From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 17 Nov 2025 14:25:01 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-qt1-f188.google.com (mail-qt1-f188.google.com [209.85.160.188]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 5AHDOx0A024971 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 17 Nov 2025 14:25:00 +0100 Received: by mail-qt1-f188.google.com with SMTP id d75a77b69052e-4ed74ab4172sf130456121cf.1 for ; Mon, 17 Nov 2025 05:25:00 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1763385893; cv=pass; d=google.com; s=arc-20240605; b=MZr0s0S08c1nZOYB1RE8hAhvVpU0+sg94ggg0fI0pG1goY4CKXu/2Xp+mTQys9W7q4 v/RutVnCGTBNfAlW96Z7+T29q6WEunjcY7bjdZBdXyOjuDBFalTMpRRMXGe5oVJTQ36V g2UKa3x5fkwHaxFLr6T7/BMqDXSJhd4Lk9kOhrEjOaPjB/qOU5LluZ1ccmbZwvjlkrZV bXy7RAxkqxgbbEvvxU3Iyg0vCR/yz2uUYGZg516ARmFM8EAT38tgbWaWBe552TPO26MF YXXpTddcj91lQpESet4XYUxLlo2NiVJ9Okhfq0bk2XPz5JxNdmkW1Oad6YYS1eCategn LvZw== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:message-id :date:subject:cc:to:from:dkim-signature; bh=r1YANeSGQT/CU+pto261KNA8CObmA/D+Ty9zkt/IjoI=; fh=ITxA1LF3IDudGgHv95RJMUZuGVLldVc9H2uWzWCm1ts=; b=XiodFiXTjDLWnnCdbzknqfDfqBAO40npqjoRNeahVVrQr3NGPjQCFwZMlvMPDMvBbd Igz2t3Wud/vIESRDjg5TuNzdANC9q5HLT1qZ7GnnBvi/ayzIrnjL98Rb7wqL6ZEUayHH zR7+1NXDXtFlQlOk7RlFxAp72sKHNnVmDNWZjVv3UF948kyxWFYKGlQzfpwGdvJEV5Mr 0pupTxBtE8MWMDoAoE3PnW7Cn6C7V1lwYCv5B32M83Tlb4NP6ck+8SoJ5281pmV3IBY+ TTdksvPntqin/mZgIk2s3Vdr7c5a7WR9fw/0LHV3PqP5EbidwYAfXTK4SxVMk2M2RXOT 2CBA==; darn=ilbers.de ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=rgXRvczL; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1763385893; x=1763990693; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=r1YANeSGQT/CU+pto261KNA8CObmA/D+Ty9zkt/IjoI=; b=PucQ1QwA67HJUb4KP+jQblgDaYwmb1OoE6qO+zNzRNup55mP36kCuvp5dFzpnPUiKc 6dujP2CkLxy2HtUZ6Bwlqbl1576kEeNJE/rUaEwFSADfP/RCeUbdEArChBEscsANHPkk rCeFhediWcsYdx8iqe/DJMqLPAnouQ7t0jXPybLunxHOazvp4QPNaD8j60s7C+/o5GU8 va3Df3sxFE3CNYuV1myO2SOlv6/jgpBwmcUNfynF7n2kYmTY4qdlk5qYdnGkPJsSvlmg N+cTkWzSbgBnJ4cO+g+WcDjvSpGIUysnlpprugFnK1yqlepnH/FOG7u1K4y5bopN6Qm7 iPwA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763385893; x=1763990693; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :message-id:date:subject:cc:to:from:x-beenthere:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=r1YANeSGQT/CU+pto261KNA8CObmA/D+Ty9zkt/IjoI=; b=LsJadVirUnc6LVY+MmIq+xe5mtRkahJ+6hZdNoCvS+BHanjBpL1GwAQDn8Aq2XRtr8 EZhC7sn2K02Lg7JwjTfxTmM2TJ+yI64kOjxEjUuOuPiyM2AY+coV+Qoo1krMu8v7HxDr 8EnW/eOMJOGAf/sjvKV0o/6ydXu6NP7N47UTT1aeLxna1pU2FtKbLITM2fKIM0KwfgVp 6gj+DWtLVmH8bzT4RUlNdz9Xq3L14ZAA0tFepgRNET/hgCmrw5nISUi4sSfUfF0oy++p 4WqInLiznVhYD7GPFts66Fwu5COoZbNdcJTj/nsatxVEBzJzW3S0UDFoyN4NBOdR4VVH eG+g== X-Forwarded-Encrypted: i=3; AJvYcCWK/wOg1rRxSQXSJtkz60ls0/D/cNL/QlKsMibEGBAu5M1Yv9VtVt+5/41s54YbwCE1e3OX@ilbers.de