From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 17 Dec 2025 16:23:03 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-qt1-f187.google.com (mail-qt1-f187.google.com [209.85.160.187]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 5BHFN1vw005012 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 17 Dec 2025 16:23:02 +0100 Received: by mail-qt1-f187.google.com with SMTP id d75a77b69052e-4f1f42515ffsf80233431cf.0 for ; Wed, 17 Dec 2025 07:23:02 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1765984976; cv=pass; d=google.com; s=arc-20240605; b=cZtSejvUuvuPjEQJhqSrbBLl/tk96quUfvz5JdZnCloWkXsgMMY5wdE51YiNNfx30I M1Q5ypEPBs3h13mLf7/oNuLozx8Tz3zQBgyoFqPIiW3hSPq/G0AJvRuJPhDEnrGec6nk RGcBXx3RtFufy4n3IuSSiJMvzu98piIRjJaHDn/zB8E+cwL7N/3DBiOJRqIpUSLT9oFd XHusuEpZcIwfIxcnRgPqekUA9iIj9CiV/T8cvBMh0Oxj55Zjq2jfHvkb8HWqXn7S0vjw 4J/GVThWNXqwFwfzRrmOMdT3CtH7K01KSax7WoHhQd/rcfVc0J7q8MwH1+35Znef6Dru es1Q== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:mime-version:in-reply-to :autocrypt:content-language:references:cc:to:from:subject:user-agent :date:message-id:dkim-signature; bh=A3+4EHEilmZ4uzz9Eu1mH76NbF1wnKRMIpf4GDQWQvw=; fh=ucjGmR9MdWW3TVMPOV44ZE08i3XxiR/TpEfROtopZjE=; b=a0jrG0p0NLwfeuRFN0UYDq9lojNr2pP/gkRVYtgRUosh623u7O0YVIg4dq7VzVsMSG o8tf1wwatx+f+Y0YNVGtQXQobrfIn+VLsbmig7zN1QubifII5uO4dQ9rvXQ91F8To+3N 7Ibg5tmIAcjTqWNLRBRfgSqlPSkSRSzoFFwU4TXnqsKG6RkOUOEjWwwNFt5MBCE1/eZJ Zg4AG0o+AEdxo6AHcZUm+fnIT8VsIRCpvQHOLmLFXOPz/QJRPnpaXSHSjp5WgQQVxcy1 IVgFjqLqC3OPfUbMApYGIND5Oa/p7+CGnVprq6OGau1snrgzBSfHFVmpt6UIFNRZM2n5 WwbA==; darn=ilbers.de ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=RqEPQ3d9; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1765984976; x=1766589776; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :in-reply-to:autocrypt:content-language:references:cc:to:from :subject:user-agent:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=A3+4EHEilmZ4uzz9Eu1mH76NbF1wnKRMIpf4GDQWQvw=; b=Z76bWzQ28M3NhJnUVBhq+1+pJNObNrgk+7hV79RU5ioPKlvwP++dRvONqZbC22zO2u /WgyAK9rGWEg7wwArbwuE77dyYHMzhBRosdL2TV0DTO5N9bLxLUU6/TU4D5xN2dMDNLp A+mb7j0NNPDc8aI4bAF88B8VZ0xaaRbw21uw+9nvbRkl3eg5YdT+SNCUwr/wxS/7BTwz BLq+eNutvb4S/AHd0hM+XGwppwKhfZGXSOVu1f0IeOI0x4GLuGgVRbX6wUGDM31AbM52 MzBUAxfs1xGtC9vQQiLUPnXKGZW9dhC9wM1minFhlBYrIll8rfrTn9PpQU/yqeIIQ9rn iqWg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1765984976; x=1766589776; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:mime-version :in-reply-to:autocrypt:content-language:references:cc:to:from :subject:user-agent:date:message-id:x-beenthere:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=A3+4EHEilmZ4uzz9Eu1mH76NbF1wnKRMIpf4GDQWQvw=; b=i+qx32i7r83Ujhf4/hQtYroNNQhUgC0TxSmZ9EluiiHKfG+g8oX2Dzk4msHvFx4lgW QHWead+nlh4GYSfZCFdlZNsi8DjK8nDcLfD+yykij8UedkDvnrzy0+Mg3pomfIrfKmRF C9gjhbLS0grAVQUdy22Ld86HCewUt9EFTuQIPd6PX+vbLlZNECtzYHGNjG55Scn/tmgr 9KCvk9qrXw5GE5DmveFlO/cyQYzf7+U8kZtsFM5vOmVxWluplSAisMbEr2Ij7R2opg07 