From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Mon, 24 Nov 2025 12:47:11 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-ej1-f64.google.com (mail-ej1-f64.google.com [209.85.218.64]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 5AOBlAaR030382 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 24 Nov 2025 12:47:10 +0100 Received: by mail-ej1-f64.google.com with SMTP id a640c23a62f3a-b72e06680d4sf200766866b.2 for ; Mon, 24 Nov 2025 03:47:10 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1763984820; cv=pass; d=google.com; s=arc-20240605; b=Z1jdCx7q0nOyK7NpNGIbCgAhu1IwpvyYqlqHxiF0I4g9Ph+QqQ2rigpgu+dpIgNiFI ziAT54xuw+wqpA5fwwJIeypigPckUyLqZtCt6x+8PlLY1ItqbOp5fHUV2dWvVtPUAzEi nB1xjOCPM0RM0hmiqbyhxN3NFyt0LbffeYmKYTpbMsat594TGvjxYqKd88p8JHgU1sEN MJhb88hYU8NdCTS6KAUh+DngCbXyQwSYqQGilKpDxvv3IvK/XGmd2B/dvAfhVh8kSJgM wPpjsV686zV9OtUYEhWIbMiXKF5AC8QVGZao359M13Q5p6msc73XhXjED719bsuqhCOw u5aw== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:message-id :date:subject:cc:to:from:dkim-signature; bh=dEgfpbx7tBQVZrrBWK2yGYVOAtUwvLjWbRhDSV5Ei+4=; fh=nvDJbWxFWWoFJCcbbE7g6Hs+oFWBy+WL9zUErpkMINs=; b=LdLEP3xCGzkTdJ2zfU0ibBp3zagH8F0V9DUQvPSfY31AxBbeljyVEtwCQFsq0hLxXF NLlIupK872evhekOSsP2ONoLJwvno71D4oCorrurIm4dC3r3ikKVr0lvjocJNuIwkgP0 ec5TwsucCeGEmC5xTlgSMtAryq0f5RcXKs8c8zR/5ItSc4ZK9ZP2VBtviU2pXDQq+dx1 S+zyEVtmNO5+/LQtiAY9NWog3SP7bcJnzfhavx7BXMz8sW/w2+UUwVY3nwMT5Hj/1uCl +zBtUgEGSg8ZvkCY5oyjnTV9xdMftIhRjDmBCA4XPCF2mu0A7HyH4Di0VU4Q5q3sW72Y DcPA==; darn=ilbers.de ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=mYZuNY1g; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1763984819; x=1764589619; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=dEgfpbx7tBQVZrrBWK2yGYVOAtUwvLjWbRhDSV5Ei+4=; b=fMIBR8+lN476I+u1gdwZOoaX9gDz2MW2wkYfnQvcyuKvUMPZQb6p2V6mIbTrXaRrzc 6oJ4gL/r6ZYtAkJfkCH1RriWvrR2AU+d4xsaJrsP/NiB+bKGVNGfuuwVHN3yXATui47x PZWbagxXAMzbg7a/W0yuOZxVGWt5Cw+TbO2iaNvw2MKalwz00z8yseMBr9fNHow1/4A2 NTdN5QUSJAAOexiLQg2P8bOpXyN3mNnxxaMcmfRxbQrOVRO6Y5YA7JD6vcvVPiU1CxTi naNGI30i1jR7uMZiMk6630ZY0ObMCxHNdBRON2gqtrPUhnGB8zjZqa9zLew0ZL0YQgBZ U8Vg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763984819; x=1764589619; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :message-id:date:subject:cc:to:from:x-beenthere:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=dEgfpbx7tBQVZrrBWK2yGYVOAtUwvLjWbRhDSV5Ei+4=; b=IQeztAU6N7Fjjy6sd70p439HwUldN41ohd1JRDgmak9T4pzRwmqObm2b8yTwQrUvbA WUjLRmkcSuasxO3xZ/wZAtstSCmyUoQ5JCk1LBXXpoiz1px7wLVZul80MU8CuUQD/u7l uKZsIZqBM1yIoHmF/nO/4pm5nOsqhjUl4rKU9btm6pe4++ViWF+hokJ9SvCaqDqUjXlD aBGMUfLL2qVUMhOXCxlv2UiUPpXF3ij8orI675NGMUCL4zEmhDoIu2qdh/7s4erbL3Kk D1hHuTajCTce4lcJVWjOxvLZbSMKeU97l7dsbVvV4TjckcluZuYC2Tb7gf76J8bGmB6P 7iwg== X-Forwarded-Encrypted: i=3; AJvYcCW0tAENZp35nmNrwXOr8CuTd3vYJ+k06VnMOJ2qhaHiHgCqp6cnJYNqwWBApzQVhDYoatdV@ilbers.de X-Gm-Message-State: AOJu0Yxd3+3BYjHKkE0D7MjfPa0RlHcvHLLFU79fno+NaXDBzQk6SWAN