From patchwork Wed Jan 21 15:07:19 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "MOESSBAUER, Felix" X-Patchwork-Id: 4811 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 21 Jan 2026 16:08:01 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-pj1-f56.google.com (mail-pj1-f56.google.com [209.85.216.56]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 60LF7x0J004146 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 21 Jan 2026 16:08:00 +0100 Received: by mail-pj1-f56.google.com with SMTP id 98e67ed59e1d1-34ab8aafd24sf676254a91.0 for ; Wed, 21 Jan 2026 07:08:00 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1769008074; cv=pass; d=google.com; s=arc-20240605; b=XlBujs+o482ZYnZ70nn6lih/0GvC9rmv19C2ZXLxOu2CAhSmNQPHmWHIHjY7/37ppi iGXBqQwc4udqVARSc0Gr2DLPwWVfhrcP9cpHK93qvZMC7xrC+t6JpT17cqbEgb8of4+g h6ZTxpA5bNbi7FwlrYQd5arDL4385QJxAlXXZwbUt3i64arJ6FrpL9roIlqWTWb1CFuZ rleSYHbnBFpVDYYFBkZ2FIxMmHBjZRpjvhgCj+rPHUECrpTEVwtFHtF638B4x5jmzORG 7RTZhFyzBAmLyzkf9Ke6M8ireUpHvHbflFphgH/p+7EYRW9Ds+IRI3FXi4vxq0fU8KWs 9K9w== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=C5PUilFrSt68+5TCVOMTYk0zyV7dC/h84L2a4bxvuxY=; fh=0g/aK9tOW+PwBUgADAkS+uHh3TyJfk292TkjQL/p3gA=; b=TqiMNMtk0SN3BnRVVTt9KAgbBYevCK8REyAx9vOPyQvq0SC1e2at1Jup+E3EBfoQr4 A7wWcrgYcV6uhQrdoG4HEIfjwAgltdlmIbLoU4c5ay5XP2iRINDUu8UxoubABCY3Qsj4 10vBqkSc+h98Oev9LdzrX9RFAfxgVRuOWFwSpXABypPCW32MhM/uxqwJ1QEghuJhP4Qg knT1A699WbAtHL4oJD9WSqRJm8FJpXu40B1IlKVOKCg5VdCeY9P+QfibIaHbhEL7SEJO Ad64tVZFeYniNj+0LbqmLptaBz9nreNWcLu9xQhVScG8EfHprXkuZlbj/CySwje8pfdk FtXw==; darn=isar-build.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=WuK4R1XW; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1769008074; x=1769612874; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from:from:to :cc:subject:date:message-id:reply-to; bh=C5PUilFrSt68+5TCVOMTYk0zyV7dC/h84L2a4bxvuxY=; b=qM7tZauMOd0YVkT5r+xzUzflvr/GrCQEQwyAfNwl/5TlKmeaAZqloOjMoxBS1leztl XZQbeLyWYOcq3xKAmWyc/tSFoU6VYdN07/Q/6jC7/1t3E8tHUb7w4tXMn7g4FJlFUnID fVSE2IJE0k911ICKtde7rSlTmtE9EnHwTLHGhXuQMlr5QOX5pJ1wYuWYoM0P9KYdjtZz IXymBkZnTS/17G4CpMpGdSg1AJ9JG8Ae+t3FUJ4OpfoPKuSLUhD/RZRtuK4lmHsxtCau 0Qqk0oRSMq/61AVaU+vb+N7zc/GlUYq33piDcbxj0H9JJT3ah/tLoCZX11jtPZ8lbrEO e7DQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769008074; x=1769612874; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=C5PUilFrSt68+5TCVOMTYk0zyV7dC/h84L2a4bxvuxY=; b=fyiMoNVooFtyhN6fFzKqSIXXbJD7bBxC7GGIA3u+1cIs4X73Y4UJp0Ifs5MaFODFPg tNM///05kGdDl0NLndU8j5DIE/gBnXMf7/SixRcZRatNVYTiW0JUmRQM6+dtxQZ5eCv6 vbqCwp5AkF88WNBFKiY4P035VWxvJkoOUNXSCMPr9eELHFMWHLtLzJoct7xKnlR8gIC7 8Wz/W67Qmyh5O17yu2c1wGSa4ScJxXiek242gLUC57TCfwyqNEonLdN9jLLnPROnVrsq