E906uU2DD7E5eI5PIrMZrVeuEQRR7PjGtIvVDH4+EPmEweXy0jSui8nlRxP0dkPfa7en wzRw== X-Forwarded-Encrypted: i=3; AJvYcCU9CVXzYU1dxvu3UdxwwuDKNwcBkx+du4gYIpwlIaY4XuPaMXn6qr9XxZM3oKRe8MOAdOrS@ilbers.de X-Gm-Message-State: AOJu0YzoBjeEI/91zMEKPdRZ3tPTZBBBtRGIiGxfo1yJRYZqpDWj8F8u qgL4hlDNtBg/UFNQaTqwh8OvsTN9OVIUkbSa918Vmby3zAvbRJDakcQz X-Google-Smtp-Source: AGHT+IEW2Bt8hWyfBbIivECMOCI/Yo/7Qwq1Grr7uD4GHF2gikehaZE9v6gcedMH0YNf6r8F1wvNOg== X-Received: by 2002:a05:622a:a18:b0:4ee:403:7f3e with SMTP id d75a77b69052e-4f1d04df845mr234828071cf.19.1765984975772; Wed, 17 Dec 2025 07:22:55 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="AWVwgWacnFItIcE9tTG0c+DiRyszHOJFU54InaPi89KdUswnTA==" Received: by 2002:ac8:5905:0:b0:4ed:7e5c:f41a with SMTP id d75a77b69052e-4f1ced9d068ls105230241cf.2.-pod-prod-03-us; Wed, 17 Dec 2025 07:22:54 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCVWYMjlMLJzlSmsWisXvr3Re5rj6fs2cQMZuHgyLQ+vTDHuacoRRXtBdaBW7FZj9L0nP85QsysujKah@googlegroups.com X-Received: by 2002:a05:620a:701c:b0:8b2:e2ca:363 with SMTP id af79cd13be357-8bb39dc4bfdmr2441344785a.21.1765984974616; Wed, 17 Dec 2025 07:22:54 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1765984974; cv=pass; d=google.com; s=arc-20240605; b=YGoyB1imy0+Rf+pF1uybDM4ese7/pqvkxM4F1dQTFU6EEfmn11sq37/pXa9CX3uLSF LNCWShuvBur4SWhfxQICZlx1a9zO3VP97f3Dc7Ch0Fa7z1nN0ffNaQ7HJo5TPrM4txR2 2RvvVRHGERZxXTJ4dBl73TGiFzt/NhsxKaEEhxkbMovnVQmpeGWEF0JC+UM7mSGAJIDd mz7yJkPdEbKAxX7O7PpVPBl37AvE1ZHV51HwQMQ2dltbrMCQvsjKslgjGZpxNEC5pw3z nXSgX1+v9P291xgeHhiPlDCeaZMCkjghdkQFO03SCowUMvyss1VHyNDjJZWMDcvJ+NXe Q9IQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=mime-version:content-transfer-encoding:in-reply-to:autocrypt :content-language:references:cc:to:from:subject:user-agent:date :message-id:dkim-signature; bh=OYGMKv5Msl6KDNFuYK4siB6IE6DegfDWRPT96jEA8sg=; fh=fqcZrbk8Ndqbb5I+7X1MMiqqjH8FYHaCxxBCdBARHmA=; b=YibmUaxWuVAT9AKaZ4vXTuJmKTwpIg674cZ0I6+cNvy4ql516Wf4m4GLtTu8h1YqG0 Y3FgF/UekymkhDruvl2gM41RZSax4lcP4cqTrrJqI77+WViiYCxCe6/URLl3YfXy7qp2 3tquqWl/yc+vpSksIOYWoh9uR1PBZDaHSB2pbabgjJe7HOPX+uCsFFs36N7Kd79gQscg DTtJk738DC3qqnqvH4Ig+0K5Yc+HKn8OaVH38UhxJUFIdr99KaooiPznC5QZo6eo/SuZ 5Ru/4WYHD0xJwxlpdo8QgrYruZDA9I479+0sFEpxTdNcRSs1oucmWuACmIt4mTx7qWin c/pg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=RqEPQ3d9; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from DB3PR0202CU003.outbound.protection.outlook.com (mail-northeuropeazlp170100001.outbound.protection.outlook.com. [2a01:111:f403:c200::1]) by gmr-mx.google.com with ESMTPS id af79cd13be357-8be31b490d2si27328685a.4.2025.12.17.07.22.