From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 22 Oct 2025 17:39:47 +0200 X-Sieve: CMU Sieve 2.4 Received: from mail-qv1-f60.google.com (mail-qv1-f60.google.com [209.85.219.60]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 59MFdjTJ021168 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 22 Oct 2025 17:39:46 +0200 Received: by mail-qv1-f60.google.com with SMTP id 6a1803df08f44-87c0f8cbe6fsf259498586d6.0 for ; Wed, 22 Oct 2025 08:39:46 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1761147580; cv=pass; d=google.com; s=arc-20240605; b=GewCHav9epD5lrRU6IafF5qETE/SmmEHcI+8hyRh7kjktu8gs75ef67Y4HMApP4U64 glJTM+GHzE8SBxOAKy7EGNKJsqCw0gqx691LKXSebgYDgCQwkVC3qLHhxj/WjQDr+jLE rKd5vfaaegeOoum/WG8um36CGL2ffoafycYEPKE6vkE3Zp2D4MJvMd7vDAaSZurJDNCr v0iS8E7D1qZjS/o3VXwra+R7mVWGNP2MTocHRgLfeFhd8TZ8ZhCfLUziCCIMOHoEPELf 9laJawkUMsJXcpj1ZoxVV8I8CwQDjM9qz3GKDAiuZ+b6iVHz7HO4SvsTFHT5DjXcHGw9 Bz5Q== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:message-id :date:subject:cc:to:from:dkim-signature; bh=hXLMGMleg1CtEx0FQgRzgD/9iF2Fkn/JnONZleSRhV4=; fh=abd6oqXk9nnoeejsk3H5whvFCKabmbO8rx7sgZytTVs=; b=cnlj+ItuQvVn5GT63v9U45yHh/zJI+3m53e6LswdhIYUPCIfXMml7jSpupbluJ+1Cn cKtuclo8I1R2OZ3JJsJXSXOHguMq8oiEWZrRV8cvJtex0yYW1EYeVJQiHeM8UxWP9jaG oTJYlh3lqcT2XT9mEUHkrUZkiVdOHC5aVHt45GER5jEwo2peQ6JtZwbs5KJreOKeimZ8 5y2JxaIofrG5s5B6YvjLYdiJbP++xdk1NI1DtDAYify10W22zE81WPLyVnLMEkIb0WU+ /ReaY55Njd5LH9yhda+cFjWokTapxsUA15jWblasVW9P92At+lT6BnCdOvHsbb2uW8IE ABmA==; darn=ilbers.de ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="k/l21Fzo"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1761147580; x=1761752380; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=hXLMGMleg1CtEx0FQgRzgD/9iF2Fkn/JnONZleSRhV4=; b=dDys7WWGJKhWE7/MD95iOz3AhgEqhsB0kTbCAjP9iBshnTNdExbnMoLfWIU9Zd36fW Avh8xwu/eeIodTKppU3z+nTNZkjvFkwaXFiaE2bZ4B6WFQfL17vJThes6znSVls1YZ7O SDGGcDZkKv9eye8LHwl+kYEXhNewe3BdDrrTFDdWUbpBXB1H9iy5UbxPNBUXwEh2mnxo VObWCSJHW0QxDk797NS3gmXBX1J8A/BfKtXFYuuy+5Qhfrfewy1BDUGxLQOZcxfsaBgi qf66S+FhjmpOZjDH3vnGt33mfHfLCpEEGTsE1IRgoksRCFFlrUnxuwHO6NZwvhk3XzYl 54Bg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761147580; x=1761752380; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :message-id:date:subject:cc:to:from:x-beenthere:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=hXLMGMleg1CtEx0FQgRzgD/9iF2Fkn/JnONZleSRhV4=; b=MuyQnjYOSzQzmnQ3xBjvi/H1TKXlnoKJjfue4jVVf+pM7YIsNtQrKCK2DGtDdwloVR m/rpAk9Z8J8sgz/sEpLzGNopVfw3u8U7e9WyeFv1X+9oWiEl7hk69tNBdAbSEAmaKfzi tjqt13FAXFJ5GjikdCM5r+hDz3LTb9Zv1BdZ4f9Dav2ucawT3inCDEZVJva3+AjP5+eK aDqM91gaJgV7mv5WMXUVJF+MR7BW76VNQ1CHfHtQuFZlHyb39c8atB4/BFzNApxIdEwx SsTzGiEeMkyHy/3NPYFlW6FZuImA3n4gKzvw2ob4r7ZG+wGKRttPiYHbPsguxGj8FDGK F/Uw== X-Forwarded-Encrypted: i=3; AJvYcCVAiDOkSZvUqGox6w++qkvapoulK/eYfLLGcpNg64hToGBsBlaAROn+vKq6aHffzHblzpzR@ilbers.de X-Gm-Message-State: AOJu0Yy/ia7Ha28dF8U/2pYpWFUxuNk/E/02WNB0BcQz1QM6QfGmp0Ya mHl76NQz60FxNcjGCUmOz7zFbCrlWVopLsGHTzkc17DL0qEIhTS1sBsx X-Google-Smtp-Source: AGHT+IGc2ENBMA8n+NtPHKbv7yEMu0sy7xBN94HOe3T5sXxnHw4UL6P3jliSZrWARt6v8zDqedE0Ig== X-Received: by 2002:a05:6214:248a:b0:87c:13b9:7b1f with SMTP id 6a1803df08f44-87c20578317mr286361256d6.23.1761147579537; Wed, 22 Oct 2025 08:39:39 -0700 (PDT) X-BeenThere: isar-users@googlegroups.com; h="ARHlJd7WV7+aUQxBS4qk2j0i9qpI84bxXPL01BRgJENlwy9jgw==" Received: by 2002:a05:6214:260e:b0:779:d180:7e3f with SMTP id 6a1803df08f44-87c15327cd2ls112643976d6.1.-pod-prod-01-us; Wed, 22 Oct 2025 08:39:37 -0700 (PDT) X-Received: by 2002:a05:6214:1c4b:b0:78f:62ef:5a50 with SMTP id 6a1803df08f44-87c2061005fmr259230826d6.42.1761147577336; Wed, 22 Oct 2025 08:39:37 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1761147577; cv=pass; d=google.com; s=arc-20240605; b=Z/9xsw+acOib6uZHxPdGOhkpC/tk8xaWXBlI65Z3i8v8jpt2cJOBBWcQ2opgdNbgd6 DA/Q+UbW3GrRdyngwnVAE4L2M2ZB1JTnVlXpu0ESo8UeSY4sgGSOr7D93HIJcgbK4dh1 oAGtcYPldQkopX4LuyyVAKY2UVtzLCE1jrMDBIk+pXH8TB+7ykeY/sOFGVs9QDZhaL+U BNGS5rOBi57ty0vDw1kFglAh74mlEWjmKfH5fzMKkdxYaYEI71H1l9nvGlPL3L4K7SRL FIF7CxHBvw4V/PKN6E1z8+TWvbuBaqVw3Od9fVFNr67IgxY4ZPCSfResNduwFsBje9Na vRsA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:message-id:date:subject:cc :to:from:dkim-signature; bh=Y4EyHf6wrkkNfpTUmilv1CzquBNRgtfhA+UchXa8D5I=; fh=U8bm4dTYQmv4LpgB7HlcKSsNa947JBNKOeDeOLKSao8=; b=TKeadYJje8SBDFjmcXUBv8O7fUKKsLUneMsDRRkAr2QrBvdbHa1kCWe6rqSAX6LhPE nJUhCvu6uV4auzyB/pgYqkskJ4O/K9nX/nP+awxrTf0NYQkr/41WssQPiVfG4FpWs3Mv uGLH1hB9nPo/Kk7nIPaSjBzE8beesnNuUF3H+MK6qHr6Th850qrlXjd9gnwbIv+6VWjV 9QUbE1C029+yFOaPsUBreqv46S4VIZv8K4juFCUKjABmFDZx0BqQ1OGM32sxgGG6XF1c 6KMYvz3zdOapPdxubfS/2qyDPqVwYTMfsbkaBsEzpmu7Uyn9mAmRjqzJNsqkZ30DDGg1 BC1g==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="k/l21Fzo"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AS8PR04CU009.outbound.protection.outlook.com (mail-westeuropeazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c201::3]) by gmr-mx.google.com with ESMTPS id 6a1803df08f44-87d02896656si3813466d6.6.2025.10.22.08.39.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 Oct 2025 08:39:37 -0700 (PDT) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) client-ip=2a01:111:f403:c201::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=SZuzfg4v92CIxnO5pljQ7YiryEfoS+PjkzzDRL9rhJBZeWnnp/AgebDVr9jbdKrpDgdStkBvneYCMdTaU7B34SI9qHUWFGxfSlUglHryDSFCVXP7g0cOTscr/+sr+UdKlnH079IHqPEW4NgAKh283RuJPIbofmS5Zx5jF5DdCqd5of6QWVc0PwGR4Je5QFI1D9IQJUVgB8MKcTn6ouhqJQFohAeTof61nyqFyIXDcOyCMbOil+6hoe42ut4tHtArASuK7P2yYqEExfv0b3TwOESy4Q6REaJeS+hR0LecghfAzkxNM9rELT8i8edxa+gn4jYu037pFQim1bRxOVsgnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Y4EyHf6wrkkNfpTUmilv1CzquBNRgtfhA+UchXa8D5I=; b=m+u91aSIjhg2gyg1xDi7PVtiwvXLak1tLgmoSqMblD0LQUt+6Xn6799O+J+EKJqKuYlU7C7eIISXaSogOpwLA3945xOPCI0yeOcDGdMyFsNP0khsgcP5t5CVTH29nFMXM6MTBsgl6DpYsZ72TPkIHmV6wfVmxEyIDdYaNSrr170x5atgBEQNFK9mAhcftvgvZmcPu9XzNAgL9FJGv+8uHBZPluUBOf/5PZMivdzVUrk8crjuDjoJSPX/SZ5cRhnGig8vXZxUBlO8lFCy5Uhc48eikDUbL7917W6dMPcMxpBxdLkjcJpAHw95x8AgUTsyFl4OJlunfKbI6Y7mDp2enQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by PRAPR10MB5178.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:27b::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9253.12; Wed, 22 Oct 2025 15:39:34 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::8198:b4e0:8d12:3dfe]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::8198:b4e0:8d12:3dfe%4]) with mapi id 15.20.9253.011; Wed, 22 Oct 2025 15:39:34 +0000 From: "'Felix Moessbauer' via isar-users" To: isar-users@googlegroups.com Cc: christoph.steiger@siemens.com, cedric.hombourger@siemens.com, jan.kiszka@siemens.com, Felix Moessbauer Subject: [PATCH v3 00/10] Add SBOM generation with debsbom Date: Wed, 22 Oct 2025 17:39:11 +0200 Message-ID: <20251022153921.2494749-1-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 Content-Type: text/plain; charset="UTF-8" X-ClientProxiedBy: CH0PR03CA0035.namprd03.prod.outlook.com (2603:10b6:610:b3::10) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|PRAPR10MB5178:EE_ X-MS-Office365-Filtering-Correlation-Id: 50e2db65-01fd-4b92-9966-08de1181330f X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?IewVpjH6ba9JHUkW8wKmts7eDS+IyaGoNm9cIPgWMFpZNgeFXDahu5BbmkcD?= =?us-ascii?Q?VpgcQsO7v1ZKIWZlIANaAEoh8A3Uw4GpQxhOOswQdEh42s+HI78GA36Rk5bp?= =?us-ascii?Q?Op/eb2N7KeInEQEPhDPWdsm4fUDNvehoNs3pqjxd4xs6b9wTup89xxekLVmd?= =?us-ascii?Q?RwGnH4tY3XREU6v5ClouaQFqrv13+ZEqPudPsRYC+OvwfiaDv4v9FvH9B8Ea?= =?us-ascii?Q?Ppf1katnRwuQDecFslZG+EalTEEnFVSWTAPNBysdLpM1JQFSq0xLwmklU+WO?= =?us-ascii?Q?+z2oGbOaPjEphEUb8YhlrqDXOho4sO+uizbcRL19AEx/x9k4TXIeuIXzxt/l?= =?us-ascii?Q?YZO0Ro54hlQ1P1KlFeTlZWitcdy/h6CucUVukBV4jNySm5eQL4I/KDPkWSCF?= =?us-ascii?Q?gY1yEQxPx70JlWyI6kGHvisgUT39GyrEe/9sm8PJbTif+11cIM5/0m8Oqb5q?= =?us-ascii?Q?QIoxwVaKf1Xkl2+DJlbIyQcR4X4cm6ct83kI0dOJD8tXwfFZ9kfD6dhuEeR4?= =?us-ascii?Q?UtXh35N+fhK4oJHyugms8tJWCa98R9Ik9276YN8xYswjMymWq8pgKHC3x+H5?= =?us-ascii?Q?FJsV2z8PNfROJ/dRrxxy7yC5ijWZ78SIY9ct5oZMdgJH+mA78xjdb9ZSs/sF?= =?us-ascii?Q?qvc1WcTh7BfnUi+CVmkAy9c4LeSl6A7YE/qP+UKnnxUrdQO7ggeAyPYMTtOZ?= =?us-ascii?Q?fsiBeW5e90VmfLwYI4azNLp6Qd0zaveFv9Css0Xu4IQ9b2nACW6O6EUCSnzH?= =?us-ascii?Q?1Pt9ECmepKx+uuon4WKQDxwVhg4xd0Ke4xX0zGzbRUpzAlRXbnzi+dOVQsVe?= =?us-ascii?Q?J4NXclm6WANEm/S5ebQlz4aoDUzYR6SJ59jkQpdOOdxjEQnEMjI1iXKGb0Wo?