eGtyug64yokNeH5qIiMj9QtuvQjkGpX6I194znUYNXqnoh1OR+PIy/UWSdf/6D1ViYd6 Rfqw== X-Forwarded-Encrypted: i=3; AJvYcCXW46LRwVW7ccnY8GNl3QT4LPF9PkJjoOIiDXRUmzPlBRhpggLreEXBQlw3Y/eUP8gHi/e96dw=@isar-build.org X-Gm-Message-State: AOJu0YwJIrRtrBOxc8z8auYRqkEhW3Q2sKMM8t85ejsEmH0WOavWq8kX AhyQBJZiWl/VvoquktpZRJoZIZPhJClDvozwgd185OMzhpK05mfREg7w X-Received: by 2002:a17:90b:33c3:b0:34c:7212:7a67 with SMTP id 98e67ed59e1d1-352678b9b13mr19035502a91.12.1769008073802; Wed, 21 Jan 2026 07:07:53 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="AV1CL+FHpK22FSIrUc0X62J2oVlhUb0quWZwotNQU4xi+0TdCQ==" Received: by 2002:a17:90a:c292:b0:34e:be5f:7cfe with SMTP id 98e67ed59e1d1-352fad4f56cls394574a91.2.-pod-prod-00-us-canary; Wed, 21 Jan 2026 07:07:52 -0800 (PST) X-Received: by 2002:a05:6a21:3a42:b0:38b:e70c:6406 with SMTP id adf61e73a8af0-38dff36821cmr17178777637.22.1769008071892; Wed, 21 Jan 2026 07:07:51 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1769008071; cv=pass; d=google.com; s=arc-20240605; b=Cf1UQC/skdzEW05D+K4Yee7yH8vtL6hft4aU0gBn2mRcqZBva+aq8r0/JNNTptZxAi 3MEBDN4YphKpgON9Gcgv/9n1SOPBit5t1+aTf+yXQdEYURMxH02ET7eA2eLpE6+3QP8+ vVxk43SOluLFEk/6qP7yVsb+upNa6yzuqBz/6k4vHRDILtv1Jfz281n5Uubes53P6WWk Ptbv4adJRXk09dLqPN27hsOgz1FaJTHRPuD6eImsf8fZZOIHk/2cokG1lXIZQHxzG+tv kwie6LvPs0xfyKXF+PLxws/oMRGnyoOV2fIpVTbAFl6h3qbi7kQ/PNXj8JZLP4K4CIX0 foxg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:references:in-reply-to :message-id:date:subject:cc:to:from:dkim-signature; bh=Wb++9e+nnm+s3psiDz9vEnwh5vH+90FoCyVqABxee9I=; fh=3TZ2kfKzTV0uAG2uKD8NJHxpu4kGHzyonq8tLR1Voro=; b=PMfAl/bVnkC51wP0jLlAafFOz7Dz3ZwRerwWIqHuKH/rOF3H/qrZnQZlP9DQPbCBNT oeQ7V+HmbkOWVX1f2HihEkD0O+jhu3djdADa4OTiT5EPXzWTCxo0vg4zNFBVsRJtZNS8 Qzwx2GNIN+9Aur/mcqtfIUsqZs/+vharf4F+kerq0lbhJ6u593qwRAsakzzDfBXUO+bq GOVrj/4X94YfbuyeiTgK2JOGjwh7yi2ZBdMr+9eDyg3mDkKBV7ND/kZIv2tT+A/ziKqZ 3mHwd36L4ojFYJlIOwrNuMda1UrqLn/SvbKFPTDUqgarNeD/G25clGV/pSgoI7FfLrkt zHXw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=WuK4R1XW; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from GVXPR05CU001.outbound.protection.outlook.com (mail-swedencentralazlp170130007.outbound.protection.outlook.com. [2a01:111:f403:c202::7]) by gmr-mx.google.com with ESMTPS id d2e1a72fcca58-81fa10bd8a3si651061b3a.3.2026.01.21.07.07.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Jan 2026 07:07:51 -0800 (PST) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) client-ip=2a01:111:f403:c202::7; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ctbx2KP2uehws+YqKIn17YAMdyTdIDMIU+bQAkvoI1tnXDTnIG1qIjBj19gQGJrWtSTHP4ymngxXrV3XJ8zxBqzsWgWAsef2sFlN7qnQEMYEtMj9rWzbnOwX38OkgSIY1YeZhVjGoayDw6e2HwRtTJ4cqYZmDTlOS5WBpVNSrN+3N/gvMkk0QsMUStM9JS2v82MaKBH8xC5vJANRBzsyxunxzWGK4lpY4mC5I1XUpIolWLYOqweUNSSh/W6f2dL+NeYDJnTFrJkE4ycQvZB7exPT5ZvauGVk8Qabs1YcfDSU9qruiP7iVvnzFA4BU97gRX3/d6eu4dR/I6sRva1phQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Wb++9e+nnm+s3psiDz9vEnwh5vH+90FoCyVqABxee9I=; b=Ux6Dpzfn9/zK/s72fN6DvMknk2toA78RESChBGLIeqIv4Zasdri1rGmHuG/QHMCBwFhsUUqBZaTZo/fkHqkNg/fCLD5g9HS3dv6BSpu0NAj2TbDkq8XhCn591m8CrXYRTahJg2KLAlaC2qaAVjIft9/7Z5CnmsOsxUbAbGxDFaf5wu/DQpzOkqCDTAAzV45zncmlScDghaY+h/KEQmb5gkTbdseFiaqwpR8IE4a06GnnQ9aabydpC95xVbvMDSfNaO4IYBCXb8NC0PlkH/5O+4hbsyekHz8Jeqc38ZU9iogMusXAY91qOZ5Qx9tFcExsXY3r9OH+rW4TZkGA6gyhgQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS2PR10MB6823.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:5f6::12) by VE1PR10MB3806.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:800:148::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9542.9; Wed, 21 Jan 2026 15:07:49 +0000 Received: from AS2PR10MB6823.EURPRD10.PROD.OUTLOOK.COM ([fe80::349d:731e:a849:b4a5]) by AS2PR10MB6823.EURPRD10.PROD.OUTLOOK.COM ([fe80::349d:731e:a849:b4a5%6]) with mapi id 15.20.9542.008; Wed, 21 Jan 2026 15:07:49 +0000 X-Patchwork-Original-From: "'Felix Moessbauer' via isar-users" From: "MOESSBAUER, Felix" To: isar-users@googlegroups.com Cc: christoph.steiger@siemens.com, cedric.hombourger@siemens.com, jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, stefan-koch@siemens.com, Felix Moessbauer Subject: [PATCH v7 7/7] wic: create uniform SBOM describing all image components Date: Wed, 21 Jan 2026 16:07:19 +0100 Message-ID: <20260121150719.2719579-8-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20260121150719.2719579-1-felix.moessbauer@siemens.com> References: <20260121150719.2719579-1-felix.moessbauer@siemens.com> X-ClientProxiedBy: CH2PR17CA0026.namprd17.prod.outlook.com (2603:10b6:610:53::36) To AS2PR10MB6823.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:5f6::12) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS2PR10MB6823:EE_|VE1PR10MB3806:EE_ X-MS-Office365-Filtering-Correlation-Id: 66720e0f-7753-4114-c040-08de58fed73c X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|1800799024|376014; X-Microsoft-Antispam-Message-Info: MBlZN6jz0wdcqBmPnyg2loWfxU1beCO1mFUg3bk1tzrV40dM6Cqq7UWI0uw95Z0IrnTbgqVAauI4J85By/1/V/gi3s+Wha08GfgDT9ynK2KYrq3duGO/PgR0ccG8Hhi6nfTpq6ndSggIVNOeN9t0ilkteiAFqhBRhDC8XWC4tiXOes53aCyXqIVg0Au8d/w6A0HyYXM3NGxyfj0J7Jd2w6838A2ohAbgQs1bNZBt53rwOhTGNAHmvGxKB5+IwvpCooCuOQ36TUn9XA7P7D/4dATk+jdPkosRKXk1T8jn9xdM5LZuJfcrqxDfqquM57YvTkduvnvAD1ZoFnawhdRcJT7s9Tx5TNpP+N8LsYwS2eTTMmIWKUVZ64pZGlKfOeTxdHNp+n+46U0CniLIFiLPEIc/lENAXzbndICwfRayzE9Bp7hEoF4WT5lLZLRoUntFSlGmI3974RMFHMaZT4GyqSdWeyRFZnv2GeinNuIUmnl7bqzoV/h+V5lPW8VmUogZ9uAGnKCf0GFA6XTIORuVP0eU