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 17 Dec 2025 07:22:54 -0800 (PST) Received-SPF: pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) client-ip=2a01:111:f403:c200::1; ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=atRTjD5zP4zV3Z8ClX4AkfqESUdDUkoZn0T4VgRMkjQHEERHPDKDjSj/aEIFs9YRdemhEJF3Zq0ayxfuuC34OY0NQhftr5kXFpTGa4f4j1wJl9LrG13bdoStcqv/kfI65rFSlR2tz8LbXiZFESSDWyzIrMUptqMu1ghOyVKn+Er22CNoxwmGvlbTqy3AzIsPjf0yV2yPIyXxqyNy5WVnDpIc+TwnmlShUg4hs8M8zCTHAIzcESwmpNEbZGQRscNbCKOMAUdEy8SHs00CCgdSPuM4S39C8gUgnyY1l6jF73x42luZzEFCIf/TXQ7eWuNJLFXm3vUhw1DEeuRFFVvcEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OYGMKv5Msl6KDNFuYK4siB6IE6DegfDWRPT96jEA8sg=; b=TnrT0W5WkDHbrk8zzM+miqts8tgQFdc+wx+EEgIziFQkqz0T4CrXxJFmGbMECHDQKIGIz/rsZuZtA7UNf9xnDY/kNLerds2ppltzil5lr8JFm8BmH2jj0LfpiT9WdHAqGiorsoJ8r7zB+GB9juFPmecx0nsCHz2ZySBuedRIPLtqJ1ogWdlPcBGgwXhUowEvHX/xWbheZfCZibRnMi4ySUK+5ayxYA67oRWQdZCLTtLH/5xvCQFG/baRlwf3F8H86rcl2te1mA3qFaxtXz2OEsadvaa9tq0hEM+bBApK1pQmUKu8ScFUoAPhOiQ5zHk4ZvSU9JIYZXcqjNEDotHr8g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) by PA2PR10MB8477.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:102:41a::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9434.6; Wed, 17 Dec 2025 15:22:52 +0000 Received: from AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::8fe1:7e71:cf4a:7408]) by AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM ([fe80::8fe1:7e71:cf4a:7408%6]) with mapi id 15.20.9434.001; Wed, 17 Dec 2025 15:22:52 +0000 Message-ID: <3a94e788-0998-47f8-a200-c8e2af99b002@siemens.com> Date: Wed, 17 Dec 2025 16:22:45 +0100 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v6 00/10] Add SBOM generation with debsbom From: "'Jan Kiszka' via isar-users" To: Felix Moessbauer , isar-users@googlegroups.com Cc: christoph.steiger@siemens.com, cedric.hombourger@siemens.com, quirin.gylstorff@siemens.com References: <20251201085813.1616095-1-felix.moessbauer@siemens.com> <7b9b5669-fb6f-4dfe-b146-25a6f35b2583@siemens.com> Content-Language: en-US Autocrypt: addr=jan.kiszka@siemens.com; keydata= xsFNBGZY+hkBEACkdtFD81AUVtTVX+UEiUFs7ZQPQsdFpzVmr6R3D059f+lzr4Mlg6KKAcNZ uNUqthIkgLGWzKugodvkcCK8Wbyw+1vxcl4Lw56WezLsOTfu7oi7Z0vp1XkrLcM0tofTbClW xMA964mgUlBT2m/J/ybZd945D0wU57k/smGzDAxkpJgHBrYE/iJWcu46jkGZaLjK4xcMoBWB I6hW9Njxx3Ek0fpLO3876bszc8KjcHOulKreK+ezyJ01Hvbx85s68XWN6N2ulLGtk7E/sXlb 79hylHy5QuU9mZdsRjjRGJb0H9Buzfuz0XrcwOTMJq7e7fbN0QakjivAXsmXim+s5dlKlZjr L3ILWte4ah7cGgqc06nFb5jOhnGnZwnKJlpuod3pc/BFaFGtVHvyoRgxJ9tmDZnjzMfu8YrA +MVv6muwbHnEAeh/f8e9O+oeouqTBzgcaWTq81IyS56/UD6U5GHet9Pz1MB15nnzVcyZXIoC roIhgCUkcl+5m2Z9G56bkiUcFq0IcACzjcRPWvwA09ZbRHXAK/ao/+vPAIMnU6OTx3ejsbHn oh6VpHD3tucIt+xA4/l3LlkZMt5FZjFdkZUuAVU6kBAwElNBCYcrrLYZBRkSGPGDGYZmXAW/ VkNUVTJkRg6MGIeqZmpeoaV2xaIGHBSTDX8+b0c0hT/Bgzjv8QARAQABzSNKYW4gS2lzemth IDxqYW4ua2lzemthQHNpZW1lbnMuY29tPsLBlAQTAQoAPhYhBABMZH11cs99cr20+2mdhQqf QXvYBQJmWPvXAhsDBQkFo5qABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEGmdhQqfQXvY zPAP/jGiVJ2VgPcRWt2P8FbByfrJJAPCsos+SZpncRi7tl9yTEpS+t57h7myEKPdB3L+kxzg K3dt1UhYp4FeIHA3jpJYaFvD7kNZJZ1cU55QXrJI3xu/xfB6VhCs+VAUlt7XhOsOmTQqCpH7 pRcZ5juxZCOxXG2fTQTQo0gfF5+PQwQYUp0NdTbVox5PTx5RK3KfPqmAJsBKdwEaIkuY9FbM 9lGg8XBNzD2R/13cCd4hRrZDtyegrtocpBAruVqOZhsMb/h7Wd0TGoJ/zJr3w3WnDM08c+RA 5LHMbiA29MXq1KxlnsYDfWB8ts3HIJ3ROBvagA20mbOm26ddeFjLdGcBTrzbHbzCReEtN++s