From patchwork Tue Sep 9 08:05:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Steiger X-Patchwork-Id: 4338 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 09 Sep 2025 10:05:56 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-lf1-f55.google.com (mail-lf1-f55.google.com [209.85.167.55]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 58985sgR007129 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 9 Sep 2025 10:05:54 +0200 Received: by mail-lf1-f55.google.com with SMTP id 2adb3069b0e04-55f5f436648sf3339885e87.2 for ; Tue, 09 Sep 2025 01:05:54 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1757405148; cv=pass; d=google.com; s=arc-20240605; b=Tzomrf8xAypf9Gqx6HpCLnJg9YwLFKXl4f7kJ2XWIR7hdQbHXi9vLQdfW/hOZ1yrju WS3fdkzTlzmJpowfnTOY7k98k/+5/IORxnJozLQ23+WXzsjyu0FWDsLtdJAE7SEsawwj 6lrZEM2ew3xyqhJRCEC6I06ULrpUb+Ou5l5MysITKPO8lUem0TAIhvp0CfZBj/Mugk9o lN77iNzjrx2hc/sld9cN635w7N58+mo7A4Qw1deg4in9MQcEOWVf9Y7oL+z9ZQOWecR+ RfpQH5ZHHXeWhARJ8cVBfXdXbMqBDjtaIH5gwVJYQ1mP6a0tC6TxaIaJlJrkT+x2GyQn 7Blw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ZBUUBgwk8xQsvIZeRFNcLQPyeAulBoaaM6DCTkCuqA4=; fh=AMc9hmR1B3S2sDupbOsfSyeWtjDDmhY/oG52qAVvA1o=; b=Ho1qvPEyzurXsLhid04VyiNYGu8sRGMZWCxIZr87XLycWkTv56FJfsjmceCcdJ2YpC uAQt7BF0YqL3i4FO52N3Pi82v4xqV8ydAhfUjoTsYzTzInT0jfO7PJkZID6BtSWIiA0O c9whHJpFoWk47HK486Nj/e85Tqkw2a+duICVVTrXHMwb26vaPzWolttMaaz/hDQPN8q/ lLU2gGlLI0fRbvPF593VCHloJOfg07r1d07EqwBTHsg58z8YSrxJOjBTX9mL1ytoR/1A Wu5qelX5gAD0IU3oNQxffA+sitPNcZPm8c8OPDHHAaLrlV4vKyQCacYkv3xv4lXhN/Zn lxrQ==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=K2SjM05V; spf=pass (google.com: domain of fm-1328957-20250909080542db814985a800020766-ojywve@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-1328957-20250909080542db814985a800020766-oJywvE@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1757405148; x=1758009948; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=ZBUUBgwk8xQsvIZeRFNcLQPyeAulBoaaM6DCTkCuqA4=; b=aRWrFzASlSoLhlphqrno1OiObetdD3Wd8YpJ+TgRiIn7L+Sngsn1Fzt1ObxMM0vljX 0fRHsrR1U6YHmf8fc/fgczirVupl7/Nj6hvGJok54pgHWUnuCqqdDOT2IjzmE9DsqjFl UtOyPe/cRBhm9zmshVgJDbmGkdy9M4ovjJkHJ4+KyHKtIOxeM4p1ydOdKa//MXH39qbC O8A9I+P7sBj1+2m8d7oas4ehZY8L1R3A0f5cEoapgxyJe8Dgo1BXWBXD9oAEZKr6cn65 JS4YC02Itb+rv0i/j/w915ul8TA99dFlK/x6yNgaX/XnA+y8JyESdZH/f1t3aKr60DnQ ZRUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1757405148; x=1758009948; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=ZBUUBgwk8xQsvIZeRFNcLQPyeAulBoaaM6DCTkCuqA4=; b=RWOTSiUgd95PD/4jbDkrumBkaOqWdzFsi7Ds/e74XfBT9e2jNh10COULy/OFYK5AvO zVLL4xSZ6K8Rs57NYHVsYcsyA4/YI0EjKsekCfBDud0lV9H/NIOYTmkYHK46swzXxmcx NCVmHQuXfMXJnknI5+P/HJNLAzEOQeRTE02M8InK6aFQG5NskDnkaZHz+rMJjblNPbFu yLUrrfhM4heKb/yJSJB68Uqi0oJbUCmVfo3eH9pLQkH0Nds4GT1I/HALSnS3dd2BL20D d7ZmfXurB5c0RNE2Mv35FWqfh1703I+OURQbovT9pKM77A4BfiKXdJJ6gFxMQu1pQAfx 6TDA== X-Forwarded-Encrypted: i=2; AJvYcCUJ2s2GvvYgI9wWu3HtA5T8v10A4SWBoUy/oHRGTFdInozPLDk4SvF5d0SqfwG9lAn1Za1S81c=@isar-build.org X-Gm-Message-State: AOJu0Yz4azdh/DRIPRiDrqcJdwc7c77/DSLidnOddc2eOTs7nG+7hS96 yeMJlemBLpXHUo8hEcJbBao4WQCNo11vfDfkbfxWmfxOd3VybX9Q71zU X-Google-Smtp-Source: AGHT+IHBq1aO5oTacgEUPyQY6J2b6g1GsprmlPnIsKWZEbIm8hVsUciRFOUzXTiKCwnmvw80t9JV9A== X-Received: by 2002:a05:6512:234f:b0:55f:4f46:9f2a with SMTP id 2adb3069b0e04-56260e42664mr3488902e87.19.1757405147501; Tue, 09 Sep 2025 01:05:47 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=AZMbMZfzeXpGCFUgjgYWS9fmNQ9INl6z2a801z9ttk/Llb8FLw== Received: by 2002:a05:6512:6409:b0:55f:48d5:149e with SMTP id 2adb3069b0e04-5615bad373bls1262102e87.2.-pod-prod-04-eu; Tue, 09 Sep 2025 01:05:44 -0700 (PDT) X-Received: by 2002:a05:6512:3e1e:b0:55f:43ba:9410 with SMTP id 2adb3069b0e04-56260e3b841mr3725610e87.15.1757405144337; Tue, 09 Sep 2025 01:05:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1757405144; cv=none; d=google.com; s=arc-20240605; b=SLhlIq86d3HTR1frIdGmvkBEoDsHIJmyw+vLU3x3gVruP18G2X39HB1fASdkq5z2xL 2wQy53xWXEZYZKFZNv+cXz5SR99emNPZFzPhcOLSMJ7vcDW4gBLAl/qibyE4H1/YFcX+ r3kRDr4MDQyCy8j0zSVdiMDPGUI7CR2qf0vOiSpG6eFC33heeUArYr4+dCQWpaZUd+3+ xC8sUpz0drufy/i7qgsqwlqIHquoROoW/zdjiwAO8jBbfdjrtMbpUsHHQ5n7w0GscEio tusFaSsw8waX/QSL+0KCCBGOoGnc2SICgiKvl5XJKByI2dxMPwf7Pm47cnNccznBqqW8 8T8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=W+5CzJBogpGcXM178ONuO9dCYRV7LGkpVahVK92yZJE=; fh=eiYcjuc0Ff+maEd84O/+qg+73FB83bid0hUx0HldS7s=; b=ig8Uj4SsjzwkTvdtXdOrhMMtgE7f5RSp5hsTGn1T7MqH13erWezHsblxIffjrfv2Dp RViON3EDPblv1YFp0DKFAiHJC0ADyaDCyw5ha/kIo6hwVxs09pKfrKBX2zqdGXPO5TDS GqceAcQYyBK5yhVLzo7BanVMnznjaoRWvT7DZSuCfl6PF0rlS4fuTKYvI8AirfF9puvn 8NzgHJfdge7G2x6pTy3ijTFUaMvAHBqXs8mbz7OY9UP4/h2ZLS1QouNGafcs4M34+ajQ xS7RHk6b5/w5HC6QtECKXBIoMn257+npQAf2q2eDTPnf0hCu5VU/xhGDKzzTeq/ONgCi LwbQ==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=K2SjM05V; spf=pass (google.com: domain of fm-1328957-20250909080542db814985a800020766-ojywve@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-1328957-20250909080542db814985a800020766-oJywvE@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-64-225.siemens.flowmailer.net (mta-64-225.siemens.flowmailer.net. [185.136.64.225]) by gmr-mx.google.com with ESMTPS id 2adb3069b0e04-5680ecf93e4si23163e87.7.2025.09.09.01.05.43 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 09 Sep 2025 01:05:43 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1328957-20250909080542db814985a800020766-ojywve@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) client-ip=185.136.64.225; Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id 20250909080542db814985a800020766 for ; Tue, 09 Sep 2025 10:05:43 +0200 X-Patchwork-Original-From: "'Christoph Steiger' via isar-users" From: Christoph Steiger To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, felix.moessbauer@siemens.com, gernot.hillier@siemens.com, cedric.hombourger@siemens.com, Christoph Steiger Subject: [PATCH 1/3] meta: package python libraries for SBOM generation Date: Tue, 9 Sep 2025 10:05:26 +0200 Message-Id: <20250909080528.95765-2-christoph.steiger@siemens.com> In-Reply-To: <20250909080528.95765-1-christoph.steiger@siemens.com> References: <20250909080528.95765-1-christoph.steiger@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1328957:519-21489:flowmailer X-Original-Sender: christoph.steiger@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=K2SjM05V; spf=pass (google.com: domain of fm-1328957-20250909080542db814985a800020766-ojywve@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-1328957-20250909080542db814985a800020766-oJywvE@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Christoph Steiger Reply-To: Christoph Steiger Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Package python libraries for SBOM generation in isar. The packages are unfortunately not (yet) packaged in Debian, thats why we need to do it here. With these libraries it is now possible to easily create CDX and SPDX SBOMs in different file formats. Signed-off-by: Christoph Steiger --- .../python3-beartype/files/rules | 8 +++ .../python3-beartype_0.19.0.bb | 29 ++++++++++ .../files/pybuild.testfiles | 1 + .../python3-cyclonedx-python-lib/files/rules | 8 +++ .../python3-cyclonedx-python-lib_9.1.0.bb | 56 +++++++++++++++++++ .../python3-packageurl-python/files/rules | 8 +++ .../python3-packageurl-python_0.16.0.bb | 33 +++++++++++ .../python3-py-serializable/files/rules | 8 +++ .../python3-py-serializable_2.0.0.bb | 42 ++++++++++++++ .../python3-spdx-tools/files/rules | 25 +++++++++ .../python3-spdx-tools_0.8.3.bb | 56 +++++++++++++++++++ 11 files changed, 274 insertions(+) create mode 100644 meta/recipes-support/python3-beartype/files/rules create mode 100644 meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb create mode 100644 meta/recipes-support/python3-cyclonedx-python-lib/files/pybuild.testfiles create mode 100644 meta/recipes-support/python3-cyclonedx-python-lib/files/rules create mode 100644 meta/recipes-support/python3-cyclonedx-python-lib/python3-cyclonedx-python-lib_9.1.0.bb create mode 100644 meta/recipes-support/python3-packageurl-python/files/rules create mode 100644 meta/recipes-support/python3-packageurl-python/python3-packageurl-python_0.16.0.bb create mode 100644 meta/recipes-support/python3-py-serializable/files/rules create mode 100644 meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb create mode 100644 meta/recipes-support/python3-spdx-tools/files/rules create mode 100644 meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb diff --git a/meta/recipes-support/python3-beartype/files/rules b/meta/recipes-support/python3-beartype/files/rules new file mode 100644 index 00000000..0ca517a1 --- /dev/null +++ b/meta/recipes-support/python3-beartype/files/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = beartype +export PYBUILD_SYSTEM = pyproject + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb b/meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb new file mode 100644 index 00000000..34f56b30 --- /dev/null +++ b/meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb @@ -0,0 +1,29 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +S = "${WORKDIR}/beartype-${PV}" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), dh-python, python3-all, python3-setuptools, pybuild-plugin-pyproject, python3-hatchling" +DEBIAN_DEPENDS = "python3" +# this is 01/01/1980, any earlier and zip in the wheel building process will not accept it +DEBIAN_CHANGELOG_TIMESTAMP = "315532800" +DESCRIPTION = "Unbearably fast near-real-time hybrid runtime-static type-checking in pure Python." + +SRC_URI = "\ + https://github.com/beartype/beartype/archive/refs/tags/v0.19.0.tar.gz \ + file://rules \ + " +SRC_URI[sha256sum] = "e7ad00eebf527d60f30e0b391209b561dabd2074b608c50e26c94c2d8250a6cd" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + deb_debianize +} diff --git a/meta/recipes-support/python3-cyclonedx-python-lib/files/pybuild.testfiles b/meta/recipes-support/python3-cyclonedx-python-lib/files/pybuild.testfiles new file mode 100644 index 00000000..cc736a36 --- /dev/null +++ b/meta/recipes-support/python3-cyclonedx-python-lib/files/pybuild.testfiles @@ -0,0 +1 @@ +pyproject.toml diff --git a/meta/recipes-support/python3-cyclonedx-python-lib/files/rules b/meta/recipes-support/python3-cyclonedx-python-lib/files/rules new file mode 100644 index 00000000..fe72dd1a --- /dev/null +++ b/meta/recipes-support/python3-cyclonedx-python-lib/files/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = cyclonedx-python-lib +export PYBUILD_SYSTEM = pyproject + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-cyclonedx-python-lib/python3-cyclonedx-python-lib_9.1.0.bb b/meta/recipes-support/python3-cyclonedx-python-lib/python3-cyclonedx-python-lib_9.1.0.bb new file mode 100644 index 00000000..62c23476 --- /dev/null +++ b/meta/recipes-support/python3-cyclonedx-python-lib/python3-cyclonedx-python-lib_9.1.0.bb @@ -0,0 +1,56 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +DEPENDS = "python3-packageurl-python python3-py-serializable" + +S = "${WORKDIR}/cyclonedx_python_lib-${PV}" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), \ + dh-python, \ + python3-all, \ + python3-setuptools, \ + pybuild-plugin-pyproject, \ + python3-poetry, \ + python3-py-serializable, \ + python3-packageurl-python, \ + python3-sortedcontainers, \ + python3-ddt, \ + python3-defusedxml, \ + python3-license-expression, \ + python3-jsonschema, \ + python3-lxml, \ + " + +DEBIAN_DEPENDS = "python3, \ + python3-py-serializable, \ + python3-packageurl-python, \ + python3-sortedcontainers, \ + python3-ddt, \ + python3-defusedxml, \ + python3-license-expression, \ + python3-jsonschema, \ + python3-lxml, \ + " + +DESCRIPTION = "Library for serializing and deserializing Python Objects to and from JSON and XML." + +SRC_URI = "\ + https://github.com/CycloneDX/cyclonedx-python-lib/releases/download/v9.1.0/cyclonedx_python_lib-9.1.0.tar.gz \ + file://rules \ + file://pybuild.testfiles \ + " +SRC_URI[sha256sum] = "86935f2c88a7b47a529b93c724dbd3e903bc573f6f8bd977628a7ca1b5dadea1" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + cp "${WORKDIR}"/pybuild.testfiles "${S}"/debian + deb_debianize +} diff --git a/meta/recipes-support/python3-packageurl-python/files/rules b/meta/recipes-support/python3-packageurl-python/files/rules new file mode 100644 index 00000000..50e1b74c --- /dev/null +++ b/meta/recipes-support/python3-packageurl-python/files/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = packageurl-python +export PYBUILD_SYSTEM = distutils + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-packageurl-python/python3-packageurl-python_0.16.0.bb b/meta/recipes-support/python3-packageurl-python/python3-packageurl-python_0.16.0.bb new file mode 100644 index 00000000..773fd93b --- /dev/null +++ b/meta/recipes-support/python3-packageurl-python/python3-packageurl-python_0.16.0.bb @@ -0,0 +1,33 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +S = "${WORKDIR}/packageurl_python-${PV}" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), \ + dh-python, \ + python3-all, \ + python3-setuptools, \ + " + +DEBIAN_DEPENDS = "python3" + +DESCRIPTION = "A purl aka. Package URL parser and builder" + +SRC_URI = "\ + https://github.com/package-url/packageurl-python/releases/download/v0.16.0/packageurl_python-0.16.0.tar.gz \ + file://rules \ + " +SRC_URI[sha256sum] = "69e3bf8a3932fe9c2400f56aaeb9f86911ecee2f9398dbe1b58ec34340be365d" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + deb_debianize +} diff --git a/meta/recipes-support/python3-py-serializable/files/rules b/meta/recipes-support/python3-py-serializable/files/rules new file mode 100644 index 00000000..0cf845dd --- /dev/null +++ b/meta/recipes-support/python3-py-serializable/files/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = py-serializable +export PYBUILD_SYSTEM = pyproject + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb b/meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb new file mode 100644 index 00000000..9e75062a --- /dev/null +++ b/meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb @@ -0,0 +1,42 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +S = "${WORKDIR}/py_serializable-${PV}" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), \ + dh-python, \ + python3-all, \ + python3-setuptools, \ + pybuild-plugin-pyproject, \ + python3-poetry, \ + python3-defusedxml, \ + python3-lxml, \ + xmldiff \ + " + +DEBIAN_DEPENDS = "python3, \ + python3-defusedxml, \ + python3-lxml, \ + xmldiff \ + " + +DESCRIPTION = "Library for serializing and deserializing Python Objects to and from JSON and XML." + +SRC_URI = "\ + https://github.com/madpah/serializable/releases/download/v2.0.0/py_serializable-2.0.0.tar.gz \ + file://rules \ + " +SRC_URI[sha256sum] = "e9e6491dd7d29c31daf1050232b57f9657f9e8a43b867cca1ff204752cf420a5" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + deb_debianize +} diff --git a/meta/recipes-support/python3-spdx-tools/files/rules b/meta/recipes-support/python3-spdx-tools/files/rules new file mode 100644 index 00000000..ac87528a --- /dev/null +++ b/meta/recipes-support/python3-spdx-tools/files/rules @@ -0,0 +1,25 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = spdx-tools +export PYBUILD_SYSTEM = distutils + +# skip tests that require hard-to-package dependencies and tests that rely on relative file paths +# TODO: figure out a way to make these tests work +export PYBUILD_TEST_ARGS=--ignore tests/spdx3/validation/json_ld/test_shacl_validation.py \ + -k 'not test_examples \ + and not test_parse_from_file \ + and not test_annotation_parser \ + and not test_snippet_parser \ + and not test_creation_info_parser \ + and not test_json_ld_writer \ + and not test_extracted_licensing_info_parser \ + and not test_parse_file \ + and not test_package_parser \ + and not test_relationship_parser \ + and not test_graph_parsing_function \ + and not test_license_expression_parser \ + ' + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb b/meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb new file mode 100644 index 00000000..2b81d6fe --- /dev/null +++ b/meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb @@ -0,0 +1,56 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +S = "${WORKDIR}/tools-python-${PV}" + +DEPENDS = "python3-beartype" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), \ + dh-python, \ + python3-all, \ + python3-setuptools, \ + python3-beartype, \ + python3-semantic-version, \ + python3-license-expression, \ + python3-pytest, \ + python3-rdflib, \ + python3-uritools, \ + python3-ply, \ + python3-click, \ + python3-xmltodict, \ + python3-yaml, \ + " + +DEBIAN_DEPENDS = "python3, \ + python3-beartype, \ + python3-semantic-version, \ + python3-license-expression, \ + python3-pytest, \ + python3-rdflib, \ + python3-uritools, \ + python3-ply, \ + python3-click, \ + python3-xmltodict, \ + python3-yaml, \ + " + +DESCRIPTION = "SPDX parser and tools." + +SRC_URI = "\ + https://github.com/spdx/tools-python/archive/refs/tags/v0.8.3.tar.gz \ + file://rules \ + " +SRC_URI[sha256sum] = "17cb0140adbaefb58819c9d5d56060dc6a70c673a854fa9bd882ecfa4e062a7f" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + deb_debianize +} From patchwork Tue Sep 9 08:05:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Steiger X-Patchwork-Id: 4337 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 09 Sep 2025 10:05:56 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-lj1-f184.google.com (mail-lj1-f184.google.com [209.85.208.184]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 58985s0w007131 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 9 Sep 2025 10:05:54 +0200 Received: by mail-lj1-f184.google.com with SMTP id 38308e7fff4ca-3381cbfc1fbsf15633361fa.2 for ; Tue, 09 Sep 2025 01:05:54 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1757405148; cv=pass; d=google.com; s=arc-20240605; b=VklozZz8zoWFNff2N4j/Y0euCU8XInJzh08OPI1tQclUTOsJ0MaOEsUMSxGqEk219o RgBDFolpr0GnFdzXApBni97bfxTQj3AwwcwVvz3l2JnSXTMgNGWgMO8qYJvO15oQW0r8 Sfi5VihsCqqnXzVO2nuMKB5K+rNWJVDBzUmScYByPa6aKKTPx2bTeNwAL+6nT5r8bWD4 2PqzncfmHJzZ2kt3CW/ujeNfQiS5sBs7zgN6Rc0/Z15X0iVHNiOAmgT29262/PmM7XHX 74e8HGKFpQpdRNVauDwFl7Rfkup1VurqPFHAIZAKkmFJLnShbph0jzdD7uBYgKyrPuvB NB+w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=GuEo/teDdKHrgrWWXTTmipAiv0l02/KSAoHuXM6uv5c=; fh=t5Ll6U2C+/hrHWTCbXUqqKLfTGNQltn7GH28w54moIg=; b=l3f0tKVM9/SdbB1EUESwT/vjclnfA0hIq8ygNrUgh9ruMnCdpfXKvMq0afd+DlQamD A1KzUYy+vFoicIm6uq04YnlHenaDa2EZn2ZqLA6ecuYXaYqVrAfiRW3rh+TCEfGUfo/X Qk+zR7eUw5PuhJ9QrikkYS1pXITx34euFNhQkMUbdhSD4dEJwfz1mYg4Hl6b46rl1Oqs W4xzgh9ZEjKLBhBVGEC8NRTpZicYh641owpaXet3BkvVmkFfghdXWK8cP0TxBp9JRU3h E7MBA3ZzqK7aj96kXcZ0LIg7kBsiSJuS0JiOvf00cNZraMctF+K0UaTnu7cTwng3nvvY niyQ==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=NtjfXkYI; spf=pass (google.com: domain of fm-1328957-20250909080543cca99949d700020705-qekzu1@rts-flowmailer.siemens.com designates 185.136.65.228 as permitted sender) smtp.mailfrom=fm-1328957-20250909080543cca99949d700020705-qEKZU1@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1757405148; x=1758009948; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=GuEo/teDdKHrgrWWXTTmipAiv0l02/KSAoHuXM6uv5c=; b=gUNLIr8qJfy/zX0D0K4rBg2wd4NxRaJWcm3wzTgIfaw0mpnqTdEMa0Ugup60DE3gvE RqGVE7oiZ6WWp+/BjkbVDZMkrRYTnCGed3mGty5cHe1XKULmGupqPecbONseOygJaOiz pg6VoQk5LFmFznM8hYLXzudj9QG81Mi9NueqoMsr3QsYCEJ581JphTXUQoxlEbn4wy+8 02JoGOLMe5WoMgP1T6Ja7IMAiHZ7A3pEMyZs48eVmVYkJFLQ2MrKN4QXcxSZlW14MnAM 8GoASwmizEarhllf5pHHFJBui9ho825T53Mwdy6xigsKDFan8mRZDgtgEYkF11qzfksJ ILjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1757405148; x=1758009948; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=GuEo/teDdKHrgrWWXTTmipAiv0l02/KSAoHuXM6uv5c=; b=bWMv6JsAGT8AJ5ALvDId9WPXADTAVfvUe94f89A50/MVSURf6GxOB52eNSZtFh9MzQ KU/7krKGUq9ALyZ0dCeDwYfw8zqad33UWvXnreGPvfKPC2H14bQpPXNxzu+K3ggV8tGw zr67jJLiGrsfIPeW2lC0PTj/MHVulrXO/yRjKUPcJ12d7jCJk0TpGyzUD3cxi+4AlIc0 wSQyDJm05es1yA/y0kphIWKOP5SJPwxAx3ekQr4dGEcaYUqLQkfz6PkNGiKhbCb8FJDT ztALNis+oYjxF13YiDiDQgaE6rEglcaMpeDLhT/HeF+FbJma647wXFQjigzujuwISU+U Ms8g== X-Forwarded-Encrypted: i=2; AJvYcCVpJ1/WRUI6EEYu4Dj0sFjjZVuwnsuUYXtWmdzWJWE6Z8x1X0jIHQcWfEDUKIu2evvtli8z++Q=@isar-build.org X-Gm-Message-State: AOJu0YxBxzud86gviSyzIizMqwmkk2PdObP9fMn+60M/OJq3bhkHdE5i klCxLNBhiWZuqSCBdr53kO8E8krZZb4j+fbRu+ubkvIM4PnZAi7MgOOd X-Google-Smtp-Source: AGHT+IFmT2RZzCsDhhnDEa/ssNbT3kUigifJrUTIEn7DoNPT01Dmunog97s1/ctZSxaTTnVUIl8X3A== X-Received: by 2002:a05:651c:50f:b0:336:e357:882c with SMTP id 38308e7fff4ca-33b53ac8f5bmr29624451fa.40.1757405147400; Tue, 09 Sep 2025 01:05:47 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=AZMbMZdC1wic8nDse9DyLKrbysep4icQ3mVCL2HvOcAtCcKm1Q== Received: by 2002:a05:651c:3056:b0:337:f40b:d07a with SMTP id 38308e7fff4ca-338c5066b1fls4154021fa.0.