From patchwork Wed Sep 17 06:33:12 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Steiger X-Patchwork-Id: 4355 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 17 Sep 2025 08:33:58 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-wm1-f55.google.com (mail-wm1-f55.google.com [209.85.128.55]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 58H6XvPc022733 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 17 Sep 2025 08:33:57 +0200 Received: by mail-wm1-f55.google.com with SMTP id 5b1f17b1804b1-45ddbdb92dfsf32312265e9.1 for ; Tue, 16 Sep 2025 23:33:57 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1758090832; cv=pass; d=google.com; s=arc-20240605; b=AcxTiYCzv8Bnyun2+3GUrY585J2QTzA2W6694g5ZwsGK30I7/808IUJEepiPG/umAZ +mzYfzBdk+oJZLbBDpfjd/E2DSp4eKotKtNwkhf1if1+jrZIZVqK5R/tBHaj7ERE4naN SNJL/fJPG0hBL2zHfBEKvMYOEBMw79p0KCHzcxUi0HvZs67w3sIr5eeWYDwgQQpGg5iW Wcwtpd5hwViSETTX26vWEsR8cY0jic6OR38Q0J2noIhHFgp0qfj9Ot22PW/9mR0NHg8W Z3fBOeOKqXKtCpwcC+AvDvFiQkqMEtWC7Ia+P2y1CjUQtAT5dA23F4TAaDJKtB7sRP+l VOuA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=nWMNDKnE11NfyZnp4V+s08ie4rN2MEVu5R4U3E/kL6c=; fh=z/bqtYrPU8t7G3kTFIoErC9v4OM4DRS88XX4FbvWoY4=; b=iN2IxVZaAvWpDs4x4bLZ2GwZHi8hD9cU1W7McM5h+0seUeVnEk7C7BdZtP0i31GlkA 6tcEbVO0mRigPlJAaeMdS4Is1N/DV9mdc1J2V105HFMwqsTKrDn3Muyegw/+gpQXz5ND cgesWuCRn0hLXRYNvK0xOUN8F/kSaZwx0tYImVIT8rHpFg7jbT4++Bt5/C5+g6NpWMyL 5gxDqZiwVRaKB5xOYBUUpwwpwGG0Ea7XuAMlDA5LhTfQxt3s4FSa50G0EASQBCiPU0CB YE/gtK6WXayS05vncbIV8GquaJ3SbxbujVe9LWm0gZajCjlqBaWkmTV8co09LFW0hcdV 07LA==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=a3kVkhGq; spf=pass (google.com: domain of fm-1328957-20250917063348fd9d7034cb000207a2-4_sk0q@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-1328957-20250917063348fd9d7034cb000207a2-4_SK0Q@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1758090832; x=1758695632; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=nWMNDKnE11NfyZnp4V+s08ie4rN2MEVu5R4U3E/kL6c=; b=uWSn6grWLl1FNBS7KUqQr5uqmbB+vP8R/gXC1/kYwXf339V9rV518KTPXwcbUEIhZV ZdgS+oMIzcJmjJiobaRO7+JhYY0Fdx+YfJKnhQhtKUIMXmb/uRQ7+u28szawXjccn/RP /eHO8dh+0W8kLT4oiv0eA4Gr3n8NXBeu95DKM2IpTIEsgqjTntJTm2LekUoG9c7ePxRJ zj6v5UiBeZImRgzgTyTqSSHM5oMBgLT5xdhrPoMUxaYGlGspQxcWdKCEp78qkdXWmhY+ IDsHMeg0ShdaZccIQZKD3CNjC+iKHnyCr7Tz/3r2dX4IqBendyEoL69ADSI6criQsfjJ gr+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758090832; x=1758695632; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=nWMNDKnE11NfyZnp4V+s08ie4rN2MEVu5R4U3E/kL6c=; b=G+xouu+9B77bJxIqFoBIYh5m5DH4XjJFgReTLRFqA/OKbMV5mvfJcrXQXRC8gfwDny A5pNeGnzzgWLOwNBIRUlfxMUk4J8GvJtzRnhV/x3cFuq4TTQ6mFrPR0yPBaDF72dUJ2H dSm0ToyEOQ5iBJt719I4I2fjHTSAKNmmDZBnh7dwy944GOaIb32gjPLhP6EHzPFdkdZX o58TuSTWBRCEQV///E+JHJIfmntgqVuI3NaBO9You7tP/SumX89bzD45Q5Ji1MtrIN3E YggQKok09n9uz5Zwtd53PnUYxw0P6nuistfkx1YyMyHZ19MwgktuDSCZ/Eh07k9akR0L imWw== X-Forwarded-Encrypted: i=2; AJvYcCVpKOovPS40kyN4OSLEOS1mPyr4TtVqb1MYR0MgKv7av2JwzXF2hp6GHZWgZx5CNVAp+f4fwrg=@isar-build.org X-Gm-Message-State: AOJu0YxeG8KVBrvLjSR2EP6SQ5kdn+SWl4oKVDVCw3rQV71sU/xQHi88 JV0GCr7wN3GSpkEVEmYu9o4LbpPtoFFtldJbCQ1vVJzqbUFSDXfEGbEg X-Google-Smtp-Source: AGHT+IFNZkBpbQCqCOyNG6+M4QicdjQYoP4a4uYhAy37i5LaUcrLKjwx7WFKXmmFtpf0khxom+Oi0Q== X-Received: by 2002:a05:600c:1912:b0:45c:8e6d:a45f with SMTP id 5b1f17b1804b1-46202bf7a15mr8257215e9.5.1758090831850; Tue, 16 Sep 2025 23:33:51 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=ARHlJd7EYw59mJURU+NvNCJIZ0IutR2fYICOoEDGa3cHhkJ+vg== Received: by 2002:a05:600c:1c11:b0:45d:f7df:26cf with SMTP id 5b1f17b1804b1-45f29ca8d8cls25060785e9.0.-pod-prod-04-eu; Tue, 16 Sep 2025 23:33:49 -0700 (PDT) X-Received: by 2002:a05:600c:5248:b0:45b:6365:794e with SMTP id 5b1f17b1804b1-462068428ddmr7942275e9.24.1758090829102; Tue, 16 Sep 2025 23:33:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1758090829; cv=none; d=google.com; s=arc-20240605; b=R8Eu7pT/YLyqJ7i9J3RpbNTbuTCooRxDlhB2W/NiVoez+dNfhJ4cTrCiTZtER9NNbD odW9S3/EQRf3ictNkSAXpuunyWRYKJKpIYbqefXIVQu0pCCcaDQvdERJO6NimZkH89P6 7mWbYVhHCP5aFcLKxenzLtgBNvM+w8dZaLBIYW6NkTZPMoRibMFGgo/hM2+VS+p2Akx9 kABnpzgmjOHtY3GBEPusNEObI4JMjM0ScXZBiwaCXgaY8HxyicPAc+fYwgmO/0OZtRhz TZFoVQEZFOybhTGsRsymVoUjjzKUSRAxVMLLitdu+hvwn81CM4LaiMptACuDPpqqZC5C AbVQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=Yf+eiQ4Vc38Jggo26FoG2rH8eEubfI5oWv63YxnDTi4=; fh=eiYcjuc0Ff+maEd84O/+qg+73FB83bid0hUx0HldS7s=; b=arEcPAEV2r25IBHPNYqpI88kJXulcO2HgoiPU37vcRrNyjjBVDECdbwRV4XUTk6Yg5 lQcQOtpEqpDQ4iw12dvKqKn5iUzYLpESsznLg1KjucJihdZdBY4vsIq7caM+g/Bt7BAV xedPmH+Y0u2ttVrXnLowsGxWJ2AmenXP9L9h9MMzi/M3X1qvaoj8cv/14oeRtFascOgf tfWHD1GHZvRSYU9B3roRsH3DnK10xA5shUqUU+Mr22tDQvf8XaQZmeXLqnQRv4AWWiTw AdEJOYutvG6iPpd/elVjHenlybftE9mj9RTBz+IyO3TfQ6pR6f3K2SVUN0BXt1jSNT5g h5eg==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=a3kVkhGq; spf=pass (google.com: domain of fm-1328957-20250917063348fd9d7034cb000207a2-4_sk0q@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-1328957-20250917063348fd9d7034cb000207a2-4_SK0Q@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-64-225.siemens.flowmailer.net (mta-64-225.siemens.flowmailer.net. [185.136.64.225]) by gmr-mx.google.com with ESMTPS id 5b1f17b1804b1-4613158ccc8si221065e9.0.2025.09.16.23.33.49 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 16 Sep 2025 23:33:49 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1328957-20250917063348fd9d7034cb000207a2-4_sk0q@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) client-ip=185.136.64.225; Received: by mta-64-225.siemens.flowmailer.net with ESMTPSA id 20250917063348fd9d7034cb000207a2 for ; Wed, 17 Sep 2025 08:33:48 +0200 X-Patchwork-Original-From: "'Christoph Steiger' via isar-users" From: Christoph Steiger To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, felix.moessbauer@siemens.com, gernot.hillier@siemens.com, cedric.hombourger@siemens.com, Christoph Steiger Subject: [PATCH v2 1/4] meta: package python libraries for SBOM generation Date: Wed, 17 Sep 2025 08:33:12 +0200 Message-Id: <20250917063314.44769-2-christoph.steiger@siemens.com> In-Reply-To: <20250917063314.44769-1-christoph.steiger@siemens.com> References: <20250917063314.44769-1-christoph.steiger@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1328957:519-21489:flowmailer X-Original-Sender: christoph.steiger@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=a3kVkhGq; spf=pass (google.com: domain of fm-1328957-20250917063348fd9d7034cb000207a2-4_sk0q@rts-flowmailer.siemens.com designates 185.136.64.225 as permitted sender) smtp.mailfrom=fm-1328957-20250917063348fd9d7034cb000207a2-4_SK0Q@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Christoph Steiger Reply-To: Christoph Steiger Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Package python libraries for SBOM generation in isar. The packages are unfortunately not (yet) packaged in Debian, thats why we need to do it here. With these libraries it is now possible to easily create CDX and SPDX SBOMs in different file formats. Signed-off-by: Christoph Steiger --- .../python3-beartype/files/rules | 8 ++++ .../python3-beartype_0.19.0.bb | 29 +++++++++++ .../files/pybuild.testfiles | 1 + .../python3-cyclonedx-lib/files/rules | 8 ++++ .../python3-cyclonedx-lib_9.1.0.bb | 48 +++++++++++++++++++ .../python3-packageurl/files/rules | 8 ++++ .../python3-packageurl_0.16.0.bb | 33 +++++++++++++ .../python3-py-serializable/files/rules | 8 ++++ .../python3-py-serializable_2.0.0.bb | 38 +++++++++++++++ .../python3-spdx-tools/files/rules | 25 ++++++++++ .../python3-spdx-tools_0.8.3.bb | 46 ++++++++++++++++++ 11 files changed, 252 insertions(+) create mode 100644 meta/recipes-support/python3-beartype/files/rules create mode 100644 meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb create mode 100644 meta/recipes-support/python3-cyclonedx-lib/files/pybuild.testfiles create mode 100644 meta/recipes-support/python3-cyclonedx-lib/files/rules create mode 100644 meta/recipes-support/python3-cyclonedx-lib/python3-cyclonedx-lib_9.1.0.bb create mode 100644 meta/recipes-support/python3-packageurl/files/rules create mode 100644 meta/recipes-support/python3-packageurl/python3-packageurl_0.16.0.bb create mode 100644 meta/recipes-support/python3-py-serializable/files/rules create mode 100644 meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb create mode 100644 meta/recipes-support/python3-spdx-tools/files/rules create mode 100644 meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb diff --git a/meta/recipes-support/python3-beartype/files/rules b/meta/recipes-support/python3-beartype/files/rules new file mode 100644 index 00000000..0ca517a1 --- /dev/null +++ b/meta/recipes-support/python3-beartype/files/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = beartype +export PYBUILD_SYSTEM = pyproject + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb b/meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb new file mode 100644 index 00000000..b8bc2708 --- /dev/null +++ b/meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb @@ -0,0 +1,29 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +S = "${WORKDIR}/beartype-${PV}" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), dh-python, python3-all, python3-setuptools, pybuild-plugin-pyproject, python3-hatchling" +DEBIAN_DEPENDS = "\${python3:Depends}, \${misc:Depends}" +# this is 01/01/1980, any earlier and zip in the wheel building process will not accept it +DEBIAN_CHANGELOG_TIMESTAMP = "315532800" +DESCRIPTION = "Unbearably fast near-real-time hybrid runtime-static type-checking in pure Python." + +SRC_URI = "\ + https://github.com/beartype/beartype/archive/refs/tags/v0.19.0.tar.gz \ + file://rules \ + " +SRC_URI[sha256sum] = "e7ad00eebf527d60f30e0b391209b561dabd2074b608c50e26c94c2d8250a6cd" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + deb_debianize +} diff --git a/meta/recipes-support/python3-cyclonedx-lib/files/pybuild.testfiles b/meta/recipes-support/python3-cyclonedx-lib/files/pybuild.testfiles new file mode 100644 index 00000000..cc736a36 --- /dev/null +++ b/meta/recipes-support/python3-cyclonedx-lib/files/pybuild.testfiles @@ -0,0 +1 @@ +pyproject.toml diff --git a/meta/recipes-support/python3-cyclonedx-lib/files/rules b/meta/recipes-support/python3-cyclonedx-lib/files/rules new file mode 100644 index 00000000..fe72dd1a --- /dev/null +++ b/meta/recipes-support/python3-cyclonedx-lib/files/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = cyclonedx-python-lib +export PYBUILD_SYSTEM = pyproject + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-cyclonedx-lib/python3-cyclonedx-lib_9.1.0.bb b/meta/recipes-support/python3-cyclonedx-lib/python3-cyclonedx-lib_9.1.0.bb new file mode 100644 index 00000000..738ed1b3 --- /dev/null +++ b/meta/recipes-support/python3-cyclonedx-lib/python3-cyclonedx-lib_9.1.0.bb @@ -0,0 +1,48 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +DEPENDS:append:bookworm = " python3-packageurl python3-py-serializable" +DEPENDS:append:noble = " python3-packageurl python3-py-serializable" + +S = "${WORKDIR}/cyclonedx_python_lib-${PV}" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), \ + dh-python, \ + python3-all, \ + python3-setuptools, \ + pybuild-plugin-pyproject, \ + python3-poetry, \ + python3-py-serializable, \ + python3-packageurl, \ + python3-sortedcontainers, \ + python3-ddt, \ + python3-defusedxml, \ + python3-license-expression, \ + python3-jsonschema, \ + python3-lxml, \ + " + +DEBIAN_DEPENDS = "\${python3:Depends}, \${misc:Depends}" + +DESCRIPTION = "Library for serializing and deserializing Python Objects to and from JSON and XML." + +SRC_URI = "\ + https://github.com/CycloneDX/cyclonedx-python-lib/releases/download/v9.1.0/cyclonedx_python_lib-9.1.0.tar.gz \ + file://rules \ + file://pybuild.testfiles \ + " +SRC_URI[sha256sum] = "86935f2c88a7b47a529b93c724dbd3e903bc573f6f8bd977628a7ca1b5dadea1" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + cp "${WORKDIR}"/pybuild.testfiles "${S}"/debian + deb_debianize +} diff --git a/meta/recipes-support/python3-packageurl/files/rules b/meta/recipes-support/python3-packageurl/files/rules