From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 20 Nov 2025 12:08:08 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-wr1-f64.google.com (mail-wr1-f64.google.com [209.85.221.64]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 5AKB88WZ009773 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 20 Nov 2025 12:08:08 +0100 Received: by mail-wr1-f64.google.com with SMTP id ffacd0b85a97d-42b2ad2a58csf371002f8f.0 for ; Thu, 20 Nov 2025 03:08:08 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1763636877; cv=pass; d=google.com; s=arc-20240605; b=TNvBKQJBzgaMfBg4dKkQVrP+Aj2n+dzXjcYKtpJ7uh+mo10xQkOc/hyxApUPuF5txg IC+1WNbTyK95KmxXDfpcTr3hKbpnaiFuBgpP1yJnIIbagNC0erDI0C1nvTwsStjjRoft 1HGSvZrZmar/3ByjKWU04OoLkXSFyhQ+erEmhBYlFZnVYig8IeY/mgwjP1vyWLcRGtjz ZZQhrVI9cwr7nY3NuhJ5c6j3EFPsTTK4kj475UuXMNXQGlIgbPnKVUwqbg+/x3r9Cy1m FBxXOT3D2xDgobQZlxickYlkYXGvCrnEhZPJEM2AjBXxOpdsz3ijTWEtbctSnAFl/Gf/ wH1g== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version :content-transfer-encoding:in-reply-to:autocrypt:content-language :from:references:cc:to:subject:user-agent:date:message-id :dkim-signature; bh=w8GD0Lm3iPQ6vr1kmJ9IqZPzPgQzcjdVohy2Vd0me7w=; fh=QXNzmSdz0T5DzfM30qO4jvlqMwWJNGoQAv0aBVz00iY=; b=iVpvt5LDN/GXsw3x/whZe9D0ApeS/yFGn0brUKVZo2u5U7IFMka61yNPAgfowy7Ku3 P9E1QV5xqzMoQo1k6qU4765Uc5WIGdwMy+jk1ZrRZngBc44qbDvWK1E/9KzM2+A0ja7r mt2mw8swmGppv2cjoVJ8lE0EAnpnnfj8FhF3H3pH3JkXc2jq37J+DYsBKZA1MYRkbNmm qOMO68osLAPCpE3+ZxakyIZxciujQRLDPIBf6V2S2GYmLkAErNrAx9XLWZVykrZkPuSz OjMSjZCFDYMDlOo6J1/GNhwx+T24uV/ddtZTHIWx2uTu9llpe9F4J0L/NcCU/XcjR4nz /N+Q==; darn=ilbers.de ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=P3LXAcZf; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of quirin.gylstorff@siemens.com designates 2a01:111:f403:c201::1 as permitted sender) smtp.mailfrom=quirin.gylstorff@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1763636877; x=1764241677; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :content-transfer-encoding:in-reply-to:autocrypt:content-language :from:references:cc:to:subject:user-agent:date:message-id:from:to:cc :subject:date:message-id:reply-to; bh=w8GD0Lm3iPQ6vr1kmJ9IqZPzPgQzcjdVohy2Vd0me7w=; b=FVwCm2wZl36Ac+pSgDs/XZGsvWJ4EtLsWBHifkQjURFuzv+UbbT89QEIWM5e2wErAA ubwYYOWgfe4rg/naHE2d1NK/D8zUHPKcNcq34jJIYDtVXA5ciLWMW+92pmMLVnZAfD6J MWjvqne9Gm3QnoZvJ4/AYuleqqb6O8mS8W2i9SQT/xmXzGQhlz4eLYSzE6LmzxFUUDv4 wZ94TvTIjcqrWXV0ToCD8Q0RinobkHzuiA4vvR2nu/Rb9PVlYSwRiTxddJapdjU6SZ9Q PslOd2DaaUyynARuzKe5vCsgSGyslatD3/HXrdLWPg137HUXRI8rNAO6cZcG/JTiIMXt 893w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763636877; x=1764241677; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :content-transfer-encoding:in-reply-to:autocrypt:content-language :from:references:cc:to:subject:user-agent:date:message-id :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=w8GD0Lm3iPQ6vr1kmJ9IqZPzPgQzcjdVohy2Vd0me7w=; b=Y8oORO2YH25EtKKosU2fIEZeWOVLkySGbttMwNb3DE78DiAZlXGBkldjk4eyqxTdRb cz2XRfzAHk/YpOtCFPTVr779LpKGthuNkIeX0K21RgBhVT77ugIEcVJPlfJelN3WjHJa 4MjnUG3JO1+6eXKDVKKJS5e0yJwnCditxWQJCjhUzioBxocZS8lRVGpUzZ6fMeBZ5gNV qPjhGbHojZLK7sZ3WY4TM4c94A163WCsDC+ophC/QtDu2QJsTQ1Kd6IiSCua9uIdTO6v cPvuCWClgB52VEv5fi6RtTEWHSyhAfhtTS+fFdzjbcB+4N6WYA31YVG9BNxF/D5KbpWp aceQ== X-Forwarded-Encrypted: i=3; AJvYcCXosfblXBXswS8Jlz0VLv5I6ub0aX2n4qnIG1/IzwNR9qoKDBbf4AT3Hqlj94GvYu9JwgYb@ilbers.de X-Gm-Message-State: AOJu0YwIIHxoSUWZPGbip+Jpq5WXmG63ZoDtsYll9tbTp1iQecb6UcB6 dE09eW3CPCO56Xf4hBpZKVJaybhaVLtBuQ5kf9P57MuUSgxdf7vcoKst X-Google-Smtp-Source: AGHT+IHgNeEtfF6zx07fgwShkH5FpZbQ3uwHSb8n6YnCq0j4MxAAHp2LjLyzNOVvapUmVhe61JM8gA== X-Received: by 2002:a05:600c:1d01:b0:475:daba:d03c with SMTP id 5b1f17b1804b1-477b89541d7mr25847465e9.13.1763636877299; Thu, 20 Nov 2025 03:07:57 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="Ae8XA+bOAbzfPBOjV+QUOb9e1/2EkALBXWYoPB05wB4H/XQnWA==" Received: by 2002:a05:600c:8188:b0:477:a1df:48a2 with SMTP id 5b1f17b1804b1-477b8e18adbls2756845e9.2.