= =?us-ascii?Q?oA/hUfn6Ku0MsJmFkuxNAs/kgq7aPHRuxu+Z/0CDUSRgc1bEPXfKsMdkdjCW?= =?us-ascii?Q?McAYj2wgcp4c8yvuXrFpsOgRi6pmPFHbHgqH7YhLjtfYC+noEnOxyo8KYz1L?= =?us-ascii?Q?pZcUJZQmt35EzRrtxXtmhruIfG9tz1bpWR4Yd4DbQ4sxtLcIJSC69t4qZxlt?= =?us-ascii?Q?EahUt+9VXs1TQo0R7Ih7H+UsEhoIDTt8zRacKjPrXYLJhu8UQc2jBwEOi/8k?= =?us-ascii?Q?forqOwYjnL/lNl3mcLv2UhQi1x5CZyV/92uPRQyyb8eKNkee53AkYE9KjnUp?= =?us-ascii?Q?kcRD6MiYghBN3XEL0BxLFS3HBAGy7XP7GNVUMDCncLlkfUYfE0I/NHIsye2k?= =?us-ascii?Q?QcqImiORr6prUhGxWSuS35VscJVZbngyGP+ZBkheZpqD6xsAX5/uxu+hKWgq?= =?us-ascii?Q?5KjTKirptgEGYsgVyw539sAQEPaJcusoTLmVYg6pcHBUa0G0A+04gEmXe9kd?= =?us-ascii?Q?Yarvz6ivPfmOhROlF3N6uWvmPOEdSLtYjPKBHn5lXeKwcOk9zho2xr7jjhwM?= =?us-ascii?Q?7Me4RH/cdKM//vn4tGKFdU0rdg/djaPS?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?bfaoyuCYtgWpSlxPXbRZg+j7lTPcH080/RjbGysj94xtbdJLQwnP0rh+2ucK?= =?us-ascii?Q?ene0oNJwfnpE/brwDYMHnscFrHGA7+sBzTHHNWPD42PRRF/eUq06s5ZC4NSo?= =?us-ascii?Q?gYWJQux7rak3XcQM4q5hPXfa55riSSlnJsZIwvvsb0c1WCJZBb9nRg/L9nCU?= =?us-ascii?Q?Fl7Q+wygrvnYFLtSkVe2C94HrZo+bR5JY1hHyDu0c8SGvv/bnOf6PXlpopHH?= =?us-ascii?Q?tL1JHPIgLTFYln9dtIYefZkCf0Z1//FrqzLvgmA7Xvj7hPB3ypQVzEUQ0cEu?= =?us-ascii?Q?2LK1wG0CkTUtOI+e/EfUAZj4J1FsPcddtfwg0sGs/l2B4wXIUNdYkhnYvNEy?= =?us-ascii?Q?gJQzV53EJmBwtt02e+1ge2Qvv3LxmHmLP5lHZvcPjqB4XqTX5udulqzjdnWr?= =?us-ascii?Q?2kg7GmHOW9a++Ie1G04qKTpw3uvPsEqsQnZdrPcM/6YCIg5EbvhesELtn4Hg?= =?us-ascii?Q?zK9o2ZZ8y2GXQWqxkEcuU+TmATxxqBiKfAG/qMmdBa4JBOjOeGP0AbeEDUxC?= =?us-ascii?Q?ZDF+GaxbPJhfBwuXVEeX+GxF05UZEvlI1Tff25B+WmWO7gLULrQDMH+CiNab?= =?us-ascii?Q?jrj8vksO6bHqP545H+XZk/TS/gpKEqM0XrywXMxlLAQIOx6ZFcYj9VaCZi6R?= =?us-ascii?Q?Hxnq7alzN85+9CI6+h7O8r13G6vTMdP+7hx7UQ59D32UbsjIhuPomEx+WDnw?= =?us-ascii?Q?Xi2XtNh++rYqLNv2YoaloC0RQWQwhg2fwdWJoofGtuRV8SFq5k0vNT3QgUdO?= =?us-ascii?Q?dtg3KFtNvTwvyZ1M2w1gpudRegEHnNG3/5E7VSxJYSRkRrCFzueq+6SloWaE?= =?us-ascii?Q?XFfzRrxssTOZh4KxRfQfMEayXmnCQ0NfxO51IXQUNKlBi+iCFDT6Ow7B2alC?= =?us-ascii?Q?Ju8xHObG98u0engnnJNK+cMoPzmWFp7fw9xpOEApw17b6dbrbJ3+RlFIvai5?= =?us-ascii?Q?zvRMkSyv3FAyL8MW/BVJuvNa8K/Qcl23pN2pv7JNIJToQDO57Kj88hdceyaa?= =?us-ascii?Q?OF/iqrk9CtjMv5u73X2EOVw8wk/PjEQm42O2FpH2YJTSZOayzh5M8Un64xzT?= =?us-ascii?Q?JWeRV0fjbNcYsSUwUyAY3R0X1CYGjH3Z5V8z4ATNrBGCSKKAZvdBGFYSMgm9?= =?us-ascii?Q?zRwesQHdpgGQ2fLk+8PHBTCEVQ02guASxAGPf26G0vrtB994IKmbLb5Ggpks?= =?us-ascii?Q?TYkv9bE2NYusFkpJXifqWGhDp/1VIWj0V/862ZwufhBprQ+xt0b44G8kcBcC?= =?us-ascii?Q?oD2yOfdT+DW5uqBXnD7QcifS7P3G8ZWyvbyX0DXp1FJRVlN07zO1lP2OVE4/?= =?us-ascii?Q?nRWev6bdLsL2YAyAQZb7Ikpb+u2vuMch0nCuml2nOb8e41peG9H8YJ01/7+T?= =?us-ascii?Q?8Ud07qLUj9CymIGh8Hp055RyKdF58nNWxH++MUWPB6FH/bkgNxjneY/ro0mD?= =?us-ascii?Q?gr11nTNHR87YWGOR0kjwkVfB3cwgFd01Xj4LIHFQ1M/IMxq4JDeFz4/wAOD5?= =?us-ascii?Q?IsVT//AwARFhbDqvJCa3H6w1jm9L4SHQLbguxXXLr5pUbJKX2uQEI39ZQ0r1?= =?us-ascii?Q?sM9EAs+mYdYyo8EkfQliP9adwTZLppRW2F5gY+obN93dD6okLFCix1N/R8pi?= =?us-ascii?Q?8Q=3D=3D?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 50e2db65-01fd-4b92-9966-08de1181330f X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Oct 2025 15:39:34.1441 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 1pfFCeGtiamx6XkZHx41dJ4wfQRFS9Mzg9DxXmtdqDmR8PsCqPbdyzJ9xpflkF5osbTc4dYdbgNBXO3652jBmultMmRdXLfhIXdggJ/jEeI= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PRAPR10MB5178 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b="k/l21Fzo"; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: 9IZ4/BHs9SLB This patchset adds proper SBOM generation in the two standard formats SPDX and CycloneDX during the rootfs generation process. The generation is itself is handled by a SBOM generator `debsbom` [1] which is developed as an open source project at Siemens. It is still early in development, but it has enough features for what we require in isar. The required dependencies which are not yet available as Debian packages were minimally packaged directly in isar too. This is a followup of the previous RFC [2]. Since then the series has changed a lot. The SBOM generation was moved from a simple OE lib to `debsbom`. This also meant the introduction of a separate chroot was necessary. The SBOM generation process was also moved from the image step to the rootfs step, along with a lot of minor changes and improvements. [1] https://github.com/siemens/debsbom [2] https://groups.google.com/g/isar-users/c/8L-CF4BJY0I/m/p0N3o_zfAAAJ Changes since v2: - fix issues when HOST_ARCH != DISTRO_ARCH on derived distributions - update debsbom to v0.3.0, which fixes the Origin: bug reported in v2 - generate SBOM for imager as well and create merged sbom of .wic image - resend imager manifest + wic manifest patches to reduce conflicts Note, that the patches p1-p5 are most important as they add basic SBOM support. The remaining patches address the imager + .wic bom part, which also can be merged later on. Changes since v1: - remove tarball - refactor packaging (auto-derive python dependencies) - only build missing packages (varies on bookworm, trixie, noble) - add ubuntu support - only generate sboms for supported distributions (bookworm/jammy and onwards) - update debsbom (includes bug fixes and more information for source packages) Christoph Steiger (3): meta: package python libraries for SBOM generation meta: package python3-debsbom meta: add SBOM generation with debsbom Felix Moessbauer (7): refactor: move get_rootfs_distro from sdk into rootfs override distro vendor in SBOM on Ubuntu add support to add imager dependencies to BOM wic: create uniform