From patchwork Mon Dec 1 08:58:05 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 4685 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 01 Dec 2025 09:58:44 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-io1-f55.google.com (mail-io1-f55.google.com [209.85.166.55]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 5B18wf64012586 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 1 Dec 2025 09:58:42 +0100 Received: by mail-io1-f55.google.com with SMTP id ca18e2360f4ac-949356ff502sf266869139f.0 for ; Mon, 01 Dec 2025 00:58:42 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1764579516; cv=pass; d=google.com; s=arc-20240605; b=fpI3V8IknzIqxeUxrxQz6F0rRJRGtBg45BtM6cLre0j6lWwSY0LA2/0wE0I2hVabxX O5WxOtWcuT2usJp3A1Eo7ja/ZwQ4lyMIHF7EwfhI3dwAyZkdyndcqavQ5NhwYOLjYFWs z5B9/bomh1RNuAzDrdtbCo0yOyjpIx4wmdhDITMRK0mLP6k4sv8TFRcH7JCR6vyQFupT WrRBC07t52Aw4J8muSp99eBARjz1vMnOteTE9Juq4y1NBO4J7jyfR9Hq+inbN3y6xI5i WY5WeVhxVMuqBQbowitoie+Ufp6OdV377du7LaCsxkxGnmLlOxSsGu6DufoafMfpTn6b 1AVQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=XH/1rKEp/C1j8tS1EkyNhr6pcuPopxsSD0SXwOFarLM=; fh=hVHMD3NGApe6RiFx57u6huTbJe8iXXMi35ENUtjm4yI=; b=dZ+n3hKKQWzjyB5n42mHp3zkUuhFcEZmMmT2SmLYn92FgkUS5zHeUb6KPNyMQjI6qK EJxFZ0my5pfJHiRWDqE6OeVPCD/+10m949bXXQBAgdJogrKwxVDVn29fTBvcBLljbIdJ L1QsuUCr1bx7L8zGMZff4ZiCnENleJy05ryQf8tU4TG94DdYosCSZnEku7tEvAq0ldYH Knezql1badU4QUJur6xIIsX5547TFSc6zFiZ50jjovvzbW+RCq5ZsPAmIAX2yZfr181M /+bHPmQtgb6YyFifjJRYYPvzB+uuGXSA6F70MGi6QvG3VpKT8L1KpIv0JJnT9Q4cGHr8 4brA==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="L17/IrpW"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1764579516; x=1765184316; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=XH/1rKEp/C1j8tS1EkyNhr6pcuPopxsSD0SXwOFarLM=; b=Wj9zvpWQ/jAKmLU42itsNGvI6UEDB1gsXeJvFqstFgRv5T394gskdcF10H+Cq4SgY+ zZt97xmoNG+/UE8elZyyXvGGD3PaI5QQuWtYIadvHWb6ZmL7T+omIQQ2vSOT5kIYCkCH pukAFeONuoYDmEaHe8F/M9Zzf1TLVnPvCHA5khEWRNaUh9lIsR8lpyZCyYhkZjV8Iyyw fRDk2rABGHxHX2T0KgFjcy74XEfkGbWvrqpGqNb9SQIYfeTkj5IDtdNnb0o9OPb18UeU JvmLxFxgytJLQh+JEwUsKDFxHelBSN07vEXPhU88CIDwo1xDFUtvDmhG4GaKgleeVnB3 SzJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764579516; x=1765184316; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=XH/1rKEp/C1j8tS1EkyNhr6pcuPopxsSD0SXwOFarLM=; b=ehRsvVlE9XsUYnJ1GgAtIzDdFksreBWvaYxNsA/+oAkAygpCbyEPOw7L8HW6EwCjHX 8pojdAN9ETeoUlSSzsk8R3hYgip881jdSAynt2QKDdvhzOdlACEbfkxvr07BeTIFKbKi GlaijQDl4FugtseCn6Ll9ZK9d75YDsj16gT7OKvC8z72k17AVoYkCOkUtN3tAD8Hq9io EdEYPwINFylsm4hrX7KWME+tRCNxdouh4Dd4dsBG311TtC7qni89zMsHuWp3qSpKD+MJ zUCBcUNcH10rMAz7hZ6VjygaEAj7so+CoC6SBbO+jSy/+RNsqNYxuSQcusZB6Io0Zq14 Iu1Q== X-Forwarded-Encrypted: i=3; AJvYcCX56fLf89REMv8tnh/x9IKPAc4dssoCdssykytq//idd9viMjtE6VluismgEC4yzirwL+NIfPs=@isar-build.org X-Gm-Message-State: AOJu0YziDEK+lPi+iQwgX0kEO47gIV+FJL4tUgLNBEAmn/wMgO5GukMm V+VQ9zgA8V6HGPJK0tKoz1O+7no/bl9u66y0/Jkf7SWmmXJyztAyHeKb X-Google-Smtp-Source: AGHT+IEfz0ivG+Pa+3Y5sJiugUDHE3cncHkPNGQcMtPz93B4goWrkWuyivXepJDJXcdEuTATrQ023Q== X-Received: by 2002:a05:6e02:2167:b0:433:305c:179d with SMTP id e9e14a558f8ab-435b98d6d62mr352020845ab.28.1764579516397; Mon, 01 Dec 2025 00:58:36 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="Ae8XA+ad55xfviRqhtEeBYvaYnGQGAqpmD3xIjnDWNvvh3t40A==" Received: by 2002:a05:6e02:16cd:b0:42f:8af9:6cb0 with SMTP id e9e14a558f8ab-435ed49e85els25818505ab.1.