xBnoB5j2Puoi9n7j5vXVl20p5imTjeKoZMsMgrhfWIuSLAgB78cCE6QE X-Google-Smtp-Source: AGHT+IF4MThVf20aRsuZGp3Ggh1CMhPuMuBhP1SX3+s624cAJ2gYN4zNtEZWV1lMCHZyCFgPcNNybg== X-Received: by 2002:a17:907:d08:b0:b73:3e15:a370 with SMTP id a640c23a62f3a-b76719d0675mr1204344266b.57.1763984819372; Mon, 24 Nov 2025 03:46:59 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="Ae8XA+Y0uG5j4qXCC1tXJ9eTmwpjN2RxRmIzuMzxVO9d7QU/WA==" Received: by 2002:a05:6402:516c:b0:644:fc0e:254 with SMTP id 4fb4d7f45d1cf-6453636cbc3ls3181310a12.0.-pod-prod-04-eu; Mon, 24 Nov 2025 03:46:56 -0800 (PST) X-Received: by 2002:a05:6402:84e:b0:645:2add:9301 with SMTP id 4fb4d7f45d1cf-64555d0ac62mr9375746a12.34.1763984816385; Mon, 24 Nov 2025 03:46:56 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1763984816; cv=pass; d=google.com; s=arc-20240605; b=DEen8fQXA1taorRJa0mthwzWZw+aKgQZR3nnYqEYgtrTo0CvGuJm0mnLnozrPfTPn0 c7RQZrcRzm3XRSea4UvX6Nvqeggl0ZuNSqOZ1US7LeDw/O/74slE0yGjfI9/cbf2BZJo r41gjEGsNp1u42I96CTBdYx6oEroabOLzB7fsz7y6tCMga4A+30Z5NBQATPIjmoCvB8K drvuKqIg1/UGTPTY2jUOGegXqJAlm1esKcPjNItohbRNpuQvg2+UaeBbNUBuIlLRVMwO 9TH8DYK4X6lYrnbtSDZVceJC9KF7jaDE5oNfvyNOHnZkrqB3+EBWD7NkqqFmVW9qyH4J 8k9g== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:message-id:date:subject:cc :to:from:dkim-signature; bh=K8xfF3HCQpHW+cM7N06ZQf9N07yrlllNeOXpZ4eCJu4=; fh=YgHcU2amhotomeH1Rv2VyUlgPjm8wpulXwrBvcHF4rI=; b=dTOhYbjdpa/KtYK7Roo4PckvEcc7UPG6p2XHWpifAE4e1PXBbJ89s/v04DzsOVEfVF HbWesiOzBVkl1BwTJq7u/gKJvNXY4PzMjmk3kb78px/MTeHnNr2+qqRD7OU3Y+iu1mwo NzlBqX0ME4rk2NNFwh2VxL/9adEKcoPVYcuMHTNhGxe9fWVVeZb9rQ24KCWDKDpR9Ji0 4lJEMbIpJo2vsWK81wmz6KDomB/KORY8gj5/YSQGvVid4axl9v8E3DcYps+Mx5cR6Q4L Ptb9jy7mdL8NZXf9IIpCTdkq0rW12XForYVQfdVwZMMvDNaaOxbqBr28YYbvE9hXYEtX J97A==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=mYZuNY1g; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from AM0PR83CU005.outbound.protection.outlook.com (mail-westeuropeazlp170100001.outbound.protection.outlook.com. [2a01:111:f403:c201::1]) by gmr-mx.google.com with ESMTPS id 4fb4d7f45d1cf-645363aa5f9si273094a12.1.2025.11.24.03.46.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 24 Nov 2025 03:46:56 -0800 (PST) Received-SPF: pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::1 as permitted sender) client-ip=2a01:111:f403:c201::1; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=i7Zi/QN0q9Nb52AJyd2+I3UEn+yevzjXRvtq3NOkJC6s/DXHvioyB86kxadxYSr03km9RbeSUhmGJX2VHbQ4v+Lf/Ahgak9cA4XYzaqPS7BT+zhAgP2hdD2KA+lvKqP6PbBJFIPch3E0ChQ8+Ub7p+Kvtpk+RR3ARlgJQafONBpgmYXuD5K+IDimELoCQlMQorAQAfYPC8ofJUbSl683JHOOUALt/Y1xj6plwceXEnyoUDOujFom8cwr0As0Dc6HmRjzve2WGcmVL5nt9ydVwJCnXiXvduCKIgm/ADD9hjX/cJ6id8O2xMj4UZOrbm8Uvi3JHsJbhXdhYztMaFj3Mg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=K8xfF3HCQpHW+cM7N06ZQf9N07yrlllNeOXpZ4eCJu4=; b=jcTuRHCm9jkajqguf2NCSrEzL5WcH87emHvIvg+FhowhitcZCq1wQ0r5zb91O6TOoruQqGx5n7xxsjxBl6WvPLZzDIH4B2pdwkZxhCZN6Uu15zYWVuFnxWzRKggPdF//C0do0MOHl9+i8OoV+JZHOAopRMbbTWQ3wzNtKkg/Z2y95zlCXe3BioSE2WjST2balGwWCO8H93ls9Tpvy4fSNHWEYc8WFxnY3ujVceAuJv4+Qc4zqFpYf4rsihI/YDUKM8Be962nZ8YIPazFJRJ5L5nutCyHHkXmrFNECTgocJqXkZROfvRK6bUl7UqO4eiI62QrVQb1hejGt7EkzMMFEQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) by PA2PR10MB9116.