From: Zhihang Wei <wzh@ilbers.de>
To: Felix Moessbauer <felix.moessbauer@siemens.com>,
isar-users@googlegroups.com
Cc: christoph.steiger@siemens.com, cedric.hombourger@siemens.com,
jan.kiszka@siemens.com
Subject: Re: [PATCH v3 00/10] Add SBOM generation with debsbom
Date: Mon, 3 Nov 2025 16:33:16 +0100 [thread overview]
Message-ID: <b9ad7124-339c-4701-b99e-09b0c02f428e@ilbers.de> (raw)
In-Reply-To: <20251022153921.2494749-1-felix.moessbauer@siemens.com>
Hi,
there is an error on full CI, when building
'mc:qemuamd64-bullseye:isar-initramfs':
Log follows:
ERROR: Logfile of failure stored in:
/work/build/tmp/work/debian-bullseye-amd64/python3-spdx-tools/0.8.3-r0/temp/log.do_dpkg_build.76846
......
The following packages have unmet dependencies:
sbuild-build-depends-main-dummy : Depends: python3-beartype but it is
not installable
Depends: python3-license-expression
but it is not installable
E: Unable to correct problems, you have held broken packages.
apt-get failed.
E: Package installation failed
Not removing build depends: cloned chroot in use
Reading package lists...
Building dependency tree...
Reading state information...
sbuild-build-depends-main-dummy:amd64 Depends on
python3-beartype:amd64 < none @un H > can't be satisfied!
Starting pkgProblemResolver with broken count: 1
Starting 2 pkgProblemResolver with broken count: 1
Investigating (0) sbuild-build-depends-main-dummy:amd64 < none ->
0.invalid.0 @un puN Ib >
Broken sbuild-build-depends-main-dummy:amd64 Depends on dh-python:amd64
< none | 4.20201102+nmu1 @un uH >
Considering dh-python:amd64 1 as a solution to
sbuild-build-depends-main-dummy:amd64 10000
Re-Instated python3-lib2to3:amd64
Re-Instated python3-distutils:amd64
Re-Instated dh-python:amd64
Broken sbuild-build-depends-main-dummy:amd64 Depends on
python3-all:amd64 < none | 3.9.2-3 @un uH >
Considering python3-all:amd64 1 as a solution to
sbuild-build-depends-main-dummy:amd64 10000
Re-Instated python3-all:amd64
Broken sbuild-build-depends-main-dummy:amd64 Depends on
python3-setuptools:amd64 < none | 52.0.0-4+deb11u2 @un uH >
Considering python3-setuptools:amd64 1 as a solution to
sbuild-build-depends-main-dummy:amd64 10000
Re-Instated python3-pkg-resources:amd64
Re-Instated python3-setuptools:amd64
Broken sbuild-build-depends-main-dummy:amd64 Depends on
python3-beartype:amd64 < none @un H >
Broken sbuild-build-depends-main-dummy:amd64 Depends on
python3-semantic-version:amd64 < none | 2.8.5-1 @un uH >
Considering python3-semantic-version:amd64 1 as a solution to
sbuild-build-depends-main-dummy:amd64 10000
Re-Instated python3-semantic-version:amd64
Broken sbuild-build-depends-main-dummy:amd64 Depends on
python3-license-expression:amd64 < none @un H >
Broken sbuild-build-depends-main-dummy:amd64 Depends on
python3-rdflib:amd64 < none | 5.0.0-1.1 @un uH >
Considering python3-rdflib:amd64 1 as a solution to
sbuild-build-depends-main-dummy:amd64 10000
Re-Instated python3-six:amd64
Re-Instated python3-isodate:amd64
Re-Instated python3-pyparsing:amd64
Re-Instated python3-rdflib:amd64
Broken sbuild-build-depends-main-dummy:amd64 Depends on
python3-uritools:amd64 < none | 3.0.0-2 @un uH >
Considering python3-uritools:amd64 1 as a solution to