1eu13mdwwUZ7m3xM7/PfmrEkMZTRdDLw5sp0X8Jn33VPiaVyY10aWhzrxYMpJuaSuSNulc4Ew5j4SeHABWbki56iyWa0nN4hC9hcF1xKO6q8D/4SkZBUI/ZzKgqFWPnxx5jrUt3Vh2hPDjZ0KYWXHhZNhpw0HvRYOKBu5SsA9MXLMv1f1mLL6Jt/g7M42lp/+23LeEglJjTCfLWeO5xfVLb57VJfK22bJ3I1Oq7lLKU3opGM3ZJSI3h/Vk0vqAhD5Y5fcYwCx3L9MuZ0vWJXa03Y0C4bAp6rBP1vzKZi2kqA7Gh0nyl1Cdcp2Aqdix3OkhWNyIebHx0bv/BmpuxDK9O5uZXZGHfuc6V2OE7fBwxnhpif8A2VfSCiEz8R0prP1CbAFyUISRwxCVNo64Ulswz8Pmar5LytwK5yyLL2BNjasY/M5knS7m+Lbc5+RO+OLHzy38TSwOD3VyAHy19+DbUqPFln6RcW2413wxGeviZz3N5M1+BmUs6/mFVxFJP8ngujDbK52VixZ/5gOvmX0olqVbkqwCxntb5x4xffocHoCpXfz4Uu9fqq1f/PLCl4eFbh9hGNxAwl6qP+iOBoxqtiaK0e/jUQ499Af5PjVf5h3fPfCrUFoWmM5N+KHCFwwt9KI2R43atrak9Aqq/ec+fx2Em9mQG8Ezi0PnGQ3HlxLg0lfdjKWGlWzHmi2kGJiyw7AjW8TrwtjPb2Wq69AXBm7JBGmeBq5AcqFvM8QgT2vld3oP1cQUd2AkclLWxC1x6ohdkbftoYT/wmYqlhfyVVfyVZyjGIvFdIORQENprexSqz7CLP0yIjn8wzWUz+Dv6P5n3rDCeqAkAAx1s0/HpqedCtk49Zif3NuCYjhwNp0I4r0VUWiTtTrTBKd9DEqq9wtx32xGQek8wI1IDUOiUWXG/eyP0RtNIkUODh2isSGlBVaHouuXBHFf4pxK1nKBpQM9GGDRWBEOqfVlNfu1iHN6d4f/CDGxJsZ2CtylCQbrMkW0KwDujPYY10Ekf+/+2azrgA6gldbkGmric= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS2PR10MB6823.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: tNC5eHVoz9RiumXabjaLCZa6Qj0S22bZwqc4Jt6CkNTyzVvbKBG4CVVUKN1YhiHI5VkjC09advIab5IoMYDT0LYdUA7OKcIeIuDjlTjkFApMWyMWCihK6i4owcXljREnkGby63cmErXNJQIRnom1fLDho4ScsDfx6TPP1mURPcUsz8w48egaTAbBYVb20m0qEQAaDcJF76MjEV2SI7SPAI3lBbYvSvABgHtYxsunOZWIBLW3qXr5yRXTPnUTzNGBumzhY87iwNiU41IohgxkHsysJFfgwTZQhnPOPjuarwb5x9xCF8I4pSFdqhLJdvRzEV6P3zOUL535qC4/1A2q5vHTtrfjoz8lUWDz8ofpD190OC3iNtwbN5kH9jBWVCVSv4UinAENk7H1F5p+ZIYx8IGMc1mzFkuB+6vnmpCxJHqfTds/T516TMXVqtbVQEfgpbaSFP0w5n6H8pjQdsv6IUK/nxJiB9pr+SoOgXTXBkxHHcp80crCCW/BXQIDASRdeEnxd5e8drAll35f51zlbnhOR/vm7hOcDMfxvs+c7S6Qa8o/lZdWxGCGkYJaW/h7hGfAZfR29ioMgijkxWk5TKdR0oXHqfFjkEWLOndc1ES9UUN2GPDR49FsTnbSGXJSZ8J+Pa13lf/deSm9EYJrHdoStEOPdqBOzaez1tGkyF1CN8UpU9JBEXb+iNIVyFtuu/SgQ7Uj4O7I0LPH9UbmIOT2tv9cIOCAUvWzjBFggr4p66Fg/zzT83dfRHvBm3F7ev7Kbp/EwAbxH281l8o03z+FNNsC8xLunjn7UNZMSgCzkAV4uGoDF2YUEaQK+QKGEJs9jeo6N9HUrFizrenaVkQi5ET0E2vxsaFkJsKCg/LCI4+07vBK4SOba/wxt2WjRGhA/VItyod+gclPlfdV1zZIFaaSBckwF9Z+pmw2iQYdPA70fs7EWY7iYPw1ZYhZmEp8zrSToinaqAM4oy3Hxm6+4nz7jWpK1MD71oI7SIZ7214Fsi872pWPq40W9oYnB8exn/lts3W3iXhwS7v9rLzFYEdJcAv7RT24vPYCS0aOW05v25VNuBO2z3YCNlpam8HDQR6CiKZyUbA21HYdUu9X42aMz8iU6cdnCcDD5Yv4v+FSCDlqYhD9DBJEN8OCUVP5LLeHi5UPsmNtgdT05LLdkGedmeaeYuE6GFzoqGTKlFjKGenspMiXpkzPPoXxyLjPtHTY2aFnLtJGHfi4nb3v4VcWxNA3qJ7iaZU4Kv74IIg7Md4hgFJtPL38zlXY++4GQlDXZ8BFCnQNm1/CwORI9vG+JH3SAO1j/fW099Bbgohz3hqCAh/Iu1hPUudnQlQaX+rHgOwPbr0ru18AYq+azqHx2TLfVSgGywOt1gzXNbkPE/kpjovqwUS8bO59YPCTv/H8SvQocojBDNLtpL2QF8aLbnPSwMo9RnB2gKAZv45gD577mNzktmD8g5TQUXgTQuGuG416YeRrNQBQNs2LdIJfSXE4/1O0cxIg3gKnhG7iGhBTVqXWFoZLFvcuN6EBfIu/Y0i+sVkebVRObW856IbCRy9ctoHbWZ/am/ZAZCCzCS+0oJ97/GkM8yDRSvetcwGK2K+qM9lyDZWxQXVkl+JwL1SEk/xxxkHocAC4PDzsH53+F4Z/81q6cjRz/MzFXEmnh2/qxa8TZCd48imJu4eBDeVh3/COpbTs5L4hd3lCGk5KYkD5Xfnrvc3cXpWlA1TyGWseTm4XKPUKLYYUaKL0IeVFht8pbPskz+8= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 66720e0f-7753-4114-c040-08de58fed73c X-MS-Exchange-CrossTenant-AuthSource: AS2PR10MB6823.