-pod-prod-04-eu; Thu, 20 Nov 2025 03:07:54 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCXONxKLnAuo++CQYtMlwhffBg1XPH14gVZ7++b/gtFLVBgNrpaDASCWSGnQxwr+jihQ2goBmulgnUJ4@googlegroups.com X-Received: by 2002:a05:600c:8b16:b0:477:632a:fd67 with SMTP id 5b1f17b1804b1-477b895407bmr26224465e9.12.1763636874329; Thu, 20 Nov 2025 03:07:54 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1763636874; cv=pass; d=google.com; s=arc-20240605; b=IRibPlJgDgN1hAi8cbtQQhllK14GDrb13sW9EHsCvh6wTv40gpO0mI7QxNdAGEoyZb Fq39xXnX4CUicKvdAtKcDizQvoIOTHbeIPoHM+dNKDVdFREDaPkWFDx6eMJ+1qLTD3iX 7+GNmcAbHmxTPBh5vY09M1+NPn4JlbyQ2My1YR22IHDHFQtsksBTol3cWUVBxlLss/hG zRGlbIJBnbY/V1LCbR9YUTQJ1tsjV1HPWr5+TLCkE95YjRJYioWqH6DtdJm/WiZVjW6G mB2frNbXcbymHkzMcbZ5Y3Ey1Z80q+X6jTrAP7353JYZwjo1u2meYvmk6LB95pAcU0nK eQ1Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:in-reply-to:autocrypt :content-language:from:references:cc:to:subject:user-agent:date :message-id:dkim-signature; bh=3IS8hBYUV36wjD/K6E/SKD4/Ob4wE/IhPs6P8CCioS0=; fh=YR+//4P5wG28rL+04w73o6H6cYKJqeSrdleT2FaM0vg=; b=ba+g2ii0NqlZ3ETHhLIJipifxKr7UlKm8fY/3ZBUYHtm1BzlTpne76R1dJOYo6fr5h uN7cvPxW7VAkwweUEciJaey+y79bd9Da7GWg4SzMIULKFoacTKYtoP+ckvVJGRcKmXnl UVBqbbjTTIANEAlYHTB95EpV3CKQHIBWVld+s8nlAh/lxo9OUQV2NC5grGsAS7QWfbVe KHnM1rDyDQ55KQ0LM6N0K4OULdMMGcOns85neJBzmOL7RzuWjNXy7SPHwRllnRJMsM0o EUGO7hJ4S5JbRC8/Apl9lD05wXooIu6w6dnRohLE7769dMzXDMActI7lG+6NofMj8G2U 4iXg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=P3LXAcZf; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of quirin.gylstorff@siemens.com designates 2a01:111:f403:c201::1 as permitted sender) smtp.mailfrom=quirin.gylstorff@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AM0PR83CU005.outbound.protection.outlook.com (mail-westeuropeazlp170100001.outbound.protection.outlook.com. [2a01:111:f403:c201::1]) by gmr-mx.google.com with ESMTPS id ffacd0b85a97d-42cb7fa7b6fsi32067f8f.9.2025.11.20.03.07.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Nov 2025 03:07:54 -0800 (PST) Received-SPF: pass (google.com: domain of quirin.gylstorff@siemens.com designates 2a01:111:f403:c201::1 as permitted sender) client-ip=2a01:111:f403:c201::1; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=PQ5+I6iwKCK/JA9J7sSESKmap7sR+UfnyFTblJzQCRufzEE2jjQ38Vlkh6DJRK9Ly4SjxFABmaC50DWo2TVOzkzNl2R1m3c0Bwvw7yibZ3o5RdSWBA97b8AhEJz4YDoTL/7ZReyEwOLOOYq1lEsy8wjQJ4aO/e5BhXdZ+YqhnekYqZvSng1HyAy3f6LRXr5UDsDM1tDGJPUnS+u0rn8QppdyG/t7wWWMPlfvAvZINp/toOOks4AJHXAjSQi2uB1nCwC7tgOWMFMcbImc9YTFCeSsd48grWrYj/lsAjibqGIfwiM6+App3dg61LlU8+hacDKSRL/rz7EkR+EwyQygdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3IS8hBYUV36wjD/K6E/SKD4/Ob4wE/IhPs6P8CCioS0=; b=CliwsPU+eIVTxCfl8Fc8GFPDn7FIVxMb5dsvCU2FkhCrqgCKi1w8qvfBRpgdag6yv0sGGDQ9Qw66dMxdOn5xvQHEQOq+t5igBnOW96YR4ZTI55Q6y63qBcfe2uGJsbq8drH5ZgLo5Y6mGtdGd5x1XeBu2dbqEK9sXp2H4ICJgEYsrhhWNZAF100VpS7zJcOjd2swrbdU/vr6+MGHqkUSJLzOd+tDrWCQmDeI7UIM3kRTIoGb7ohWylR1eFacwbcl+hDm2vJqBzVGN22s7DZ2KU68pOZPh4bzVDOd6S+shJTtOwpClHUGmHAsrl0XIM1aN9b7BkAKEvC0R4CQ0oLecQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB7075.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:422::14) by PAXPR10MB5433.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:28b::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9343.10; Thu, 20 Nov 2025 11:07:52 +0000 Received: from DU0PR10MB7075.EURPRD10.PROD.OUTLOOK.COM ([fe80::21ef:a2ad:895a:bbe5]) by DU0PR10MB7075.EURPRD10.PROD.OUTLOOK.COM ([fe80::21ef:a2ad:895a:bbe5%3]) with mapi id 15.20.9343.009; Thu, 20 Nov 2025 11:07:52 +0000 Message-ID: <0e93fd0b-d55f-4ab6-9d77-b3e565ff15cb@siemens.com> Date: Thu, 20 Nov 2025 12:07:50 +0100 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v4 04/10] meta: add SBOM generation with debsbom To: Zhihang Wei , isar-users@googlegroups.com Cc: Felix Moessbauer References: <20251117132436.511686-1-felix.moessbauer@siemens.com> <20251117132436.511686-5-felix.moessbauer@siemens.com> <3e82b347-3151-414f-9eb8-dd63108294f7@siemens.com> From: "'Quirin Gylstorff' via isar-users" Content-Language: en-US Autocrypt: addr=quirin.gylstorff@siemens.com; keydata= xsFNBGhxJPIBEADH6a6idt3FEJo4DFxeRRX2ZUHJjOSPTpBN4vK2FbvDJjBVLs1/xzNpOE/N CxDcH0nd4BApJeGzxjJpsHW9gm9w80oIG2HAZl4es79JdRt6H5GTdFaux1J8tLVTCS3bzeuu ydAUTesliWxSiEb4vqpmcduI42edmJF9E43jjLXDyJcXJa0qYXA0qvChJr7gbkGmWc7iR8A5 ZX1CrJJbwUBtzXGGThDPycgPYB1eR9OcFWJ2E6dBcLQiNxyOvxfpTKf09eZi2hBrZESpjMKo U/t9LX9SbyRwzpIeXQe8LQgyhppENmGSjc+Lm0YIreIU4ODbt1takxHTIpin1Po7lFiDMQmW aZrfNFKNQoffVyHq1gpV5BGIbnm8yJixpEueL2oygnN/evyNPQV7NzSoQaJy2lJRGjo4YrQy dfpJyaajNeO1njSttdWC30q28ZUorPzBPfLwt7B/BXyiMiY6/SZunfKQDAY+g835YTjEhBgl KtXEamOfypEvYfvzQUpLrFgK55yrDSndtNm71APD4oVNeV1I0KqbuBQk4o3TkR6ZYb4RLp9O dKGEnKCBaBaWJgf/1v4BLJ/ge8k135R1JLiyK/FylJbnsABE9k7/lELFKrwW22qgspkQAf13 h2+T65+637hkxhGRYnrtmxjOUk4EbYbAA+rtj0mpBxnziWojQQARAQABzS9RdWlyaW4gR3ls c3RvcmZmIDxxdWlyaW4uZ3lsc3RvcmZmQHNpZW1lbnMuY29tPsLBkQQTAQoAOwIbAwULCQgH AgYVCgkICwIEFgIDAQIeAQIXgBYhBBvkezJSXuvL6yeVgtxQXbgz0zl1BQJocSb5AhkBAAoJ ENxQXbgz0zl1vv8QAMVze9Jevd0Qe9iYY64RX1rQfGv0xI094u9+4fOsIOXUjX70cbRgOZzk muPuEj96pBh77vGWb19dyWmzlRL0tTGg4ACcbHXgy93l6HaUTlVLUFpEKx1ufo2StSPPZ1i9 4PBTfnyAhQqYH6dibaFpCHvhrNvLIidA/C3qBx2b5k7H9k/Hta/lhNPkJTSqLnUl2sU36ihb QFGvEOUnJjFVo7eUBDNjEDGXETfI2tfHuER7GxZZINFpzf1mnvgobaai0pt26XUrt0cdONGR slIv6hEQ4BcyuYEN5wZz68eMMQtaTXRoCGYPYpTEYu23BKYTPebIUAbM+CiEVHTkH2TSeDwM kc25z0ydFbA2D8I8J+atdBsmHlGCq1gMnSMZ/TtOrlL6OHFoVlaq95Z55a5cq72DF1BQBk1t jaPgiI3Frzn/ZLFfldakTbkd2vsZjBJEkcUtnc+Rm7x1Sn3X855zJmvYRzdLAPMsi/zVMsy6 tvoIcJozan1CQE/vC1S5V8BXoE0PRointtfTxPDuX2//sSzlRgBVWIQJHuQ0asb+gzptVZT+ naNdi+fexKfoSv6bxbsG2Bg7Pm3OZNASmaUodGNixZ3/y/VdzvvSaPPULYPuUCdZrTtX4wML ae1/UjUw7jUoEXOalGior+tSEUpvhfa9y8kzJswmtZW90lFYNuCtzsFNBGhxJPIBEACi38/X QWBviWYBLlk2czd15VQFpsfYFKzgO010e300DAL1D+CWatD7yiEK30m3vvHkOkyHaOz/DB18 ksr1czcbQLYSpdC4JKlsUu75tf9EI32QBPRMms7mJ+qewti4xj1sjrBpuczzLC0CG+dkxTD2 38AbgGW3m/o8zBsPGhVnJlRVGsYU/YiYxaE6MC/l5bzmb0ay58ySnSS32zALKBfXGpWmk1td KbcHNeEBuZu2W3ZYB5cTkDEE/3ycnWwqWh5u24SSLC/83rIeAjeyJ/wQ9+oSIHLlcl296sqM 1wYKVCjwAXfA7vcEBsANUFL6NkdP+Y+HJPRT/EODKZsjqWjoi/5v5GKBLrScLxA9cpjTCYMj +1slg6T9FgUMQ+7GtbGI+/3WA/8ZE8emq4EweLzYT7I6hLB/dnoqRZFmRkLZ8q81r3Oc+xIc PJEnEpQIN/Ky0YelyPY4j+GH+NOlLvv9pH16I46O5PsTCkyhcfgfYUOJgP1BRQrnRmVn6586 R86jfLLhtaagvg4Mb4NtR+ZAO8rF8xmrEv5q0YZBkRmMlRENwHWiCyvDzU7mTsyYvVweGgdL bak4VTz/Bm2kvnJyHAWOhWJk6BAgmQhM1c0eYG/vmyhS6O+omYIyDJFVp0ui71CazCFn7dDI +uzg6o6fHygmWDn43e4mu3WKEXCajwARAQABwsF8BBgBCgAmFiEEG+R7MlJe68vrJ5WC3FBd uDPTOXUFAmhxJPICGwwFCQPCZwAACgkQ3FBduDPTOXXrfw//Rc/CskZYHeM06zTK0NQKTt3+ hgME6rUQh9y4iDF1KjEvmVDGyDma8AQ45WNP5EbWgMFWGtlTYwn3CbFuYlDLMtCYHkth1itN SoUdOttJkQ5ULq8DW+MFrP4xlG0zAx+CWeug6VhujVBro9xK57zgYs+LsCK3nlsYR91ZtZ8E 73Bi58iGZL/DLRFws5ut9hGUE0HoxXAhUZ6de0QxXNmfApzK+rLUye+JYcEVWEfVCCofFy8X lk+r2OzCvMt43xu9OgV1Pg37ez4HVu+ZoPJ94NKteQr9QMR9PIOBXGlOuweKiR1IcYBjQHzL aptU47KTf+lJxZhy8H3l1ySuyQqxbFoPNUuAT9Fu2s7Mg7QzjLVkoIrkZ+YJ+CmgvZT4sPZe YAMMbi+ENwLUg7aYqCy1RHcit2jeoEMyJJ9PFcsbxcqIPaCG3xOurgMdwlGeGdaxSFvq1T4V Z50bOHQvqT4TbOxbxv8RLLtaNfIvudV3J+Xx3QyKY1sySFcCtCB/b4zoKqc73B5B0nXBw931 qIxmFqiZiwfFB91OCCqRFtm2LcfwR1fLrUtSrhmENjdBhZljfJKjxAfFOWXngfT10Sin9h20 4A7NrVMzatAJLl79L0PdJIVpGUDQHU9K7rIs2MoQKzmAvyUSJB4sAChft5wz7JbvFKqY2fW4 Z2NBPBZUysw= In-Reply-To: Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: FR4P281CA0420.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:d0::17) To DU0PR10MB7075.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:422::14) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB7075:EE_|PAXPR10MB5433:EE_ X-MS-Office365-Filtering-Correlation-Id: d4a70ceb-186e-4a2d-3964-08de28250c58 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|366016; X-Microsoft-Antispam-Message-Info: =?utf-8?B?VXQyOEVlbzRHekVlL05OeWUvY0FYUVkvQWJXRGVieDV4QTUzSWgwcnpnM1Bz?= =?utf-8?B?ZTV1bUNwakdPL1FVSGxFQmVwTDBaNlhIbkh2UFZtTWYrU2Iyd2l1dTdBdEdx?= =?utf-8?B?VFZrdFJSM0p4SFR1MWo4WWhHUlljTmpBOXZTUWE0T1I2QmxhK3JMTUJVdnNJ?= =?utf-8?B?WVZNYW5ZY2VOempsK3hBOE5YUlB5UVBNR3NrQ00vcWdhMWllOEFuejF3c3d1?