gZneKsYiueFDTxXjUOJgp8JDdVPM+++axSMo2js8TwVefTfCYt0oWMEqlQqSqgQwIuzpRO6I ik7HAFq8fssy2cY8Imofbj77uKz0BNZC/1nGG1OI9cU2jHrqsn1i95KaS6fPu4EN6XP/Gi/O 0DxND+HEyzVqhUJkvXUhTsOzgzWAvW9BlkKRiVizKM6PLsVm/XmeapGs4ir/U8OzKI+SM3R8 VMW8eovWgXNUQ9F2vS1dHO8eRn2UqDKBZSo+qCRWLRtsqNzmU4N0zuGqZSaDCvkMwF6kIRkD ZkDjjYQtoftPGchLBTUzeUa2gfOr1T4xSQUHhPL8zsFNBGZY+hkBEADb5quW4M0eaWPIjqY6 aC/vHCmpELmS/HMa5zlA0dWlxCPEjkchN8W4PB+NMOXFEJuKLLFs6+s5/KlNok/kGKg4fITf Vcd+BQd/YRks3qFifckU+kxoXpTc2bksTtLuiPkcyFmjBph/BGms35mvOA0OaEO6fQbauiHa QnYrgUQM+YD4uFoQOLnWTPmBjccoPuiJDafzLxwj4r+JH4fA/4zzDa5OFbfVq3ieYGqiBrtj tBFv5epVvGK1zoQ+Rc+h5+dCWPwC2i3cXTUVf0woepF8mUXFcNhY+Eh8vvh1lxfD35z2CJeY txMcA44Lp06kArpWDjGJddd+OTmUkFWeYtAdaCpj/GItuJcQZkaaTeiHqPPrbvXM361rtvaw XFUzUlvoW1Sb7/SeE/BtWoxkeZOgsqouXPTjlFLapvLu5g9MPNimjkYqukASq/+e8MMKP+EE v3BAFVFGvNE3UlNRh+ppBqBUZiqkzg4q2hfeTjnivgChzXlvfTx9M6BJmuDnYAho4BA6vRh4 Dr7LYTLIwGjguIuuQcP2ENN+l32nidy154zCEp5/Rv4K8SYdVegrQ7rWiULgDz9VQWo2zAjo TgFKg3AE3ujDy4V2VndtkMRYpwwuilCDQ+Bpb5ixfbFyZ4oVGs6F3jhtWN5Uu43FhHSCqUv8 FCzl44AyGulVYU7hTQARAQABwsF8BBgBCgAmFiEEAExkfXVyz31yvbT7aZ2FCp9Be9gFAmZY +hkCGwwFCQWjmoAACgkQaZ2FCp9Be9hN3g/8CdNqlOfBZGCFNZ8Kf4tpRpeN3TGmekGRpohU bBMvHYiWW8SvmCgEuBokS+Lx3pyPJQCYZDXLCq47gsLdnhVcQ2ZKNCrr9yhrj6kHxe1Sqv1S MhxD8dBqW6CFe/mbiK9wEMDIqys7L0Xy/lgCFxZswlBW3eU2Zacdo0fDzLiJm9I0C9iPZzkJ gITjoqsiIi/5c3eCY2s2OENL9VPXiH1GPQfHZ23ouiMf+ojVZ7kycLjz+nFr5A14w/B7uHjz uL6tnA+AtGCredDne66LSK3HD0vC7569sZ/j8kGKjlUtC+zm0j03iPI6gi8YeCn9b4F8sLpB lBdlqo9BB+uqoM6F8zMfIfDsqjB0r/q7WeJaI8NKfFwNOGPuo93N+WUyBi2yYCXMOgBUifm0 T6Hbf3SHQpbA56wcKPWJqAC2iFaxNDowcJij9LtEqOlToCMtDBekDwchRvqrWN1mDXLg+av8 qH4kDzsqKX8zzTzfAWFxrkXA/kFpR3JsMzNmvextkN2kOLCCHkym0zz5Y3vxaYtbXG2wTrqJ 8WpkWIE8STUhQa9AkezgucXN7r6uSrzW8IQXxBInZwFIyBgM0f/fzyNqzThFT15QMrYUqhhW ZffO4PeNJOUYfXdH13A6rbU0y6xE7Okuoa01EqNi9yqyLA8gPgg/DhOpGtK8KokCsdYsTbk= In-Reply-To: <7b9b5669-fb6f-4dfe-b146-25a6f35b2583@siemens.com> Content-Type: text/plain; charset="UTF-8" X-ClientProxiedBy: CH2PR14CA0019.namprd14.prod.outlook.com (2603:10b6:610:60::29) To AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:588::19) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS4PR10MB6181:EE_|PA2PR10MB8477:EE_ X-MS-Office365-Filtering-Correlation-Id: 5eb278c8-2c50-4ccb-b052-08de3d80251d X-MS-Exchange-AtpMessageProperties: SA X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|366016|1800799024|3122999012; X-Microsoft-Antispam-Message-Info: =?utf-8?B?bEFRaHNWSHhKSW1ZczNnZHNLZE91dHR0Z0h6Yk9vNkhhR25lbitsODB2UEx1?= =?utf-8?B?V1pVSkJiblNaZGJPMW8zNllLNUtiQU51NVljRzdvdFZZbitPVk9WcDlWMGJk?= =?utf-8?B?Zzl6TEtsTndtUExXVEZheEU1MFJNU091MUVIZnFVZmZiRXZFa2F4Y3M3SWxC?= =?utf-8?B?WVNrankrWlF2Vm1Rc3pqYXBvZlovdXVXcGxwZEtLT3JWeFJXUm5CSEozL3BD?= =?utf-8?B?ZWdDZ0xWNXlVNTEwUk81eEIxSU5GU0pabm5VR2E2dEpXTFhOVjhYYkd3RWNM?= =?utf-8?B?ZUVIb2xaa2tRbTR5RmhpWmpmOFlWdllCU3VNQWl3ekRrSEZmNngxUVI5OTc5?= =?utf-8?B?V0FUK1Z5ZlBxdHEwelYvdHQ2RE83SHFHd1hadDRkYnhLQ0JwOVN0MjhpZ3Ew?