lQ2aIrk MH17dTfAYch3+IB/zsFvA9Mi3i+BhQZnFC7Un8ps06TS2bio3946rceuVGtvYuURYV22 euXw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764579522; x=1765184322; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=+YN5OadmWicDaHMVum5f0qUp2G59B3c+0u0Vszo9WAs=; b=qeekSjNHmTD6PKxJ6nTWeN9BMR+53Hmpft7Ig2uCfaP4C0zH023FDCbUbpQlTEPxaX 18gfHqMPaC6I6DS4LeYG2Qt770QwFm/29AsqpeXNY3o0IKrBhmBl3/Sm0dEtqwsHL7Ww dphP8EiznsFM76BJ5vqcKW9EcrjicrIlNnY+4ol4oztvRhKuTSvo/9fEbzZ7r6pXiKY6 sLzpRBy43EweSx6WwBnak6iFJIOxbf2pR+zdTjzRnKw1LeNlPumKdY8Ka159jmu3uH4M pCXCmJq+m866CAEQqg2w0Sel8XodyqNI7pRlzzNDw972CgYa6qREnT8DBVS5vssglxX8 +jWQ== X-Forwarded-Encrypted: i=3; AJvYcCW9XcbfKZLL0ngxSZDVLF0mnNaoKpMKEJhDwk9ZeGE4hOm7FzeyhXDhsC1WVUFVtNasAMmuG74=@isar-build.org X-Gm-Message-State: AOJu0Yz/O8G9AxtQNsSEkgIJAORodMfe8iW6w8hyvLeZGTVWXQCmeXQC NpqeAwRNb6yIGYYilRlm3z4VGwSu0AkPCHvSsF8EhvF+oUS3R2FB9Z0r X-Google-Smtp-Source: AGHT+IGcA8cAIu2L87NZ1Rx549wTjKnnbWNw4DuFnJMldDebH/4+VmVOnWfJtF5HGpfgim1GpmmCrw== X-Received: by 2002:ac8:7c43:0:b0:4ed:b1fe:f87f with SMTP id d75a77b69052e-4efbda3957amr369765751cf.20.1764579522301; Mon, 01 Dec 2025 00:58:42 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="Ae8XA+bYJ7jCR/Cr2ZIcAdkgeM3ziHHPw4yRZvAs0e+nMrOydQ==" Received: by 2002:a05:622a:2d4:b0:4ec:ff90:36a1 with SMTP id d75a77b69052e-4efd0492f20ls96501861cf.1.-pod-prod-09-us; Mon, 01 Dec 2025 00:58:41 -0800 (PST) X-Received: by 2002:a05:6102:6c9:b0:5db:32dc:f05b with SMTP id ada2fe7eead31-5e22446490cmr9684771137.42.1764579521507; Mon, 01 Dec 2025 00:58:41 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1764579521; cv=pass; d=google.com; s=arc-20240605; b=G8v2O9wJRycxPj4rjCrR7qFBqaeFVQUPNOd6bMzVz/G3h1IygsBUX9ggJXPJmhFA2T KWkY3q8W2oMsFGg52Fd2EXuOp1ss4ZZwDcptaCnE7bNbl+LSe//oFhnrXQb4IKSd2MxO kHWDFaHt7gA24doCFJIRbYHXbKqWZfxa1ApOF7javlmkHpAZr79j9yhVR4Hdbw1f67ss pL2a6ayocPEVUy2nW3oKOm8+4j79gCqJVnMdO+niiCs2byn8URxnxvB57NRRfE4u1d6z yWqitg70AJ+7UuCpSPawFZQ1Ti4Q+wqzy2VXumFNtkL8J+0eZX6qcH3Jus472DawTDOe Yj9Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=SmU/8gC5EUv1uyFYD1v8Hu71ZaXjyH3m2mqru/SUfuI=; fh=YgHcU2amhotomeH1Rv2VyUlgPjm8wpulXwrBvcHF4rI=; b=eOt/P3Y66vb5Ggj1BvMpaRrYLod/UTtNsgX67sXTWfKUM32XTSt9zfZsYGKmdYDZeX onIQ/4+PMZpPKEemWADb5XBAEsuiH9D0JWqr4iKUAp7CvWU+eYTsuFbYcg2l6SkaTauI u89fTB8mWwI/8vFssgtORlNCTfvpNEVGvefzAb4rEsEjQsuwRg8XDku/kTnrdHPmo/8t tfhmPj4n+5d3kuYAMapqRdE8rsXmKmQgGyGo7c3ZYOgWZGgIrC8JD9O0GbnLa9OSQFrl 5uQNaDBU8+YxZwUe74j3iJGe1FOMTdnbyVF1exfi5WeWNsKF5tKf1Ojf3UTefmOcnSRn hWXg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=f8fhtHXM; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id a1e0cc1a2514c-93cd69b7192si200792241.0.2025.12.01.00.58.