= =?utf-8?B?Z1AzVGhDb3p4Zm0wZU9GUm5qaFcwb2JlaVZ5Rm5Ta2NKcG9PM25KR2c5bito?= =?utf-8?B?YzQ4NmFuTnRQZDJDLzdPNXpoM0IycVdPWktROUJ6UTcwVVRpaTFPY1FZL0VC?= =?utf-8?B?UG5hZzhocTlLQXozMmtodDA3Rlhjd1U4cDBuSTdKUnY3bEFUR3NybVFZbDR4?= =?utf-8?B?UEI3azhwaDZLZks3M1h4R0I4czhYbUhadmtQSUJHSHFuYlgxWWhSemJ2VGlR?= =?utf-8?B?amdHdDNzZDdndkp3c1A5ZmNTd3dHRURoUFRvRitGUUovcVhHSEtCWG9TOWFQ?= =?utf-8?B?SlRwM25zNFM2M042aDJpdHptRXhydTMvKzZZM1UxTENoSjJjOFR3cVEyWkwr?= =?utf-8?B?WWpXaW1SV3RMUnh5bFc1ZHlJZmJnb0o2KzlnSGJYRlJkYnhXOVRpSWI0Rkkr?= =?utf-8?B?YnhKTk5VNk9rSjFmTlAzZTNiTlNMZGlVV3MranRYRmpEQ2I3bTQxUzJFcmFn?= =?utf-8?B?S29nTm1LNWo1TWJ0UlN2bkFaVlh3NWcwdklNMDkzc1YzckptMWhNQmZDbUtB?= =?utf-8?B?a2E5SXNTMWRKa3luMkFQekJyUWJoekJHcU5oSjNOVjBLRG9MZVQxd3RXV2Fa?= =?utf-8?B?TjB1S3U1cHRTRXNTakRUYkYwYWlveWJxWTVZcE84dVhTQW03d1c1b3dsUUYx?= =?utf-8?B?WHFVMVR5U2hVZlYvNVFRKy95QTZzaU1UZlJNTHFOQnhQOVdiMWdBZmVOaDZO?= =?utf-8?B?UFdUZnJaQ0hrald1ZU5yMkNPZFlCOVJ2R3A4YjV0RE9zb3F3RTdmYjhSaTBF?= =?utf-8?B?RzVDaDZHdjVPZ1FNMDR2MmpjOUlVZWRoanp4ZEJGWTRhNkRGNzByRldBUFVq?= =?utf-8?B?UmRlS1hQMVg2OUIrNFNCdDRWUElwcGpQR3BxbjVHTTMwa3ExczJsVG1ReE1l?= =?utf-8?B?Q0tPcG4zR296UDNaUmNJTlBYcnVzQUFwWE1pM0d4S2p2bW1oTFlSajZKNS9a?= =?utf-8?B?WTZOcmJTZlFYRXBLeTdJNU1OYjBVb2Yxdk1FMWppMThVeEVIdnhvRE9mVUc3?= =?utf-8?B?d0ZwQjNnbStzLzc5RFl3VG8rWXJsQ3RYVU8xRW52cFA4Yk9ST2pvVUladzBw?= =?utf-8?B?SXo2dG5KcmlzdjJmSFpVb21reUMvOWlhMGROTFhiUUNQNVNPenVQVVNmNm5u?= =?utf-8?B?R0FBSVIrZWJiNVVvbmVHN0t2SFdKNzNrU3h5MGxqRkRUWGc3ejdtOHlVZEpw?= =?utf-8?B?MTlDNXdvcEo2c2t6Tjd6eEVoaXR0SnRaWWxhbzZ0VHJQYkRTQmxXUG9hbmhy?= =?utf-8?B?SVkwU2hQUTZENUdWWDdnbWVPbHlCNEJxMFhIeUsvajVRMFdCTFgwbXhFcndw?= =?utf-8?B?RUZxdVd5TDRSS0dnSi9SNUhXUGl4cjF1L01GaC9lMThOS3FrS0xIY2dOMkQ2?= =?utf-8?B?MUZoT2RKTCs2NEY3TUVjdVpURWpIZHY1MHFVbDlNWGprcHVOVXNQOUJxSDhu?= =?utf-8?B?VkZNelpTOStpMm15ZHdwK2NSSnNRTk1CeUE1Y3NVdWdwdTliZHVXeXVEWGNy?= =?utf-8?B?c0dqM3NZeEtjZDZ3ZmNhbjNYUFh0bjFLZlhOdGJ1MW9wN0p0WU92dVQ0UXIr?= =?utf-8?B?SHlqTFhnbUR0UDlZRWRZQ3NCeXlBNkswYm1NaW43eTFYS3ZkckJlZWRmdUts?= =?utf-8?B?YU00VU5yVzJoTFBNeUNnalpCT1Z2STZuT2JxZEhNc0ljc0E9PQ==?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB7075.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(1800799024)(366016);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?a3JmT0llTURBN0pydDVBMWFYWXZ6QmpLSzZTSEsvNjdKTE5pM1AyaGV2bUt0?= =?utf-8?B?WTJnTHIyUndHdTh6My90NmhxTW13Wkh6ZUc3UzRKdHVmOWJhYUFEOFB2Unkx?= =?utf-8?B?bzVTMGlydlNpU29WUW42RHZYSitYclhzc2VJeXBMcEErUFEvODk5anYwSHMv?= =?utf-8?B?OHFPUDMrMjlqbnVVQ3NRaEVUOWQ5VjRpcStqSjF2eUxJK2VvOG04bnd2V0hu?= =?utf-8?B?YmFBdTJOQjI5UmdFeTlxRTFWY295b09IQk83a1RiTjR3T0ZkU3BpYXM5aGNX?= =?utf-8?B?Y3hWZmRYMlEvYkN1bGEwaVdnbWFDQVRhL2RsV0ZBN0M2YmtERmtyQ1l2Vytk?= =?utf-8?B?K0VQYll3QU9Td2ljYXJCeGdIN1VIM0dUZGF6OTE5TUE3Z0lGRzRpaURMZFJk?= =?utf-8?B?VytXd2p6RjQrWVl0c3N2Qkx4N1JyOWJpb1FYb1g4cFZTYkV0R3VaT3ExL2hM?= =?utf-8?B?NXJGR1FST29jTjg5cWg2OTNXZjRTMHA0NDJ6YnlzR2hwellHR0YweUtES3NU?= =?utf-8?B?a25qRE0yQzZ4NFdKbFBUSVcyMjc1bG5aRXUwMkhoQ1hKcW5Ua3pQTkk4dkdi?= =?utf-8?B?bC8xTWxmMXlaQUNlUnhKaEFBK3czcDFhMkEvZXIzNGtIcDREQ3N4VDRsUWo0?= =?utf-8?B?QnlkT2NKSldiYjVFZWJCd1Zvc0JyQ0RMR2oyOGxYK3FSKzFka05XMjJQditu?= =?utf-8?B?V0tPanFVWk5CZ2hWaUFpZGNQdTcrcDRucDlQUGN4N3pLaUNReXYyeWZxTHRJ?= =?utf-8?B?ZStiUzczNklnZk5VMjBDS050MmdkdC9XL2ZHR2l1aEdldzVCYTF4N2xTQmdX?= =?utf-8?B?eWg2V0tBVmxyZWUwVm43cThwcHNydlJHZ2JUbUZqZTZHRjdzeXZzM0ppTVo4?= =?utf-8?B?VVovZiswWVRZNWxNK0ZVV0VQaWhDOHBmL01IMHBBdkFTN1V2UDZycFMvUkxF?= =?utf-8?B?VGUyWkhZWEJSMHNnbitLV1NQbGlpVDJWMGNhZHlCQ3NtcFVtKzVJbDIycnFK?= =?utf-8?B?YnVvZWxoajgvdjVZOVFWbS9yVWRNaFBKZXZQR0FwYno3c2ZieS9FVTgwc05P?= =?utf-8?B?WmwyVzYyci9rV3ozdEEybm9jVGdQR3NGQnVBWXlkdlF2YTRFUE1JNUdCVXF1?= =?utf-8?B?YTdyREhCOXJEWm4yQ1VBYkhZckxFekdUdW5mTFdBdTA3MWpZSGtMNHpvWCtu?= =?utf-8?B?N28ydThoRTRWU3VtOVozeUpTMW5ydWlYcXlObkdZbkF1a3czOUpQQk41eDhZ?= =?utf-8?B?QkF4Q2JKclZPS1Iwb2M5RnUxOWZOVXFhZHdIY2U3YjFqNDVQZ2lhY0NoVW9w?= =?utf-8?B?bjJzbFlsQzY2SmJ3dXhpTmprSitsamlqNmlucWhxWVY1YUpDaDZwOWZhVEZI?= =?utf-8?B?U1I3Um1TRVFEd0lpU29kOCt0VUhSZ2hxK1oxWjdqdG1tVlB3SUhOR1VnREV0?