= =?utf-8?B?Nm5HRFh0SHptTkxYMHV3OEV2cy8wNEhUT1gyTnVpYmNvM01nYmtvclBQNVNy?= =?utf-8?B?d3R4dll1N1R0QXlRYVFoQ2ZWN2dqMW5YODZLM21xNEZEa2IxaDBINytOTVNO?= =?utf-8?B?ZEI5OTdSdUlKb3NPVmk4STkrWGdwSm1kSGhLWlB6RG5Bb3pTODlrbkdldkkr?= =?utf-8?B?eENVWkMyU0lNMm5aZ0JCSlhiVkJzR3dFRnA2M2l0SWlmK2tVcExaL2hxTUR2?= =?utf-8?B?UWwvaTRGU25uWmNOT3loNWNlbUhvdkxOVDlhYjM5TlFGa1A4aWRMR3ZhMWlm?= =?utf-8?B?Ym5nbE9DNVpvUTVRUERzejdZUFMyS0VSN1J2NVJadWFFc1RZSTJWdWZXYnFm?= =?utf-8?B?M1lnMlFGRDZXNHJJUkg1Qm01WUhyL0dhZkthK0prWVlRU2ZPNGFLcThGZmdZ?= =?utf-8?B?bExiT2NaWjZhUVdmUWV2RG03Q000L3U1WjcwU20yM0RqTnYvclVlRUxxbWhh?= =?utf-8?B?VVJNdlNTZWpTc0lYZmQwUmVpM2U3dFJpL3hBVEJTdVNlSW8rSnBHNitoVmc0?= =?utf-8?B?L1FaaGp2eWUzVmtDZTA1cGM2WWZpSTlKTnVubitHQjdPbGQzbzNyWTgyYlI5?= =?utf-8?B?TVZDbHEyZ05HQzIwbVdlR21BWkdWcThKN2d5dEZzTXFVWmErbHZGTjF4Wk5H?= =?utf-8?B?eUd2WmY1MEdTQk50WndGa1pKZFNsRFg4cG5KeEYraVNraUJPcXZMWkJRY2pY?= =?utf-8?B?cmFpTVZ0Sm9lT0s0cUw1SzduYUs4a0xoMU9oV2pTWVpxM1YwNXQ1R1RYQWdT?= =?utf-8?B?YnN2SjRvUFNXZFhKdjZsdVRBWFhBWGhVSW40TkpSeXZqeVdCWXVLZW5VUWN4?= =?utf-8?B?ZTdLTExoc1JMbTJGL1lKR0xLTjlXOGYrbkFiZzREdDZnOTJwa0NFWmJpZGdR?= =?utf-8?B?WGNJaElFclJCL2hIWmFEdTNmbHRoenMwTFpzNmlCQ2lmQzBXTDJxci8rdGVD?= =?utf-8?B?b2FVQndlUFRkczEzZVNPaW9CdURhcWlZVnV2b2VldmlnSjArNjBtcVZHMEJN?= =?utf-8?B?eEpLa09wbERMR1RZNEpFOGtzakZaQlFMUlkzeDE5eEdOeW1FY3RwWUNRMitz?= =?utf-8?B?UEVQMkdKZHlGcWVPTmNwMDZFeHRucE1saFZKMWVuTWFUaGQ4U2JUZGUzR1Vm?= =?utf-8?B?R0pNYWs0dm9DTnZHQ09ueFl6QlltcGZtZERvU2VGU3ErVUV2RWh4MHlDL0NO?= =?utf-8?B?aEhjb080MUZqR1krR1VNWlE0Z0dibWlGM0VZelNTUGJJNHFOQVVhM2VFNktU?= =?utf-8?B?dWtJcWtnRkx3alZHV0o3K0o3UDcrVEtsd1duZkJDQ0RVVi9CQTBXdmR1dHF6?= =?utf-8?B?SFFkM2FrRTlOd090RlJjOE1yemI0dFVZZk1Ib1NmR1Biem9YTk9VU0VPKzFT?= =?utf-8?B?aEVSN084M3crRnllOG5hMitDdUh5RGNGL0ZHREhHckpDYWZOQkExQXREdGdG?= =?utf-8?B?UjNheVhvZS9uTUVybFNEbFRyV2tlNzJJcnAzK0NyR0U5SG5OL2xDWHVMc1pu?= =?utf-8?Q?CW1OYWVSbpf3Q5WInvTOyEzxJCX+bJSU?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(3122999012);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?bTRmV1RZZjdId3hwK1U4ZVloeGd2NEJncHd5MnhpQmlNelllWGtlU0ozT1px?= =?utf-8?B?MWN4bzRkbW5KU05ROXg0Zm5nZFdLeHBOakE4UjN4eW1JYnVYcVdQc1Q0TkEr?= =?utf-8?B?NkhwWWNreStJdWNITm5SSzZsS1NPMWRrUUJ4eHpULzJRZFpIK3Q1T3U1VExh?= =?utf-8?B?S1Y0Z1hwOGVZMFAvZ2x0STh3Rk1pYStwa0Q5WEFtb1pNNUMyU1hRVEpseEFD?= =?utf-8?B?WjBleFZsVWF1cTdib2puTVJ4SGM3QkJaYXFmVEFLWTJONWd4cGJ0c1JjcXhz?= =?utf-8?B?L3F5SWZOaExSYzZkb2NqTmdvK2pYdzNDVVlsTnpvOTBEWm1pSU9wb2UxeW9W?= =?utf-8?B?Wmt5WmhuV0Z4Q215SUNrOHRqK212K0xvZHFueTV3QlIzOS9xcitxSk8yR3B2?= =?utf-8?B?Tnc1RjN4QXlTZEtnZFZyWlhZcXlFTW1zNm1HanVPZ2JwWGUwUDRhVEtTbmx0?= =?utf-8?B?OXFJM0ZIdzB2Um9LamJ2dUtoN0owM2R2WE0yTllxZ3Z2NDVCZ2huZFNLcEcr?= =?utf-8?B?Ky9aVlB5SWZaeDhUZ0JqbGgxZG1NcEo0VENERGpaU0JaWkFEYzVSaGlGd2F1?= =?utf-8?B?ckFzSE5zNXdzK2FaaGE0SXd5MHRQYjVmeFRONG1zd05yNnVNa2c4RDZ3UG5w?= =?utf-8?B?UDdISmYrU29TU1A1QWZla0syN1pyZ3gza2RCZ0tUTm1sMStxZTF1dHdlMjdN?= =?utf-8?B?bUtkdFozVkxQc2FvKzF3VTJyWHczcUx2QVI5YU1CU1ZhN0dBSnBkVXMzOTM2?= =?utf-8?B?UlhUbHZFbDFjdm5zTzBjM3lwUHVRYm5sVXFQYnFSb2ZUM0xZL0dLQUZ2aGZ3?