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:41e::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9343.17; Mon, 24 Nov 2025 11:46:55 +0000 Received: from DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::8198:b4e0:8d12:3dfe]) by DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM ([fe80::8198:b4e0:8d12:3dfe%4]) with mapi id 15.20.9343.016; Mon, 24 Nov 2025 11:46:54 +0000 From: "'Felix Moessbauer' via isar-users" To: isar-users@googlegroups.com Cc: christoph.steiger@siemens.com, cedric.hombourger@siemens.com, jan.kiszka@siemens.com, quirin.gylstorff@siemens.com, Felix Moessbauer Subject: [PATCH v5 00/10] Add SBOM generation with debsbom Date: Mon, 24 Nov 2025 12:46:28 +0100 Message-ID: <20251124114638.2238090-1-felix.moessbauer@siemens.com> X-Mailer: git-send-email 2.51.0 Content-Type: text/plain; charset="UTF-8" X-ClientProxiedBy: SG2PR04CA0182.apcprd04.prod.outlook.com (2603:1096:4:14::20) To DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:47f::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DU0PR10MB6828:EE_|PA2PR10MB9116:EE_ X-MS-Office365-Filtering-Correlation-Id: 62c22f26-718f-4f6f-5f9d-08de2b4f2a53 X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|366016|376014|1800799024; X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?85RqR9Ymxv/AuILNB7ydAOrOA26hl0zHhCilvFYie5Vkx0FfzKPBd9V5a7Np?= =?us-ascii?Q?yVX1IA06uBP0vvLMwUgcBhZf0rDmuPLK/nraE/uc1eJtbtDyk7KkbylziSPk?= =?us-ascii?Q?veGkqBaeuoFE/Do8D9x213Ss+Nt8d7my9JdIosK6fJfL3/Elv0PWvW1tarfm?= =?us-ascii?Q?vRd2qLAW65099UbJmakUin+T3bFcsxXcoNDEMGZLpmFURKGLSPQG4njvqozx?= =?us-ascii?Q?mplcMv8K7tGvGpcpWZjBTC5a4bxUAATJWzXLx3Fc4PztsM+c7zX0YtN8M2Zp?= =?us-ascii?Q?Zr9lmM7TtgsA0Qsiqvnq1Fvslw0192AawJY5fDoj9qL7gcs8oBl0Z+6as5uU?= =?us-ascii?Q?CGJsjYmTD5tEgGVO0zQBMAgKUBuXyX2HKJWxThST9XhNZ78TNDivb5WyZ2pQ?= =?us-ascii?Q?HJrlwOdV0/SY8FWrh/oKyDYDSwkDJcWafjKJssFZhD7igUkXOm5GjVAIVPqM?= =?us-ascii?Q?FI/qE3z+Fsa457+6Q3DEu0Z82hZC6BNZc3l8a09vmCezxIBK4CF6h97I++WK?= =?us-ascii?Q?9Sb10pyLU24EEQKnY8y+ahRJGfiTWgUVSL8clBEAR+u7hZ+/0LiqWm3THdlL?= =?us-ascii?Q?cPOCU/js/Z6kAT06ScjWUNxqu5WrdhJ5I2/rF29U5Xq4cAG5P5Hi+W9royMj?= =?us-ascii?Q?doXoTHmVMunMpz4DvMZ3zEv6VeVcCdU9S7bMmxn1Y8L0MPhpPs+NA/+cQ/Ub?= =?us-ascii?Q?Q+kZ+/GM36StasOpwzwr3zF6TyufFCLpLSXvo5A4OM6oq8IegV/5JJ3kTCbv?= =?us-ascii?Q?m6PWjcIt0f0kxFIJGa+xUwmOkthWsAHLX9ah+zlREjICxS4aFkt/I0H09u5f?= =?us-ascii?Q?m0PkJP3ZI+eYCwxHp+0OkI/WmD9rTe3oXSXgWwaPr6sdPIogfprzh49hbIDb?= =?us-ascii?Q?HT/Kl6eDKl7KeRw+v+9bKFummuiFnX90w4D71EMmH9rjBMsO7OBMSRRKWNwS?= =?us-ascii?Q?nrS8nmISUg2YnRiX5HwDphSqNP/4SPv4M8ZGevzhjNKNZQx0QZr6JqeKvyQ1?