X-Gm-Message-State: AOJu0YzZCadlXXoK/yOLyS/Bw4zqlVTDIBSgvW8VeyhmvFiOcSkflMAb DXYZJ48qh3y0tzR7y6Oz2kwcG0a6dzVEd0YNX72yZEehHz/foBRaOlcF X-Google-Smtp-Source: AGHT+IF4m5oSaNOVeswvX7Bcf6oQnLxbtF1ATbwpDIxz4TFByHlMEsPqDN6fGreG++ublAEt/mqPPw== X-Received: by 2002:ac8:5913:0:b0:4e8:a359:b798 with SMTP id d75a77b69052e-4edf210ea1emr164187421cf.67.1763385892778; Mon, 17 Nov 2025 05:24:52 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="Ae8XA+bNyKu1raeBGwA8MN/lGuFHMttD1QySqjdh36UCvsVHrA==" Received: by 2002:a05:6214:403:b0:779:d180:7e3f with SMTP id 6a1803df08f44-88281ad3224ls79883506d6.1.-pod-prod-01-us; Mon, 17 Nov 2025 05:24:50 -0800 (PST) X-Received: by 2002:a05:6122:219f:b0:556:92b0:510a with SMTP id 71dfb90a1353d-55b1beb785amr3286730e0c.14.1763385890406; Mon, 17 Nov 2025 05:24:50 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1763385890; cv=pass; d=google.com; s=arc-20240605; b=FJBLEqg1CbQ+aBD9O+980489qHzUiU8Yza6dUYvsve2KKJuOP3qxcPzui7tR3VEHCX hqz+rLKweVnlGBNU+Kwy2VeWz5zmHyVOJ2RFDyjjqSDtd4xqGuWBLGsUS+L92b4GW6hm 743+skhHvXKYc+m1dk2EUZ/uH8RbijeCQdUq+dRe+PXrhEQuItlSF+veYGwFlWQ5/Lw9 IxmX0LwlOTQXyONJvI3o01tKWbFNFmWhyZt/sCAy5RP7gAQs1OLOiLWRF15X7LLWX5cL g3cesbJjhy7gXjFMg7le5AHUyL88dURIMaDEF8Gknf5Ns6qA9PMptU3vci/71NxMAhBS d90Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:message-id:date:subject:cc :to:from:dkim-signature; bh=kHpARj2PuhilKzNjLcbr7sfjoJ2NL6w3pcO4J+V1cWQ=; fh=U8bm4dTYQmv4LpgB7HlcKSsNa947JBNKOeDeOLKSao8=; b=Nke7qyx1d/kFwDZG00sdSmHP8HpnSomOcwts6BXPyuoSw3AKGKiqmgeyM3a8JQrObo AlygeqAmMNzx39wR3bCfYNXpT4W3vyshmkO3OoN2+PWrj720AvICPqP2pAGSeqCL3vzt OqJ6kfqx5E/eJKCtM+zVLZ0wx0gMhmrgWPOmodp+cZuhymkXIoR315ziEGRi3/72G109 ms9GGr/zwce68bJBlgUGJTqtYOppugTh2Ui4kDZSLQrrYF2P8f1Zz61I3s80nv/eF1Bg m0lrpLoxoPaJtXHM33xYmIFENDO7ndCFKkhKLMU2FxzEndnAQDdBDPhUKKGW26pURB5s 5gTQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=rgXRvczL; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from MRWPR03CU001.outbound.protection.outlook.com (mail-francesouthazlp170110003.outbound.protection.outlook.com. [2a01:111:f403:c207::3]) by gmr-mx.google.com with ESMTPS id 71dfb90a1353d-55b0f8ec887si629239e0c.3.2025.11.17.05.24.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 17 Nov 2025 05:24:50 -0800 (PST) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) client-ip=2a01:111:f403:c207::3; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=lN1HL8zcbELmdbM7231JOi92fH4ixahS7PqJ99SzpurmlLFdvseAVgP2TFfbDRbzM2UtJfSr/wA0hqPCmXax2z2Sin+6t/tgyKlymuj/vtM8EQB/dQaSmYgWvajP+iRdcqWT7Dcta7PH0jPEZ4BmG4rIjmi5oPbMhpA5NxRjXwRS64aYNPik9gEvipt8oRMN6SkJ6yZGKQZBWGIDlr+xdEKMKuMMwEmD2JID0k0H3NU/bKy11XYqk5G0Irotjq3kWMcFRlboyn5a2GgToDzQeggRY0e07OmgotZZ6Q3Fo9+nX9PE9DZ2Uanwhh3274hLAE8lWw4iwAGpFXYzbyZnkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kHpARj2PuhilKzNjLcbr7sfjoJ2NL6w3pcO4J+V1cWQ=; b=Mk46t04uoCH8355/+pfQjLveuqIyIE48KbqcubsvvB1mLDXN+lkUKJZR7FeUVBfMpLK2I65KCIxD1IfDp6U94LrgyUgEVUJEtVmEPmKVtPMuJlpQCpJjv0Bog4Jp8/DFe7PkwZB64nuyjoTwc8Z4GeY4IsKXm3ktrv1oo82Sw1xYcIIAMJ2g/EetDDuMphwNo5Hpt3TP4H8sPzrUvGf+7aQmGnF6koi7xyE80jvUU75WoKuB+a61cFlW2jmKzLhl9ZbLnauZhWLO59VEZ+bzELTvOnxXr9UMsOPVtEctgHIxAWYc4V0yPGVVYKIGr0s8j+vbUEp49sqQg2GBhUyHIw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by PAWPR10MB8044.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:383::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9320.21; Mon, 17 Nov 2025 13:24:46 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::8198:b4e0:8d12:3dfe]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::8198:b4e0:8d12:3dfe%4]) with mapi id 15.20.9320.021; Mon, 17 Nov 2025 13:24:46 +0000 From: "'Felix Moessbauer' via isar-users" To: isar-users@googlegroups.com Cc: christoph.steiger@siemens.com, cedric.hombourger@siemens.com, jan.kiszka@siemens.com, Felix Moessbauer Subject: [PATCH v4 00/10] Add SBOM generation with debsbom Date: Mon, 17 Nov 2025 14:24:26 +0100 Message-ID: <20251117132436.511686-1-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 Content-Type: text/plain; charset="UTF-8" X-ClientProxiedBy: FR5P281CA0026.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:f1::11) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|PAWPR10MB8044:EE_ X-MS-Office365-Filtering-Correlation-Id: 555f396d-6ba7-470b-0872-08de25dcad51 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|1800799024|376014; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?wKaDBxHDS39rNr+ggflPCBRkGGZwSfJLR6eB5suT8hX2L6DDJHY0GiM2QecY?= =?us-ascii?Q?sGVhvTplC9W1CDhUSFVZMn4tfh6Xwg4nAI1hT5UnQ95uzuGw/wwIra+EJ/Uk?= =?us-ascii?Q?650/9VySM4kHRfBQrU0P9p+okFneayY+Vltc5k2V7KhjAmJI7fREvsmb9ybL?= =?us-ascii?Q?2BYnLGNWpR15yBIajzP/EirzO7b9BBzeN59Do9pKH5ZSxzyg0ETxQiVd4Se8?= =?us-ascii?Q?7jldL33MBmB9tplmvDrCHpsEupq562u4SQcgTAyKXHZbdM8QbHzDr00K0YkI?= =?us-ascii?Q?pkxo29w8bVgFOWVRTZqutFTRhE6mLwvRLNk6mgZIZSdWcA+xlRxmgf5cjNFL?= =?us-ascii?Q?mLeGkdTuaKFYMmbw1422DbLyyPxX0veoPEEo1k3NTl/pwU6uyoTlFkTLYsgI?= =?us-ascii?Q?Ad4fI3gUEM5GvPlTNygLi9aUhg9u2GiaRPStwieUIlicZe82YEDUbdFjY9sJ?= =?us-ascii?Q?SFs82UyA9MNK/eR8T4hCAPtOYTyBcNdqGKvBcqZoMgxqWH0iZReoSXzk7Q7W?= =?us-ascii?Q?YjZ7FuQFPPemtjPpL2qgMzGiRB2cSn4L/i+XsnyMvuXF3vEYmIbKwQIyNawh?= =?us-ascii?Q?o0G3DO6l9UuCxG2vVftNjBlD5srd53d9zvcb1620eNthaiOm00DoRAWBExCW?= =?us-ascii?Q?mHoKuRj+EpOhE377sVBO9H9s/PXYZnelzfclXbl6i2Z5ADWdTuRXvUux8pTe?= =?us-ascii?Q?N9/v3wmne0LINFa+p09JBiVviqIzKrbWEs+nqY0ckeb3veurQtd6aZcwvOCz?= =?us-ascii?Q?qB0p0nzlHmalBbeCWIvZrKLgoy8xXvnz17nulQqjwLgg5NdohI8Bdwkze8m0?= =?us-ascii?Q?SsxzqeK/Ai7KvNIQCl5g0zOGlzXT1DJEDs5wJBGkA7QdThsSdoUBp/loznJg?= =?us-ascii?Q?A7gF4bXLfkKjcOtiot8hOK4uVF8I57Q0uvmR1J/984na10vyzlpHhwKIUevm?