= =?utf-8?B?cmRaaHhhb0p1UUcxcHNnOEZKaFJqamR5QVBxMHdKYzRGU0x0VlMzKzgzUkM0?= =?utf-8?B?cFFCek84OE1Xbk5XTGFDNERDWUQ0WmhGejF0MUNqWGIydnpDRTEvK1BWK1B0?= =?utf-8?B?NUR2TmxFMWNjODgzeXE5N3kwdWVlSldRVVlJSU4zckZ2UENkRzQ4U05rZk9I?= =?utf-8?B?TW1wVi9pU3RtQmVrNC95djVpTW9vOUhRRlFiWlJyalVFRXRsQTNGQjJpbDY0?= =?utf-8?B?cjV1U2VtZWViOTI5QXBjdWtIckM1aStobHN2c0ZmcWNyZ3FJb2dCK3FIRGZ3?= =?utf-8?B?bklXam1pUXgxR0VlM2VDMm5LSTJyWG5RMUVLcEJ5MHFpaGVOdVB2SnlvMmdR?= =?utf-8?B?dVFFYjdnSDBXNjdQVDloU2F1V3BENTFvMi9BWFk5NWZTaGdtZ2JQQm9veTlR?= =?utf-8?B?MTdoUitzNWRkY2VzWnhENzBsTjZRQm1jK0xiZm12ekdUTEwrM0lxdE1EaUV5?= =?utf-8?B?OFZqbUkzSkloZjE0R3l2QUhnaXRjNW0zL1hLZ2JTM2xmZEoxSHVGS2NPVkEx?= =?utf-8?B?aVRmaGxQaktMd2xqZVdZbzdTVkEvUVJ6a21mU1BNWkMvMm1oamRINW5RRWZj?= =?utf-8?B?aEVBZDJMc3QrV2wvelFiZUd5K0s3NU8zb2VTZ3BkTWVvRSthWlFjNUlnQmtT?= =?utf-8?B?V1BveW9CQUZOM0tsUDZVcjY4eFJTemRKcGNGN3dyaFV4Tnh5VEJ2aytXbUlD?= =?utf-8?B?c2pjWmtRalhkYTFoYXZEa3ZrM2oyNE91aDFHdDNmZ1RzUlVhMUFsNy91bmxq?= =?utf-8?B?VFNIYk5sZU9vd2d3VEJEdlNObWJUWkIvYTNxbTJ1T0Y1RFhWc2swK1hPMmkw?= =?utf-8?B?djREZjlnOWx2YnhCWWovSlVrNjBXeE5QVzBuMXFaMmtjL3pZTk1MOVhtM0FR?= =?utf-8?B?c3hPdzEzUTVLVXErWGxuVUJRcGY1QWdvSzlYcU5VQWpUTDJkSmpWVUY0OFEy?= =?utf-8?B?MUUvY0JwYnJhTVhEdmduUmNTblNFeVREWnJpdlFEbDRHQWJJNlp6eVlQZkx3?= =?utf-8?B?UHd4TW1WeCtwdFE0aXgzSTFEUGZncmQrSWRENUxKcnNKSU52V1lySFBVbG9O?= =?utf-8?B?NEZVYnJjdXNlWnduVUw4T2pRdHAyWHQvT1pBZWFlU0RtMmtxR0M3akh4MzlT?= =?utf-8?B?QXVWS3diU1ROTEU0dGJsbyt3VkNaRHFKd2dBWC92TmcxVzY1Vy92aTVrNHUy?= =?utf-8?B?aE1kZ2JKeWtsT3AwOUYrU2RiclgwK0JPelV3UEg1Rk9LU000QlFmcGxaSFBr?= =?utf-8?B?Mm5wRHBqUUMraGc1VlNQeGNvblpVcGhFQ0l2U3o5RW41UjFqbmJ5YlBFVEU0?= =?utf-8?B?bGc9PQ==?= X-OriginatorOrg: siemens.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5eb278c8-2c50-4ccb-b052-08de3d80251d X-MS-Exchange-CrossTenant-AuthSource: AS4PR10MB6181.EURPRD10.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Dec 2025 15:22:52.3706 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: nFVX8RTt9ZKuH2Xd/J73mPTL57nerpX5SjnUbPqef9h7jcpveVbmojf3CYYVVpViqFyi7rCzAtvu65cUk6JHYw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA2PR10MB8477 X-Original-Sender: jan.kiszka@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=selector2 header.b=RqEPQ3d9; arc=pass (i=1 spf=pass spfdomain=siemens.com dkim=pass dkdomain=siemens.com dmarc=pass fromdomain=siemens.com); spf=pass (google.com: domain of jan.kiszka@siemens.com designates 2a01:111:f403:c200::1 as permitted sender) smtp.mailfrom=jan.kiszka@siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Jan Kiszka Reply-To: Jan Kiszka Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: yNcJ9ti8YER4 On 12.12.25 11:24, Jan Kiszka wrote: > On 01.12.25 09:58, Felix Moessbauer wrote: >> This patchset adds proper SBOM generation in the two standard formats >> SPDX and CycloneDX during the rootfs generation process. >> >> The generation is itself is handled by a SBOM generator `debsbom` [1] >> which is developed