new file mode 100644 index 00000000..50e1b74c --- /dev/null +++ b/meta/recipes-support/python3-packageurl/files/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = packageurl-python +export PYBUILD_SYSTEM = distutils + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-packageurl/python3-packageurl_0.16.0.bb b/meta/recipes-support/python3-packageurl/python3-packageurl_0.16.0.bb new file mode 100644 index 00000000..27209429 --- /dev/null +++ b/meta/recipes-support/python3-packageurl/python3-packageurl_0.16.0.bb @@ -0,0 +1,33 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +S = "${WORKDIR}/packageurl_python-${PV}" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), \ + dh-python, \ + python3-all, \ + python3-setuptools, \ + " + +DEBIAN_DEPENDS = "\${python3:Depends}, \${misc:Depends}" + +DESCRIPTION = "A purl aka. Package URL parser and builder" + +SRC_URI = "\ + https://github.com/package-url/packageurl-python/releases/download/v0.16.0/packageurl_python-0.16.0.tar.gz \ + file://rules \ + " +SRC_URI[sha256sum] = "69e3bf8a3932fe9c2400f56aaeb9f86911ecee2f9398dbe1b58ec34340be365d" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + deb_debianize +} diff --git a/meta/recipes-support/python3-py-serializable/files/rules b/meta/recipes-support/python3-py-serializable/files/rules new file mode 100644 index 00000000..0cf845dd --- /dev/null +++ b/meta/recipes-support/python3-py-serializable/files/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = py-serializable +export PYBUILD_SYSTEM = pyproject + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb b/meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb new file mode 100644 index 00000000..5bc48c0f --- /dev/null +++ b/meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb @@ -0,0 +1,38 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +S = "${WORKDIR}/py_serializable-${PV}" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = " \ + dh-sequence-python3, \ + pybuild-plugin-pyproject, \ + python3-all, \ + python3-defusedxml, \ + python3-lxml, \ + python3-poetry-core, \ + python3-setuptools, \ + xmldiff, \ +" + +DEBIAN_DEPENDS = "\${python3:Depends}, \${misc:Depends}" + +DESCRIPTION = "Library for serializing and deserializing Python Objects to and from JSON and XML." + +SRC_URI = "\ + https://github.com/madpah/serializable/releases/download/v2.0.0/py_serializable-2.0.0.tar.gz \ + file://rules \ + " +SRC_URI[sha256sum] = "e9e6491dd7d29c31daf1050232b57f9657f9e8a43b867cca1ff204752cf420a5" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + deb_debianize +} diff --git a/meta/recipes-support/python3-spdx-tools/files/rules b/meta/recipes-support/python3-spdx-tools/files/rules new file mode 100644 index 00000000..ac87528a --- /dev/null +++ b/meta/recipes-support/python3-spdx-tools/files/rules @@ -0,0 +1,25 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = spdx-tools +export PYBUILD_SYSTEM = distutils + +# skip tests that require hard-to-package dependencies and tests that rely on relative file paths +# TODO: figure out a way to make these tests work +export PYBUILD_TEST_ARGS=--ignore tests/spdx3/validation/json_ld/test_shacl_validation.py \ + -k 'not test_examples \ + and not test_parse_from_file \ + and not test_annotation_parser \ + and not test_snippet_parser \ + and not test_creation_info_parser \ + and not test_json_ld_writer \ + and not test_extracted_licensing_info_parser \ + and not test_parse_file \ + and not test_package_parser \ + and not test_relationship_parser \ + and not test_graph_parsing_function \ + and not test_license_expression_parser \ + ' + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb b/meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb new file mode 100644 index 00000000..30d090a9 --- /dev/null +++ b/meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb @@ -0,0 +1,46 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +S = "${WORKDIR}/tools-python-${PV}" + +DEPENDS:append:bookworm = " python3-beartype" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = "dh-python, \ + python3-all, \ + python3-setuptools, \ + python3-beartype, \ + python3-semantic-version, \ + python3-license-expression, \ + python3-pytest , \ + python3-rdflib, \ + python3-uritools, \ + python3-ply, \ + python3-click, \ + python3-xmltodict, \ + python3-yaml, \ + " + +DEBIAN_DEPENDS = "\${python3:Depends}, \${misc:Depends}" +DEB_BUILD_PROFILES += "nocheck" +DEB_BUILD_OPTIONS += "nocheck" + +DESCRIPTION = "SPDX parser and tools." + +SRC_URI = "\ + https://github.com/spdx/tools-python/archive/refs/tags/v0.8.3.tar.gz \ + file://rules \ + " +SRC_URI[sha256sum] = "17cb0140adbaefb58819c9d5d56060dc6a70c673a854fa9bd882ecfa4e062a7f" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + deb_debianize +} From patchwork Wed Sep 17 07:33:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Steiger X-Patchwork-Id: 4358 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 17 Sep 2025 09:34:09 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-lf1-f63.google.com (mail-lf1-f63.google.com [209.85.167.63]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 58H7Y90r023334 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 17 Sep 2025 09:34:09 +0200 Received: by mail-lf1-f63.google.com with SMTP id 2adb3069b0e04-577c6827ebasf134014e87.1 for ; Wed, 17 Sep 2025 00:34:09 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1758094443; cv=pass; d=google.com; s=arc-20240605; b=fQdOzC06ZgW8cp7zrR3gPLBu7g6/AN/x+6JeAcVT83vMk7VstymfEV2gMTH4GAJ2dT ENgaiNxlRWr9pO6ahXbLCubUxLvLyGu2BFsQqrOOm23JgHntX4KL9GF1LJ5PtJwd/Qbp ci954SyAbDokc0CCsmUGRFK74LG6EJ4P1Vsbdi6skHsIGnRK//wbvIZM95HIe6d+FN9Z 1LpSUazEDWFmzqv5lZ49AkJogyNSMIbbOE88oqwFTMr8/W/kSB+cruVCTwLX6gXrsg+Q nv6/d+HlXOeELnaq+rrylephc2c4fDHgAiCorDMbjKsOkFYpdJyAiGwUkK0/M3K/Wgba +KYg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=6b7nw/udTAsuJr6bsWmcAO9tra8fozTzrVoYbt42924=; fh=xCIcT+CQxjj58h0S5Jqm8uFOkn/EqcWuB1Xy8haNZUM=; b=ElCGUbGz/SwF0FRnN6Va6n0Alj+ffUG1tn7yA/BIcB+TFN51axrtvVvzNN8IrW0Bfv 