-pod-prod-04-us; Mon, 01 Dec 2025 00:58:35 -0800 (PST) X-Received: by 2002:a92:c248:0:b0:434:96ea:ff55 with SMTP id e9e14a558f8ab-435b98ee9d9mr322974335ab.38.1764579515368; Mon, 01 Dec 2025 00:58:35 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1764579515; cv=pass; d=google.com; s=arc-20240605; b=cDXgowNqwzO8kv58s7rQe8dGQOf95hDmpJ8OsauhMLl8LqqI2yV9pmwn0NZXr2FNt+ wl6NNF2vdn4mhVz7YHtjMH7dYD2MUJ2rT3YT1U4xmJ1LHT+dduFWtGVhBp2ekHebC1Of oAPgglTojMpNALkB5ZeHetcGuo8yZmULxsKn/t/7X0zCuG1ig1pC/hASSb0YQOBQyqJm 7y7HXNyKlmrt08NeMrZQ6w3tjOyKUwLTIYLKOnThAz+AwGmbcRWbU/y+ETvh+RZcfPat PfZcPpApnAvqeisksKv9QCKt6APtf7fb2ET0Caxi+J6/LShW7QggwUoCMou+yoicxKPx 0bfQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=6M05J8cNSbyYYTZwjED5ijYHSbZzsHsJMOQkteSubbA=; fh=lXAfkm/bqUuMyEbZqDnRxjs+8+ouAkuxpMTPCNkgt6k=; b=MUzpx/Yjn/MqwRaRr73dBGaJt4j7cLabYjgwmVY5vmVRNNYBGe1eTSJeVEuF5MvEcT XNFryvA72WlNnMA+t4voAIJPSw2r/P626BTsBMs5m8LH+0+hGfrmgZWG7FDJRty0irYU RSBz7HJemg/KJf4yWwvg/dc8Xd0hV54ZcOWul4hqmcKIIHFrmzKDh3Wq9eoOFVIGIeDh 77ZwjmyzaVbO9jN0fMTm7RTdCqX3dWDJ5X9MFlfjy/UYwgspGeMwWMEM2NFtL1EhUwcH Y2OpoNsszK0f3sgLIDvYfCeTfMtNGqqXMoFlEWMNSbwGJL2IR3u39Vgq6bESgoDnz+1y qBfw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="L17/IrpW"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DU2PR03CU002.outbound.protection.outlook.com (mail-northeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c200::3]) by gmr-mx.google.com with ESMTPS id ca18e2360f4ac-949900023a4si26823239f.3.2025.12.01.00.58.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 01 Dec 2025 00:58:35 -0800 (PST) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) client-ip=2a01:111:f403:c200::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=SttTIYKSgvQDXFYmQqqqMg15F560nz+yV9m9Qebp74c6+klhLH7U4wOuHvBKTGGJesSYXAKNvta6RG5jEPCAmsFsvfhoi637CVaOWINiy1R23svkGSZUYBDtlWDn4OZqjgkCBKUBxuefxFsJ9k7BQb9tRkrqLAR1IHHNCz5YIxidZ4EcaZ/v804pLv+W6AsKnr+4KdgvamJp3q4xywdHIJ+Ye/jX+sUB9bH0A+uG+SAlcQUYWnS/xkazq2RE+zs62NKZzZYtFTTiH4reH2GB+AEG3DWDOY7Aw1/nMPsgWYHXcBnj2vrNYT9xM1EyWFuhrC9ySx2+00vZHTHd9tFZdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6M05J8cNSbyYYTZwjED5ijYHSbZzsHsJMOQkteSubbA=; b=DppbnWCTmb6s7m/Fs5VAcuNVPkBf8Bm4u/yEZLcCbsdAgb6HVp7NtWCwyWDe8eMAqzEPQAkrLmG2ExtOuDD5ImSEcqzCsbBfXzyIst1HECTAk0rKhdfgy6ErYP4PFJAkBeNwRiiBgWm30PGTFUUBP/KgUUuZc88Vq2E3peMKBndn5sdY4e2tozp8pxw06O+pPmyZhekwjlw78Zl5OdFgt4I2f1x7nh44Tjh11c06TsEmGKJ9YdsrcS+1ZjsN/GFT2mJ6VNRyKXMGcKukbV4gd3AmAPsctWsh0x0JcxjXIQItjPUo9oiXJ6v5XMF5W3zjTnwb2eeYSTYxiZHFrQLB4Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by GVXPR10MB8489.