as an open source project at Siemens. It is still >> early in development, but it has enough features for what we require >> in isar. The required dependencies which are not yet available as >> Debian packages were minimally packaged directly in isar too. >> >> This is a followup of the previous RFC [2]. Since then the series has >> changed a lot. The SBOM generation was moved from a simple OE lib to >> `debsbom`. This also meant the introduction of a separate chroot was >> necessary. The SBOM generation process was also moved from the image >> step to the rootfs step, along with a lot of minor changes and >> improvements. >> >> [1] https://github.com/siemens/debsbom >> [2] https://groups.google.com/g/isar-users/c/8L-CF4BJY0I/m/p0N3o_zfAAAJ >> >> Changes since v5: >> >> - fix isar-image-ci on qemuamd64-bullseye (set IMAGER_BOM according to >> machine changes made in image file) >> - rebased onto next >> >> Changes since v4: >> >> - rebased onto next >> - fix race condition on creation of ${DEPLOY_DIR_SBOM} (aka ${DEPLOY_DIR_IMAGE}) >> >> Changes since v3: >> >> - fix issue on external bullseye initramfs (we now disable sbom generation >> on all unsupported distros rootfs instances) >> - update debsbom to v0.4.0 >> - rebased onto next >> >> Changes since v2: >> >> - fix issues when HOST_ARCH != DISTRO_ARCH on derived distributions >> - update debsbom to v0.3.0, which fixes the Origin: bug reported in v2 >> - generate SBOM for imager as well and create merged sbom of .wic image >> - resend imager manifest + wic manifest patches to reduce conflicts >> >> Note, that the patches p1-p5 are most important as they add basic SBOM >> support. The remaining patches address the imager + .wic bom part, >> which also can be merged later on. >> >> Changes since v1: >> >> - remove tarball >> - refactor packaging (auto-derive python dependencies) >> - only build missing packages (varies on bookworm, trixie, noble) >> - add ubuntu support >> - only generate sboms for supported distributions (bookworm/jammy and >> onwards) >> - update debsbom (includes bug fixes and more information for source >> packages) >> >> >> Christoph Steiger (3): >> meta: package python libraries for SBOM generation >> meta: package python3-debsbom >> meta: add SBOM generation with debsbom >> >> Felix Moessbauer (7): >> refactor: move get_rootfs_distro from sdk into rootfs >> override distro vendor in SBOM on Ubuntu >> add support to add imager dependencies to BOM >> wic: create uniform manifest describing all image components >> qemuamd64: add IMAGER_BOM entries >> imager: create SBOM of IMAGER_BOM packages >> wic: create uniform SBOM describing all image components >> >> doc/user_manual.md | 1 + >> meta-isar/conf/distro/ubuntu-common.inc | 2 + >> meta-isar/conf/machine/qemuamd64.conf | 1 + >> .../recipes-core/images/isar-image-ci.bb | 1 + >> meta/classes/image-tools-extension.bbclass | 29 +++++++++ >> meta/classes/image.bbclass | 7 ++ >> meta/classes/imagetypes_wic.bbclass | 30 +++++++++ >> meta/classes/initramfs.bbclass | 3 +- >> meta/classes/rootfs.bbclass | 23 ++++++- >> meta/classes/sbom.bbclass | 65 +++++++++++++++++++ >> meta/classes/sdk.bbclass | 10 +-- >> .../sbom-chroot/sbom-chroot.bb | 30 +++++++++ >> .../python3-beartype/files/rules | 8 +++ >> .../python3-beartype_0.19.0.bb | 29 +++++++++ >> .../files/pybuild.testfiles | 1 + >> .../python3-cyclonedx-lib/files/rules | 8 +++ >> .../python3-cyclonedx-lib_9.1.0.bb | 48 ++++++++++++++ >> ...icense-description-in-pyproject.toml.patch | 28 ++++++++ >> .../python3-debsbom/files/rules | 8 +++ >> .../python3-debsbom/python3-debsbom_0.4.0.bb | 45 +++++++++++++ >> .../python3-packageurl/files/rules | 8 +++ >> .../python3-packageurl_0.16.0.bb | 33 ++++++++++ >> .../python3-py-serializable/files/rules | 8 +++ >> .../python3-py-serializable_2.0.0.bb | 38 +++++++++++ >> .../python3-spdx-tools/files/rules | 25 +++++++ >> .../python3-spdx-tools_0.8.3.bb | 46 +++++++++++++ >> 26 files changed, 524 insertions(+), 11 deletions(-) >> create mode 100644 meta/classes/sbom.bbclass >> create mode 100644 meta/recipes-devtools/sbom-chroot/sbom-chroot.bb >> create mode 100644 meta/recipes-support/python3-beartype/files/rules >> create mode 100644 meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb >> create mode 100644 meta/recipes-support/python3-cyclonedx-lib/files/pybuild.testfiles >> create mode 100644 meta/recipes-support/python3-cyclonedx-lib/files/rules >> create mode 100644 meta/recipes-support/python3-cyclonedx-lib/python3-cyclonedx-lib_9.1.0.bb >> create mode 100644 meta/recipes-support/python3-debsbom/files/0001-Use-old-license-description-in-pyproject.toml.patch >> create mode 100644 meta/recipes-support/python3-debsbom/files/rules >> create mode 100644 meta/recipes-support/python3-debsbom/python3-debsbom_0.4.0.bb >> create mode 100644 meta/recipes-support/python3-packageurl/files/rules >> create mode 100644 meta/recipes-support/python3-packageurl/python3-packageurl_0.16.0.bb >> create mode 100644 meta/recipes-support/python3-py-serializable/files/rules >> create mode 100644 meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb >> create mode 100644 meta/recipes-support/python3-spdx-tools/files/rules >> create mode 100644 meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb >> > > Can we please make sbom generation opt-in for distros that require > building the tool with all its dependencies manually? It's those extra > package targets that are only interesting if you plan to ship, not so > much while you are developing. At least I now know (and practice is xenomai-images) how to opt-out: ROOTFS_FEATURES:remove = "generate-sbom" e.g. in your image recipe. Would still be good to flip the default. Jan -- Siemens AG, Foundational Technologies Linux Expert Center -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/3a94e788-0998-47f8-a200-c8e2af99b002%40siemens.com.