= =?us-ascii?Q?ovLbV+/OB1H7qhA/rdnlcC1ypL2kU5JvqbsPE1xgiVxf2d+kxraboZFGAPHP?= =?us-ascii?Q?xvtpMuF6GzM+7xwy0PYZlFSFfOckeu0Z+qBLDE/wrGFawZjgAHXuLUgPHEGl?= =?us-ascii?Q?4fdj8aEcSjVCNihmq0ICgQwP+sH5BTNSkJZvGdcv5tli/UxlBgEX20dp26kv?= =?us-ascii?Q?VCQvfcgeUS1Q3ej1Tqu3siXkU9LmY+TVl/SOIUjh2QrxzWMnnx7uhLNTfhdQ?= =?us-ascii?Q?CaPfhXJLGb9bkJrw4Q31mmFE/NscuWztO24R0NOZ8qo6seicX9GcoJ/VDNLR?= =?us-ascii?Q?fevFu9bcaLPQmrMsYhoZWZk8RF6dN45IxyNkpdpDbHx9qNygGPh01QHdtpuQ?= =?us-ascii?Q?KU2R+cmYrpJF8AcTi1BqXrUK006O95GV7RJkoiVexTtX6rysyw=3D=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(1800799024);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?j5crzvPXChTlLhixpT3Kjp+G+YqKwlFbGZjXhSaTUKirLvKvLed+hQg1B+88?= =?us-ascii?Q?8TOFJZW3DMEGdQ98YXQdOBQ+Kc5UGmJz2ipcN5HnE1rC0wzxv2RU6BuPBMZ4?= =?us-ascii?Q?8XiJMFhYx3rZvGlbktXTy/p9YQ7IkMwAE05g9PfGpTyMliqOeBXfVXP0Vm3e?= =?us-ascii?Q?5CaXPfj1Y7DPcFiIilonMskMQwtZMtJTCpxNn6zjvgWeZ1/AkOYIudF/untK?= =?us-ascii?Q?ITZirc02fnoa97dF6F0tTtsMB34yspGABKKGfeRo2oHOj8AvSq7hzADByCcQ?= =?us-ascii?Q?wWYhxPJ+Qr0rd6xEK3PDk/aE5LeDGaweGvsnPmcbMr67GZn6H/N5oSJ97C6d?= =?us-ascii?Q?4yiNKWlDWDCWXj6dYjaTk8TvCRtWYfiA7d3rvf6M9b9GEPPsmyq8DYi/hyIF?= =?us-ascii?Q?wY40eZmYvTWTkoTyRm0d3d9svD4gGhoijg+O2bJJd5lhXBldgu4LrOPlLH8y?= =?us-ascii?Q?syK7a8gmlyEHH90H0xIREqfLvaMuAbG8iHyO9bXcKm4g4A0W8LvqRm4UYvwY?= =?us-ascii?Q?Y2c4W61JQxNaY35KPD915pRCcaFKIfT5Z/B/ZYcNuS5YwOOvSm1k+DWsfR5Y?= =?us-ascii?Q?14Vh55FMC8ig69/A3J4KiT5CUJXRzZH20OqlxxxUf8/Y8IJHImtsb3Dlj4NF?= =?us-ascii?Q?WZ8heTuKI+g56xoVyV979eqZGQAQIPGBdxD7ORnILAYZE/cvw0+qOCpWFSf/?= =?us-ascii?Q?rNhaA9GmV5DA6ZKquWWBsXc2j1O3KrnAWCCVzdvuA8Ut0o/VnBLxvUIvv+xQ?= =?us-ascii?Q?k3qOXgCobCWXt+xcfrwaOq0Pi9Zjd0fmpjhG21aMrKCFt1UsxWpFiH2ltjxo?= =?us-ascii?Q?hPV8FSFYuK1Rzz783gMxFiXy0m4VqYaIEUWJFsvfwbQZaJT0wX+qg0gwCpsm?= =?us-ascii?Q?KSsAqLEcVJLKLda6w1bfA2mbNKNSRvFHXWGHIWpJp2aCjOY97LUHJwoz4HnT?= =?us-ascii?Q?eY1n/JIb8t7yM51+tWzhpCSaoR/qu8qs6T1U9AXx1H27iInjIf+BLQRwzLxW?= =?us-ascii?Q?M29KNcplWDI3Sny8mmJEjni1py86rd5e9z0um3mXdl+GMWPljIskTA5WMgTj?= =?us-ascii?Q?GDnFm9ngi94L+acJsuSvpxIOZrNq4ERtZgY0i3hbG3YsOnuXjvrE/Jg7oHOW?= =?us-ascii?Q?1j2ou6h/PT+i0ag0mzsKuZJByLbHa48M3fseIHNtWO8qaLKgn/UYVOo7zNYD?= =?us-ascii?Q?uZg1O4CoNTn0tUjzl333kQ5tCflswYr9XE8bis/rSC2cvH3jIYwG2eESdOST?= =?us-ascii?Q?BrQlfybNyCdQ+0u0WVDnf5bxW/rWJRZ3BLQeLgWslrswtYTyXwQ4HfseOYTr?= =?us-ascii?Q?NfeENQDH855QCFTApvc9rZdHPpZ09+Fsq9mkXGxTj25eeFfwX2cLMzomup8/?= =?us-ascii?Q?KHm3lFscIEkUkmxi/JrozahXargpWLpHCoxIaVMvT4tYo9fqKOmonlqt9lHS?= =?us-ascii?Q?pGE6hALI+LQYpOscqh10CClkdcM/cLMyLfl3pP7ZsJuNlVlwSzwKM1c9pB4R?= =?us-ascii?Q?GP6BOEXQbcGMe6Qut7K2O6pp3rt6WxZilMWuMtkMMGTrVNQbKLY0mR5Y5Pj5?= =?us-ascii?Q?MBmpQms1cwyOPG3DZU1mwwZPM5wLkXWQUdhKvBlR7xRXJqTEf86VX3Sf+d7G?= =?us-ascii?Q?9A=3D=3D?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 62c22f26-718f-4f6f-5f9d-08de2b4f2a53 X-MS-Exchange-CrossTenant-AuthSource: DU0PR10MB6828.