= =?utf-8?B?OE5EeTVDS2kzdnd5N3BmT29CSGtzYk96K05TV2JpSzlzMGMrbGlYdkgrNTE4?= =?utf-8?B?UnpwVHFpWHpHdFVuMnNUN0FTaXpLNDlhc28rMGszMEhrSzJLWWR1dWRSaFgw?= =?utf-8?B?MWV1U21pamw5Kzl1QkRrT0pSVUdQam0xdi9TQ0lTaGNGMXdRSG1ycEkwZWE4?= =?utf-8?B?MEZaV2tCdmxKT0ZoMGVyWFZKZ3RCeGhHMU9vR0FFbjFVR2E1aTVzVldzbWRh?= =?utf-8?B?S1ZuMnhRL0kyS2JwMGNNYUNWbHlyNXpVUVlIc2lielFKZ1hic1d6TEk3R0Zx?= =?utf-8?B?SnlzVlhid3MvMEtBT0VDcVdtNktQc1owbTRCSVBaSnZmZUJ5ak1ZMDdXdDBx?= =?utf-8?B?aWdJOGFjY2l0NXdoVzBpTnNKTjBzbHZzY1JvSlNIN2ttOTd4enNweTVTL0dD?= =?utf-8?B?cG9SVHlCVjg3RG1NeThvcEtrSFE4TlUxdjdZTnlmVGJBcERNaWlSME9zanFk?= =?utf-8?B?YUJsbWVhdm85NzIvOVg5eUprQzBTRHV3dHhkU1o3b1VYLy9NdEZ0cEJnSVBz?= =?utf-8?B?dE5WMmxDZTBwQXBZZWd2VnptOHU0ZGxNY2x5aGhFWDRpempVTmI3Z0dUYTc1?= =?utf-8?B?Q3VrTDR0dXJiLzc4bUVjeTdvSHNZYldLM1dvOUV1d3JRN1ZUaEttMGgvR0lp?= =?utf-8?B?WnREVVBOMCtuQ2pkeENwSWV4Rlp6dmc0azRZbVh2b3FvSlcxQVdkRHc1eUpO?= =?utf-8?B?clE9PQ==?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: d4a70ceb-186e-4a2d-3964-08de28250c58 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB7075.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Nov 2025 11:07:52.1202 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: KyFxjHCt4GPODKFI/KG/gp9R1LnnWOekryP/A8czJXhI+0VX92fBWTcIVvT3X036w27udkUR0ziT4Rv1JBmnzpuoFVxR5bjOHY96tkf15P0= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR10MB5433 X-Original-Sender: quirin.gylstorff@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=P3LXAcZf; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of quirin.gylstorff@siemens.com designates 2a01:111:f403:c201::1 as permitted sender) smtp.mailfrom=quirin.gylstorff@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Quirin Gylstorff Reply-To: Quirin Gylstorff Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: ImcXu1wqAu6y On 11/19/25 17:58, Zhihang Wei wrote: >=20 > On 11/19/25 16:54, 'Quirin Gylstorff' via isar-users wrote: >> >> >> On 11/17/25 14:24, 'Felix Moessbauer' via isar-users wrote: >>> From: Christoph Steiger >>> >>> Generate SBOMs for every rootfs that is created. These SBOMs are placed >>> in the image deploy directory. >>> >>> For the generation a small chroot with debsbom installed is created and >>> from that the rootfs of the image is scanned. >>> >>> The sbom generation is bound to the rootfs feature `generate-sbom` >>> which is activated per default now. >>> >>> Signed-off-by: Christoph Steiger >>> Signed-off-by: Felix Moessbauer >>> --- >>> =C2=A0 meta/classes/image.bbclass=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0 |=C2=A0 1 + >>> =C2=A0 meta/classes/initramfs.bbclass=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0 3 +- >>> =C2=A0 meta/classes/rootfs.bbclass=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 | = 14 +++- >>> =C2=A0 meta/classes/sbom.bbclass=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0 | 64 +++++++++++++++++++ >>> =C2=A0 meta/classes/sdk.bbclass=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0 |=C2=A0 2 +- >>> =C2=A0 .../sbom-chroot/sbom-chroot.bb=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 | 30 +++++++++ >>> =C2=A0 6 files changed, 111 insertions(+), 3 deletions(-) >>> =C2=A0 create mode 100644 meta/classes/sbom.bbclass >>> =C2=A0 create mode 100644 meta/recipes-devtools/sbom-chroot/sbom-chroot= .bb >>> >>> diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass >>> index 1fa71c17..29324920 100644 >>> --- a/meta/classes/image.bbclass >>> +++ b/meta/classes/image.bbclass >>> @@ -99,6 +99,7 @@ ROOTFS_FEATURES +=3D "\ >>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 clean-log-files \ >>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 clean-debconf-cache \ >>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 populate-systemd-preset \ >>> +=C2=A0=C2=A0=C2=A0 generate-sbom \ >>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 " >>> =C2=A0 ROOTFS_PACKAGES +=3D "${IMAGE_PREINSTALL}=20 >>> ${@isar_multiarch_packages('IMAGE_INSTALL', d)}" >>> =C2=A0 ROOTFS_MANIFEST_DEPLOY_DIR ?