-pod-prod-03-eu; Tue, 09 Sep 2025 01:05:44 -0700 (PDT) X-Received: by 2002:a05:651c:2152:b0:336:dde8:2ce6 with SMTP id 38308e7fff4ca-33b52b72951mr15871681fa.34.1757405144484; Tue, 09 Sep 2025 01:05:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1757405144; cv=none; d=google.com; s=arc-20240605; b=T6R7m6weyGjG9qzcyY7ldqOQFz1mFhPn8Trs+Aop2yCQ/xYhZij25werj6m6jyga9h 5ddoRAnrbdZVnzAf4uPIB79gH75n9XEBlOndAVVhN4cJeDFtzH/h5XIzb2Dy0ns76B6m 5mTZ9L3rzcMECNmkKxMSSVDphgr45HYeRKG3HEYnM+wKXWWXNaLM4ir1Dtvfnkf+vhjp EuNn7Eq71f2KR82ptpNDcXMDNR2A3vJh/mXKmU0rVLCT5yIUyyB6a0S7qSnomJd+2lvi mzWYX45OjKs5DOdbPtdhOdNaxO8lACV1eeCwY6I0sDD4hFzHSNyvciXgzFiT3Z0Exlj7 beEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=RCM7uVm8Wc46S+FSXhqoa8EfSmRGRbD9+XiU9Tos48E=; fh=eiYcjuc0Ff+maEd84O/+qg+73FB83bid0hUx0HldS7s=; b=U3O+XmwLxr13Ie98Sv+4zhNSizrcLI+xM/Y4KIoN5htbbaUEP33wjOgwozhFDuiTQD r9MbthEq7q0LgN6J87YAv4tboOxZ71Ji/OtNMoNV13thrMvuEMqDT3iN64sM+Z/LGtSR zj5117/riZNFbjNuzlRAGP/VRYJ7vCCI6ar9qDPxKa9MZ4fnlMlDLaIu6dhfdMQc3f1F 5KJlkm/Zuymebd2SrwndnVvhiw2fo2M6FL/7riT+UU4A/7o86WQ0gCTmncXpFWDe/4Wi 3TvBAROxtpoLqd9TcWnR8c/oHlxuE9K8A6jdSGfYrBcszqOiNMOhiGO0aLhFFqcDp/sz 2TgA==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=NtjfXkYI; spf=pass (google.com: domain of fm-1328957-20250909080543cca99949d700020705-qekzu1@rts-flowmailer.siemens.com designates 185.136.65.228 as permitted sender) smtp.mailfrom=fm-1328957-20250909080543cca99949d700020705-qEKZU1@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-65-228.siemens.flowmailer.net (mta-65-228.siemens.flowmailer.net. [185.136.65.228]) by gmr-mx.google.com with ESMTPS id 38308e7fff4ca-337f4fdec42si4074931fa.7.2025.09.09.01.05.44 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 09 Sep 2025 01:05:44 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1328957-20250909080543cca99949d700020705-qekzu1@rts-flowmailer.siemens.com designates 185.136.65.228 as permitted sender) client-ip=185.136.65.228; Received: by mta-65-228.siemens.flowmailer.net with ESMTPSA id 20250909080543cca99949d700020705 for ; Tue, 09 Sep 2025 10:05:43 +0200 X-Patchwork-Original-From: "'Christoph Steiger' via isar-users" From: Christoph Steiger To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, felix.moessbauer@siemens.com, gernot.hillier@siemens.com, cedric.hombourger@siemens.com, Christoph Steiger Subject: [PATCH 2/3] meta: package python3-debsbom Date: Tue, 9 Sep 2025 10:05:27 +0200 Message-Id: <20250909080528.95765-3-christoph.steiger@siemens.com> In-Reply-To: <20250909080528.95765-1-christoph.steiger@siemens.com> References: <20250909080528.95765-1-christoph.steiger@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1328957:519-21489:flowmailer X-Original-Sender: christoph.steiger@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=NtjfXkYI; spf=pass (google.com: domain of fm-1328957-20250909080543cca99949d700020705-qekzu1@rts-flowmailer.siemens.com designates 185.136.65.228 as permitted sender) smtp.mailfrom=fm-1328957-20250909080543cca99949d700020705-qEKZU1@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Christoph Steiger Reply-To: Christoph Steiger Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Package the python tool debsbom for SBOM generation for Debian based distributions. Signed-off-by: Christoph Steiger --- ...icense-description-in-pyproject.toml.patch | 28 ++++++++++ .../files/debsbom-0.1.0.tar.gz | Bin 0 -> 9383 bytes .../python3-debsbom/files/rules | 8 +++ .../python3-debsbom/python3-debsbom_0.1.0.bb | 52 ++++++++++++++++++ 4 files changed, 88 insertions(+) create mode 100644 meta/recipes-support/python3-debsbom/files/0001-Use-old-license-description-in-pyproject.toml.patch create mode 100644 meta/recipes-support/python3-debsbom/files/debsbom-0.1.0.tar.gz create mode 100644 meta/recipes-support/python3-debsbom/files/rules create mode 100644 meta/recipes-support/python3-debsbom/python3-debsbom_0.1.0.bb diff --git a/meta/recipes-support/python3-debsbom/files/0001-Use-old-license-description-in-pyproject.toml.patch b/meta/recipes-support/python3-debsbom/files/0001-Use-old-license-description-in-pyproject.toml.patch new file mode 100644 index 00000000..c9137e25 --- /dev/null +++ b/meta/recipes-support/python3-debsbom/files/0001-Use-old-license-description-in-pyproject.toml.patch @@ -0,0 +1,28 @@ +From 8f926ab0ed1585656ba7de80a82cc802c3ccbdbf Mon Sep 17 00:00:00 2001 +From: Christoph Steiger +Date: Mon, 8 Sep 2025 17:17:49 +0200 +Subject: [PATCH 1/1] Use old license description in pyproject.toml + +Older setuptools versions may require a different license field. + +Signed-off-by: Christoph Steiger +--- + pyproject.toml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/pyproject.toml b/pyproject.toml +index cc34bdb..701da4a 100644 +--- a/pyproject.toml ++++ b/pyproject.toml +@@ -22,7 +22,7 @@ maintainers = [ + ] + description = "Generate SBOMs for Debian-based distributions." + readme = "README.md" +-license = "MIT" ++license = {text = "MIT"} + classifiers = [ + "Intended Audience :: Developers", + "Operating System :: POSIX :: Linux", +-- +2.39.5 + diff --git a/meta/recipes-support/python3-debsbom/files/debsbom-0.1.0.tar.gz b/meta/recipes-support/python3-debsbom/files/debsbom-0.1.0.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..7dcc7e43a06e06bad8d097a03294661d51b5e105 GIT binary patch literal 9383 zcmV;YBv{)YiwFpYikxTw17u}lb7F68Eif)IE-)^1VR8WMJZpE`HnRI!zXGeAJ(02! z{iq+kzN@y1tt8s(*OBCOdmXPrk&wiiBDn-*S)0v&zcT}X1gV$PIPU4WMpKId27|$1 zUKoIK`9KW9Nqu5_!PcL?P1%NWc(_lWP>P@QytBW(cW|)3zrC{q^*i6~?Hv4R{~OVh zD^ro!F$@`pVX_WxQ+si8e~{vu>u-&`#2W=+%pY|Ob1|` zS`+uN#@L|$d%NH5E$IKj{_eB>KS6oHj>8~{y}>l`f)PtXrX-?N${NBzFgxbV_Gk87 zuo?HAaKbIt8+(Gep);NEAYuGI@)b@QA*$Eg>Q3PjD>ImcTIPr#anr!)m-*G>Tc>GeZV`}gmJAuK6>>~C? zUQn(v!8scM)J)-UaK>!rC1W`|K8gHr&SN$k^MD0m!e(K7ixYt<5kxo({tWa+p-9w> z>(hwc@mK%{E27H0Asce;4s1ZIh{m<^1oRTXEvTG$z_b`4VT3VaAKOvHkwNw_ffjoJ z9Ah?!1iyuDL=12UAp<^RL(k`;Mm)2b?>RhxwHk99kydbu{2mq&p$W2DqctJsdU zQ>s6tluAD%b+~pgAT6FP*A3Vc)5Jmc!e6;nYh;2Awe`hIm z>~AsE{p9Kzi{IO@MBEDF(GR84RNy3OU1APu5!e&XDnZC1!KZE*%qO57z|H_4!>P#Y zNwtPuK{Fj6)e!Ydt|%Zqk|e&KgYeV(+qu3deCE_@tZfLRov7|uDs~k#n&-REY@h{5 zPNYuE#vy7+O!{HR2^+w;obTLZ!{*|6w|>3v=shLNvN<9I0Y*LTyeM- zj~o^dKU!}Z8#|zw{5OnmP(4^eHOzNl3+OhD;2T(!I}e$PDnhfaNw%PhfekT71i_lj z*=-QceD02T4N*BEXbmDGx^0l~2)G%=9!X+0g&ZO+?ZlcQJ2VIEB!$a3gw;7zL^i4Z z1Z)*)07^v-)eUgQ>lP@7h!(46@L!-9E?ERtnFgSb0w}j9ITRq;KqC&85v=&afVLqp zDo7^ko^n+h&tLsv~1uHL=G87 zgo&-3q05I};3XWGj#N(UIj9a$>4Nzt$^Z(e6z~<-ABV~z%kd;!sr=-Yg1gYa~7ki~mpC$F1{j>#@h!5dZIPFUJ3Sd%Mr^|5KFXFq%uBgtl;Zdv_nA9SqkY^tnV^ zFNAWaU|czv+7U!LpzSp_M1uzg3gYY-9VJG>!Cc$iaDcW$$0N~PnleBm!eKI_%>-Ia zAwtI^-=((^(r8gQ$SM>rcU6yawI=r`WZ=kz=q55a7>Pm%3--uC9HyPq&AtbQP>zr~ zV}VFv4^bmJYtjMWC#PwVZ5HDi%S>GjEvm9uHJry5STw<58vqzQpj(-3O^sz3u*^ovg+o|G~H2g!W>v|LqKq!ZP6GHMkPIHm#3Qi43 zRn7&iaJH(dNsMs|1NK}pOa>CRF`XEPM_-qC!22kSmLDcP-Yvc+>m2*=ezM zmtA%)-nUO$C#>A;!gtu${M_!nySVBxfao;Od%v)YH>`R73;Un;`ALnn{&Cr9b-V1M z!`f$;r|lNhwa<@FuTI+MZ`o_;cYe`hr|q+L50LgQ7!IgVwOd_8cGl_~zk{#M*X`4G z@0S{T)9#%k&NqOx$u66nUioSDnj?ZVQG#0kr4s^EVwBrFGUi?^!S^)Unok z_`zF2fhp>Ke%GQZ7_SNcj(hEkbDRdHV&H2HX4&bbU4L$OTQ%0~w7bZVH=PSW zkL-jV7lZ`*owp^i$+R>A#^|q9`lxz-)O{dSL=+IWr_tE#QrDf>A<605k zmB|bZnJ2&{7#w{I_BvbgYds2KBQf7{#&wwqvBt^7ufk?*8e=BShmBJJe~@W7bID-b z4n!D+Q++yNnX8=OuHc$7@st)55qHw0A#9L*ns5|{1D{Xixen}_DCLq7Jc13=bbtnb zD@DJR!?Xo^h$$Ca2Rpk}U}s_KgqBkWVB#Ey<#(`uAc6&l*?GwvlY__aTS70m;v#oK zF$dQ(AtbmHbSX1ukC533fv#Mg8Uv})StVU*Q9==O?zCx9t+GHHnJW%Iaolgs=;fet`;U62J( z965#_-BzdFJUzcUd#wgeJiwUPlZf@&fUMU%ySyot-YP8xc9NQ+2-#X#q@(~h!$@s{ z8LPu?yW zylXO#c(Jj_rL@o_sRwNKwTWUCmk;f!pBynnQN{7(+T$SToahT<^e8jrVN5A?E8c5 z9W@BqLNtx1X{t`(cdU>{Q|;_*qg2wB=7EQo1rh?pJ&a{S>*Ll`#9LwvPK6xshgTn7 zZKY|lkJ3k|naa$T;3^LZc+e;4lW9~cVAaHS#$LedUI4L86!XLek7}_uz@G^ox~EQs zjE*PdQI0KiE{@O1!D%!xw_U^_Js6&4acVc*&5SA$4ZpXY?Cj9x2`2RdTOWSHBwYw` zLOS|HmSbji2tiAB!e??!&d1FDQC^SikR}ruz}3+oia-#~EV(f6dEi3DrJ8Q3q$<++ zJFpa4JcEcl7oO>u&0<*?N#YgRvEY(dWUov*XJgM9gB)?W9*SV;p``;3<)JFQm;$^!Aji{d!G1+enZ+SqS^&_y!en*QbtVPM zB!3u#W0!M?c@zqdEObgQS`|P*P%w^tXL~*h1Z88R1gHp+1n@^w-^B$36v9IQSihln zujLHFGPN?78ZllT5z`5*&9QzY;&b6zwnUU44n{Ra?8LrBC4kva%pt)t>MJd%0wW6P zU;(n&%#6SArjVW3G&2mIi_;^i4>)&)5=RmQR|Q>CGM|qGAHC%E{~~t2#T{_m4}anP z@4ema{pb7NPf!-tUsXJ&9Q=m$-#^&heqR44C@a^$-^U9d{k|2=zjlmG`Tr&Be|Wg_ zod0`@vU2?$-+P3mr?Nr+_Yc9=7uNsaaR0mK^?!o$;?J}#8o=uF;EqLfC;B@GADMA8 z2$1SJff}aCAC!2Eia~t8fB$INab zWxH0J$ukuX>h^e?nc~i#gFZ!`6syVJwWkX?q_zdFw3{bU=8YHA4 zlDJ6a7i89!5xMmx6oz>U!|6i^T%Wev$iz%!A0~E2_U{42EzkXJB1&q-Zy`%(1Rp@! zhUDQAy3V2DH_()-NRc+H3yb*Ma+Z%kZ!zOpq!``AN@~A4*ZBw& zNRysL%C#4?&@*`=lmx7t%ev(01IPs01b8wVMppbN z#htbxrfcn4t?b~HAi2LB7a8k~$mp1NEgo_u55kjq|3w-F&rrNjH&kVUE#RPp>U}4b z0Gx3teB^-&bSPqW zP;~_YK|=beg^}?2x;#8cXWz69vPZEt-zQZg37me-psGdAr@^IMEpV_Bgx@)5b7A3mVx_(VLQn$H@6)vVeG>Y99|O~VUkSd9 zQoklEx^n-AA>fPt|DK?Hukrj1)kevTRT}LA=E(t zgcTY<9Zg(yPWA3DR(mrrM|gup)t-W#s4?2PsjV9sLDh=Ko}Jd4{w4fr8+N`X4`H*W z67FbYKAQS=j4vw3T%_?;dWpm35xyiGIP>gA3f5pu&waOa(z4#tMv*w~FBYu*&K`7%P|AxN^DN;mI@(vST#$ za)3UI1BlEyO3(}ug+6_}5*Cc|UabsP=m<=bx-PZ#>GMyYKL2RP&bT2@{8A%|^jYNW z7(J>PRSkQdP6)kT%!kycmifb@RDNipK+m!n+H4wl|C(}!jvTPy8;?$Yf?&0CvC3lj zag=wr5_4Xf*UX2qO}Zb#(mjR4KD^hMV?~4GD9-on1G|g-eE1 z11$8nehtA{%1%2+H&qMeEvl3&RRgv1o!SeT^qKESVIeO9C$&lM_nizgDj1=PyAT@>9ujUj1^26qrQzpCYn{A;dDF zA54Hfi0KP0s;yAZ#V$%+3Ff*?>7s=zf`(=(IGrn51T|S_(e})(WNWle?WzkJYvNj_ zlsT6P>(>s@_4+))OS2e7q;D+J%@gURa!zlFE(=a++N>gd)jH1V(8qZRKu%+`D_NMM zyro$%5T%SwAkrkt8G~+AYnqYHx{SjKkLVgI)_gPnkND6gFZ1mW_vdIUup!5&oUo{I z=mU(83>%6=nBA*I@mLX}AjUsnIFYjSce1!Ykxor`G7jB>36^HEk7lys_;}+gt5|B3 z)0knoMP6%r(_2qDyGscj{7r(2F*eL3E?03!Kg=^j88!05X1&twWlfouFKadBa4BMW z!EH%PAt*7M3SMSOduj!iHEVmYtPQ=3_I5)HvtRg4RF-%akTGo2K4lTW0D^dq5*@6( z91P2g^hTwfn*sK(VUkY%h9UEkl_>Dl4KJATr2zS?V6o`XR8C1c)T8pE+tcNi&zA+O z#d3$aLbQrUt0L9aLjdn+6zHw>Vm19(l=RY=D*?$kXuMr1*BkI=(*Fgh&r-eEfIX)` zUob$^P^}F^6twV57$mo&8~CG@IOo4*8ookYWj67yk?!~ zOX0%w$$4D1FvBQ~ZIuNz-fW_=Co4r5LFdH!@ny7LJNmp8x2>u1B~C{2T879`5bz zKHvX+g0gx2zy2cdru)A;2gUdQcX#%8pYQ)ZMR}C-zry+W18!md-qU_As%+MO$G!i` zdjK2G|F?Iy7xaI7fA9JC|DK{e&OPt!$2BIQ%YEFn;Po5&vI54!V|)dNKR3P_3UjLl zBz|25o!*et@Y##nD|=os+ybrrO6LqK)NYBt<)r&a+~+*Q9D0zsmN>Qa4|C#$YN zEWa0DqnbT^Gs2QD%;qjw=qB^lgnpa8f7$HyTAlOS%6k;*GJML0etPXp2bAh~L5-$v zb{kjED0!Q!)px|qqf8aH=HQl`c;>+5-LAg8+;t?caxMW&Z+0DJYf}KD+_I7`>vcFu zPkYi7y}a3){m=^XCrv5SYpsoJ4J+3-RpSIEjq&pU1n~mT4lwI4=+#&C=Bqjo5TSf~ z9rw`_^+Gr$sqy!}Wp8;NQ9OzQ(Y)pIE+V0Buuq@mc*Z-w@&}^TA{yI;A>9s@c`1Fc zv3THMo|Fv5HT=1Oeujo3A3M+$9*t8seR^1wKy`qq$IbR@#>F^&NxNYxs&x^M?7;gs zP2BcdV4V_m1gOptb-%tmcw9u-=P;a~9X#gijq^v$ujJbD2^HP;f9)M>bJ|F9Kl3Xn zr;~ zHIJTtH-QusFJy?d{IR$B+Zr|( zJ6sAL{+WgeTbmxqEGT)``5n80n_mTkRF!_2ze%E+J)XLoeIl1Br$bz-|8$=B zPtH5;7I-j>H1Mb=FI&#)T+@YRzz&q$N!Tv{(Ruf{dkCTz^k~7|2iRVi(1Wlj|022s zE(! z+1~l*{?n(;{oUP0MZb^;6$!GERqeu)VE3I_EeAfDh3ZC!ZXJ;aBJ>8EY;;=xF{jkIBjlxMJC>@W!E5Mo9=ZIa8h1mth}Kk}if5 zO+R&OiHI{-ya^MA$G3370_}_Ib$iAM0}cvSJ=3wgBUaf8S$L#xKp5RT4?fw2@nh8( zEyQfakC216j)S)$_${5@va9!em`=*7#Gl)O^Iqf+3aSPh@43UQMD8iUXEj zN!Jo!KA6Vwgj*8&pOT2-&=~9#{|xvGXcdcU?{ZvHn4*td&Kngl_-}?Uij4GxeOA@} zYGjeRi^F)U`e$PBMrl;Qtquj^0oH_Enx|helaCtUcCzlUoU|1^gjJL#wm{gJ=C%rN zVrPc)?}DoIf1veZvI2FkomR-;1KMRwv(Q7nvn>7|;ME5VQwAm)W=jea!_!QwV1y=b zG|OsKFc$58U0g-IO#RT9UuD`04Ll=0U+f9|{(orSa({WFh zXlN%pVte=DgU??c=G!>se6Sp0mQ`X=BIdN&`$-^r`YW@7jx5UGR->8%vuOw6xdHOK7zM+C>s9_tQ1+cUxH)*~4xa$2eOdd06i-y9Fc}1mStxW^l5Lp@zZClKP zVJ^M60oVxHUn588(TM^+(DJ|)uX!-n2+Up9E!5sW7$i~!ZB{0%PFB{TCu9DybgF$^ z9h9tPKJPk=xwVLraU6HoSWMc%u^Y3M6op{!#v*!K-PS(13KhT8&~aW-3qal5eiw_r zz_aN8)bE}exqbX6bY1;_HwOpiCSVP34LQC%8|D-Ws|ryRZ+*@r0e~g-j>R-g9FTNW<%O297p#CX7 z7u=0B|KDdUo8|N$?#MeSfGpAfI5^0}f81$2+21Sazk5humHx{izPRLS2yWCQ!G%x7 z6{HI!szWb?ZiTZF2QTpeyi+8p=JK!4GEUW`{bhl_3nY-2 zdOh5NUyG^cVo@hkZ>1Z;uNKS3Z_9jn+-<*sD2d{=txaMS?({mR?atu*?OA64cA;9X ztk~_n9JJpEX{B`GQK{4TmO5)R@5R4gHDyx->8iRb#%b`6#SfvzVkxo6C_=uMCv0#q zzbyd)yvr3KsPpW%;IE0TV8(#^y|W5(2|@2=>-6NmEeK(0-tjJJhA!LZE5wy?q^y*O zMu$n|x)S72Pme&QFD;kxWo=w-qFX!@U~|3xmX2j;AcFqKwMKGh{2c{gW+^Ix%n#`2QMJ( zgvu51CqQt;o%$Dj6BQnZqY0z!3(Lw-9)mReGtDchZ4(k?n@cHG8q$Ql5D^fp@J`Vf z#k0ccTXi@dqwbcdNHI6Y>}+G;d)#^?a_3FSRe+}Cc3mot-+=xUagp5WQQ6{aXh#jF zH??=81&-Zl*9UG)Qsc4TL;>d&a8Y;bR4s)nkZuoI1&B~)gvIc@1{TOyI z`(N`j)OQFKvtsy$-zQ*Pu7n?bfjVG%zE0X&01(nj3S~=_(u(01B+_@vjmAR2jR2U6 zGi0@+g@-}Q^%1s)euYE-(uad$g)MrN)7DyWRj;rLY=yKMd{uLN4Y$p5g*{TS8%W<5 z^B}7>Y3x4Ic@w)3)To?nT!6ioF&o5^+HFzJKWnvLwO)1xuUn_=U(c;RC&$T8XECB{ zC)~$zVreM)X-uv~99n;t@~5Tmc#B&-qsY0oUZiGjXct$=i+088%7Rum!lR7~l4z|9 z3uQM*vDt7`oyUlB+_(-VT&4^ST{M=pO`RvB!Ro-#`m{j&ckdDdDvD3fw`#Uwo@veP zuCoLLQd$lQDXk5D?24;`Axdjs4V2b{V`{=UJoCs;KgS41jMA4V+ry=TB}k5Sb(YN; z$ZGIX4*NE6Q_j>^fuEG_1V<^^@Kj9dDqxk8+v?n*g9zz1;I`j=(`!3)v9lfPAX9=D z0XB8U(O1$2rjO!*a#S!*{9>XV_zYPkV5PJfM6y36Z0}CfaF_NJF%9 zN5Ii;vBSGBavBWB1AAaDn%`Xi)fJxC(Psw6PB`O>r^@ryb?YA+9Lr$s71`9v+-Zfl zW5WKxMI0FoyH?7j)m<=1H|TI~b^T?wT9G#yt`d$6df|+oEi4^(9`#t)4UaUf5h@{MMOXd+a$p`8!SF zai`zzojkXva2@bQ(S#~uvl+@jCTm$&DI&RsNXy_m4eL7K+Vc!ntag0$Xj@aB; zvL`bl1@8yKUKm1%qhH_s`t0ISz4re7Gb0m)4@dr^`uq1s^?!Mlx>Q{!G^_?&O2~zj z{%BCGHMTg|M2R+gZf<>_DqMF;x$s|HvYWU9mcakUjsyN5?3ez(?jzk1{wrh*5FrRs z1?RHb+^RO}S|+^reBs#mdN`|r=1tYETrbb>y(i=R&u+vueby~--JO1_9<0uyb zcDW2E(-f9wTx~7J5y)w(hli|X14;F|Gw2)C7W=q^pv+mf&+zR-P`{imcwA=hEQv3Z z;q^6?{CPONT!5ee%JQ{fzc^>ZJCA442%c4YnLb`Iq&1w(RTovW>YFs0L@C=*9Mh!@ z>GNru!wga=P1>9OXc8U5iophkt>b@~uuXPR0Wa6vlW=;Og5K5Br{xV*rZSbOOl2xl hnaWhAGL@-JWhzsd%2cK@mFZha{|8tslE?ta003kVNV)(3 literal 0 HcmV?d00001 diff --git a/meta/recipes-support/python3-debsbom/files/rules b/meta/recipes-support/python3-debsbom/files/rules new file mode 100644 index 00000000..a414114d --- /dev/null +++ b/meta/recipes-support/python3-debsbom/files/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = debsbom +export PYBUILD_SYSTEM = pyproject + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-debsbom/python3-debsbom_0.1.0.bb b/meta/recipes-support/python3-debsbom/python3-debsbom_0.1.0.bb new file mode 100644 index 00000000..a1e54e97 --- /dev/null +++ b/meta/recipes-support/python3-debsbom/python3-debsbom_0.1.0.bb @@ -0,0 +1,52 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +S = "${WORKDIR}/git" + +DEPENDS = "python3-cyclonedx-python-lib python3-spdx-tools python3-packageurl-python" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), \ + dh-python, \ + python3-all, \ + python3-setuptools, \ + pybuild-plugin-pyproject, \ + python3-packageurl-python, \ + python3-cyclonedx-python-lib, \ + python3-spdx-tools, \ + python3-beartype, \ + python3-license-expression, \ + python3-uritools, \ + python3-py-serializable, \ + python3-defusedxml, \ + python3-sortedcontainers, \ + python3-debian, \ + python3-requests, \ + " + +DEBIAN_DEPENDS = "python3-cyclonedx-python-lib, \ + python3-spdx-tools, \ + python3-packageurl-python, \ + python3-requests, \ + python3-debian, \ + " + +DESCRIPTION = "debsbom generates SBOMs for Debian based distributions." + +SRC_URI = "git://github.com/siemens/debsbom.git;protocol=https;branch=main; \ + file://rules \ + file://0001-Use-old-license-description-in-pyproject.toml.patch \ + " +SRCREV = "8fb87567514d461e2db49e0485b890ef108c824a" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + deb_debianize +} From patchwork Tue Sep 9 08:05:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Steiger X-Patchwork-Id: 4339 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Tue, 09 Sep 2025 10:05:57 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-lj1-f189.google.com (mail-lj1-f189.google.com [209.85.208.189]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 58985se7007137 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Tue, 9 Sep 2025 10:05:55 +0200 Received: by mail-lj1-f189.google.com with SMTP id 38308e7fff4ca-33e8ed441a4sf12826281fa.0 for ; Tue, 09 Sep 2025 01:05:55 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1757405149; cv=pass; d=google.com; s=arc-20240605; b=YT2FZ6AtfPTHNOY6HuSOEDbJK3qDVtp+Fz6Kv+XDnIw8f2EVGl18MHMOU0F8eFYZj4 8ytfZQ42w5fAwbTgOVIsXjE/fzcu2oWNge1h0quyJcDX/X5zHaH97JNKfeZlNMKOZ2KR av1GpCwOhss8Ixc0ug/Z4/2rz3wjSNWmjlEtSU0Od1H2r+ugCWi0X9oP24sEXa8xNvyk L4X4FJsQ8BZYtMwDiAahBC6PBPw1ghy290bOWvLrJ8mDvLlQI3udEcfpGna0LR2fb38/ lK1sUMCwiqHTCn45hDAz2b6tERYSfDEw4XIChEXL4T/eZlggys89f+lxT25OubUWKz/M CjVQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=DV1hSZnWZn+ks14INkVcIwD+hnrA9/CCjnnGBEx0vTA=; fh=6MzKIQaMGvujjJfvuarPuJhwHLBw07oNEt3XyuuO4tM=; b=YyQyds6RIGJnHLISwJmA71lHJ8JA6fOm2Nv5paAhqHwHffJ0KMMO0kh/far6rzGCIs QO9XjL3a3jQlJ9CgxP1eUcxIkZApNcoimkISft31mTemBG43tt+YYFHYWSA8XpgwySEH pwrdjDJx10DslMTXevahfIVkZ22ZNucMRuQgTmhvSmeBPZWTGAau8h96+zBnpaTXTsQ9 sK+nwug7FnCC2xbimnhjYL9AmP1UPVE+HSfIHoNlNhbgwBkXsfpmY+JNSD8Et0+3drsu nsbHOO2lWN+lOykVhSaZUzrDLtiFgYhFhl3cgIMsdRBzjJpqqgTboWKsHon+S5IvBPHb fB3Q==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=XE7JWz+9; spf=pass (google.com: domain of fm-1328957-20250909080544c84095060800020750-scoqej@rts-flowmailer.siemens.com designates 185.136.65.228 as permitted sender) smtp.mailfrom=fm-1328957-20250909080544c84095060800020750-ScoqeJ@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1757405149; x=1758009949; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=DV1hSZnWZn+ks14INkVcIwD+hnrA9/CCjnnGBEx0vTA=; b=GSq1eol/zaTe2feqNobTFRCydB4gPNzLjksUc2A2KMF3g3cpV6lyxh7zXAiRbRAo0S Fc2QsYVmNODVdKiqLiNK753O+ktFec6Nu35+kadKrSYSSx8zBGjqEBn5HMpHOvy71xg2 bF4cLGZ81gjKr8zUC+sqNZ8NTeJxmhgPK+aAb1K033/3tyVvyLkXzS7d/XUezyjTZiNs 2xgbG3O/FelIyG1si7X3hYograZEASxsutoE25Yx84LOa8RxhY5+Bal21Zu9g2glkdOg LwheY4sdP3zFMUEpg+YcNXsN2sg5/ZE7jMQJvskuUYvgSJykSidiHfZUTF1BjWWQWYJ2 uDXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1757405149; x=1758009949; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=DV1hSZnWZn+ks14INkVcIwD+hnrA9/CCjnnGBEx0vTA=; b=bdctyDwg2MCXgV4SztPhPY9H+jRKINrqkUvqendbSZRyHW7nCqVjy5eHjl86P3oAdd eV4zSpAE800HVkS43swi73YigBjoaLhJocbZH9S2FWmPdQy1LG7JQMcKdkEyCQRriYF0 eE0eU91Jt4hmdloIYWZBtAIqRYbuluIu8IHObMtyx+g33mdF3c5sPF2rUcNkHrm6V/Aj VKQkgmSpHcibCCroNxDXNtG71ECp6yZyyRNDPvgaivJWW3Rmj+ncEK7QZMuK4muOCZv9 gJqaZxLRelvy55sioTq36o7QxA9160J6ovwZnVbtGgO1dlcb6tJOPInHVg6cuXfWEQhw dBzg== X-Forwarded-Encrypted: i=2; AJvYcCW3MoXYv/qpF2dMuofssRzA4b7nVlZtgi8qGUi7KSB6pLHQoUEuZyKAVRNEJW+v7KixaKtgZ4c=@isar-build.org X-Gm-Message-State: AOJu0YwTbX4QIkFzJHHs6DNLT+Yo65n0sNEGO6UDMObpRU+RnoUF7Ku+ Dp4YPHJYl06hK2MOBkRQmtMC+MbqUBFRKxeSrBHM8TiWpq/2Im/rsbru X-Google-Smtp-Source: AGHT+IFX/QgSzlueZRkmZARK6SFTHDgX2qakTmI8b8rD1MZJMErf0tVhJePfA84E4MGJcmoULlD3qw== X-Received: by 2002:a05:651c:3254:10b0:336:c569:5cf9 with SMTP id 38308e7fff4ca-33b4eee861dmr26397061fa.3.1757405148987; Tue, 09 Sep 2025 01:05:48 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=AZMbMZcTYPfXxZUvfGjce7cMglCsIsPAVhGo7jgDNvdwsW2Ohg== Received: by 2002:a2e:a375:0:b0:336:c2ac:9a7e with SMTP id 38308e7fff4ca-338cd0197f4ls6454861fa.0.-pod-prod-06-eu; Tue, 09 Sep 2025 01:05:45 -0700 (PDT) X-Received: by 2002:a2e:b523:0:b0:337:e7c6:d8fb with SMTP id 38308e7fff4ca-33b4eee97f9mr21579811fa.6.1757405144769; Tue, 09 Sep 2025 01:05:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1757405144; cv=none; d=google.com; s=arc-20240605; b=UIzpVJ1Qu938rDl3j8ycLdK7Emx0KxOF7jisYkw8Ge6nfgzCZPTSWyxIBznbG0ibuk Y4O+/6fBErwF5Ll0JMUK4hRjmdA2ShnLut1PzMHLMC8QpKNgH7fzgD6ww5thT0k7kxKt CIBHWGiGh2XEFq3v1rvV2VgmKrg1sG58ELnISpXrvLonoa+w849zNtqDbfw4kvg+MFTt NaaCaHDHfepJzbCAf4bKQ7+AlWXi6XQtKGbvjjq64mKSbf6CWDZNE0lpNOJjFC2sZH5P 6mqr0C+4hQtBdN7PLmYlJ5Ktc2ZWyw7TNdIHQ8wDY2k18j+1E/DK5MhZzXHwGAdVUyQy 8Yhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=WowGIXbcx4uufMA5t0qXY5yIHLOwmaJthZKdDFmQY5s=; fh=eiYcjuc0Ff+maEd84O/+qg+73FB83bid0hUx0HldS7s=; b=GIDEaJeifoac0qGeJR4DBT3MHfJMoZ/H3i3DO4httOB1mIp2JRhY8j0SFDAKV8HApk YBiN0g3SrFyszMFuMYMKrFrXDAgN24oZChHECsuRV9JJ0kdnQW5f59+NC00Y82k6ZyxZ 96ed8SF0ugs6c1EJZZcbmzToZ5S6yf9IUyEWQXuUaidcGmfPnhEHE84t9hRn98LLM5eL 3wQzL4Dhu7I5evuuZ+Gq9T9q2zD5o8QW0SRgj+icWugcP7WPZia48EyQWjtJN75RMexp 4Hlb73aKO8VHYoPAiNveLjGfj5FW15lD5sFWY7u3sb+r6tdtUC7rovSoYLF/CbT3DTJD 6ubg==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=XE7JWz+9; spf=pass (google.com: domain of fm-1328957-20250909080544c84095060800020750-scoqej@rts-flowmailer.siemens.com designates 185.136.65.228 as permitted sender) smtp.mailfrom=fm-1328957-20250909080544c84095060800020750-ScoqeJ@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-65-228.siemens.flowmailer.net (mta-65-228.siemens.flowmailer.net. [185.136.65.228]) by gmr-mx.google.com with ESMTPS id 38308e7fff4ca-337f4fdec42si4074931fa.7.2025.09.09.01.05.44 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 09 Sep 2025 01:05:44 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1328957-20250909080544c84095060800020750-scoqej@rts-flowmailer.siemens.com designates 185.136.65.228 as permitted sender) client-ip=185.136.65.228; Received: by mta-65-228.siemens.flowmailer.net with ESMTPSA id 20250909080544c84095060800020750 for ; Tue, 09 Sep 2025 10:05:44 +0200 X-Patchwork-Original-From: "'Christoph Steiger' via isar-users" From: Christoph Steiger To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, felix.moessbauer@siemens.com, gernot.hillier@siemens.com, cedric.hombourger@siemens.com, Christoph Steiger Subject: [PATCH 3/3] meta: add SBOM generation with debsbom Date: Tue, 9 Sep 2025 10:05:28 +0200 Message-Id: <20250909080528.95765-4-christoph.steiger@siemens.com> In-Reply-To: <20250909080528.95765-1-christoph.steiger@siemens.com> References: <20250909080528.95765-1-christoph.steiger@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1328957:519-21489:flowmailer X-Original-Sender: christoph.steiger@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=XE7JWz+9; spf=pass (google.com: domain of fm-1328957-20250909080544c84095060800020750-scoqej@rts-flowmailer.siemens.com designates 185.136.65.228 as permitted sender) smtp.mailfrom=fm-1328957-20250909080544c84095060800020750-ScoqeJ@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Christoph Steiger Reply-To: Christoph Steiger Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Generate SBOMs for every rootfs that is created. These SBOMs are placed in the image deploy directory. For the generation a small chroot with debsbom installed is created and from that the rootfs of the image is scanned. The sbom generation is bound to the rootfs feature `generate-sbom` which is activated per default now. Signed-off-by: Christoph Steiger Signed-off-by: Felix Moessbauer --- meta/classes/image.bbclass | 2 +- meta/classes/rootfs.bbclass | 6 +- meta/classes/sbom.bbclass | 60 ++++++++++++++++++ meta/classes/sdk.bbclass | 2 +- .../sbom-chroot/sbom-chroot.bb | 31 +++++++++ .../files/debsbom-0.1.0.tar.gz | Bin 9383 -> 0 bytes ...sbom_0.1.0.bb => python3-debsbom_0.0.1.bb} | 2 + 7 files changed, 100 insertions(+), 3 deletions(-) create mode 100644 meta/classes/sbom.bbclass create mode 100644 meta/recipes-devtools/sbom-chroot/sbom-chroot.bb delete mode 100644 meta/recipes-support/python3-debsbom/files/debsbom-0.1.0.tar.gz rename meta/recipes-support/python3-debsbom/{python3-debsbom_0.1.0.bb => python3-debsbom_0.0.1.bb} (98%) diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index bd1b8552..57e66632 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -66,7 +66,7 @@ inherit multiarch inherit essential ROOTFSDIR = "${IMAGE_ROOTFS}" -ROOTFS_FEATURES += "clean-package-cache clean-pycache generate-manifest export-dpkg-status clean-log-files clean-debconf-cache" +ROOTFS_FEATURES += "clean-package-cache clean-pycache generate-manifest export-dpkg-status clean-log-files clean-debconf-cache generate-sbom" # when using a custom initrd, do not generate one as part of the image rootfs ROOTFS_FEATURES += "${@ '' if d.getVar('INITRD_IMAGE') == '' else 'no-generate-initrd'}" ROOTFS_PACKAGES += "${IMAGE_PREINSTALL} ${@isar_multiarch_packages('IMAGE_INSTALL', d)}" diff --git a/meta/classes/rootfs.bbclass b/meta/classes/rootfs.bbclass index 7b7859b9..0476f0d2 100644 --- a/meta/classes/rootfs.bbclass +++ b/meta/classes/rootfs.bbclass @@ -3,6 +3,8 @@ inherit deb-dl-dir +inherit sbom + ROOTFS_ARCH ?