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jan 2026 15:07:49.1975 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: URxXb8AjNwRUAj7VZPwycQhhQNPOfl0+R6komHu0dZJxGPazpEASO4WrzJmT536IKlbMtpbH9raSD0wtUhsAo/cV/ow/Vhc1/Ikvx4yqzC4= X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR10MB3806 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=WuK4R1XW; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c202::7 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= A wic image consists of potentially many different components. All these should be covered by a single SBOM. After creating the wic image, we collect the individual sbom files (rootfs, initrd, imaging) and semantically merge it with the debsbom tool. The merge SBOM is then deployed as .wic.(spdx|cdx).json next to the wic image. Signed-off-by: Felix Moessbauer --- meta/classes-recipe/imagetypes_wic.bbclass | 25 ++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/meta/classes-recipe/imagetypes_wic.bbclass b/meta/classes-recipe/imagetypes_wic.bbclass index c75d481d..fe31e4e6 100644 --- a/meta/classes-recipe/imagetypes_wic.bbclass +++ b/meta/classes-recipe/imagetypes_wic.bbclass @@ -201,4 +201,29 @@ EOIMAGER ${DEPLOY_DIR_IMAGE}/${INITRD_DEPLOY_FILE}.manifest \ ${WORKDIR}/imager.manifest 2>/dev/null \ | sort | uniq > "${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic.manifest" + + for bomtype in ${SBOM_TYPES}; do + merge_wic_sbom $bomtype + done +} + +merge_wic_sbom() { + BOMTYPE="$1" + TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) + sbom_document_uuid="${@d.getVar('SBOM_DOCUMENT_UUID') or generate_document_uuid(d, False)}" + + cat ${IMAGE_FULLNAME}.${bomtype}.json \ + ${INITRD_DEPLOY_FILE}.${bomtype}.json \ + ${WORKDIR}/imager.${bomtype}.json 2>/dev/null | \ + bwrap \ + --unshare-user \ + --unshare-pid \ + --bind ${SBOM_CHROOT} / \ + -- debsbom -v merge -t $BOMTYPE \ + --distro-name '${SBOM_DISTRO_NAME}-Image' --distro-supplier '${SBOM_DISTRO_SUPPLIER}' \ + --distro-version '${SBOM_DISTRO_VERSION}' --base-distro-vendor '${SBOM_BASE_DISTRO_VENDOR}' \ + --cdx-serialnumber $sbom_document_uuid \ + --spdx-namespace '${SBOM_SPDX_NAMESPACE_PREFIX}'-$sbom_document_uuid \ + --timestamp $TIMESTAMP - -o - \ + > ${DEPLOY_DIR_IMAGE}/${IMAGE_FULLNAME}.wic.$bomtype.json }