From: "'Christoph Steiger' via isar-users" <isar-users@googlegroups.com>
To: isar-users@googlegroups.com
Cc: jan.kiszka@siemens.com, felix.moessbauer@siemens.com,
gernot.hillier@siemens.com, cedric.hombourger@siemens.com,
Christoph Steiger <christoph.steiger@siemens.com>
Subject: [PATCH 1/3] meta: package python libraries for SBOM generation
Date: Tue, 9 Sep 2025 10:05:26 +0200 [thread overview]
Message-ID: <20250909080528.95765-2-christoph.steiger@siemens.com> (raw)
In-Reply-To: <20250909080528.95765-1-christoph.steiger@siemens.com>
Package python libraries for SBOM generation in isar. The packages are
unfortunately not (yet) packaged in Debian, thats why we need to do it
here. With these libraries it is now possible to easily create CDX and
SPDX SBOMs in different file formats.
Signed-off-by: Christoph Steiger <christoph.steiger@siemens.com>
---
.../python3-beartype/files/rules | 8 +++
.../python3-beartype_0.19.0.bb | 29 ++++++++++
.../files/pybuild.testfiles | 1 +
.../python3-cyclonedx-python-lib/files/rules | 8 +++
.../python3-cyclonedx-python-lib_9.1.0.bb | 56 +++++++++++++++++++
.../python3-packageurl-python/files/rules | 8 +++
.../python3-packageurl-python_0.16.0.bb | 33 +++++++++++
.../python3-py-serializable/files/rules | 8 +++
.../python3-py-serializable_2.0.0.bb | 42 ++++++++++++++
.../python3-spdx-tools/files/rules | 25 +++++++++
.../python3-spdx-tools_0.8.3.bb | 56 +++++++++++++++++++
11 files changed, 274 insertions(+)
create mode 100644 meta/recipes-support/python3-beartype/files/rules
create mode 100644 meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb
create mode 100644 meta/recipes-support/python3-cyclonedx-python-lib/files/pybuild.testfiles
create mode 100644 meta/recipes-support/python3-cyclonedx-python-lib/files/rules
create mode 100644 meta/recipes-support/python3-cyclonedx-python-lib/python3-cyclonedx-python-lib_9.1.0.bb
create mode 100644 meta/recipes-support/python3-packageurl-python/files/rules
create mode 100644 meta/recipes-support/python3-packageurl-python/python3-packageurl-python_0.16.0.bb
create mode 100644 meta/recipes-support/python3-py-serializable/files/rules
create mode 100644 meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb
create mode 100644 meta/recipes-support/python3-spdx-tools/files/rules
create mode 100644 meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb
diff --git a/meta/recipes-support/python3-beartype/files/rules b/meta/recipes-support/python3-beartype/files/rules
new file mode 100644
index 00000000..0ca517a1
--- /dev/null
+++ b/meta/recipes-support/python3-beartype/files/rules
@@ -0,0 +1,8 @@
+#!/usr/bin/make -f
+
+#export DH_VERBOSE = 1
+export PYBUILD_NAME = beartype
+export PYBUILD_SYSTEM = pyproject
+
+%:
+ dh $@ --with python3 --buildsystem=pybuild
diff --git a/meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb b/meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb
new file mode 100644
index 00000000..34f56b30
--- /dev/null
+++ b/meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb
@@ -0,0 +1,29 @@
+# This software is a part of ISAR.
+# Copyright (c) Siemens, 2025
+#
+# SPDX-License-Identifier: MIT
+
+inherit dpkg
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
+
+S = "${WORKDIR}/beartype-${PV}"
+
+MAINTAINER = "Christoph Steiger <christoph.steiger@siemens.com>"
+DPKG_ARCH = "all"
+DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), dh-python, python3-all, python3-setuptools, pybuild-plugin-pyproject, python3-hatchling"
+DEBIAN_DEPENDS = "python3"
+# this is 01/01/1980, any earlier and zip in the wheel building process will not accept it
+DEBIAN_CHANGELOG_TIMESTAMP = "315532800"
+DESCRIPTION = "Unbearably fast near-real-time hybrid runtime-static type-checking in pure Python."