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Dec 2025 00:58:41 -0800 (PST) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=xguR2zz2oiNY0nhOq3i5B+H+PZ9OUBZOVX8VZyrcj6pEwGZbFqZC8e7gQFTOTCEjyaxXGwSklHwa/JXuFGHJ62Rb+jQiql7xopwSh43yC/gvlZVngw+nI4+DBFBTHs85XiWl/0FzX9rTP1kEwC50lZM047qLALISNlhIW2yjbDxBKMhw4FS69zlFdM9R2uKv7HVOshU4bRvqsadbkchSB7DTHjWjm9nhdEKlealdMAlrSU8saLC7LJc4NHdarte+ENXA6WJq+cVF9/5todgM4mWp8o9nBS4+pVw2qFyBac3KBbNJ6KImf2LEwBIrBvS1aS8DEhfc1EmRW3Mnn78/nA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SmU/8gC5EUv1uyFYD1v8Hu71ZaXjyH3m2mqru/SUfuI=; b=F7vmRw9SPxPEnO9413ZueDFApQcOFFCW55DjarwsutVtp9c/SIpzX9DpJSslpOytttrLdeDm6/xzZXBtbe/ZtWX9SXtC9bdVh72lEgmisAb2lMywz+z63jwJXlxcu6CZoZIVs/L+P1+b7V9XAHpeuA/UUMl321IbFUCbwoELMoVa2+fGeTC3J/TLSIF9VwOsqVNXZdY0ZUwMc1fR/hR8gTOqr+RVeecV3C/5508JlyBvJBSmGUJdfTzYO6Wdo7ZsGhMSm+zBJ6MvvJg0gSjhLVLQKtRSIbdbP6UblG/uOhyML2hXKcPrIDfGAedsCt7mHViqwwclzFYrLfXzSCbg1g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by DU4PR10MB8880.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:55d::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9366.17; Mon, 1 Dec 2025 08:58:37 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::8198:b4e0:8d12:3dfe]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::8198:b4e0:8d12:3dfe%4]) with mapi id 15.20.9366.012; Mon, 1 Dec 2025 08:58:37 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: christoph.steiger@siemens.com, cedric.hombourger@siemens.com, jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v6 10/10] wic: create uniform SBOM describing all image components Date: Mon, 1 Dec 2025 09:58:13 +0100 Message-ID: <20251201085813.1616095-11-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251201085813.1616095-1-felix.moessbauer@siemens.com> References: <20251201085813.1616095-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR5P281CA0016.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f1::14) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|DU4PR10MB8880:EE_ X-MS-Office365-Filtering-Correlation-Id: a983672a-a91e-4f87-1617-08de30b7d0a9 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|1800799024|376014; X-Microsoft-Antispam-Message-Info: MNlcqkDpCdUfKIU0VCH0oM1YYkuBSx2XZrhqnjfOFnBJARXuwgM12JTIMkvmHyOMXCwc/d4j/Q36gvt/g48uMU0x5ItOGzoxuv0CNUVdLX8uBsfAWLDQYBOfBUYcPEpqd0qtlJBkCIC2SQAzZb1pSsRK0nKHLfZj+xQ1O4k/1/1TV3nvl7+GttK4SjaQmuDh3Zz3sFa17msMxYTxFD7q/BESoAWxrCHZmDN06KywigX7YDclUxDGom/K7pc+bgWRptMxRYxVMzM4b1HepiQO/3OVf0zx9HWp8HOwVg4EqdNsAyOoJUASqoYnNo2P4ipkGp6NuFBwXeTNWU4iKQ8SAH4IO4HOGQ9WS6zAmcAJ4o8+jGWf0wt8FKMQwr9/ByYMVyprmq2L7dB9jQS7jz/0ycBxB24+WA5eQaaxnsiA5ScFlYwFV4Lm7XPGZybx70VK/k66MYU/z7TcDR9IAmF2jiupyQRO7W9vtpSZ6VanmsjKX9/3cC7E36D6HiM3GwMjoOS9hlkq82QzsjThAliMo9T4vx0qB7G16iuoje4vuptSqAewvWt+6PFdgrD0dNrluj/loz7cFSQOhVr9/tpvZvwE5vp+8HCXuwgjA6vyPOl6dXiVJkS2uVFx6feaO2iXikQ0OKd9wOa4Q3ZMpAPiAq7dHeb7qOOhGAh29j30m8lvVxna8KAmmEYSeGIcXQzr66LiWlbWSLfax+ChOioG56wYmh0YpUhRcf/tekHs/uMQ/aOGMG8rAbKqYjuHgq2dXUVP5Wol6arQjz4IcXi3KmLEjRGKtXDSCgjoXIVk43IaFKLvwKg+23Xf6BpTbzQI3i6hYq3ESvpLT4YXESi1EvD+92DLMGbxDnualeRdMkmTaAU/akAedZjICHiGbQryahXRIAEe7GjWeNr6VDR5zy0HVnPqJZZfx06ae2ptsEPdoJvgYkapN54jza2yHX3e6aFUA0fgTvb0Agay2ZrmXwRTTY1BvClABqDBg3zzY9YbHbG+R9VtG7b62YvyoR4fnNAVuptLAFbzAlzkGUVqU0GxcNZ3J38m4UKetbfAk1b6bG+tqXDEzmPIW/zbkJjO51JL3DOoXfX4NKWRwtNYfEtAxS5mbVIO6x9fRN0e/zkLJraJlUnhRpDuHE6c8ALnkccbjdxloXZlufioPYvto/NQ8cZunkxD0XL2aPst2vSbxeUC0BI22tMLzZREMM7D2Xl6dKUs3a6kODxsLgmcUOTrjzFH/HP/kz7pHX3JRvld4k2iH6qKJ3d/AQJWLJTZiMI7zIYgsZDfSOZzDRVHXrR6ixfNyvF8AeU+OxjXon8dvmBNt/m3cuTxbf9ecoMyypalS3LDak6hcXP/RANZiqvN/7Gv4oKS6AEYI5A0TS9L6ZiBpV1r8otKrNN7bt+QJie8sO70ViDVRwAUFCH85OJYW/9rVM70VK0nJ3IpOq5qwBkY5PhhEGY5D2ERYPGX X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: y/poFfHX3Hcpy20VAU9RzivFZH3LCewyDzgDCSPTJoBnGhugHBEadRCjEO6axmm0pGPzyLRP82LZ8LzYSU0tB4Z/X5DurvMcIDlmz/9Q45MeG63NnUSXMr46l8mf4VFEswoJWiBWp7TRi2hQER/vQ/072T/9dZwUpN/Fz3Y/ZG8APWn+KVUrBUuD/Je5rCV9ZJoFcmXzHS+q57U25iphyYgt0Yw4xdqptEURSwI/UJzQPwKN3ZO5GhztLlKMjOKDrTH5NZLdnaGz06bYxqiZN5YwYFbFn9YCzKQp91yZagZ3qjd9IhN172rBCKODKR9CfqIcd4z0qBbrRo8/VDC7J/sus/LDdGMJyb/O866uxkwS8EttDmtMYVFaMKboBla4ZinHEHU7D9K56npLt9TeQpYFS18yxbq8lSIJeXr0bC4VBMjxKs1czNaEuJlk1habz8ioZG1E5BhLY9G5XnG9yattH3fe8hAJ3fOzO69EIiF2lMTF6BvdCPBOgjHPpB3NtRc7M9ucwG0VVJX0KKYdQ6qd6piaMkzWDLWmbEa/dRdo/by9sUdOoOXNPZWyD+j11A/uZEBtyNLgOgAqhYoKvh3hdEeakl1N+vQQDKnGw1XJxOY+Z1cEEekXTU+FWjsYMGUapxgHFgXrapMaEGZ9TFEnrzzwQNMsVXQ24DVz1pingaMAr1VnVINbbKXIIVEt5npiio54B36m/ftxrV7xf1WgJPZ/qudnOjeBRUTiFnghbUMpSQw9AkXfCmVMqhxyDJMalAlvfUZSVzqwPoH+gkKxHExZpeg01QtATKmI6v1pmGQWUhTK8yN+Nz36aeI3jjUmP33A++tl9ZIJjjTXbaLvoD9EH+qXmelm4j4uy07tAVgG32fD2434bKlue0IQ97SXLyLeIoZKoFrEF1G3rZsI1ZNd4SptjcDdKrO/ZXMw2phz8/39loaCcgmxZ+fID9Zh4a4hZABp9hVmHirS46QORhsXGYROZwKCwYLdMrPR4GmHOaXRLxsrPMT50kBq/lyyCcOJqZVHteQH2VtXOQh8iRv1hxcXid7dHUr4jAvVm2E9nLHG1nN+IML1Z7hzAX6JUoKshrI7VGtyC2rMOtp9TDWX9ymoLVt4QBXCvin3hRMJpl/8iRh3jMiZ3bxDD05yDBPvXFLMqO8wGUOEAUnQUXx0Y1CiI847zA2J9pNAzWGe6Uc4+wwROJWTMCZBANdWksZFxDl6bsVBG1RZT0SUYEVBwnhkh7VcHPDGbSpnsYWgWmMMbdBxHaUUNycLJdQW6n0K3GgK+RuIj0svuzjXGs4hcX6E4eUecpsfsIG5DgOLwkR2rPokalpp2pwNQ2435uqciz7l8+MRYQ7o9mgQdi/XP+cE8nnXQ8sihqcIlaSovJtQZDRh9up5KCvXQRQpyVwVCajTjbts1gnXcFK08YRtaz5ocE4i3p2JtDvLy1WMup47cLrghWAom0Eav6y7j1Z0n+/hgtI7O6HNbRvk5QI5mG+Sw65KNwWiD3ZAA57511allY7l1qXOMpapWMXa6jp6Y2OS7mnRxgYPbW0mh6a0GlRSKUeQ4HFbKZFKyqvWRnh71ZOKy6De9qKQpjtvZUOFjEPTnuIeTuUAzw== X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: a983672a-a91e-4f87-1617-08de30b7d0a9 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Dec 2025 08:58:37.2892 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: z+eAU+rpoTcUdP5FOVSHM4ow2jW+AfhRieHHAEygJJWGxm4zCrygbB7DUcWEPidXdF5odqKifzPYcT8j6lpSGEpWIbx/EDTV4uQms3ppxeE= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU4PR10MB8880 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=f8fhtHXM; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= A wic image consists of potentially many different components. All these should be covered by a single SBOM. After creating the wic image, we collect the individual sbom files (rootfs, initrd, imaging) and semantically merge it with the debsbom tool. The merge SBOM is then deployed as .wic.(spdx|cdx).json next to the wic image. Signed-off-by: Felix Moessbauer --- meta/classes/imagetypes_wic.bbclass | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/meta/classes/imagetypes_wic.bbclass b/meta/classes/imagetypes_wic.bbclass index c75d481d..fe31e4e6 100644 --- a/meta/classes/imagetypes_wic.bbclass +++ b/meta/classes/imagetypes_wic.bbclass @@ -201,4 +201,29 @@ EOIMAGER ${DEPLOY_DIR_IMAGE}/${INITRD_DEPLOY_FILE}.manifest \ ${WORKDIR}/imager.manifest 2>/dev/null \ | sort | uniq > "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic.manifest" + + for bomtype in ${SBOM_TYPES}; do + merge_wic_sbom $bomtype + done +} + +merge_wic_sbom() { + BOMTYPE="$1" + TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) + sbom_document_uuid="${@d.getVar('SBOM_DOCUMENT_UUID') or generate_document_uuid(d, False)}" + + cat ${IMAGE_FULLNAME}.${bomtype}.json \ + ${INITRD_DEPLOY_FILE}.${bomtype}.json \ + ${WORKDIR}/imager.${bomtype}.json 2>/dev/null | \ + bwrap \ + --unshare-user \ + --unshare-pid \ + --bind ${SBOM_CHROOT} / \ + -- debsbom -v merge -t $BOMTYPE \ + --distro-name '${SBOM_DISTRO_NAME}-Image' --distro-supplier '${SBOM_DISTRO_SUPPLIER}' \ + --distro-version '${SBOM_DISTRO_VERSION}' --base-distro-vendor '${SBOM_BASE_DISTRO_VENDOR}' \ + --cdx-serialnumber $sbom_document_uuid \ + --spdx-namespace '${SBOM_SPDX_NAMESPACE_PREFIX}'-$sbom_document_uuid \ + --timestamp $TIMESTAMP - -o - \ + > ${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic.$bomtype.json }