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:150:1e1::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9366.17; Mon, 1 Dec 2025 08:58:32 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::8198:b4e0:8d12:3dfe]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::8198:b4e0:8d12:3dfe%4]) with mapi id 15.20.9366.012; Mon, 1 Dec 2025 08:58:32 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: christoph.steiger@siemens.com, cedric.hombourger@siemens.com, jan.kiszka@siemens.com, quirin.gylstorff@siemens.com Subject: [PATCH v6 02/10] meta: package python libraries for SBOM generation Date: Mon, 1 Dec 2025 09:58:05 +0100 Message-ID: <20251201085813.1616095-3-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251201085813.1616095-1-felix.moessbauer@siemens.com> References: <20251201085813.1616095-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: FR5P281CA0016.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f1::14) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|GVXPR10MB8489:EE_ X-MS-Office365-Filtering-Correlation-Id: f63cf5d9-ac61-45d6-40ea-08de30b7cd8b X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|366016|1800799024; X-Microsoft-Antispam-Message-Info: CcTgp4wLYP2iVfuSB8HkP52f84OgP81ZPmJVtw0Dedl8s0phSQrRdhsjbtub5ccdFfXDcYlXghUBEEyL3bnvhKCBMQ/Qf1EQHw3MgQuB9XWHLqiUri/6EspLsLR7XkUFCiNxzKN8MG5lkDKBl/M2sVu6XSZCCZNd5jD8q6ZIB7IqWAewsqBIBGeM/TmRjzjBcEOWYvMDN3YIpYF6To4KbwFw+V0vkgeO45dwElg9xaSfRP8FSkkEdTtiliLxRHQXbfNK/2GWAUdvAe1CXvPoRO+0lvYwYVbsHyasgHUyditr3/M6KQLLyU7I5ttJnsG+1+ndm1yMMYO1w48hXFITJnJqRItVQjwCnITElpHcrdX8dijA+o2NJ9nIdjMMEZGh3CkHSEQYxDcPZRRrGL7DK9yY7ZAYGo1eF6vnZmq53Tf0T7R8XAAjg4bBspo55Let3NsV4lpMFqJ4mnFkpDhnADhBykzhHB8oIAD7bzeZX1myjZQOU7scVrPdLff/kSlBMVfIlhz/eoUoUnrsT4YNn9TQNRJmfiJwvItPMYn4Znd+2E6XqeL2/UQd97TuVEPl+QDDYmpxSEKu75WZccgsk8lZdzweukxJWW7B2ec6/MV1542yZpnlj6cKf1Hd7k9TCSJnKNKSDa8HNo3wAy3nzKXDL4DyS6KZ6U4QGNxXP1fmQAQKPDvPLEdnYrbay/8Vi5KP4MNOloBawLxe+wyuI4KtdBePlI9/5aXnHvWENKpBstqK9DdMeRhtfdgXsTc4k3X+vFuuZc5AnTSsTNYrDRBlQRZ9X7n7DZc5V6VVhRDOVSjO+pVafzJxnPCqWoijEUD0K3oaVVftSalXkMTZel1iPGM8btuhIX3uL6o3RRjzvAzyIt4Uk83jjR+xfhA6/ooCkaAtsRnHjRjtUTuLW/UWO/gL7S0F/A8IuVhTRap449hC/08AOdOUffhFfx/4OM7VLs0upyqNipIkRO2OSLkVDH6UUNuczV1l8HNhGUjx4fSAuruzMLj8vzaYwdNA0ihX52SBi1GV1X7C2lLW0JmzI8hHAYRkpmVwfA3jXpszSpE8D9Kv/JAsb8kSLKw7evRg1N7BUxCI+/I/LP5t3exwWo4UNN8DT/gbgxk2Jwd7DwYrT/mdzuQfr54PiRhKHLWU5OSnSOl5i5hnZ6YrpG0dnCjPXKucCXaQCAilx2e3K7D48EEipowKsrBnJrTXaEWuEM8YT2FJJCqDOPQjngTOU5nrocr+w1sfjPyhaObzXfmghPjDe3X0qsusUir8HdYQZus97HeCyUrEBb6KYhyRnvSafMoOGFUaq9hr43RvzafigbWDkIesza55Ikekw/zHsI0mjh2bnk4IXkDHS6n2ltH8coKk37LKBaiCCXo/T1pMvDnhpv9ZP5JEDeiLggBmtKbhrt3IwuTfubybDXVWEk0QL6gyHP5VMEHJWvR8Ky97iE1mwftPSLovqI6G/a5WIq4K+aZH0ZbNyuw3sw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: bkyiJPlMBCSZsuYjKecdcrBGsETxLgwKTEo7HI7irHwHVd3CFMgorSE/lFoSMNcyKoNpxSeG45fTMcSGuc//nNizI55cTZOPeo140IlwuuExe64uBgs7jogLcTPoPPuQCGBbarD0ujlhLBn929+IFojvW47zIX0jdD3IhCI5emJoMAcCy6irwB732eXKHczKHp7Sirm34F/t4UAdgYseF8zTwQVVfSsWUtF4T/SL/Tx6OYQWVUYmry1c2Ce6dALbtSuLIMt5QdHedtch0AfRKEck8BTGE+vtuKc4GPgC7/j1fKXQFLX/Q9y52w0DF2hC/giSHzBol3Ggy3DKMjS7cTdeJ3c9liEIZ2CE9Ab5jaNlfFta1vLCryUGHmUFYPWMADtB+lnPhpqSzIwl4Tb7XkUa8d6GPaohs7lZxXs+KFPXbKzwKX662q0qBXXYJ1/vBWkraQKSE2Ukx+FS8irVEHNRroB3bARSxXqhPQWX+TsIB5XHpIKcLjLA44s9Sp1shOTE5IfxnXTOgkJUA62P3K8b5mMT81P7qpAHPdbyi2oy/ZiMZD7A27cT7ZWNw26zW8mB98o4GCNDpfiwMefTYEyvhYFGJjRJXKsfk7KP/4ly4sB7ORfybRs8nonRQVRWvuYYTjBeRS6LHhdygylKLL7IEKRtv0hID73z8Atx/7+8OSmvkaCKvV8C0ZEVt10Q+NXyMiBrRVAphIrsFPWSfVhbYsC0H/CM90Jdz5RndfNpzs8pqcdNkyLrLxK3rPO4L46RvDKJrSp9DhdupzX7nfjokix7iQEnVH0LiN7vnQ5KPXUk9dDuvUu/POdKoP71YPTSGSR4qshJfT04Mj6VFDhyN6yj4qvQxcNgorHo9oA1PpTb9702a4PH8RHGi6INHwXwSeG17annD6rrVe9vgbVoT0CCQZezRku4xzNxzmtcp/MXEZy8IwPRtWhNE2rd0sE6zuJpbgmE8C+8Mbw2sc9pchDJI0AeWJ+zzocwHWmWZe3Vqr9bSi7K6yw59SoPxNrtn6SNB4tySlS3iwjYkBXPFn/fU2TIj5sku3/91ouvGXXk+LdYYbrfHFsRIRB2S32rUnonCXW1IM1QuQB0HB7jjLLrmEKB34KPBO3vXsDvwXLzZVWP5ilhBF+H1+G7fsPN9HWklgqkscPsb16rSH2+h4AnQpxOHXELb3Q638+vmIURmQvawRPyiHv47lePGM7n2vIbWOfvrJURT5iem5TMdqRp08lPMuuc7Uqqbn45YA0cPByZSynm/a9CDuzCnRb+6OY6jhxtMkVP4k84Z8KgjxUdFgpmcUiXqiVp1jMaf6C5H36JPBmVAVvXqqC9gbu9ZPwcCXZuVGQQbjZyHz3ZI/CS7URVGxh3DnZCeAdqTFVTV6m5oY2FoyZaC+nDBVN2//n3TaZ7yCnSc95rg4nmKr0n/V3iXX5R+GMoZyBiKShLRID1DsHoXJdVf56424OPVqhwSSPEzG3wdGCbMvL2ZlbFGX7xSq6ibnNEV36z1Ns/AgHS+1QtauUvAX49YbT97goLdCGFAQf7kaNM8Tl7vZtyPXZTz04KNmD7IZ1rc7hlO4/UGxLRlSZWT0j5DxihruPd77NsHxp3MJIx2w== X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: f63cf5d9-ac61-45d6-40ea-08de30b7cd8b X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Dec 2025 08:58:32.2716 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: RCAIzWHJfv7oEfuFxfFsIDf4sPRghN7jR7SBnYCzXg31eKQu5VQ+MPAf/Yt2rDKhfKjiYf7BMk+zxhbjzI11Zrr8utdOT/Edf3cHs3ey7NY= X-MS-Exchange-Transport-CrossTenantHeadersStamped: GVXPR10MB8489 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="L17/IrpW"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c200::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= From: Christoph Steiger Package python libraries for SBOM generation in isar. The packages are unfortunately not (yet) packaged in Debian, thats why we need to do it here. With these libraries it is now possible to easily create CDX and SPDX SBOMs in different file formats. Signed-off-by: Christoph Steiger --- .../python3-beartype/files/rules | 8 ++++ .../python3-beartype_0.19.0.bb | 29 +++++++++++ .../files/pybuild.testfiles | 1 + .../python3-cyclonedx-lib/files/rules | 8 ++++ .../python3-cyclonedx-lib_9.1.0.bb | 48 +++++++++++++++++++ .../python3-packageurl/files/rules | 8 ++++ .../python3-packageurl_0.16.0.bb | 33 +++++++++++++ .../python3-py-serializable/files/rules | 8 ++++ .../python3-py-serializable_2.0.0.bb | 38 +++++++++++++++ .../python3-spdx-tools/files/rules | 25 ++++++++++ .../python3-spdx-tools_0.8.3.bb | 46 ++++++++++++++++++ 11 files changed, 252 insertions(+) create mode 100644 meta/recipes-support/python3-beartype/files/rules create mode 100644 meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb create mode 100644 meta/recipes-support/python3-cyclonedx-lib/files/pybuild.testfiles create mode 100644 