manifest describing all image components qemuamd64: add IMAGER_BOM entries imager: create SBOM of IMAGER_BOM packages wic: create uniform SBOM describing all image components doc/user_manual.md | 1 + meta-isar/conf/distro/ubuntu-common.inc | 2 + meta-isar/conf/machine/qemuamd64.conf | 1 + meta/classes/image-tools-extension.bbclass | 29 +++++++++ meta/classes/image.bbclass | 14 +++- meta/classes/imagetypes_wic.bbclass | 30 +++++++++ meta/classes/initramfs.bbclass | 3 +- meta/classes/rootfs.bbclass | 16 ++++- meta/classes/sbom.bbclass | 64 +++++++++++++++++++ meta/classes/sdk.bbclass | 10 +-- .../sbom-chroot/sbom-chroot.bb | 30 +++++++++ .../python3-beartype/files/rules | 8 +++ .../python3-beartype_0.19.0.bb | 29 +++++++++ .../files/pybuild.testfiles | 1 + .../python3-cyclonedx-lib/files/rules | 8 +++ .../python3-cyclonedx-lib_9.1.0.bb | 48 ++++++++++++++ ...icense-description-in-pyproject.toml.patch | 28 ++++++++ .../python3-debsbom/files/rules | 8 +++ .../python3-debsbom/python3-debsbom_0.3.0.bb | 45 +++++++++++++ .../python3-packageurl/files/rules | 8 +++ .../python3-packageurl_0.16.0.bb | 33 ++++++++++ .../python3-py-serializable/files/rules | 8 +++ .../python3-py-serializable_2.0.0.bb | 38 +++++++++++ .../python3-spdx-tools/files/rules | 25 ++++++++ .../python3-spdx-tools_0.8.3.bb | 46 +++++++++++++ 25 files changed, 521 insertions(+), 12 deletions(-) create mode 100644 meta/classes/sbom.bbclass create mode 100644 meta/recipes-devtools/sbom-chroot/sbom-chroot.bb create mode 100644 meta/recipes-support/python3-beartype/files/rules create mode 100644 meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb create mode 100644 meta/recipes-support/python3-cyclonedx-lib/files/pybuild.testfiles create mode 100644 meta/recipes-support/python3-cyclonedx-lib/files/rules create mode 100644 meta/recipes-support/python3-cyclonedx-lib/python3-cyclonedx-lib_9.1.0.bb create mode 100644 meta/recipes-support/python3-debsbom/files/0001-Use-old-license-description-in-pyproject.toml.patch create mode 100644 meta/recipes-support/python3-debsbom/files/rules create mode 100644 meta/recipes-support/python3-debsbom/python3-debsbom_0.3.0.bb create mode 100644 meta/recipes-support/python3-packageurl/files/rules create mode 100644 meta/recipes-support/python3-packageurl/python3-packageurl_0.16.0.bb create mode 100644 meta/recipes-support/python3-py-serializable/files/rules create mode 100644 meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb create mode 100644 meta/recipes-support/python3-spdx-tools/files/rules create mode 100644 meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb -- 2.51.0 -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/20251022153921.2494749-1-felix.moessbauer%40siemens.com.