+
+SRC_URI = "\
+ https://github.com/beartype/beartype/archive/refs/tags/v0.19.0.tar.gz \
+ file://rules \
+ "
+SRC_URI[sha256sum] = "e7ad00eebf527d60f30e0b391209b561dabd2074b608c50e26c94c2d8250a6cd"
+
+do_prepare_build[cleandirs] += "${S}/debian"
+do_prepare_build() {
+ deb_debianize
+}
diff --git a/meta/recipes-support/python3-cyclonedx-python-lib/files/pybuild.testfiles b/meta/recipes-support/python3-cyclonedx-python-lib/files/pybuild.testfiles
new file mode 100644
index 00000000..cc736a36
--- /dev/null
+++ b/meta/recipes-support/python3-cyclonedx-python-lib/files/pybuild.testfiles
@@ -0,0 +1 @@
+pyproject.toml
diff --git a/meta/recipes-support/python3-cyclonedx-python-lib/files/rules b/meta/recipes-support/python3-cyclonedx-python-lib/files/rules
new file mode 100644
index 00000000..fe72dd1a
--- /dev/null
+++ b/meta/recipes-support/python3-cyclonedx-python-lib/files/rules
@@ -0,0 +1,8 @@
+#!/usr/bin/make -f
+
+#export DH_VERBOSE = 1
+export PYBUILD_NAME = cyclonedx-python-lib
+export PYBUILD_SYSTEM = pyproject
+
+%:
+ dh $@ --with python3 --buildsystem=pybuild
diff --git a/meta/recipes-support/python3-cyclonedx-python-lib/python3-cyclonedx-python-lib_9.1.0.bb b/meta/recipes-support/python3-cyclonedx-python-lib/python3-cyclonedx-python-lib_9.1.0.bb
new file mode 100644
index 00000000..62c23476
--- /dev/null
+++ b/meta/recipes-support/python3-cyclonedx-python-lib/python3-cyclonedx-python-lib_9.1.0.bb
@@ -0,0 +1,56 @@
+# This software is a part of ISAR.
+# Copyright (c) Siemens, 2025
+#
+# SPDX-License-Identifier: MIT
+
+inherit dpkg
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
+
+DEPENDS = "python3-packageurl-python python3-py-serializable"
+
+S = "${WORKDIR}/cyclonedx_python_lib-${PV}"
+
+MAINTAINER = "Christoph Steiger <christoph.steiger@siemens.com>"
+DPKG_ARCH = "all"
+DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), \
+ dh-python, \
+ python3-all, \
+ python3-setuptools, \
+ pybuild-plugin-pyproject, \
+ python3-poetry, \
+ python3-py-serializable, \
+ python3-packageurl-python, \
+ python3-sortedcontainers, \
+ python3-ddt, \
+ python3-defusedxml, \
+ python3-license-expression, \
+ python3-jsonschema, \
+ python3-lxml, \
+ "
+
+DEBIAN_DEPENDS = "python3, \
+ python3-py-serializable, \
+ python3-packageurl-python, \
+ python3-sortedcontainers, \
+ python3-ddt, \
+ python3-defusedxml, \
+ python3-license-expression, \
+ python3-jsonschema, \
+ python3-lxml, \
+ "
+
+DESCRIPTION = "Library for serializing and deserializing Python Objects to and from JSON and XML."