77Ai915z6qJHX8n5eyAnxh3b1ISjIRbRKnb2mq3BNNKIaehU6cYW7L0/pJdO85KyRCdO ivPlwA4W6RFjV+moPKhCmtzQkzE/2HyoNRN4cc8z7qho4F6olWYZPn/BEqw6d1Qe8pS5 sEmN6DM7PBiElYVxYptQJKENJoPaoRVXNtH3T30+hEpx0Zt8vgxd4AiMszsKcky44zwU zz7A5IXRsTxkOHQ98zwhRq/exQIfPHzJXxbGqymEjkNSIi3A8HJfmQVaejYNBz8Xx4L1 cYvg==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=i3VSSUde; spf=pass (google.com: domain of fm-1328957-20250917073359cb93360ee7000207da-3f0tqp@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-1328957-20250917073359cb93360ee7000207da-3F0Tqp@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1758094443; x=1758699243; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=6b7nw/udTAsuJr6bsWmcAO9tra8fozTzrVoYbt42924=; b=Ke8NOG+DXXlHDmqG1gf1fCNto+Bd1mgGviXpw1Js/yf3Bc08eF9TNfATikJMr1d7iu L3V7bmNYgY+MnPUUGVnKOQHnLxc7HQt2EpZSTXnDjiqliw62BxqDO/kLsvGIQz0bqEpK ZPwuu1kQ1jacWLlIUM6R/sgOIjZwU7aFOv1Ja+U6sr9sKkbX11XHZ4GRfwUJXhUoOYC4 8nTm0E1xDP/8wYGvaIRv48czaiC5KnRQ3ydwXS1tXHaS97Ovii+SuDAJhU9gc/iQW/Ug Fyp4FfQLryR/5O1iCfeu3anDr/RpdhGHwc8ddqxPWXZM1k7Qe070ERCjmIfqb/kaVM+H kgww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758094443; x=1758699243; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=6b7nw/udTAsuJr6bsWmcAO9tra8fozTzrVoYbt42924=; b=M+m8LV6jbmZcFUHi1sDOMHjgl7EQurmq03B6AftEX/qmrj8aDWeHd1ZXMv/A6Z9i2V 4MoHwgFCPs6PAPt7YIOVhZMTkxdaP34XlA9cuoLtNd5Noi8uyITkztSHwwUdHB7lqqp+ 7QVk2BaJWKzd69kPhPIeodYkdC+Vy7gpRfSHveFznXF9xbyfjAyKZyRYxUVKJ9Mt5tMs zarB3+mAPMVrGssiBbqijACIfY6fMlhPGsbJ/f9TuOg6+WHufA55Zr9tHiF3NLAY/L8a lNutR01gL6y6MygUTNdPZH81boTGKvHzpBnwTRHCLevQJHvUgxTE079zs3gUlifH/wCX BowQ== X-Forwarded-Encrypted: i=2; AJvYcCVsH48TFWYTYVhBfLnF5wZwUXTQzwwcw7oSA3da/yANb70edTy2w80yu2Gynqa5voLBi0MUpe4=@isar-build.org X-Gm-Message-State: AOJu0YzPpdYoNnRYiTYqWQU3ddzl7iQo0ggT1Ykq+6/mAGHw+124dZYf u3Z4H/B+ZnsngaXjx/6Rq9dACEWniO7X7j4lsdMHlhtSIWlZ4hZMp/Q5 X-Google-Smtp-Source: AGHT+IHjunHMaRo314wl9alMz8W2XoZ6rEwcX0E+iiifMTLMdfOYxnYpjQOop1KjDa8q/zLpwOKvlQ== X-Received: by 2002:a05:6512:6509:b0:567:68ad:427a with SMTP id 2adb3069b0e04-57795413eb8mr266693e87.0.1758094443293; Wed, 17 Sep 2025 00:34:03 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=ARHlJd5YDuTzSkiAbx/MGI4hQldIMtAEiQt5Q+faE80A26KGCA== Received: by 2002:a05:6512:3ba4:b0:578:1251:3525 with SMTP id 2adb3069b0e04-578125135aals22650e87.0.-pod-prod-06-eu; Wed, 17 Sep 2025 00:34:00 -0700 (PDT) X-Received: by 2002:a05:6512:3f17:b0:55f:67d3:bfdc with SMTP id 2adb3069b0e04-5779c38aedfmr318500e87.51.1758094440581; Wed, 17 Sep 2025 00:34:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1758094440; cv=none; d=google.com; s=arc-20240605; b=OLDnJ1Mul9Vxa0iHiX/s7Zbf+Ha0cakcIR8HUoLXdh44yxR0XLAQe3qwM6mt9DUyKl 4+rE/Ub//ZALZYWWG63N6B93gNC9fzSNB77xHwYFCv4W+6KYzDWoidyRdRL3bTyO3+34 hGjrwmgsk0IvmSZCbMs2R5ll9GwMjQJy4L5/8XYr+4umjAO8udNTKBo5HvgoV72VsTkT Zml3insonkNg6TpIKsVpodKJA6fyij8UVkCMaBY8rZ6K3G9OuN87bvJYRBWGeMv3YfKx qHocD6Kb676Dv/w8LZHBUuUkaXNanLp40YvQd4w8U+oHmcM3wm+comJx9wBBlfaKqr5N zZCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=ZuqgGjw3Fd8m2NIM1imAooKSAx+LVwZeQAND6V1s0RM=; fh=eiYcjuc0Ff+maEd84O/+qg+73FB83bid0hUx0HldS7s=; b=PY+os4b+nm+748gKQ9Xu57AOU8wPhyTTdolC1tZQ1f/+/V3r65EelPxYHFXod1KOj+ WYONE0I5vJtVUtGJ9ns78MRbC4sr4t95z6UEWPihQPaurZ3Ay3nPHAAp1w0CZPZnBgMN uCu25Uvw7C+nCxt7gLG5gIGgwwEQLWRfHYvfwgpR0qpmcmdcbd7YUnjrGpyrAe3EfBFe dmwbWnzLmbv1K8So5PxxfoebXVMnIRPVTtN1xQWHI+JeDbw2aRcHOVLLGcDLOk57WzYM /Ge0VbVetrEZ+S+foMx37MQ5PrF3ixs5udjlOIOtRdsRvEyC9dh1tSGBgbQJKOR1i5HA aheA==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=i3VSSUde; spf=pass (google.com: domain of fm-1328957-20250917073359cb93360ee7000207da-3f0tqp@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-1328957-20250917073359cb93360ee7000207da-3F0Tqp@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-64-226.siemens.flowmailer.net (mta-64-226.siemens.flowmailer.net. [185.136.64.226]) by gmr-mx.google.com with ESMTPS id 2adb3069b0e04-5707a652824si267313e87.4.2025.09.17.00.34.00 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 17 Sep 2025 00:34:00 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1328957-20250917073359cb93360ee7000207da-3f0tqp@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) client-ip=185.136.64.226; Received: by mta-64-226.siemens.flowmailer.net with ESMTPSA id 20250917073359cb93360ee7000207da for ; Wed, 17 Sep 2025 09:34:00 +0200 X-Patchwork-Original-From: "'Christoph Steiger' via isar-users" From: Christoph Steiger To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, felix.moessbauer@siemens.com, gernot.hillier@siemens.com, cedric.hombourger@siemens.com, Christoph Steiger Subject: [PATCH v2 2/4] meta: package python3-debsbom Date: Wed, 17 Sep 2025 09:33:46 +0200 Message-Id: <20250917073346.58002-1-christoph.steiger@siemens.com> In-Reply-To: <20250917063314.44769-1-christoph.steiger@siemens.com> References: <20250917063314.44769-1-christoph.steiger@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1328957:519-21489:flowmailer X-Original-Sender: christoph.steiger@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=i3VSSUde; spf=pass (google.com: domain of fm-1328957-20250917073359cb93360ee7000207da-3f0tqp@rts-flowmailer.siemens.com designates 185.136.64.226 as permitted sender) smtp.mailfrom=fm-1328957-20250917073359cb93360ee7000207da-3F0Tqp@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Christoph Steiger Reply-To: Christoph Steiger Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Package the python tool debsbom for SBOM generation for Debian based distributions. Signed-off-by: Christoph Steiger --- ...icense-description-in-pyproject.toml.patch | 28 ++++++++++++ .../python3-debsbom/files/rules | 8 ++++ .../python3-debsbom/python3-debsbom_0.0.1.bb | 44 +++++++++++++++++++ 3 files changed, 80 insertions(+) create mode 100644 meta/recipes-support/python3-debsbom/files/0001-Use-old-license-description-in-pyproject.toml.patch create mode 100644 meta/recipes-support/python3-debsbom/files/rules create mode 100644 meta/recipes-support/python3-debsbom/python3-debsbom_0.0.1.bb diff --git