=3D "${DEPLOY_DIR_IMAGE}" >>> diff --git a/meta/classes/initramfs.bbclass b/meta/classes/=20 >>> initramfs.bbclass >>> index 862bd873..570780e1 100644 >>> --- a/meta/classes/initramfs.bbclass >>> +++ b/meta/classes/initramfs.bbclass >>> @@ -22,11 +22,12 @@ INITRAMFS_FULLNAME =3D "${PN}-${DISTRO}-${MACHINE}" >>> =C2=A0 # Bill-of-material >>> =C2=A0 ROOTFS_MANIFEST_DEPLOY_DIR =3D "${DEPLOY_DIR_IMAGE}" >>> =C2=A0 ROOTFS_PACKAGE_SUFFIX =3D "${INITRAMFS_FULLNAME}" >>> +SBOM_DISTRO_NAME:append =3D "-initramfs" >>> =C2=A0 =C2=A0 DEPENDS +=3D "${INITRAMFS_INSTALL}" >>> =C2=A0 =C2=A0 ROOTFSDIR =3D "${INITRAMFS_ROOTFS}" >>> -ROOTFS_FEATURES =3D "generate-manifest" >>> +ROOTFS_FEATURES =3D "generate-manifest generate-sbom" >>> =C2=A0 ROOTFS_PACKAGES =3D "${INITRAMFS_GENERATOR_PKG}=20 >>> ${INITRAMFS_PREINSTALL} ${INITRAMFS_INSTALL}" >>> =C2=A0 =C2=A0 # validate if have incompatible packages in the installat= ion list >>> diff --git a/meta/classes/rootfs.bbclass b/meta/classes/rootfs.bbclass >>> index c045bfc0..b3ca9e16 100644 >>> --- a/meta/classes/rootfs.bbclass >>> +++ b/meta/classes/rootfs.bbclass >>> @@ -3,6 +3,8 @@ >>> =C2=A0 =C2=A0 inherit deb-dl-dir >>> =C2=A0 +inherit sbom >>> + >>> =C2=A0 ROOTFS_ARCH ?=3D "${DISTRO_ARCH}" >>> =C2=A0 ROOTFS_DISTRO ?=3D "${DISTRO}" >>> =C2=A0 @@ -28,11 +30,18 @@ INITRD_IMAGE ?=3D "" >>> =C2=A0 # available features are: >>> =C2=A0 # 'clean-package-cache' - delete package cache from rootfs >>> =C2=A0 # 'generate-manifest' - generate a package manifest of the rootf= s=20 >>> into ${ROOTFS_MANIFEST_DEPLOY_DIR} >>> +# 'generate-sbom' - generate a SBOM of the rootfs into=20 >>> ${DEPLOY_DIR_SBOM} >>> =C2=A0 # 'export-dpkg-status' - exports /var/lib/dpkg/status file to=20 >>> ${ROOTFS_DPKGSTATUS_DEPLOY_DIR} >>> =C2=A0 # 'clean-log-files' - delete log files that are not owned by pac= kages >>> =C2=A0 # 'populate-systemd-preset' - enable systemd units according to= =20 >>> systemd presets >>> + >>> =C2=A0 # 'generate-initrd' - generate debian default initrd >>> =C2=A0 ROOTFS_FEATURES +=3D "${@ 'generate-initrd' if=20 >>> d.getVar('INITRD_IMAGE') =3D=3D '' else ''}" >>> +# only supported from bookworm / jammy on >>> +ROOTFS_FEATURES:remove:buster =3D "generate-sbom" >>> +ROOTFS_FEATURES:remove:bullseye =3D "generate-sbom" >>> +ROOTFS_FEATURES:remove:jammy =3D "generate-sbom" >>> +ROOTFS_FEATURES:remove:focal =3D "generate-sbom" >>> =C2=A0 =C2=A0 ROOTFS_APT_ARGS=3D"install --yes -o Debug::pkgProblemReso= lver=3Dyes" >>> =C2=A0 @@ -478,6 +487,9 @@ cache_dbg_pkgs() { >>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 fi >>> =C2=A0 } >>> =C2=A0 +# The sbom generator needs the apt-cache, hence run before=20 >>> cleaning it >>> +ROOTFS_POSTPROCESS_COMMAND +=3D=20 >>> "${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom',=20 >>> 'do_generate_sbom', '', d)}" >>> + >>> =C2=A0 ROOTFS_POSTPROCESS_COMMAND +=3D=20 >>> "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-package-cache',=20 >>> 'rootfs_postprocess_clean_package_cache', '', d)}" >>> =C2=A0 rootfs_postprocess_clean_package_cache() { >>> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 sudo -E chroot '${ROOTFSDIR}' \ >>> @@ -647,7 +659,7 @@ python do_rootfs() { >>> =C2=A0 } >>> =C2=A0 addtask rootfs before do_build >>> =C2=A0 -do_rootfs_postprocess[depends] =3D "base-apt:do_cache isar-=20 >>> apt:do_cache_config" >>> +do_rootfs_postprocess[depends] =3D "base-apt:do_cache isar-=20 >>> apt:do_cache_config ${@bb.utils.contains('ROOTFS_FEATURES',=20 >>> 'generate-sbom', 'sbom-chroot:do_sbomchroot_deploy', '', d)}" >>> =C2=A0 =C2=A0 SSTATETASKS +=3D "do_rootfs_install" >>> =C2=A0 SSTATECREATEFUNCS +=3D "rootfs_install_sstate_prepare" >>> diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass >>> new file mode 100644 >>> index 00000000..fd41296c >>> --- /dev/null >>> +++ b/meta/classes/sbom.bbclass >>> @@ -0,0 +1,64 @@ >>> +# This software is a part of ISAR. >>> +# Copyright (C) 2025 Siemens >>> +# >>> +# SPDX-License-Identifier: MIT >>> + >>> +# sbom type to generate, accepted are "cdx" or "spdx" >>> +SBOM_TYPES ?=3D "spdx cdx" >>> + >>> +SBOM_DEBSBOM_TYPE_ARGS =3D "${@"-t " + " -t=20 >>> ".join(d.getVar("SBOM_TYPES").split())}" >>> + >>> +# general user variables >>> +SBOM_DISTRO_SUPPLIER ?=3D "ISAR" >>> +SBOM_DISTRO_NAME ?=3D "ISAR-Debian-GNU-Linux" >>> +SBOM_DISTRO_VERSION ?=3D "1" >>> +SBOM_DISTRO_SUMMARY ?=3D "Linux distribution built with ISAR" >>> +SBOM_BASE_DISTRO_VENDOR ??=3D "debian" >>> +SBOM_DOCUMENT_UUID ?=3D "" >>> + >>> +# SPDX specific user variables >>> +SBOM_SPDX_NAMESPACE_PREFIX ?=3D "https://spdx.org/spdxdocs" >>> + >>> +DEPLOY_DIR_SBOM =3D "${DEPLOY_DIR_IMAGE}" >>> + >>> +SBOM_DIR =3D "${DEPLOY_DIR}/sbom" >>> +SBOM_CHROOT =3D "${SBOM_DIR}/sbom-chroot" >>> + >>> +# adapted from the isar-cip-core image_uuid.bbclass >>> +def generate_document_uuid(d, warn_not_repr=3DTrue): >>> +=C2=A0=C2=A0=C2=A0 import uuid >>> + >>> +=C2=A0=C2=A0=C2=A0 base_hash =3D d.getVar("BB_TASKHASH") >>> +=C2=A0=C2=A0=C2=A0 if base_hash is None: >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 if warn_not_repr: >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 bb.= warn("no BB_TASKHASH available, SBOM UUID is not=20 >>> reproducible") >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 return uuid.uuid4() >>> +=C2=A0=C2=A0=C2=A0 return str(uuid.UUID(base_hash[:32], version=3D4)) >>> + >>> +def sbom_doc_uuid(d): >>> +=C2=A0=C2=A0=C2=A0 if not d.getVar("SBOM_DOCUMENT_UUID"): >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 d.setVar("SBOM_DOCUMENT_UUI= D", generate_document_uuid(d)) >>> + >>> +generate_sbom() { >>> +=C2=A0=C2=A0=C2=A0 sudo mkdir -p ${SBOM_CHROOT}/mnt/rootfs ${SBOM_CHRO= OT}/mnt/=20 >>> deploy-dir >>> + >>> +=C2=A0=C2=A0=C2=A0 TIMESTAMP=3D$(date --iso-8601=3Ds -d @${SOURCE_DATE= _EPOCH}) >>> +=C2=A0=C2=A0=C2=A0 bwrap \ >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 --unshare-user \ >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 --unshare-pid \ >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 --bind ${SBOM_CHROOT} / \ >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 --bind ${ROOTFSDIR} /mnt/ro= otfs \ >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 --bind ${DEPLOY_DIR_SBOM} /= mnt/deploy-dir \ >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 -- debsbom -v generate ${SB= OM_DEBSBOM_TYPE_ARGS} -r /mnt/=20 >>> rootfs -o /mnt/deploy-dir/'${PN}-${DISTRO}-${MACHINE}' \ >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 --d= istro-name '${SBOM_DISTRO_NAME}' --distro-supplier=20 >>> '${SBOM_DISTRO_SUPPLIER}' \ >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 --d= istro-version '${SBOM_DISTRO_VERSION}' --distro-arch=20 >>> '${DISTRO_ARCH}' \ >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 --b= ase-distro-vendor '${SBOM_BASE_DISTRO_VENDOR}' \ >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 --c= dx-serialnumber '${SBOM_DOCUMENT_UUID}' \ >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 --s= pdx-namespace=20 >>> '${SBOM_SPDX_NAMESPACE_PREFIX}'-'${SBOM_DOCUMENT_UUID}' \ >>> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 --t= imestamp $TIMESTAMP >>> +} >> This breaks the build of custom initrds on=C2=A0=C2=A0 next=20 >> 3f55e8574865de46bb795b60c3c3569567494aa7. > Can you try master branch, or an earlier next at=20 > 49d4f8d81264b50e5d9c43a9d235c2a729164d28? The error also occurs on 49d4f8d8. See=20 https://gitlab.com/cip-project/cip-core/isar-cip-core/-/jobs/12155333533. Quirin > I suspect this is related with a mistake I made last Friday when > clearing the conflict to merge > "image: introduce IMAGE_INITRD, deprecate INITRD_IMAGE github.com/ilbers/isar/commit/c3c4e72cbfc4099308469802f5a912c29a990f72>"= =20 > to next. >=20 > Zhihang >> >> For cip-core I got: >> >> ERROR: cip-core-initramfs-1.0-r0 do_rootfs_postprocess:=20 >> ExecutionError('/work/build/tmp/work/cip-core-trixie-amd64/cip-core-=20 >> initramfs-qemu-amd64/1.0-r0/temp/run.generate_sbom.161385', 1, None,=20 >> None) >> ERROR: Logfile of failure stored in: /work/build/tmp/work/cip-core-=20 >> trixie-amd64/cip-core-initramfs-qemu-amd64/1.0-r0/temp/=20 >> log.do_rootfs_postprocess.161385 >> Log data follows: >> | DEBUG: Executing python function do_rootfs_postprocess >> | DEBUG: Executing shell function rootfs_do_mounts >> | DEBUG: Shell function rootfs_do_mounts finished >> | DEBUG: Executing shell function rootfs_do_qemu >> | DEBUG: Shell function rootfs_do_qemu finished >> | DEBUG: Executing python function do_generate_sbom >> | DEBUG: Executing shell function generate_sbom >> | bwrap: Can't find source path /work/build/tmp/deploy/images/qemu-=20 >> amd64: No such file or directory >> | WARNING: exit code 1 from a shell command. >> | DEBUG: Python function do_generate_sbom finished >> | DEBUG: Executing shell function rootfs_do_umounts >> | DEBUG: Shell function rootfs_do_umounts finished >> | DEBUG: Python function do_rootfs_postprocess finished >> ERROR: Task (/work/build/../../repo/recipes-initramfs/cip-core-=20 >> initramfs/cip-core-initramfs.bb:do_rootfs_postprocess) failed with=20 >> exit code '1' >> >> The integration is at https://gitlab.com/cip-project/cip-core/isar-=20 >> cip-core/-/tree/qg/add-debsbom?ref_type=3Dheads >> >> Quirin >>> + >>> +python do_generate_sbom() { >>> +=C2=A0=C2=A0=C2=A0 sbom_doc_uuid(d) >>> +=C2=A0=C2=A0=C2=A0 bb.build.exec_func("generate_sbom", d) >>> +} >>> diff --git a/meta/classes/sdk.bbclass b/meta/classes/sdk.bbclass >>> index 00cae0da..d57269e5 100644 >>> --- a/meta/classes/sdk.bbclass >>> +++ b/meta/classes/sdk.bbclass >>> @@ -47,7 +47,7 @@ SDK_PREINSTALL +=3D " \ >>> =C2=A0 ROOTFS_ARCH:class-sdk =3D "${HOST_ARCH}" >>> =C2=A0 ROOTFS_DISTRO:class-sdk =3D "${@get_rootfs_distro(d)}" >>> =C2=A0 ROOTFS_PACKAGES:class-sdk =3D "sdk-files ${SDK_TOOLCHAIN}=20 >>> ${SDK_PREINSTALL} ${@isar_multiarch_packages('SDK_INSTALL', d)}" >>> -ROOTFS_FEATURES:append:class-sdk =3D " clean-package-cache generate-= =20 >>> manifest export-dpkg-status" >>> +ROOTFS_FEATURES:append:class-sdk =3D " clean-package-cache generate-= =20 >>> manifest export-dpkg-status generate-sbom" >>> =C2=A0 ROOTFS_MANIFEST_DEPLOY_DIR:class-sdk =3D "${DEPLOY_DIR_SDKCHROOT= }" >>> =C2=A0 ROOTFS_DPKGSTATUS_DEPLOY_DIR:class-sdk =3D "${DEPLOY_DIR_SDKCHRO= OT}" >>> =C2=A0 diff --git a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb b/= =20 >>> meta/recipes-devtools/sbom-chroot/sbom-chroot.bb >>> new file mode 100644 >>> index 00000000..58200382 >>> --- /dev/null >>> +++ b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb >>> @@ -0,0 +1,30 @@ >>> +# This software is a part of ISAR. >>> +# >>> +# Copyright (C) 2025 Siemens >>> + >>> +LICENSE =3D "gpl-2.0" >>> +LIC_FILES_CHKSUM =3D "file://${LAYERDIR_core}/licenses/=20 >>> COPYING.GPLv2;md5=3D751419260aa954499f7abaabaa882bbe" >>> + >>> +PV =3D "1.0" >>> + >>> +inherit rootfs >>> + >>> +ROOTFS_ARCH =3D "${HOST_ARCH}" >>> +ROOTFS_DISTRO =3D "${@get_rootfs_distro(d)}" >>> +ROOTFS_BASE_DISTRO =3D "${HOST_BASE_DISTRO}" >>> + >>> +ROOTFS_FEATURES =3D "no-generate-initrd" >>> +ROOTFS_INSTALL_COMMAND:remove =3D "rootfs_restore_initrd_tooling" >>> + >>> +# additional packages for the SBOM chroot >>> +SBOM_IMAGE_INSTALL =3D "python3-debsbom" >>> +DEPENDS +=3D "python3-debsbom" >>> + >>> +ROOTFSDIR =3D "${WORKDIR}/rootfs" >>> +ROOTFS_PACKAGES =3D "${SBOM_IMAGE_INSTALL}" >>> + >>> +do_sbomchroot_deploy[dirs] =3D "${SBOM_DIR}" >>> +do_sbomchroot_deploy() { >>> +=C2=A0=C2=A0=C2=A0 ln -Tfsr "${ROOTFSDIR}" "${SBOM_CHROOT}" >>> +} >>> +addtask do_sbomchroot_deploy before do_build after do_rootfs >> >=20 --=20 You received this message because you are subscribed to the Google Groups "= isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/= 0e93fd0b-d55f-4ab6-9d77-b3e565ff15cb%40siemens.com.