+
+SRC_URI = "\
+ https://github.com/CycloneDX/cyclonedx-python-lib/releases/download/v9.1.0/cyclonedx_python_lib-9.1.0.tar.gz \
+ file://rules \
+ file://pybuild.testfiles \
+ "
+SRC_URI[sha256sum] = "86935f2c88a7b47a529b93c724dbd3e903bc573f6f8bd977628a7ca1b5dadea1"
+
+do_prepare_build[cleandirs] += "${S}/debian"
+do_prepare_build() {
+ cp "${WORKDIR}"/pybuild.testfiles "${S}"/debian
+ deb_debianize
+}
diff --git a/meta/recipes-support/python3-packageurl-python/files/rules b/meta/recipes-support/python3-packageurl-python/files/rules
new file mode 100644
index 00000000..50e1b74c
--- /dev/null
+++ b/meta/recipes-support/python3-packageurl-python/files/rules
@@ -0,0 +1,8 @@
+#!/usr/bin/make -f
+
+#export DH_VERBOSE = 1
+export PYBUILD_NAME = packageurl-python
+export PYBUILD_SYSTEM = distutils
+
+%:
+ dh $@ --with python3 --buildsystem=pybuild
diff --git a/meta/recipes-support/python3-packageurl-python/python3-packageurl-python_0.16.0.bb b/meta/recipes-support/python3-packageurl-python/python3-packageurl-python_0.16.0.bb
new file mode 100644
index 00000000..773fd93b
--- /dev/null
+++ b/meta/recipes-support/python3-packageurl-python/python3-packageurl-python_0.16.0.bb
@@ -0,0 +1,33 @@
+# This software is a part of ISAR.
+# Copyright (c) Siemens, 2025
+#
+# SPDX-License-Identifier: MIT
+
+inherit dpkg
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
+
+S = "${WORKDIR}/packageurl_python-${PV}"
+
+MAINTAINER = "Christoph Steiger <christoph.steiger@siemens.com>"
+DPKG_ARCH = "all"
+DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), \
+ dh-python, \
+ python3-all, \
+ python3-setuptools, \
+ "
+
+DEBIAN_DEPENDS = "python3"
+
+DESCRIPTION = "A purl aka. Package URL parser and builder"
+
+SRC_URI = "\
+ https://github.com/package-url/packageurl-python/releases/download/v0.16.0/packageurl_python-0.16.0.tar.gz \
+ file://rules \
+ "
+SRC_URI[sha256sum] = "69e3bf8a3932fe9c2400f56aaeb9f86911ecee2f9398dbe1b58ec34340be365d"
+
+do_prepare_build[cleandirs] += "${S}/debian"
+do_prepare_build() {
+ deb_debianize
+}
diff --git a/meta/recipes-support/python3-py-serializable/files/rules b/meta/recipes-support/python3-py-serializable/files/rules
new file mode 100644
index 00000000..0cf845dd
--- /dev/null
+++ b/meta/recipes-support/python3-py-serializable/files/rules
@@ -0,0 +1,8 @@
+#!/usr/bin/make -f
+
+#export DH_VERBOSE = 1
+export PYBUILD_NAME = py-serializable
+export PYBUILD_SYSTEM = pyproject
+
+%:
+ dh $@ --with python3 --buildsystem=pybuild
diff --git a/meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb b/meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb
new file mode 100644
index 00000000..9e75062a
--- /dev/null
+++ b/meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb
@@ -0,0 +1,42 @@
+# This software is a part of ISAR.
+# Copyright (c) Siemens, 2025
+#
+# SPDX-License-Identifier: MIT
+
+inherit dpkg
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
+
+S = "${WORKDIR}/py_serializable-${PV}"
+
+MAINTAINER = "Christoph Steiger <christoph.steiger@siemens.com>"
+DPKG_ARCH = "all"
+DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), \
+ dh-python, \
+ python3-all, \
+ python3-setuptools, \
+ pybuild-plugin-pyproject, \
+ python3-poetry, \
+ python3-defusedxml, \
+ python3-lxml, \
+ xmldiff \
+ "
+
+DEBIAN_DEPENDS = "python3, \
+ python3-defusedxml, \
+ python3-lxml, \
+ xmldiff \
+ "
+
+DESCRIPTION = "Library for serializing and deserializing Python Objects to and from JSON and XML."