a/meta/recipes-support/python3-debsbom/files/0001-Use-old-license-description-in-pyproject.toml.patch b/meta/recipes-support/python3-debsbom/files/0001-Use-old-license-description-in-pyproject.toml.patch new file mode 100644 index 00000000..c9137e25 --- /dev/null +++ b/meta/recipes-support/python3-debsbom/files/0001-Use-old-license-description-in-pyproject.toml.patch @@ -0,0 +1,28 @@ +From 8f926ab0ed1585656ba7de80a82cc802c3ccbdbf Mon Sep 17 00:00:00 2001 +From: Christoph Steiger +Date: Mon, 8 Sep 2025 17:17:49 +0200 +Subject: [PATCH 1/1] Use old license description in pyproject.toml + +Older setuptools versions may require a different license field. + +Signed-off-by: Christoph Steiger +--- + pyproject.toml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/pyproject.toml b/pyproject.toml +index cc34bdb..701da4a 100644 +--- a/pyproject.toml ++++ b/pyproject.toml +@@ -22,7 +22,7 @@ maintainers = [ + ] + description = "Generate SBOMs for Debian-based distributions." + readme = "README.md" +-license = "MIT" ++license = {text = "MIT"} + classifiers = [ + "Intended Audience :: Developers", + "Operating System :: POSIX :: Linux", +-- +2.39.5 + diff --git a/meta/recipes-support/python3-debsbom/files/rules b/meta/recipes-support/python3-debsbom/files/rules new file mode 100644 index 00000000..a414114d --- /dev/null +++ b/meta/recipes-support/python3-debsbom/files/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f + +#export DH_VERBOSE = 1 +export PYBUILD_NAME = debsbom +export PYBUILD_SYSTEM = pyproject + +%: + dh $@ --with python3 --buildsystem=pybuild diff --git a/meta/recipes-support/python3-debsbom/python3-debsbom_0.0.1.bb b/meta/recipes-support/python3-debsbom/python3-debsbom_0.0.1.bb new file mode 100644 index 00000000..6f88c185 --- /dev/null +++ b/meta/recipes-support/python3-debsbom/python3-debsbom_0.0.1.bb @@ -0,0 +1,44 @@ +# This software is a part of ISAR. +# Copyright (c) Siemens, 2025 +# +# SPDX-License-Identifier: MIT + +inherit dpkg + +FILESEXTRAPATHS:prepend := "${THISDIR}/files:" + +S = "${WORKDIR}/git" + +DEPENDS = "python3-spdx-tools" +DEPENDS:append:bookworm = " python3-packageurl python3-cyclonedx-lib" +DEPENDS:append:noble = " python3-packageurl python3-cyclonedx-lib" + +S = "${WORKDIR}/git" + +MAINTAINER = "Christoph Steiger " +DPKG_ARCH = "all" +DEBIAN_BUILD_DEPENDS = "dh-python, \ + python3-all, \ + python3-setuptools, \ + pybuild-plugin-pyproject, \ + python3-packageurl, \ + python3-cyclonedx-lib, \ + python3-spdx-tools, \ + python3-debian, \ + python3-requests, \ + " + +DEBIAN_DEPENDS = "\${python3:Depends}, \${misc:Depends}" + +DESCRIPTION = "debsbom generates SBOMs for Debian based distributions." + +SRC_URI = "git://github.com/siemens/debsbom.git;protocol=https;branch=main; \ + file://rules \ + file://0001-Use-old-license-description-in-pyproject.toml.patch \ + " +SRCREV = "c9f0a028fec9c11ab6978ad27d5bed8c12bb8e53" + +do_prepare_build[cleandirs] += "${S}/debian" +do_prepare_build() { + deb_debianize +} From patchwork Wed Sep 17 06:33:13 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Steiger X-Patchwork-Id: 4356 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 17 Sep 2025 08:34:03 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-lf1-f62.google.com (mail-lf1-f62.google.com [209.85.167.62]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 58H6Y2VY022853 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 17 Sep 2025 08:34:03 +0200 Received: by mail-lf1-f62.google.com with SMTP id 2adb3069b0e04-577318aa26csf343992e87.0 for ; Tue, 16 Sep 2025 23:34:03 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1758090837; cv=pass; d=google.com; s=arc-20240605; b=ai/qqIcpsOyoQFex7fHMpc9QyoXBKllkKwUJ9DYPbMwdJMXtnZ3srfXyro/Ii2N77A aFitQvNCuAhkZFC2DiO+95UrRtrP8auW3/bqgwhYf756+NVUebgvrUWaF7RC6Bijqu8A 5wEG+xGGhRhz4J1wRaTEwbCvWbIp/16tYoRHJuVbP1GBG/5SdZuWYDJ0UCsotO5drSN4 5YsXuT7cOb05WwPF8QAKg150JClIxvffiUn7ERni4LT+T9AbzE2iVFthRtf5GFzN4LRc 8geOTEHQSLkIMNJ9PnkQiqvhERNnHAdP5EGELnveCvA7RrSg6fda026qu+ip73I3izpR NmMw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=5qGUmNggy+e8ugGfaUggVUzgPjB6TkAAHr/ETqb7j5U=; fh=u5VBtCAodGuxLy+iPVTWxfIx1jTUYozapcpwsE9ZKgI=; b=kWpwjv22HKTIBcGqeisl5Dmp+9d8VZD6/3iQfLGygfGOUe8rXUR+AtVWzuJZDUkGdY 10YsLGtMv1n2z4sDSZ6/Erpz5Eon2ZUybNxttNCsLyfdI/T2U7yqm6EnE3+PCWq65gT8 sLTaafE5KW46PIF0FSAgEbHM5eKxoj2VjIPzf6Cgo5n9tvMyEKpZcEM0OlPTujtQz7HD 5rLQ+c1nYa2w2dW3tzgOPtVWHjcXMuY3mn/AVwbmfU98rFHdyvnrwsN8x45AvElb+BJw GO3tiI+L4+G5sMqC/nTVtmkd7R61LL19u9e7FwRV6W9Ev9NaK7g+B0Q2AS3kuee0NKxQ Mi5g==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=dX4cQ7J5; spf=pass (google.com: domain of fm-1328957-202509170633527fd5d4d5120002074f-rwcwd6@rts-flowmailer.siemens.com designates 185.136.65.225 as permitted sender) smtp.mailfrom=fm-1328957-202509170633527fd5d4d5120002074f-RWcwD6@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1758090837; x=1758695637; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=5qGUmNggy+e8ugGfaUggVUzgPjB6TkAAHr/ETqb7j5U=; b=AF2ICB5SmcEybF99SPWJcZjFYoDsnSxgemKq1qpyMOniMga5PKTUe/HAp0aLJQSt9r gcPuO9AUQnGJs+t9epyZZYfTf06A9L9n6lWGi36p49W6duQvn5q/1V2yAKmrF/lkZD+m UeDoNVmMhrsXZXCpJcXmSGd7+AQAFL+JmOyaIBiDKueXGFA2FV8HHgvijXiNT/sBI1tY zKZGqN3Ww8Ib4mRMHKteJWTONGOeCKp2rH+cHQDtkhaMBKoBrqtJbwpq8VEjdTAzvIFW fpqA+IQefVDy8WHkDaoV/qGg59ANOLLgdVLwvHfGlRqYLDdwv7o4ZlfZb1X+TWEJYPH1 3ijg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758090837; x=1758695637; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=5qGUmNggy+e8ugGfaUggVUzgPjB6TkAAHr/ETqb7j5U=; b=RGRJUA3zeI33p209PNLj/J1k4mu2aw1zSxXRwz6iA7hZPLqDWbgpPqSMxGhHOS/mFk Ef0C7z7YDFaxBKgdRlcHL/bU3CKDOw4TQSDFJTTBQUPKIoI4nc92gp0eShB2ghyMW5BD CroomZYz83/c9gLS2MxXiNflWDR4NwL8muzMxNfYpUtlS7A0bffVIlaMlSafSIhGm1od oDStQNEav0dNtJLqRZ/TgkNBpXNmhdMaJyEdsQHqCSEOZaHC+u9SYdTWgVr437QI0TTh Bdc6AhT6Do66NEocWg/OZLJ0sBqBgYa3zIjd6McdIeBgOXsHNJfGPnAfSvP/yP8ssD26 Dsyg== X-Forwarded-Encrypted: i=2; AJvYcCUjh7NjqGRkq1PdHYzuJ0BSy5r9zR9/rkRgvjbPLmi8hjwDN+SXkGjBgOatvl0I2lGZkLWG9Wc=@isar-build.org X-Gm-Message-State: AOJu0YyhItcLL5syR/3MIX5LssU6cLynhWZOTlDye9109da2eL16iijP Ir1l45y4I3o+ka8MHZWQ6OkVPBvi3Lyxo8cNtZPoWOZMpdNUfChejmZX X-Google-Smtp-Source: AGHT+IFKPtVz9614NZRktvLIPc+w7Mo3ufnWkx0TX6FhlVtiuidmt/XwwZl7NFMamzL5fPeM7v+Cww== X-Received: by 2002:a05:6512:2c88:b0:568:993c:f047 with SMTP id 2adb3069b0e04-5779af10806mr337921e87.42.1758090837019; Tue, 16 Sep 2025 23:33:57 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h=ARHlJd6+qSZa5sNoiQAJehWwVe+fIn0R+mEkg4T9z4VFoSkaFg== Received: by 2002:a05:6512:4489:b0:55f:4af2:a564 with SMTP id 2adb3069b0e04-57334fda945ls984058e87.0.-pod-prod-03-eu; Tue, 16 Sep 2025 23:33:53 -0700 (PDT) X-Received: by 2002:a05:6512:3e0f:b0:55f:3faa:7c21 with SMTP id 2adb3069b0e04-5779a66047emr362621e87.34.1758090833639; Tue, 16 Sep 2025 23:33:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1758090833; cv=none; d=google.com; s=arc-20240605; b=k7TWRelL3wHBUvcIBKf3tZWZr7tBxkrFsw60ABF4w1a/jZrLIxL+Do5POCCwQsshpz wkb/WpsdiEMEoIWVc1RR2NSoLM9lH5lKcT17426VAS01u/8dfwfQ3Goi8ltr1URIKs9E 9AkcbpcsQJA0BLwm+6pSzEQdIJ1SqyvXsWuVmSJesUq4C08Rp15gQtAvwozk677QKHXb toCCGcZw4YhhxieZljza806qmFKoYDjSpDuzdt/fNPGPyVa/WIAdot+cQuUvcC647mWv 47FOKaUIKNroA18cQtWpe13HnYzjRDt8YYyyNNi5YYTwGocbDNb78ft+c10PV6nOIprN do6g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=mzKHdm5pAjgQwPbzR7IU2+XYO3RNZYtOw1r/Vv/1Al8=; fh=eiYcjuc0Ff+maEd84O/+qg+73FB83bid0hUx0HldS7s=; b=OK6IiqT0wx38FiEjZZGySk9V95a/bJsQnVfAHdjfh/IvjOpsthCoBN5LO+JgVpL+pc b32rkR630KSlbxelYPkxDA5uSO9G1J/uzwhVA+0frQzaUYDN/e+shKi3LcRByaw3TrGr EFtl5Jk55UWQJLrmGTeP3K+X4uAXMzDyBRb6uJhWcIs6ivJYJIOpQ38wcuQatFG1+KJi 1Fz+lznp3QN4t9IMYW9T9tp+DR6KgZcG69yL1owHZjVIcAn0267f0GSlRTBrOZaQeYZo h4jEuG5P5YdjlaUo9uJafytJcpkN+cVNMp0RyyZpkh8M8FoA6ljcqgfCKCCrnmwaFIll un8A==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=dX4cQ7J5; spf=pass (google.com: domain of fm-1328957-202509170633527fd5d4d5120002074f-rwcwd6@rts-flowmailer.siemens.com designates 185.136.65.225 as permitted sender) smtp.mailfrom=fm-1328957-202509170633527fd5d4d5120002074f-RWcwD6@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-65-225.siemens.flowmailer.net (mta-65-225.siemens.flowmailer.net. [185.136.65.225]) by gmr-mx.google.com with ESMTPS id 2adb3069b0e04-57076e57aabsi226652e87.1.2025.09.16.23.33.53 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 16 Sep 2025 23:33:53 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1328957-202509170633527fd5d4d5120002074f-rwcwd6@rts-flowmailer.siemens.com designates 185.136.65.225 as permitted sender) client-ip=185.136.65.225; Received: by mta-65-225.siemens.flowmailer.net with ESMTPSA id 202509170633527fd5d4d5120002074f for ; Wed, 17 Sep 2025 08:33:52 +0200 X-Patchwork-Original-From: "'Christoph Steiger' via isar-users" From: Christoph Steiger To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, felix.moessbauer@siemens.com, gernot.hillier@siemens.com, cedric.hombourger@siemens.com, Christoph Steiger Subject: [PATCH v2 3/4] meta: add SBOM generation with debsbom Date: Wed, 17 Sep 2025 08:33:13 +0200 Message-Id: <20250917063314.44769-3-christoph.steiger@siemens.com> In-Reply-To: <20250917063314.44769-1-christoph.steiger@siemens.com> References: <20250917063314.44769-1-christoph.steiger@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1328957:519-21489:flowmailer X-Original-Sender: christoph.steiger@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b=dX4cQ7J5; spf=pass (google.com: domain of fm-1328957-202509170633527fd5d4d5120002074f-rwcwd6@rts-flowmailer.siemens.com designates 185.136.65.225 as permitted sender) smtp.mailfrom=fm-1328957-202509170633527fd5d4d5120002074f-RWcwD6@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Christoph Steiger Reply-To: Christoph Steiger Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= Generate SBOMs for every rootfs that is created. These SBOMs are placed in the image deploy directory. For the generation a small chroot with debsbom installed is created and from that the rootfs of the image is scanned. The sbom generation is bound to the rootfs feature `generate-sbom` which is activated per default now. Signed-off-by: Christoph Steiger Signed-off-by: Felix Moessbauer --- meta/classes/image.bbclass | 8 ++- meta/classes/rootfs.bbclass | 7 ++- meta/classes/sbom.bbclass | 62 +++++++++++++++++++ meta/classes/sdk.bbclass | 2 +- .../sbom-chroot/sbom-chroot.bb | 30 +++++++++ 5 files changed, 106 insertions(+), 3 deletions(-) create mode 100644 meta/classes/sbom.bbclass create mode 100644 meta/recipes-devtools/sbom-chroot/sbom-chroot.bb diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index bd1b8552..220f5aa3 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -66,7 +66,13 @@ inherit multiarch inherit essential ROOTFSDIR = "${IMAGE_ROOTFS}" -ROOTFS_FEATURES += "clean-package-cache clean-pycache generate-manifest export-dpkg-status clean-log-files clean-debconf-cache" +ROOTFS_FEATURES += "clean-package-cache clean-pycache generate-manifest export-dpkg-status clean-log-files clean-debconf-cache generate-sbom" +# only supported from bookworm / jammy on +ROOTFS_FEATURES:remove:buster = "generate-sbom" +ROOTFS_FEATURES:remove:bullseye = "generate-sbom" +ROOTFS_FEATURES:remove:jammy = "generate-sbom" +ROOTFS_FEATURES:remove:focal = "generate-sbom" + # when using a custom initrd, do not generate one as part of the image rootfs ROOTFS_FEATURES += "${@ '' if d.getVar('INITRD_IMAGE') == '' else 'no-generate-initrd'}" ROOTFS_PACKAGES += "${IMAGE_PREINSTALL} ${@isar_multiarch_packages('IMAGE_INSTALL', d)}" diff --git a/meta/classes/rootfs.bbclass b/meta/classes/rootfs.bbclass index 7b7859b9..98f5b24c 100644 --- a/meta/classes/rootfs.bbclass +++ b/meta/classes/rootfs.bbclass @@ -3,6 +3,8 @@ inherit deb-dl-dir +inherit sbom + ROOTFS_ARCH ?= "${DISTRO_ARCH}" ROOTFS_DISTRO ?= "${DISTRO}" ROOTFS_PACKAGES ?