meta/recipes-support/python3-cyclonedx-lib/files/rules create mode 100644 meta/recipes-support/python3-cyclonedx-lib/python3-cyclonedx-lib_9.1.0.bb create mode 100644 meta/recipes-support/python3-packageurl/files/rules create mode 100644 meta/recipes-support/python3-packageurl/python3-packageurl_0.16.0.bb create mode 100644 meta/recipes-support/python3-py-serializable/files/rules create mode 100644 meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb create mode 100644 meta/recipes-support/python3-spdx-tools/files/rules create mode 100644 meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb diff --git a/meta/recipes-support/python3-beartype/files/rules b/meta/recipes-support/python3-beartype/files/rules new file mode 100644 index 00000000..0ca517a1 --- /dev/null +++ b/meta/recipes-support/python3-beartype/files/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = beartype +export PYBUILD_SYSTEM = pyproject + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb b/meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb new file mode 100644 index 00000000..b8bc2708 --- /dev/null +++ b/meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb @@ -0,0 +1,29 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +S = "${WORKDIR}/beartype-${PV}" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), dh-python, python3-all, python3-setuptools, pybuild-plugin-pyproject, python3-hatchling" +DEBIAN_DEPENDS = "\${python3:Depends}, \${misc:Depends}" +# this is 01/01/1980, any earlier and zip in the wheel building process will not accept it +DEBIAN_CHANGELOG_TIMESTAMP = "315532800" +DESCRIPTION = "Unbearably fast near-real-time hybrid runtime-static type-checking in pure Python." + +SRC_URI = "\ + https://github.com/beartype/beartype/archive/refs/tags/v0.19.0.tar.gz \ + file://rules \ + " +SRC_URI[sha256sum] = "e7ad00eebf527d60f30e0b391209b561dabd2074b608c50e26c94c2d8250a6cd" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + deb_debianize +} diff --git a/meta/recipes-support/python3-cyclonedx-lib/files/pybuild.testfiles b/meta/recipes-support/python3-cyclonedx-lib/files/pybuild.testfiles new file mode 100644 index 00000000..cc736a36 --- /dev/null +++ b/meta/recipes-support/python3-cyclonedx-lib/files/pybuild.testfiles @@ -0,0 +1 @@ +pyproject.toml diff --git a/meta/recipes-support/python3-cyclonedx-lib/files/rules b/meta/recipes-support/python3-cyclonedx-lib/files/rules new file mode 100644 index 00000000..fe72dd1a --- /dev/null +++ b/meta/recipes-support/python3-cyclonedx-lib/files/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = cyclonedx-python-lib +export PYBUILD_SYSTEM = pyproject + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-cyclonedx-lib/python3-cyclonedx-lib_9.1.0.bb b/meta/recipes-support/python3-cyclonedx-lib/python3-cyclonedx-lib_9.1.0.bb new file mode 100644 index 00000000..738ed1b3 --- /dev/null +++ b/meta/recipes-support/python3-cyclonedx-lib/python3-cyclonedx-lib_9.1.0.bb @@ -0,0 +1,48 