+
+SRC_URI = "\
+ https://github.com/madpah/serializable/releases/download/v2.0.0/py_serializable-2.0.0.tar.gz \
+ file://rules \
+ "
+SRC_URI[sha256sum] = "e9e6491dd7d29c31daf1050232b57f9657f9e8a43b867cca1ff204752cf420a5"
+
+do_prepare_build[cleandirs] += "${S}/debian"
+do_prepare_build() {
+ deb_debianize
+}
diff --git a/meta/recipes-support/python3-spdx-tools/files/rules b/meta/recipes-support/python3-spdx-tools/files/rules
new file mode 100644
index 00000000..ac87528a
--- /dev/null
+++ b/meta/recipes-support/python3-spdx-tools/files/rules
@@ -0,0 +1,25 @@
+#!/usr/bin/make -f
+
+#export DH_VERBOSE = 1
+export PYBUILD_NAME = spdx-tools
+export PYBUILD_SYSTEM = distutils
+
+# skip tests that require hard-to-package dependencies and tests that rely on relative file paths
+# TODO: figure out a way to make these tests work
+export PYBUILD_TEST_ARGS=--ignore tests/spdx3/validation/json_ld/test_shacl_validation.py \
+ -k 'not test_examples \
+ and not test_parse_from_file \
+ and not test_annotation_parser \
+ and not test_snippet_parser \
+ and not test_creation_info_parser \
+ and not test_json_ld_writer \
+ and not test_extracted_licensing_info_parser \
+ and not test_parse_file \
+ and not test_package_parser \
+ and not test_relationship_parser \
+ and not test_graph_parsing_function \
+ and not test_license_expression_parser \
+ '
+
+%:
+ dh $@ --with python3 --buildsystem=pybuild
diff --git a/meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb b/meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb
new file mode 100644
index 00000000..2b81d6fe
--- /dev/null
+++ b/meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb
@@ -0,0 +1,56 @@
+# This software is a part of ISAR.
+# Copyright (c) Siemens, 2025
+#
+# SPDX-License-Identifier: MIT
+
+inherit dpkg
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
+
+S = "${WORKDIR}/tools-python-${PV}"
+
+DEPENDS = "python3-beartype"
+
+MAINTAINER = "Christoph Steiger <christoph.steiger@siemens.com>"
+DPKG_ARCH = "all"
+DEBIAN_BUILD_DEPENDS = "debhelper (>= 11~), \
+ dh-python, \
+ python3-all, \
+ python3-setuptools, \
+ python3-beartype, \
+ python3-semantic-version, \
+ python3-license-expression, \
+ python3-pytest, \
+ python3-rdflib, \
+ python3-uritools, \
+ python3-ply, \
+ python3-click, \
+ python3-xmltodict, \
+ python3-yaml, \
+ "
+
+DEBIAN_DEPENDS = "python3, \
+ python3-beartype, \
+ python3-semantic-version, \
+ python3-license-expression, \
+ python3-pytest, \
+ python3-rdflib, \
+ python3-uritools, \
+ python3-ply, \
+ python3-click, \
+ python3-xmltodict, \
+ python3-yaml, \
+ "
+
+DESCRIPTION = "SPDX parser and tools."
+
+SRC_URI = "\
+ https://github.com/spdx/tools-python/archive/refs/tags/v0.8.3.tar.gz \
+ file://rules \
+ "
+SRC_URI[sha256sum] = "17cb0140adbaefb58819c9d5d56060dc6a70c673a854fa9bd882ecfa4e062a7f"
+
+do_prepare_build[cleandirs] += "${S}/debian"
+do_prepare_build() {
+ deb_debianize
+}
--
2.39.5
--
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/20250909080528.95765-2-christoph.steiger%40siemens.com.
next prev parent reply other threads:[~2025-09-09 8:05 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-09 8:05 [PATCH 0/3] Add SBOM generation with debsbom 'Christoph Steiger' via isar-users
2025-09-09 8:05 ` 'Christoph Steiger' via isar-users [this message]
2025-09-09 8:05 ` [PATCH 2/3] meta: package python3-debsbom 'Christoph Steiger' via isar-users
2025-09-09 8:19 ` 'Christoph Steiger' via isar-users
2025-09-09 8:05 ` [PATCH 3/3] meta: add SBOM generation with debsbom 'Christoph Steiger' via isar-users
2025-09-11 10:07 ` 'MOESSBAUER, Felix' via isar-users
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250909080528.95765-2-christoph.steiger@siemens.com \
--to=isar-users@googlegroups.com \
--cc=cedric.hombourger@siemens.com \
--cc=christoph.steiger@siemens.com \
--cc=felix.moessbauer@siemens.com \
--cc=gernot.hillier@siemens.com \
--cc=jan.kiszka@siemens.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox