diff mbox series

[v8,3/7] add support to add imager dependencies to BOM

Message ID 20260206114054.3010883-4-felix.moessbauer@siemens.com
State Under Review
Headers show
Series Add SBOM generation with debsbom | expand

Commit Message

Felix Moessbauer Feb. 6, 2026, 11:40 a.m. UTC 
Currently the imager dependencies which end up in the image are not
tracked in any BOM (e.g. the manifest file). As these cannot be
automatically derived from the IMAGER_INSTALL packages, we add a new
variable IMAGER_BOM that takes a list of binary packages which are
looked-up using dpkg-query during imaging and added to a local manifest.

Signed-off-by: Felix Moessbauer <felix.moessbauer@siemens.com>
---
 doc/user_manual.md                                | 1 +
 meta-test/recipes-core/images/isar-image-ci.bb    | 1 +
 meta/classes-recipe/image-tools-extension.bbclass | 7 +++++++
 meta/classes-recipe/image.bbclass                 | 9 +++++++++
 4 files changed, 18 insertions(+)
diff mbox series

Patch

diff --git a/doc/user_manual.md b/doc/user_manual.md
index bea7557c..7ee56301 100644
--- a/doc/user_manual.md
+++ b/doc/user_manual.md
@@ -449,6 +449,7 @@  Some other variables include:
  - `FILESEXTRAPATHS` - The default directories BitBake uses when it processes recipes are initially defined by the FILESPATH variable. You can extend FILESPATH variable by using FILESEXTRAPATHS.
  - `FILESOVERRIDES` - A subset of OVERRIDES used by the build system for creating FILESPATH. The FILESOVERRIDES variable uses overrides to automatically extend the FILESPATH variable.
  - `IMAGER_INSTALL` -  The list of package dependencies for an imager like wic.
+ - `IMAGER_BOM` - The list of packages that should be added to the image BOM (e.g. the bootloader). These packages must also be available in the imager rootfs.
 
 ---
 
diff --git a/meta-test/recipes-core/images/isar-image-ci.bb b/meta-test/recipes-core/images/isar-image-ci.bb
index 58aa5738..d3552533 100644
--- a/meta-test/recipes-core/images/isar-image-ci.bb
+++ b/meta-test/recipes-core/images/isar-image-ci.bb
@@ -23,6 +23,7 @@  WKS_FILE:qemuamd64:debian-bullseye ?= "sdimage-efi-btrfs"
 IMAGE_INSTALL:append:qemuamd64:debian-bullseye = " expand-on-first-boot"
 IMAGER_INSTALL:remove:qemuamd64:debian-bullseye ?= "${GRUB_BOOTLOADER_INSTALL}"
 IMAGER_INSTALL:append:qemuamd64:debian-bullseye ?= " ${SYSTEMD_BOOTLOADER_INSTALL} btrfs-progs"
+IMAGER_BOM:wic:qemuamd64:debian-bullseye = "${SYSTEMD_BOOTLOADER_INSTALL}"
 IMAGE_PREINSTALL:append:qemuamd64:debian-bullseye ?= " btrfs-progs"
 # Explicitly remove from wic since it is set in qemuamd64.conf:
 IMAGER_INSTALL:wic:remove:qemuamd64:debian-bullseye ?= "${GRUB_BOOTLOADER_INSTALL}"
diff --git a/meta/classes-recipe/image-tools-extension.bbclass b/meta/classes-recipe/image-tools-extension.bbclass
index 3f284b39..2027effb 100644
--- a/meta/classes-recipe/image-tools-extension.bbclass
+++ b/meta/classes-recipe/image-tools-extension.bbclass
@@ -18,6 +18,7 @@  SCHROOT_MOUNTS += "${REPO_ISAR_DIR}/${DISTRO}:/isar-apt"
 
 imager_run() {
     local_install="${@(d.getVar("INSTALL_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}"
+    local_bom="${@(d.getVar("BOM_%s" % d.getVar("BB_CURRENTTASK")) or '').strip()}"
 
     schroot_create_configs
     insert_mounts
@@ -68,6 +69,12 @@  EOAPT
 
     schroot -r -c ${session_id} "$@"
 
+    if [ -n "${local_bom}" ]; then
+        schroot -r -c ${session_id} -d / -- \
+            dpkg-query -W -f='${source:Package}|${source:Version}|${Package}:${Architecture}|${Version}\n' ${local_bom} > \
+        ${WORKDIR}/imager.manifest
+    fi
+
     schroot -e -c ${session_id}
 
     remove_mounts
diff --git a/meta/classes-recipe/image.bbclass b/meta/classes-recipe/image.bbclass
index e605bc80..afe6906e 100644
--- a/meta/classes-recipe/image.bbclass
+++ b/meta/classes-recipe/image.bbclass
@@ -221,9 +221,11 @@  python() {
 
     imager_install = set()
     imager_build_deps = set()
+    imager_bom = set()
     conversion_install = set()
     for bt in basetypes:
         local_imager_install = set()
+        local_imager_bom = set()
         local_conversion_install = set()
         vardeps = set()
         cmds = []
@@ -251,6 +253,10 @@  python() {
             local_imager_install.add(dep)
         for dep in (d.getVar('IMAGER_BUILD_DEPS:' + bt_clean) or '').split():
             imager_build_deps.add(dep)
+        for dep in (d.getVar('IMAGER_BOM:' + bt_clean) or '').split():
+            imager_bom.add(dep)
+            local_imager_bom.add(dep)
+        vardeps.add('IMAGER_BOM:' + bt_clean)
 
         # construct image command
         image_cmd = localdata.getVar('IMAGE_CMD:' + bt_clean)
@@ -325,11 +331,14 @@  python() {
         bb.build.addtask(task, 'do_image', after, d)
 
         # set per type imager dependencies
+        d.setVar('BOM_image_%s' % bt_clean, d.getVar('IMAGER_BOM'))
+        d.appendVar('BOM_image_%s' % bt_clean, ' ' + ' '.join(sorted(local_imager_bom)))
         d.setVar('INSTALL_image_%s' % bt_clean, d.getVar('IMAGER_INSTALL'))
         d.appendVar('INSTALL_image_%s' % bt_clean, ' ' + ' '.join(sorted(local_imager_install | local_conversion_install)))
         d.appendVarFlag(task, 'vardeps', ' INSTALL_image_%s' % bt_clean)
 
     d.appendVar('IMAGER_INSTALL', ' ' + ' '.join(sorted(imager_install | conversion_install)))
+    d.appendVar('IMAGER_BOM', ' ' + ' '.join(sorted(imager_bom)))
     d.appendVar('IMAGER_BUILD_DEPS', ' ' + ' '.join(sorted(imager_build_deps)))
 }