= =?us-ascii?Q?Y3/jG/TneAX7qwnkgYqE9Mtb7k3rSLG3HDcPfzp8g3dlPPgeM5AEZc5pyOAz?= =?us-ascii?Q?AYvzTk4HitN2SK/HnKWhU6xcbEbz8QqV2JgS05CmBFWwgzIC5wJ7hQTLw/oD?= =?us-ascii?Q?jXiO5awu6r1Uc5WofhbvnwzjGPE0/HXSQIWox4LK40Aok0rVWR6Lf41te3hO?= =?us-ascii?Q?5pDq32jidwWHQ3TgCBFQSkVSnJ3VPlhocsAE6xyrvn8enp4EaRXS/IyDcP/8?= =?us-ascii?Q?G4f9dUQjPgASNJgDVpQ4oy7mw0894gggqyxRzkjy06h9UCSZHQ4TAcEBLOip?= =?us-ascii?Q?Xp0zBt2la4Mpoc+5xYxX2b6Qcl04+NT/3l2HuW8kd3aWejanoz1obnw1ToZR?= =?us-ascii?Q?tKp9pNBcQwkgOHOipsvxaHIQJOtQhkpzgZk7z6XPFPPv/iOtKyoCqR5XNps5?= =?us-ascii?Q?tbdkKTSdSDEDprGg1gQhTmnGAuex2iQXAaJsA55OkN0ClPOdGlP5eBQcvE55?= =?us-ascii?Q?VmKK3gQ+lWI3jNk3kYpu6jEPbl6qAyR2?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(376014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?N08ynFUwx8P/NdwnOAWNTnSoksvsDxOeUvwXRmR3cC2GcjSUZM3D1CyXIze0?= =?us-ascii?Q?9umN0U9EsODQ7qcAD0PUidOaCE0sA6HDhe6nisRMwkZR/HvmiUP1fpkiOiKL?= =?us-ascii?Q?k1k2QiUYS8zWDA6pk//NRwvEeuSXdPTxVkpec7Ac83f1edQTYLVwnZh3kkCr?= =?us-ascii?Q?SkgOyKdgElhtuDDAQiEsFmiMO5otw+TgFdwuy9f/6alZp9Oin5OKnWnTQI2b?= =?us-ascii?Q?zC4AuKK2sqopQDowdl1ReMe4BYdRnkZrvw4k+5qXuobu9cHi0aVsvXYLB+YF?= =?us-ascii?Q?CQuz3wL1NdpSUhyK/i2KLU304oQp5te1jU5+CvAP+YyDvwx4bKROzHQq5A2t?= =?us-ascii?Q?35qe6Jql4Ilco2HYSOm+/399XXCiOs0eH9CeuFls4/iz6w3bfjzq2Z/uZ1dy?= =?us-ascii?Q?Eo9C/1C3gLw07vXvv5EiJDVVpB0tWXt8EBJuwtrpq0U45in9raYQcV5n/KqA?= =?us-ascii?Q?uk4YdFvhAwAldmyxTc3u8mbNvMzi1QtwrkESEwksypwlJgzcB9GwY93R2arN?= =?us-ascii?Q?AXDg0xASpCw6wRIyj2yp/XwH2PEzs7q8JjgaMitf94Deqmb4Y9JKXuML6/OU?= =?us-ascii?Q?N/fcp4dI8vt9J7ORKq4wwydmS9MSEzEMw2L99g+7exEs4a3Rj2iRmb1ib+SH?= =?us-ascii?Q?2Gz4kN539XN4PhjOodc8u2AEZKK+XD7gmg+pcaCHTeedhT9kvO0JnfJX3jdH?= =?us-ascii?Q?H9egMHkZjillHKocm8ByZJVqp4bWIhn5rhXtIf5MFjkuoYbl0cmoTy7gB7+J?= =?us-ascii?Q?bO9bV9RoC7ziURwu/yx2w8xz4woga6ufJvND/Mfvql303t1B6wqG94rk3OQK?= =?us-ascii?Q?gkt0sRAgJiBAiKauDgsZqaLs+jfGW/cXGFNR3ayI3i1BvVAX//P6PZJqiUKp?= =?us-ascii?Q?/3TKDn9OJGoJXbc4SaNAwDtpyCUlGUwepIxNLSv2lN5nF2V3cfIpzdVxjOba?= =?us-ascii?Q?dIN+kkIxtaqCYMaZybZ9TckwIV+6KnEoRWYOZiW31fSmuXzmHZ5lRqxrKLT8?= =?us-ascii?Q?updHBWpjp0q3kzkgn5PuOhOCHlRlt1ZNfOx66EA/IYpCqOKSV8fsxDBfvZC8?= =?us-ascii?Q?M1H6w1aNLwTB8nUYNsA/aylwqr8KD2nRjjuxUz5FYSGzaupwaRFWi5u2b3V4?= =?us-ascii?Q?HHfisvU3ntelMJ9huidXMSF4CaewSWkHuT67/H+8FEAJtAWjW3Ji4N5U59PM?= =?us-ascii?Q?A4hjgNRLROZl11lK6nIZhyP9MxjnQTqYsqmdjWDKKyaxC6nicDJvN8zgzbb7?= =?us-ascii?Q?e4d7T7VhU9yhSbSUIVrfOYJHrfViAvdKltKcAcm3mPK6S2oSd2UCZe/qNOPD?= =?us-ascii?Q?yUa/Gpgy0v3za6AK+Jc00ZSfd6Ux9fPUkDAacSv0eVypXW039gA2YGFuHnIF?= =?us-ascii?Q?vB9FesNQtpYtHYOIO2xiCpSBduI/kqgmgkVckIECILlsb7xnLRC8ddoId344?= =?us-ascii?Q?GQt66m47uhfLKKm8Xe5WZ6HVI4n4vX7l39ZBN1Fjr+ZJwKDtMTMQlFqpl6EL?= =?us-ascii?Q?dJ8sCB1BYcEQdMeA/moI04n6etjKPLOlyKuVYPR5ScjAkYE/z8n3wuhubQ5Y?= =?us-ascii?Q?T5ixBxZY4Bws3BnaUGzNPeoVfqb+9KVfKEM/y+kaLDD9WR4Q7tqtkv1rZ0BS?