= "" @@ -350,6 +352,9 @@ cache_dbg_pkgs() { fi } +# The sbom generator needs the apt-cache, hence run before cleaning it +ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'do_generate_sbom', '', d)}" + ROOTFS_POSTPROCESS_COMMAND += "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-package-cache', 'rootfs_postprocess_clean_package_cache', '', d)}" rootfs_postprocess_clean_package_cache() { sudo -E chroot '${ROOTFSDIR}' \ @@ -512,7 +517,7 @@ python do_rootfs() { } addtask rootfs before do_build -do_rootfs_postprocess[depends] = "base-apt:do_cache isar-apt:do_cache_config" +do_rootfs_postprocess[depends] = "base-apt:do_cache isar-apt:do_cache_config ${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom', 'sbom-chroot:do_sbomchroot_deploy', '', d)}" SSTATETASKS += "do_rootfs_install" SSTATECREATEFUNCS += "rootfs_install_sstate_prepare" diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass new file mode 100644 index 00000000..60c89877 --- /dev/null +++ b/meta/classes/sbom.bbclass @@ -0,0 +1,62 @@ +# This software is a part of ISAR. +# Copyright (C) 2025 Siemens +# +# SPDX-License-Identifier: MIT + +# sbom type to generate, accepted are "cdx" or "spdx" +SBOM_TYPES ?= "spdx cdx" + +SBOM_DEBSBOM_TYPE_ARGS = "${@"-t " + " -t ".join(d.getVar("SBOM_TYPES").split())}" + +# general user variables +SBOM_DISTRO_SUPPLIER ?= "ISAR" +SBOM_DISTRO_NAME ?= "ISAR-Debian-GNU-Linux" +SBOM_DISTRO_VERSION ?= "1" +SBOM_DISTRO_SUMMARY ?= "Linux distribution built with ISAR" +SBOM_BASE_DISTRO_VENDOR ??= "debian" +SBOM_DOCUMENT_UUID ?= "" + +# SPDX specific user variables +SBOM_SPDX_NAMESPACE_PREFIX ?= "https://spdx.org/spdxdocs" + +DEPLOY_DIR_SBOM = "${DEPLOY_DIR_IMAGE}" + +SBOM_DIR = "${DEPLOY_DIR}/sbom" +SBOM_CHROOT = "${SBOM_DIR}/sbom-chroot" + +# adapted from the isar-cip-core image_uuid.bbclass +def generate_document_uuid(d): + import uuid + + base_hash = d.getVar("BB_TASKHASH") + if base_hash is None: + bb.warn("no BB_TASKHASH available, SBOM UUID is not reproducible") + return uuid.uuid4() + return str(uuid.UUID(base_hash[:32], version=4)) + +def sbom_doc_uuid(d): + if not d.getVar("SBOM_DOCUMENT_UUID"): + d.setVar("SBOM_DOCUMENT_UUID", generate_document_uuid(d)) + +generate_sbom() { + sudo mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHROOT}/mnt/deploy-dir + + TIMESTAMP=$(date --iso-8601=s -d @${SOURCE_DATE_EPOCH}) + bwrap \ + --unshare-user \ + --unshare-pid \ + --bind ${SBOM_CHROOT} / \ + --bind ${ROOTFSDIR} /mnt/rootfs \ + --bind ${DEPLOY_DIR_SBOM} /mnt/deploy-dir \ + -- debsbom generate ${SBOM_DEBSBOM_TYPE_ARGS} -r /mnt/rootfs -o /mnt/deploy-dir/'${PN}-${DISTRO}-${MACHINE}' \ + --distro-name '${SBOM_DISTRO_NAME}' --distro-supplier '${SBOM_DISTRO_SUPPLIER}' \ + --distro-version '${SBOM_DISTRO_VERSION}' --base-distro-vendor '${SBOM_BASE_DISTRO_VENDOR}' \ + --cdx-serialnumber '${SBOM_DOCUMENT_UUID}' \ + --spdx-namespace '${SBOM_SPDX_NAMESPACE_PREFIX}'-'${SBOM_DOCUMENT_UUID}' \ + --timestamp $TIMESTAMP +} + +python do_generate_sbom() { + sbom_doc_uuid(d) + bb.build.exec_func("generate_sbom", d) +} diff --git a/meta/classes/sdk.bbclass b/meta/classes/sdk.bbclass index 46436d97..644b0623 100644 --- a/meta/classes/sdk.bbclass +++ b/meta/classes/sdk.bbclass @@ -55,7 +55,7 @@ def get_rootfs_distro(d): ROOTFS_ARCH:class-sdk = "${HOST_ARCH}" ROOTFS_DISTRO:class-sdk = "${@get_rootfs_distro(d)}" ROOTFS_PACKAGES:class-sdk = "sdk-files ${SDK_TOOLCHAIN} ${SDK_PREINSTALL} ${@isar_multiarch_packages('SDK_INSTALL', d)}" -ROOTFS_FEATURES:append:class-sdk = " clean-package-cache generate-manifest export-dpkg-status" +ROOTFS_FEATURES:append:class-sdk = " clean-package-cache generate-manifest export-dpkg-status generate-sbom" ROOTFS_MANIFEST_DEPLOY_DIR:class-sdk = "${DEPLOY_DIR_SDKCHROOT}" ROOTFS_DPKGSTATUS_DEPLOY_DIR:class-sdk = "${DEPLOY_DIR_SDKCHROOT}" diff --git a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb new file mode 100644 index 00000000..a9afcbbe --- /dev/null +++ b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb @@ -0,0 +1,30 @@ +# This software is a part of ISAR. +# +# Copyright (C) 2025 Siemens + +LICENSE = "gpl-2.0" +LIC_FILES_CHKSUM = "file://${LAYERDIR_core}/licenses/COPYING.GPLv2;md5=751419260aa954499f7abaabaa882bbe" + +PV = "1.0" + +inherit rootfs + +ROOTFS_ARCH = "${HOST_ARCH}" +ROOTFS_DISTRO = "${HOST_DISTRO}" +ROOTFS_BASE_DISTRO = "${HOST_BASE_DISTRO}" + +ROOTFS_FEATURES = "no-generate-initrd" + +# additional packages for the SBOM chroot +SBOM_IMAGE_INSTALL = "python3-debsbom" + +DEPENDS = "python3-debsbom" + +ROOTFSDIR = "${WORKDIR}/rootfs" +ROOTFS_PACKAGES = "${SBOM_IMAGE_INSTALL}" + +do_sbomchroot_deploy[dirs] = "${SBOM_DIR}" +do_sbomchroot_deploy() { + ln -Tfsr "${ROOTFSDIR}" "${SBOM_CHROOT}" +} +addtask do_sbomchroot_deploy before do_build after do_rootfs From patchwork Wed Sep 17 06:33:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Steiger X-Patchwork-Id: 4357 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 17 Sep 2025 08:34:12 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-lj1-f184.google.com (mail-lj1-f184.google.com [209.85.208.184]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 58H6YBem022971 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 17 Sep 2025 08:34:12 +0200 Received: by mail-lj1-f184.google.com with SMTP id 38308e7fff4ca-337e4d53fdbsf37366211fa.2 for ; Tue, 16 Sep 2025 23:34:12 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1758090846; cv=pass; d=google.com; s=arc-20240605; b=d+hCzX9TykjnAWFkN7xoL3MUMByhXBALQlOVNYANIkJZqUxBp0fIuuZhuN84BsANvp CbcnVkUz8PRqIf48pi1gw2ulXjsNvWCAyulVRLrnpow0n0w7TexLudtjz/UJ9b/l84tc hPIyLiB89dUcfMBrSPL2XBk8qFdD7OESRa2yCH9AUjULpTP+QLDEyPSYWs8IhJMCXrRc D3kmd5MjVeH+JXcga9+dWqWgjG7McPIR0PY3u4TgC9Z9UiYCYhGSgRAyPe8Re1ZAi6d8 sxMiyJo7xb76dsh8bjyDRpNMJ00KytHfpDNqBfPg+9MqajGjwFmsXpuPETDVLTcRREzi Yx0A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=p6nxOK1GIe5Ow/X66VR9tErTYqIHS7ipGV493u4svcM=; fh=o9c+Uk5HKRZ13RfYbHBaO/j4PkAuL2OuIQAX0MqmCrA=; b=BI5+Z8PdVKb6Knv9keZT6WUhdYZeGu51r36XetOPA1KlgpEDaZccn5i7lj/rIqW2wL Bldxw6wwvn4oE2+7fcWkK76CHHq4yI693+SpKdHGQwZsmk+mZBK+wRRXcwesIIl+GC0n AbzCLEAO5cUSq6fHeo1Ve/kz6tLgvmhhesxxfEIuDI9W7Y+FDtdc6QDzsYmVEr6b1FD6 mMQGUsyte+noGzC6PwFRC+XZt5L+kXC3iCklwfUbXTOHaxlSqIMI8wjgxpRJ4Kz1QqO3 1pjMvlQOuGKcgCeNv4BWqYA4i+LtV2N30DyDqlCxaKT5z8AClSHLtY90QLvOiT6+sScV RPnQ==; darn=isar-build.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b="sbfXmh/q"; spf=pass (google.com: domain of fm-1328957-2025091706340287e42c78250002079d-n1yjae@rts-flowmailer.siemens.com designates 185.136.65.227 as permitted sender) smtp.mailfrom=fm-1328957-2025091706340287e42c78250002079d-n1YJAE@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1758090846; x=1758695646; darn=isar-build.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=p6nxOK1GIe5Ow/X66VR9tErTYqIHS7ipGV493u4svcM=; b=oQbE42Fx+Y4AMHCSfYAqWROQQxOX7O5elTgTqhAwYzB6PnMwuDNrrMAsozADR5L1UI +hWucEitnyusaGn+BU8QlZLUgGwD2IxC/MnJT6ikTy2MnMwCoGYKi0MqdSztFrW1Z5+H KWbBMpoyMVqhswfsUiR3zgQ9DwOg6AI4BiKR7SgNUIZoQr85aGwUkpR9URrNZuFgJCrt NLb99hP1tE5BiEVgD+rGughtM3IWMownkcy4Ko5DPwX2CRQiIk2GC4H7LxDsOfFO+zsO OQ3kf1FAFABJ6p7ZWcvUx7OWsGVOBe+cuZZo/d6wfy7kqbjClZM78bVzN01jzCVfEdOi nIjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758090846; x=1758695646; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=p6nxOK1GIe5Ow/X66VR9tErTYqIHS7ipGV493u4svcM=; b=LoUcUDHhATIrVJBqTdHZHYuneoQBEjVp9uIQahRhK29Yiazw0xNWbfuJns2PLdylCZ P+NboA2NEctKjt0brxsqMoIrwc/1OdngTkk5nzhNZax8py20ZtSzZmWgdmJ2n6qDiOQH FTffpCiLN1VPxSQTVSZArvbvnFcKSlWBYPYXhRzYm2fz+hTAqncxpCIIItW6WzEU5v/k j5puf55p+eZ+KQRAdVnnGofMkXw9I2fdJXErOmiMP8DB4EKoqCkKq918OK3LhGT0uUfj ufP2HRDiJyo5JC2O1hI0sPucke5w9y6jLMOCo1YDvVO1QWuIMFE47zSh2OpAhiDpRrsX GNDQ== X-Forwarded-Encrypted: i=2; AJvYcCW8qjHDLWMzNnm/D0pC9dwHCUgWRoceYxzwOa3HjaeSpSNTQsiWF/bwH4sBVRMvCoTrWflCPZs=@isar-build.org X-Gm-Message-State: AOJu0YyqMLjafhmCugKRf74tVJqaBCsssJ9Z/VwaTgo3I7/dMFXmPZBb ArIVB3pz+tokR+M2MlIFfIf71KJ27WJMDqOnFwXbgEzl8FahFaEeHE+i X-Google-Smtp-Source: AGHT+IEjQ0ExEaJ93XoLdwzrvNk2r54n0+MyRPFII05NUFsM3XDZ2WJQOdu0un0BnYBIz7eln8dMcw== X-Received: by 2002:a05:651c:420d:b0:337:f786:2f4a with SMTP id 38308e7fff4ca-35f61e8ddb7mr2142071fa.18.1758090846186; Tue, 16 Sep 2025 23:34:06 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:651c:2554:10b0:32f:4573:b6ba with SMTP id 38308e7fff4ca-34eaa908f5fls13858021fa.0.-pod-prod-09-eu; Tue, 16 Sep 2025 23:34:03 -0700 (PDT) X-Received: by 2002:a05:651c:150a:b0:337:ed76:7212 with SMTP id 38308e7fff4ca-35f65a90887mr3064011fa.40.1758090843478; Tue, 16 Sep 2025 23:34:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1758090843; cv=none; d=google.com; s=arc-20240605; b=ADnGYdzKepnk95nXxYB1Hd7cNg/lanWufGj8ZCLrDHngrQq/7gkebQiIuI6eXsUyCP 0R/+pkl8Qf8U8/0lsv4R1GM4U4F06pVA7rxrIslA83b5uAfqTN0HEHBNegF8KULyCPQt qiaN8XsPWMiz4FUwfVlKqXmPBP3RnfGsuDL8hNVeDX0Wh/GEY4La2OIlwfewAD3P7/hY d8vOvyvCAxKaDZAEdgo7svK5hyhw5CKvuqkFO2eDkvgjnOzoQMVLDxY7JWnpJXbvcC4z CCKP/bXeqlhFHZ//AKXTOKgwipzyvGuyfPL8zqPi2BtCe94p245MyDeqqIHBI10CO0zG qYuQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=P2Y1CzZj96zzWOdiXb9KBRV/TbHZAbVZYDpv90xcqdo=; fh=3ol5FBIOWkF9OolvOs08rIM/e3cKnTK0rO0B+qt3keI=; b=Uu6u2iJEMBtI4imCtufFDgoWqgjqxUlASBbGH2TrRExV0j8Wo8Ip5tcO8tB7j+1owQ 72SJralpo+WEo3H3wcPnsZ1QSkCmVsw5ANShSLn8dwvz3uD9diNmUNnoH3FbImP3o3aT pZF1GkdFaikVunzCnRjYbd0juuagS/eWv/yLpLOijSX6amBV84QFZaV32HftR5CU5r+y u0N7fP+C2ZNxYjGueiXIn1v3hBKoyNIuIParsIvsJ0GSsYa9f/vyG+K2CMKNPPnzztHT lbEaMJ3aYF4M+JpSitZ+w+a58YS4mwdtuLQizgiIXT/svxCY6UXdIFOphKi+ELf/ufRr X+5A==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b="sbfXmh/q"; spf=pass (google.com: domain of fm-1328957-2025091706340287e42c78250002079d-n1yjae@rts-flowmailer.siemens.com designates 185.136.65.227 as permitted sender) smtp.mailfrom=fm-1328957-2025091706340287e42c78250002079d-n1YJAE@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-65-227.siemens.flowmailer.net (mta-65-227.siemens.flowmailer.net. [185.136.65.227]) by gmr-mx.google.com with ESMTPS id 38308e7fff4ca-3512b337077si2447891fa.7.2025.09.16.23.34.03 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 16 Sep 2025 23:34:03 -0700 (PDT) Received-SPF: pass (google.com: domain of fm-1328957-2025091706340287e42c78250002079d-n1yjae@rts-flowmailer.siemens.com designates 185.136.65.227 as permitted sender) client-ip=185.136.65.227; Received: by mta-65-227.siemens.flowmailer.net with ESMTPSA id 2025091706340287e42c78250002079d for ; Wed, 17 Sep 2025 08:34:02 +0200 X-Patchwork-Original-From: "'Christoph Steiger' via isar-users" From: Christoph Steiger To: isar-users@googlegroups.com Cc: jan.kiszka@siemens.com, felix.moessbauer@siemens.com, gernot.hillier@siemens.com, cedric.hombourger@siemens.com Subject: [PATCH v2 4/4] override distro vendor in SBOM on Ubuntu Date: Wed, 17 Sep 2025 08:33:15 +0200 Message-Id: <20250917063314.44769-4-christoph.steiger@siemens.com> In-Reply-To: <20250917063314.44769-1-christoph.steiger@siemens.com> References: <20250917063314.44769-1-christoph.steiger@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1328957:519-21489:flowmailer X-Original-Sender: christoph.steiger@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm1 header.b="sbfXmh/q"; spf=pass (google.com: domain of fm-1328957-2025091706340287e42c78250002079d-n1yjae@rts-flowmailer.siemens.com designates 185.136.65.227 as permitted sender) smtp.mailfrom=fm-1328957-2025091706340287e42c78250002079d-n1YJAE@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Christoph Steiger Reply-To: Christoph Steiger Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= From: Felix Moessbauer When generating an SBOM for Ubuntu, the vendor component of the PURL needs to be ubuntu (instead of debian). We now set it accordingly. Signed-off-by: Felix Moessbauer --- meta-isar/conf/distro/ubuntu-common.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-isar/conf/distro/ubuntu-common.inc b/meta-isar/conf/distro/ubuntu-common.inc index 88a3b4f0..3e930c14 100644 --- a/meta-isar/conf/distro/ubuntu-common.inc +++ b/meta-isar/conf/distro/ubuntu-common.inc @@ -45,3 +45,5 @@ SYSTEMD_BOOTLOADER_INSTALL:jammy = "systemd:${DISTRO_ARCH}" # snapshot mirror for reproducible builds DISTRO_APT_SNAPSHOT_PREMIRROR ??= "(http|https)://archive.ubuntu.com/(.*) https://snapshot.ubuntu.com/\2/${ISAR_APT_SNAPSHOT_DATE}\n" + +SBOM_BASE_DISTRO_VENDOR ?= "ubuntu"