= "${DISTRO_ARCH}" ROOTFS_DISTRO ?= "${DISTRO}" ROOTFS_PACKAGES ?= "" @@ -429,6 +431,8 @@ rootfs_cleanup_base_apt() { EOSUDO } +ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'do_generate_sbom', '', d)}" + do_rootfs_postprocess[vardeps] = "${ROOTFS_POSTPROCESS_COMMAND}" do_rootfs_postprocess[network] = "${TASK_USE_SUDO}" python do_rootfs_postprocess() { @@ -512,7 +516,7 @@ python do_rootfs() { } addtask rootfs before do_build -do_rootfs_postprocess[depends] = "base-apt:do_cache isar-apt:do_cache_config" +do_rootfs_postprocess[depends] = "base-apt:do_cache isar-apt:do_cache_config ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'sbom-chroot:do_sbomchroot_deploy', '', d)}" SSTATETASKS += "do_rootfs_install" SSTATECREATEFUNCS += "rootfs_install_sstate_prepare" diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass new file mode 100644 index 00000000..3ae0a610 --- /dev/null +++ b/meta/classes/sbom.bbclass @@ -0,0 +1,60 @@ +# This software is a part of ISAR. +# Copyright (C) 2025 Siemens +# +# SPDX-License-Identifier: MIT + +# sbom type to generate, accepted are "cdx" or "spdx" +SBOM_TYPES ?= "spdx cdx" + +SBOM_DEBSBOM_TYPE_ARGS = "${@"-t " + " -t ".join(d.getVar("SBOM_TYPES").split())}" + +# general user variables +SBOM_DISTRO_SUPPLIER ?= "ISAR" +SBOM_DISTRO_NAME ?= "ISAR-Debian-GNU-Linux" +SBOM_DISTRO_VERSION ?= "1" +SBOM_DISTRO_SUMMARY ?= "Linux distribution built with ISAR" +SBOM_DOCUMENT_UUID ?= "" + +# SPDX specific user variables +SBOM_SPDX_NAMESPACE_PREFIX ?= "https://spdx.org/spdxdocs" + +DEPLOY_DIR_SBOM = "${DEPLOY_DIR_IMAGE}" + +SBOM_DIR = "${DEPLOY_DIR}/sbom" +SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot" + +# adapted from the isar-cip-core image_uuid.bbclass +def generate_document_uuid(d): + import uuid + + base_hash = d.getVar("BB_TASKHASH") + if base_hash is None: + bb.warn("no BB_TASKHASH available, SBOM UUID is not reproducible") + return uuid.uuid4() + return str(uuid.UUID(base_hash[:32], version=4)) + +def sbom_doc_uuid(d): + if not d.getVar("SBOM_DOCUMENT_UUID"): + d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) + +generate_sbom() { + sudo mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + + TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) + bwrap \ + --unshare-user \ + --unshare-pid \ + --bind ${SBOM_CHROOT} / \ + --bind ${ROOTFSDIR} /mnt/rootfs \ + --bind ${DEPLOY_DIR_SBOM} /mnt/deploy-dir \ + -- debsbom generate ${SBOM_DEBSBOM_TYPE_ARGS} -r /mnt/rootfs -o /mnt/deploy-dir/'${PN}-${DISTRO}-${MACHINE}' \ + --distro-name '${SBOM_DISTRO_NAME}' --distro-supplier '${SBOM_DISTRO_SUPPLIER}' \ + --distro-version '${SBOM_DISTRO_VERSION}' --cdx-serialnumber '${SBOM_DOCUMENT_UUID}' \ + --spdx-namespace '${SBOM_SPDX_NAMESPACE_PREFIX}'-'${SBOM_DOCUMENT_UUID}' \ + --timestamp $TIMESTAMP +} + +python do_generate_sbom() { + sbom_doc_uuid(d) + bb.build.exec_func("generate_sbom", d) +} diff --git a/meta/classes/sdk.bbclass b/meta/classes/sdk.bbclass index 46436d97..644b0623 100644 --- a/meta/classes/sdk.bbclass +++ b/meta/classes/sdk.bbclass @@ -55,7 +55,7 @@ def get_rootfs_distro(d): ROOTFS_ARCH:class-sdk = "${HOST_ARCH}" ROOTFS_DISTRO:class-sdk = "${@get_rootfs_distro(d)}" ROOTFS_PACKAGES:class-sdk = "sdk-files ${SDK_TOOLCHAIN} ${SDK_PREINSTALL} ${@isar_multiarch_packages('SDK_INSTALL', d)}" -ROOTFS_FEATURES:append:class-sdk = " clean-package-cache generate-manifest export-dpkg-status" +ROOTFS_FEATURES:append:class-sdk = " clean-package-cache generate-manifest export-dpkg-status generate-sbom" ROOTFS_MANIFEST_DEPLOY_DIR:class-sdk = "${DEPLOY_DIR_SDKCHROOT}" ROOTFS_DPKGSTATUS_DEPLOY_DIR:class-sdk = "${DEPLOY_DIR_SDKCHROOT}" diff --git a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb new file mode 100644 index 00000000..6f27f842 --- /dev/null +++ b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb @@ -0,0 +1,31 @@ +# This software is a part of ISAR. +# +# Copyright (C) 2025 Siemens + +LICENSE = "gpl-2.0" +LIC_FILES_CHKSUM = "file://${LAYERDIR_core}/licenses/COPYING.GPLv2;md5=751419260aa954499f7abaabaa882bbe" + +PV = "1.0" + +inherit rootfs +inherit sbom + +ROOTFS_ARCH = "${HOST_ARCH}" +ROOTFS_DISTRO = "${HOST_DISTRO}" +ROOTFS_BASE_DISTRO = "${HOST_BASE_DISTRO}" + +ROOTFS_FEATURES = "no-generate-initrd" + +# additional packages for the SBOM chroot +SBOM_IMAGE_INSTALL = "python3-debsbom" + +DEPENDS = "python3-debsbom" + +ROOTFSDIR = "${WORKDIR}/rootfs" +ROOTFS_PACKAGES = "${SBOM_IMAGE_INSTALL}" + +do_sbomchroot_deploy[dirs] = "${SBOM_DIR}" +do_sbomchroot_deploy() { + ln -Tfsr "${ROOTFSDIR}" "${SBOM_CHROOT}" +} +addtask do_sbomchroot_deploy before do_build after do_rootfs diff --git a/meta/recipes-support/python3-debsbom/files/debsbom-0.1.0.tar.gz b/meta/recipes-support/python3-debsbom/files/debsbom-0.1.0.tar.gz deleted file mode 100644 index 7dcc7e43a06e06bad8d097a03294661d51b5e105..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9383 zcmV;YBv{)YiwFpYikxTw17u}lb7F68Eif)IE-)^1VR8WMJZpE`HnRI!zXGeAJ(02! z{iq+kzN@y1tt8s(*OBCOdmXPrk&wiiBDn-*S)0v&zcT}X1gV$PIPU4WMpKId27|$1 zUKoIK`9KW9Nqu5_!PcL?P1%NWc(_lWP>P@QytBW(cW|)3zrC{q^*i6~?Hv4R{~OVh zD^ro!F$@`pVX_WxQ+si8e~{vu>u-&`#2W=+%pY|Ob1|` zS`+uN#@L|$d%NH5E$IKj{_eB>KS6oHj>8~{y}>l`f)PtXrX-?N${NBzFgxbV_Gk87 zuo?HAaKbIt8+(Gep);NEAYuGI@)b@QA*$Eg>Q3PjD>ImcTIPr#anr!)m-*G>Tc>GeZV`}gmJAuK6>>~C? zUQn(v!8scM)J)-UaK>!rC1W`|K8gHr&SN$k^MD0m!e(K7ixYt<5kxo({tWa+p-9w> z>(hwc@mK%{E27H0Asce;4s1ZIh{m<^1oRTXEvTG$z_b`4VT3VaAKOvHkwNw_ffjoJ z9Ah?!1iyuDL=12UAp<^RL(k`;Mm)2b?>RhxwHk99kydbu{2mq&p$W2DqctJsdU zQ>s6tluAD%b+~pgAT6FP*A3Vc)5Jmc!e6;nYh;2Awe`hIm z>~AsE{p9Kzi{IO@MBEDF(GR84RNy3OU1APu5!e&XDnZC1!KZE*%qO57z|H_4!>P#Y zNwtPuK{Fj6)e!Ydt|%Zqk|e&KgYeV(+qu3deCE_@tZfLRov7|uDs~k#n&-REY@h{5 zPNYuE#vy7+O!{HR2^+w;obTLZ!{*|6w|>3v=shLNvN<9I0Y*LTyeM- zj~o^dKU!}Z8#|zw{5OnmP(4^eHOzNl3+OhD;2T(!I}e$PDnhfaNw%PhfekT71i_lj z*=-QceD02T4N*BEXbmDGx^0l~2)G%=9!X+0g&ZO+?ZlcQJ2VIEB!$a3gw;7zL^i4Z z1Z)*)07^v-)eUgQ>lP@7h!(46@L!-9E?ERtnFgSb0w}j9ITRq;KqC&85v=&afVLqp zDo7^ko^n+h&tLsv~1uHL=G87 zgo&-3q05I};3XWGj#N(UIj9a$>4Nzt$^Z(e6z~<-ABV~z%kd;!sr=-Yg1gYa~7ki~mpC$F1{j>#@h!5dZIPFUJ3Sd%Mr^|5KFXFq%uBgtl;Zdv_nA9SqkY^tnV^ zFNAWaU|czv+7U!LpzSp_M1uzg3gYY-9VJG>!Cc$iaDcW$$0N~PnleBm!eKI_%>-Ia zAwtI^-=((^(r8gQ$SM>rcU6yawI=r`WZ=kz=q55a7>Pm%3--uC9HyPq&AtbQP>zr~ zV}VFv4^bmJYtjMWC#PwVZ5HDi%S>GjEvm9uHJry5STw<58vqzQpj(-3O^sz3u*^ovg+o|G~H2g!W>v|LqKq!ZP6GHMkPIHm#3Qi43 zRn7&iaJH(dNsMs|1NK}pOa>CRF`XEPM_-qC!22kSmLDcP-Yvc+>m2*=ezM zmtA%)-nUO$C#>A;!gtu${M_!nySVBxfao;Od%v)YH>`R73;Un;`ALnn{&Cr9b-V1M z!`f$;r|lNhwa<@FuTI+MZ`o_;cYe`hr|q+L50LgQ7!IgVwOd_8cGl_~zk{#M*X`4G z@0S{T)9#%k&NqOx$u66nUioSDnj?ZVQG#0kr4s^EVwBrFGUi?^!S^)Unok z_`zF2fhp>Ke%GQZ7_SNcj(hEkbDRdHV&H2HX4&bbU4L$OTQ%0~w7bZVH=PSW zkL-jV7lZ`*owp^i$+R>A#^|q9`lxz-)O{dSL=+IWr_tE#QrDf>A<605k zmB|bZnJ2&{7#w{I_BvbgYds2KBQf7{#&wwqvBt^7ufk?*8e=BShmBJJe~@W7bID-b z4n!D+Q++yNnX8=OuHc$7@st)55qHw0A#9L*ns5|{1D{Xixen}_DCLq7Jc13=bbtnb zD@DJR!?Xo^h$$Ca2Rpk}U}s_KgqBkWVB#Ey<#(`uAc6&l*?GwvlY__aTS70m;v#oK zF$dQ(AtbmHbSX1ukC533fv#Mg8Uv})StVU*Q9==O?zCx9t+GHHnJW%Iaolgs=;fet`;U62J( z965#_-BzdFJUzcUd#wgeJiwUPlZf@&fUMU%ySyot-YP8xc9NQ+2-#X#q@(~h!$@s{ z8LPu?yW zylXO#c(Jj_rL@o_sRwNKwTWUCmk;f!pBynnQN{7(+T$SToahT<^e8jrVN5A?E8c5 z9W@BqLNtx1X{t`(cdU>{Q|;_*qg2wB=7EQo1rh?pJ&a{S>*Ll`#9LwvPK6xshgTn7 zZKY|lkJ3k|naa$T;3^LZc+e;4lW9~cVAaHS#$LedUI4L86!XLek7}_uz@G^ox~EQs zjE*PdQI0KiE{@O1!D%!xw_U^_Js6&4acVc*&5SA$4ZpXY?Cj9x2`2RdTOWSHBwYw` zLOS|HmSbji2tiAB!e??!&d1FDQC^SikR}ruz}3+oia-#~EV(f6dEi3DrJ8Q3q$<++ zJFpa4JcEcl7oO>u&0<*?N#YgRvEY(dWUov*XJgM9gB)?W9*SV;p``;3<)JFQm;$^!Aji{d!G1+enZ+SqS^&_y!en*QbtVPM zB!3u#W0!M?c@zqdEObgQS`|P*P%w^tXL~*h1Z88R1gHp+1n@^w-^B$36v9IQSihln zujLHFGPN?78ZllT5z`5*&9QzY;&b6zwnUU44n{Ra?8LrBC4kva%pt)t>MJd%0wW6P zU;(n&%#6SArjVW3G&2mIi_;^i4>)&)5=RmQR|Q>CGM|qGAHC%E{~~t2#T{_m4}anP z@4ema{pb7NPf!-tUsXJ&9Q=m$-#^&heqR44C@a^$-^U9d{k|2=zjlmG`Tr&Be|Wg_ zod0`@vU2?$-+P3mr?Nr+_Yc9=7uNsaaR0mK^?!o$;?J}#8o=uF;EqLfC;B@GADMA8 z2$1SJff}aCAC!2Eia~t8fB$INab zWxH0J$ukuX>h^e?nc~i#gFZ!`6syVJwWkX?q_zdFw3{bU=8YHA4 zlDJ6a7i89!5xMmx6oz>U!|6i^T%Wev$iz%!A0~E2_U{42EzkXJB1&q-Zy`%(1Rp@! zhUDQAy3V2DH_()-NRc+H3yb*Ma+Z%kZ!zOpq!``AN@~A4*ZBw& zNRysL%C#4?&@*`=lmx7t%ev(01IPs01b8wVMppbN z#htbxrfcn4t?b~HAi2LB7a8k~$mp1NEgo_u55kjq|3w-F&rrNjH&kVUE#RPp>U}4b z0Gx3teB^-&bSPqW zP;~_YK|=beg^}?2x;#8cXWz69vPZEt-zQZg37me-psGdAr@^IMEpV_Bgx@)5b7A3mVx_(VLQn$H@6)vVeG>Y99|O~VUkSd9 zQoklEx^n-AA>fPt|DK?Hukrj1)kevTRT}LA=E(t zgcTY<9Zg(yPWA3DR(mrrM|gup)t-W#s4?2PsjV9sLDh=Ko}Jd4{w4fr8+N`X4`H*W z67FbYKAQS=j4vw3T%_?;dWpm35xyiGIP>gA3f5pu&waOa(z4#tMv*w~FBYu*&K`7%P|AxN^DN;mI@(vST#$ za)3UI1BlEyO3(}ug+6_}5*Cc|UabsP=m<=bx-PZ#>GMyYKL2RP&bT2@{8A%|^jYNW z7(J>PRSkQdP6)kT%!kycmifb@RDNipK+m!n+H4wl|C(}!jvTPy8;?$Yf?&0CvC3lj zag=wr5_4Xf*UX2qO}Zb#(mjR4KD^hMV?~4GD9-on1G|g-eE1 z11$8nehtA{%1%2+H&qMeEvl3&RRgv1o!SeT^qKESVIeO9C$&lM_nizgDj1=PyAT@>9ujUj1^26qrQzpCYn{A;dDF zA54Hfi0KP0s;yAZ#V$%+3Ff*?>7s=zf`(=(IGrn51T|S_(e})(WNWle?WzkJYvNj_ zlsT6P>(>s@_4+))OS2e7q;D+J%@gURa!zlFE(=a++N>gd)jH1V(8qZRKu%+`D_NMM zyro$%5T%SwAkrkt8G~+AYnqYHx{SjKkLVgI)_gPnkND6gFZ1mW_vdIUup!5&oUo{I z=mU(83>%6=nBA*I@mLX}AjUsnIFYjSce1!Ykxor`G7jB>36^HEk7lys_;}+gt5|B3 z)0knoMP6%r(_2qDyGscj{7r(2F*eL3E?03!Kg=^j88!05X1&twWlfouFKadBa4BMW z!EH%PAt*7M3SMSOduj!iHEVmYtPQ=3_I5)HvtRg4RF-%akTGo2K4lTW0D^dq5*@6( z91P2g^hTwfn*sK(VUkY%h9UEkl_>Dl4KJATr2zS?V6o`XR8C1c)T8pE+tcNi&zA+O z#d3$aLbQrUt0L9aLjdn+6zHw>Vm19(l=RY=D*?$kXuMr1*BkI=(*Fgh&r-eEfIX)` zUob$^P^}F^6twV57$mo&8~CG@IOo4*8ookYWj67yk?!~ zOX0%w$$4D1FvBQ~ZIuNz-fW_=Co4r5LFdH!@ny7LJNmp8x2>u1B~C{2T879`5bz zKHvX+g0gx2zy2cdru)A;2gUdQcX#%8pYQ)ZMR}C-zry+W18!md-qU_As%+MO$G!i` zdjK2G|F?Iy7xaI7fA9JC|DK{e&OPt!$2BIQ%YEFn;Po5&vI54!V|)dNKR3P_3UjLl zBz|25o!*et@Y##nD|=os+ybrrO6LqK)NYBt<)r&a+~+*Q9D0zsmN>Qa4|C#$YN zEWa0DqnbT^Gs2QD%;qjw=qB^lgnpa8f7$HyTAlOS%6k;*GJML0etPXp2bAh~L5-$v zb{kjED0!Q!)px|qqf8aH=HQl`c;>+5-LAg8+;t?caxMW&Z+0DJYf}KD+_I7`>vcFu zPkYi7y}a3){m=^XCrv5SYpsoJ4J+3-RpSIEjq&pU1n~mT4lwI4=+#&C=Bqjo5TSf~ z9rw`_^+Gr$sqy!}Wp8;NQ9OzQ(Y)pIE+V0Buuq@mc*Z-w@&}^TA{yI;A>9s@c`1Fc zv3THMo|Fv5HT=1Oeujo3A3M+$9*t8seR^1wKy`qq$IbR@#>F^&NxNYxs&x^M?7;gs zP2BcdV4V_m1gOptb-%tmcw9u-=P;a~9X#gijq^v$ujJbD2^HP;f9)M>bJ|F9Kl3Xn zr;~ zHIJTtH-QusFJy?d{IR$B+Zr|( zJ6sAL{+WgeTbmxqEGT)``5n80n_mTkRF!_2ze%E+J)XLoeIl1Br$bz-|8$=B zPtH5;7I-j>H1Mb=FI&#)T+@YRzz&q$N!Tv{(Ruf{dkCTz^k~7|2iRVi(1Wlj|022s zE(! z+1~l*{?n(;{oUP0MZb^;6$!GERqeu)VE3I_EeAfDh3ZC!ZXJ;aBJ>8EY;;=xF{jkIBjlxMJC>@W!E5Mo9=ZIa8h1mth}Kk}if5 zO+R&OiHI{-ya^MA$G3370_}_Ib$iAM0}cvSJ=3wgBUaf8S$L#xKp5RT4?fw2@nh8( zEyQfakC216j)S)$_${5@va9!em`=*7#Gl)O^Iqf+3aSPh@43UQMD8iUXEj zN!Jo!KA6Vwgj*8&pOT2-&=~9#{|xvGXcdcU?{ZvHn4*td&Kngl_-}?Uij4GxeOA@} zYGjeRi^F)U`e$PBMrl;Qtquj^0oH_Enx|helaCtUcCzlUoU|1^gjJL#wm{gJ=C%rN zVrPc)?}DoIf1veZvI2FkomR-;1KMRwv(Q7nvn>7|;ME5VQwAm)W=jea!_!QwV1y=b zG|OsKFc$58U0g-IO#RT9UuD`04Ll=0U+f9|{(orSa({WFh zXlN%pVte=DgU??c=G!>se6Sp0mQ`X=BIdN&`$-^r`YW@7jx5UGR->8%vuOw6xdHOK7zM+C>s9_tQ1+cUxH)*~4xa$2eOdd06i-y9Fc}1mStxW^l5Lp@zZClKP zVJ^M60oVxHUn588(TM^+(DJ|)uX!-n2+Up9E!5sW7$i~!ZB{0%PFB{TCu9DybgF$^ z9h9tPKJPk=xwVLraU6HoSWMc%u^Y3M6op{!#v*!K-PS(13KhT8&~aW-3qal5eiw_r zz_aN8)bE}exqbX6bY1;_HwOpiCSVP34LQC%8|D-Ws|ryRZ+*@r0e~g-j>R-g9FTNW<%O297p#CX7 z7u=0B|KDdUo8|N$?#MeSfGpAfI5^0}f81$2+21Sazk5humHx{izPRLS2yWCQ!G%x7 z6{HI!szWb?ZiTZF2QTpeyi+8p=JK!4GEUW`{bhl_3nY-2 zdOh5NUyG^cVo@hkZ>1Z;uNKS3Z_9jn+-<*sD2d{=txaMS?({mR?atu*?OA64cA;9X ztk~_n9JJpEX{B`GQK{4TmO5)R@5R4gHDyx->8iRb#%b`6#SfvzVkxo6C_=uMCv0#q zzbyd)yvr3KsPpW%;IE0TV8(#^y|W5(2|@2=>-6NmEeK(0-tjJJhA!LZE5wy?q^y*O zMu$n|x)S72Pme&QFD;kxWo=w-qFX!@U~|3xmX2j;AcFqKwMKGh{2c{gW+^Ix%n#`2QMJ( zgvu51CqQt;o%$Dj6BQnZqY0z!3(Lw-9)mReGtDchZ4(k?n@cHG8q$Ql5D^fp@J`Vf z#k0ccTXi@dqwbcdNHI6Y>}+G;d)#^?a_3FSRe+}Cc3mot-+=xUagp5WQQ6{aXh#jF zH??=81&-Zl*9UG)Qsc4TL;>d&a8Y;bR4s)nkZuoI1&B~)gvIc@1{TOyI z`(N`j)OQFKvtsy$-zQ*Pu7n?bfjVG%zE0X&01(nj3S~=_(u(01B+_@vjmAR2jR2U6 zGi0@+g@-}Q^%1s)euYE-(uad$g)MrN)7DyWRj;rLY=yKMd{uLN4Y$p5g*{TS8%W<5 z^B}7>Y3x4Ic@w)3)To?nT!6ioF&o5^+HFzJKWnvLwO)1xuUn_=U(c;RC&$T8XECB{ zC)~$zVreM)X-uv~99n;t@~5Tmc#B&-qsY0oUZiGjXct$=i+088%7Rum!lR7~l4z|9 z3uQM*vDt7`oyUlB+_(-VT&4^ST{M=pO`RvB!Ro-#`m{j&ckdDdDvD3fw`#Uwo@veP zuCoLLQd$lQDXk5D?24;`Axdjs4V2b{V`{=UJoCs;KgS41jMA4V+ry=TB}k5Sb(YN; z$ZGIX4*NE6Q_j>^fuEG_1V<^^@Kj9dDqxk8+v?n*g9zz1;I`j=(`!3)v9lfPAX9=D z0XB8U(O1$2rjO!*a#S!*{9>XV_zYPkV5PJfM6y36Z0}CfaF_NJF%9 zN5Ii;vBSGBavBWB1AAaDn%`Xi)fJxC(Psw6PB`O>r^@ryb?YA+9Lr$s71`9v+-Zfl zW5WKxMI0FoyH?7j)m<=1H|TI~b^T?wT9G#yt`d$6df|+oEi4^(9`#t)4UaUf5h@{MMOXd+a$p`8!SF zai`zzojkXva2@bQ(S#~uvl+@jCTm$&DI&RsNXy_m4eL7K+Vc!ntag0$Xj@aB; zvL`bl1@8yKUKm1%qhH_s`t0ISz4re7Gb0m)4@dr^`uq1s^?!Mlx>Q{!G^_?&O2~zj z{%BCGHMTg|M2R+gZf<>_DqMF;x$s|HvYWU9mcakUjsyN5?3ez(?jzk1{wrh*5FrRs z1?RHb+^RO}S|+^reBs#mdN`|r=1tYETrbb>y(i=R&u+vueby~--JO1_9<0uyb zcDW2E(-f9wTx~7J5y)w(hli|X14;F|Gw2)C7W=q^pv+mf&+zR-P`{imcwA=hEQv3Z z;q^6?{CPONT!5ee%JQ{fzc^>ZJCA442%c4YnLb`Iq&1w(RTovW>YFs0L@C=*9Mh!@ z>GNru!wga=P1>9OXc8U5iophkt>b@~uuXPR0Wa6vlW=;Og5K5Br{xV*rZSbOOl2xl hnaWhAGL@-JWhzsd%2cK@mFZha{|8tslE?ta003kVNV)(3 diff --git a/meta/recipes-support/python3-debsbom/python3-debsbom_0.1.0.bb b/meta/recipes-support/python3-debsbom/python3-debsbom_0.0.1.bb similarity index 98% rename from meta/recipes-support/python3-debsbom/python3-debsbom_0.1.0.bb rename to meta/recipes-support/python3-debsbom/python3-debsbom_0.0.1.bb index a1e54e97..05a5ec6b 100644 --- a/meta/recipes-support/python3-debsbom/python3-debsbom_0.1.0.bb +++ b/meta/recipes-support/python3-debsbom/python3-debsbom_0.0.1.bb @@ -11,6 +11,8 @@ S = "${WORKDIR}/git" DEPENDS = "python3-cyclonedx-python-lib python3-spdx-tools python3-packageurl-python" +S = "${WORKDIR}/git" + MAINTAINER = "Christoph Steiger " DPKG_ARCH = "all" DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), \