= =?us-ascii?Q?TQ=3D=3D?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 555f396d-6ba7-470b-0872-08de25dcad51 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Nov 2025 13:24:46.6013 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 8n3TVN+CAt3WKiHxMmvIQJdxT4Lib2EFQwBmwmEd7U3076KglzHH41hTXCVWp8r2dVZ8OYARhP3HHOo+ZoZNC4uhxBikSQVlztTVRthryxc= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAWPR10MB8044 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=rgXRvczL; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c207::3 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: fwlTAHL9qpnh This patchset adds proper SBOM generation in the two standard formats SPDX and CycloneDX during the rootfs generation process. The generation is itself is handled by a SBOM generator `debsbom` [1] which is developed as an open source project at Siemens. It is still early in development, but it has enough features for what we require in isar. The required dependencies which are not yet available as Debian packages were minimally packaged directly in isar too. This is a followup of the previous RFC [2]. Since then the series has changed a lot. The SBOM generation was moved from a simple OE lib to `debsbom`. This also meant the introduction of a separate chroot was necessary. The SBOM generation process was also moved from the image step to the rootfs step, along with a lot of minor changes and improvements. [1] https://github.com/siemens/debsbom [2] https://groups.google.com/g/isar-users/c/8L-CF4BJY0I/m/p0N3o_zfAAAJ Changes since v3: - fix issue on external bullseye initramfs (we now disable sbom generation on all unsupported distros rootfs instances) - update debsbom to v0.4.0 - rebased onto next Changes since v2: - fix issues when HOST_ARCH != DISTRO_ARCH on derived distributions - update debsbom to v0.3.0, which fixes the Origin: bug reported in v2 - generate SBOM for imager as well and create merged sbom of .wic image - resend imager manifest + wic manifest patches to reduce conflicts Note, that the patches p1-p5 are most important as they add basic SBOM support. The remaining patches address the imager + .wic bom part, which also can be merged later on. Changes since v1: - remove tarball - refactor packaging (auto-derive python dependencies) - only build missing packages (varies on bookworm, trixie, noble) - add ubuntu support - only generate sboms for supported distributions (bookworm/jammy and onwards) - update debsbom (includes bug fixes and more information for source packages) Christoph Steiger (3): meta: package python libraries for SBOM generation meta: package python3-debsbom meta: add SBOM generation with debsbom Felix Moessbauer (7): refactor: move get_rootfs_distro from sdk into rootfs override distro vendor in SBOM on Ubuntu