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Nov 2025 11:46:54.9331 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: d+Kniy9mqOYBIkQcljH+RemHRKQ59kCYQeQoNgbPRCCe3odW8FUHdzuCkSsndmUCbq2VZNaDWDX3ThzRjHRKCPLwiNtMhImLnsFXbYXIFms= X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA2PR10MB9116 X-Original-Sender: felix.moessbauer@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=mYZuNY1g; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of felix.moessbauer@siemens.com designates 2a01:111:f403:c201::1 as permitted sender) smtp.mailfrom=felix.moessbauer@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Felix Moessbauer Reply-To: Felix Moessbauer Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: /MupxSCV2iRf This patchset adds proper SBOM generation in the two standard formats SPDX and CycloneDX during the rootfs generation process. The generation is itself is handled by a SBOM generator `debsbom` [1] which is developed as an open source project at Siemens. It is still early in development, but it has enough features for what we require in isar. The required dependencies which are not yet available as Debian packages were minimally packaged directly in isar too. This is a followup of the previous RFC [2]. Since then the series has changed a lot. The SBOM generation was moved from a simple OE lib to `debsbom`. This also meant the introduction of a separate chroot was necessary. The SBOM generation process was also moved from the image step to the rootfs step, along with a lot of minor changes and improvements. [1] https://github.com/siemens/debsbom [2] https://groups.google.com/g/isar-users/c/8L-CF4BJY0I/m/p0N3o_zfAAAJ Changes since v4: - rebased onto next - fix race condition on creation of ${DEPLOY_DIR_SBOM} (aka ${DEPLOY_DIR_IMAGE}) Changes since v3: - fix issue on external bullseye initramfs (we now disable sbom generation on all unsupported distros rootfs instances) - update debsbom to v0.4.0 - rebased onto next Changes since v2: - fix issues when HOST_ARCH != DISTRO_ARCH on derived distributions - update debsbom to v0.3.0, which fixes the Origin: bug reported in v2 - generate SBOM for imager as well and create merged sbom of .wic image - resend imager manifest + wic manifest patches to reduce conflicts Note, that the patches p1-p5 are most important as they add basic SBOM support. The remaining patches address the imager + .wic bom part, which also can be merged later on. Changes since v1: - remove tarball - refactor packaging (auto-derive python dependencies) - only build missing packages (varies on bookworm, trixie, noble) - add ubuntu support - only generate sboms for supported distributions (bookworm/jammy and onwards) - update debsbom (includes bug fixes and more information for source packages) Christoph Steiger (3): meta: package python libraries for SBOM generation meta: package python3-debsbom meta: add SBOM generation with debsbom Felix Moessbauer (7): refactor: move get_rootfs_distro from sdk into rootfs override distro vendor in SBOM on Ubuntu add support to add imager dependencies to BOM wic: create uniform manifest describing all image components qemuamd64: add IMAGER_BOM entries imager: create SBOM of IMAGER_BOM packages wic: create uniform SBOM describing all image components doc/user_manual.md | 1 + meta-isar/conf/distro/ubuntu-common.inc | 2 + meta-isar/conf/machine/qemuamd64.conf | 1 + meta/classes/image-tools-extension.bbclass | 29 +++++++++ meta/classes/image.bbclass | 7 ++ meta/classes/imagetypes_wic.bbclass | 30 +++++++++ meta/classes/initramfs.bbclass | 3 +- meta/classes/rootfs.bbclass | 23 ++++++- meta/classes/sbom.bbclass | 65 +++++++++++++++++++ meta/classes/sdk.bbclass | 10 +-- .../sbom-chroot/sbom-chroot.bb | 30 +++++++++ .../python3-beartype/files/rules | 8 +++ .../python3-beartype_0.19.0.bb | 29 +++++++++ .../files/pybuild.testfiles | 1 + .../python3-cyclonedx-lib/files/rules | 8 +++ .../python3-cyclonedx-lib_9.1.0.bb | 48 ++++++++++++++ ...icense-description-in-pyproject.toml.patch | 28 ++++++++ .../python3-debsbom/files/rules | 8 +++ .../python3-debsbom/python3-debsbom_0.4.0.bb | 45 +++++++++++++ .../python3-packageurl/files/rules | 8 +++ .../python3-packageurl_0.16.0.bb | 33 ++++++++++ .../python3-py-serializable/files/rules | 8 +++ .../python3-py-serializable_2.0.0.bb | 38 +++++++++++ .../python3-spdx-tools/files/rules | 25 +++++++ .../python3-spdx-tools_0.8.3.bb | 46 +++++++++++++ 25 files changed, 523 insertions(+), 11 deletions(-) create mode 100644 meta/classes/sbom.bbclass create mode 100644 meta/recipes-devtools/sbom-chroot/sbom-chroot.bb create mode 100644 meta/recipes-support/python3-beartype/files/rules create mode 100644 meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb create mode 100644 meta/recipes-support/python3-cyclonedx-lib/files/pybuild.testfiles create mode 100644 meta/recipes-support/python3-cyclonedx-lib/files/rules create mode 100644 meta/recipes-support/python3-cyclonedx-lib/python3-cyclonedx-lib_9.1.0.bb create mode 100644 meta/recipes-support/python3-debsbom/files/0001-Use-old-license-description-in-pyproject.toml.patch create mode 100644 meta/recipes-support/python3-debsbom/files/rules create mode 100644 meta/recipes-support/python3-debsbom/python3-debsbom_0.4.0.bb create mode 100644 meta/recipes-support/python3-packageurl/files/rules create mode 100644 meta/recipes-support/python3-packageurl/python3-packageurl_0.16.0.bb create mode 100644 meta/recipes-support/python3-py-serializable/files/rules create mode 100644 meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb create mode 100644 meta/recipes-support/python3-spdx-tools/files/rules create mode 100644 meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb -- 2.51.0 -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/20251124114638.2238090-1-felix.moessbauer%40siemens.com.