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +DEPENDS:append:bookworm = " python3-packageurl python3-py-serializable" +DEPENDS:append:noble = " python3-packageurl python3-py-serializable" + +S = "${WORKDIR}/cyclonedx_python_lib-${PV}" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), \ + dh-python, \ + python3-all, \ + python3-setuptools, \ + pybuild-plugin-pyproject, \ + python3-poetry, \ + python3-py-serializable, \ + python3-packageurl, \ + python3-sortedcontainers, \ + python3-ddt, \ + python3-defusedxml, \ + python3-license-expression, \ + python3-jsonschema, \ + python3-lxml, \ + " + +DEBIAN_DEPENDS = "\${python3:Depends}, \${misc:Depends}" + +DESCRIPTION = "Library for serializing and deserializing Python Objects to and from JSON and XML." + +SRC_URI = "\ + https://github.com/CycloneDX/cyclonedx-python-lib/releases/download/v9.1.0/cyclonedx_python_lib-9.1.0.tar.gz \ + file://rules \ + file://pybuild.testfiles \ + " +SRC_URI[sha256sum] = "86935f2c88a7b47a529b93c724dbd3e903bc573f6f8bd977628a7ca1b5dadea1" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + cp "${WORKDIR}"/pybuild.testfiles "${S}"/debian + deb_debianize +} diff --git a/meta/recipes-support/python3-packageurl/files/rules b/meta/recipes-support/python3-packageurl/files/rules new file mode 100644 index 00000000..50e1b74c --- /dev/null +++ b/meta/recipes-support/python3-packageurl/files/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = packageurl-python +export PYBUILD_SYSTEM = distutils + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-packageurl/python3-packageurl_0.16.0.bb b/meta/recipes-support/python3-packageurl/python3-packageurl_0.16.0.bb new file mode 100644 index 00000000..27209429 --- /dev/null +++ b/meta/recipes-support/python3-packageurl/python3-packageurl_0.16.0.bb @@ -0,0 +1,33 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +S = "${WORKDIR}/packageurl_python-${PV}" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), \ + dh-python, \ + python3-all, \ + python3-setuptools, \ + " + +DEBIAN_DEPENDS = "\${python3:Depends}, \${misc:Depends}" + +DESCRIPTION = "A purl aka. Package URL parser and builder" + +SRC_URI = "\ + https://github.com/package-url/packageurl-python/releases/download/v0.16.0/packageurl_python-0.16.0.tar.gz \ + file://rules \ + " +SRC_URI[sha256sum] = "69e3bf8a3932fe9c2400f56aaeb9f86911ecee2f9398dbe1b58ec34340be365d" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + deb_debianize +} diff --git a/meta/recipes-support/python3-py-serializable/files/rules b/meta/recipes-support/python3-py-serializable/files/rules new file mode 100644 index 00000000..0cf845dd --- /dev/null +++ b/meta/recipes-support/python3-py-serializable/files/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = py-serializable +export PYBUILD_SYSTEM = pyproject + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb b/meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb new file mode 100644 index 00000000..5bc48c0f --- /dev/null +++ b/meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb @@ -0,0 +1,38 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +S = "${WORKDIR}/py_serializable-${PV}" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = " \ + dh-sequence-python3, \ + pybuild-plugin-pyproject, \ + python3-all, \ + python3-defusedxml, \ + python3-lxml, \ + python3-poetry-core, \ + python3-setuptools, \ + xmldiff, \ +" + +DEBIAN_DEPENDS = "\${python3:Depends}, \${misc:Depends}" + +DESCRIPTION = "Library for serializing and deserializing Python Objects to and from JSON and XML." + +SRC_URI = "\ + https://github.com/madpah/serializable/releases/download/v2.0.0/py_serializable-2.0.0.tar.gz \ + file://rules \ + " +SRC_URI[sha256sum] = "e9e6491dd7d29c31daf1050232b57f9657f9e8a43b867cca1ff204752cf420a5" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + deb_debianize +} diff --git a/meta/recipes-support/python3-spdx-tools/files/rules b/meta/recipes-support/python3-spdx-tools/files/rules new file mode 100644 index 00000000..ac87528a --- /dev/null +++ b/meta/recipes-support/python3-spdx-tools/files/rules @@ -0,0 +1,25 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = spdx-tools +export PYBUILD_SYSTEM = distutils + +# skip tests that require hard-to-package dependencies and tests that rely on relative file paths +# TODO: figure out a way to make these tests work +export PYBUILD_TEST_ARGS=--ignore tests/spdx3/validation/json_ld/test_shacl_validation.py \ + -k 'not test_examples \ + and not test_parse_from_file \ + and not test_annotation_parser \ + and not test_snippet_parser \ + and not test_creation_info_parser \ + and not test_json_ld_writer \ + and not test_extracted_licensing_info_parser \ + and not test_parse_file \ + and not test_package_parser \ + and not test_relationship_parser \ + and not test_graph_parsing_function \ + and not test_license_expression_parser \ + ' + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb b/meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb new file mode 100644 index 00000000..30d090a9 --- /dev/null +++ b/meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb @@ -0,0 +1,46 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +S = "${WORKDIR}/tools-python-${PV}" + +DEPENDS:append:bookworm = " python3-beartype" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = "dh-python, \ + python3-all, \ + python3-setuptools, \ + python3-beartype, \ + python3-semantic-version, \ + python3-license-expression, \ + python3-pytest , \ + python3-rdflib, \ + python3-uritools, \ + python3-ply, \ + python3-click, \ + python3-xmltodict, \ + python3-yaml, \ + " + +DEBIAN_DEPENDS = "\${python3:Depends}, \${misc:Depends}" +DEB_BUILD_PROFILES += "nocheck" +DEB_BUILD_OPTIONS += "nocheck" + +DESCRIPTION = "SPDX parser and tools." + +SRC_URI = "\ + https://github.com/spdx/tools-python/archive/refs/tags/v0.8.3.tar.gz \ + file://rules \ + " +SRC_URI[sha256sum] = "17cb0140adbaefb58819c9d5d56060dc6a70c673a854fa9bd882ecfa4e062a7f" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + deb_debianize +}