add support to add imager dependencies to BOM wic: create uniform manifest describing all image components qemuamd64: add IMAGER_BOM entries imager: create SBOM of IMAGER_BOM packages wic: create uniform SBOM describing all image components doc/user_manual.md | 1 + meta-isar/conf/distro/ubuntu-common.inc | 2 + meta-isar/conf/machine/qemuamd64.conf | 1 + meta/classes/image-tools-extension.bbclass | 29 +++++++++ meta/classes/image.bbclass | 7 ++ meta/classes/imagetypes_wic.bbclass | 30 +++++++++ meta/classes/initramfs.bbclass | 3 +- meta/classes/rootfs.bbclass | 23 ++++++- meta/classes/sbom.bbclass | 64 +++++++++++++++++++ meta/classes/sdk.bbclass | 10 +-- .../sbom-chroot/sbom-chroot.bb | 30 +++++++++ .../python3-beartype/files/rules | 8 +++ .../python3-beartype_0.19.0.bb | 29 +++++++++ .../files/pybuild.testfiles | 1 + .../python3-cyclonedx-lib/files/rules | 8 +++ .../python3-cyclonedx-lib_9.1.0.bb | 48 ++++++++++++++ ...icense-description-in-pyproject.toml.patch | 28 ++++++++ .../python3-debsbom/files/rules | 8 +++ .../python3-debsbom/python3-debsbom_0.4.0.bb | 45 +++++++++++++ .../python3-packageurl/files/rules | 8 +++ .../python3-packageurl_0.16.0.bb | 33 ++++++++++ .../python3-py-serializable/files/rules | 8 +++ .../python3-py-serializable_2.0.0.bb | 38 +++++++++++ .../python3-spdx-tools/files/rules | 25 ++++++++ .../python3-spdx-tools_0.8.3.bb | 46 +++++++++++++ 25 files changed, 522 insertions(+), 11 deletions(-) create mode 100644 meta/classes/sbom.bbclass create mode 100644 meta/recipes-devtools/sbom-chroot/sbom-chroot.bb create mode 100644 meta/recipes-support/python3-beartype/files/rules create mode 100644 meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb create mode 100644 meta/recipes-support/python3-cyclonedx-lib/files/pybuild.testfiles create mode 100644 meta/recipes-support/python3-cyclonedx-lib/files/rules create mode 100644 meta/recipes-support/python3-cyclonedx-lib/python3-cyclonedx-lib_9.1.0.bb create mode 100644 meta/recipes-support/python3-debsbom/files/0001-Use-old-license-description-in-pyproject.toml.patch create mode 100644 meta/recipes-support/python3-debsbom/files/rules create mode 100644 meta/recipes-support/python3-debsbom/python3-debsbom_0.4.0.bb create mode 100644 meta/recipes-support/python3-packageurl/files/rules create mode 100644 meta/recipes-support/python3-packageurl/python3-packageurl_0.16.0.bb create mode 100644 meta/recipes-support/python3-py-serializable/files/rules create mode 100644 meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb create mode 100644 meta/recipes-support/python3-spdx-tools/files/rules create mode 100644 meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb -- 2.51.0 -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/20251117132436.511686-1-felix.moessbauer%40siemens.com.