sbuild-build-depends-main-dummy:amd64 10000
Re-Instated libjs-jquery:amd64
Re-Instated libjs-underscore:amd64
Re-Instated libjs-sphinxdoc:amd64
Re-Instated python3-uritools:amd64
Broken sbuild-build-depends-main-dummy:amd64 Depends on
python3-ply:amd64 < none | 3.11-4 @un uH >
Considering python3-ply:amd64 1 as a solution to
sbuild-build-depends-main-dummy:amd64 10000
Re-Instated python3-ply:amd64
Broken sbuild-build-depends-main-dummy:amd64 Depends on
python3-click:amd64 < none | 7.1.2-1 @un uH >
Considering python3-click:amd64 1 as a solution to
sbuild-build-depends-main-dummy:amd64 10000
Re-Instated python3-colorama:amd64
Re-Instated python3-click:amd64
Broken sbuild-build-depends-main-dummy:amd64 Depends on
python3-xmltodict:amd64 < none | 0.12.0-2 @un uH >
Considering python3-xmltodict:amd64 1 as a solution to
sbuild-build-depends-main-dummy:amd64 10000
Re-Instated python3-xmltodict:amd64
Broken sbuild-build-depends-main-dummy:amd64 Depends on
python3-yaml:amd64 < none | 5.3.1-5 @un uH >
Considering python3-yaml:amd64 1 as a solution to
sbuild-build-depends-main-dummy:amd64 10000
Re-Instated libyaml-0-2:amd64
Re-Instated python3-yaml:amd64
Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
sbuild-build-depends-main-dummy : Depends: python3-beartype but it is
not installable
Depends: python3-license-expression
but it is not installable
E: Unable to correct problems, you have held broken packages.
apt-get failed.
You can redo the test on your machine using avocado:
1. Have a clean clone of isar, checkout to branch next and apply your
patches:
$ git clone -b next https://github.com/ilbers/isar.git
$ cd isar
$ git am /path-to/0001-my-contribution-to-isar.patch
2. Disable several unrelated targets to make error appears faster, by
applying
the following diff:
diff --git a/testsuite/citest.py b/testsuite/citest.py
index a1214e9c..ec8115af 100755
--- a/testsuite/citest.py
+++ b/testsuite/citest.py
@@ -319,36 +319,7 @@ class NoCrossTest(CIBaseTest):
def test_nocross(self):
targets = [
- 'mc:qemuarm-buster:isar-image-ci',
- 'mc:qemuarm-bullseye:isar-image-base',
- 'mc:qemuarm64-bullseye:isar-image-base',
- 'mc:qemuarm64-bookworm:isar-image-ci',
- 'mc:qemui386-buster:isar-image-base',
- 'mc:qemui386-bullseye:isar-image-base',
- 'mc:qemuamd64-buster:isar-image-ci',
'mc:qemuamd64-bullseye:isar-initramfs',
- 'mc:qemumipsel-bullseye:isar-image-base',
- 'mc:imx6-sabrelite-bullseye:isar-image-base',
- 'mc:phyboard-mira-bullseye:isar-image-base',
- 'mc:hikey-bullseye:isar-image-base',
- 'mc:virtualbox-bullseye:isar-image-base',
- 'mc:virtualbox-bookworm:isar-image-base',
- 'mc:bananapi-bullseye:isar-image-base',
- 'mc:bananapi-bookworm:isar-image-base',
- 'mc:nanopi-neo-bullseye:isar-image-base',
- 'mc:nanopi-neo-bookworm:isar-image-base',
- 'mc:qemuamd64-focal:isar-image-ci',
- 'mc:qemuamd64-bookworm:isar-image-ci',
- 'mc:qemuamd64-iso-bookworm:isar-image-ci',
- 'mc:qemui386-bookworm:isar-image-base',
- 'mc:qemumipsel-bookworm:isar-image-ci',
- 'mc:hikey-bookworm:isar-image-base',
- 'mc:beagleplay-bookworm:isar-image-base',
- 'mc:qemuarm64-noble:isar-image-base',
- 'mc:qemuamd64-noble:isar-image-base',
- 'mc:qemuamd64-jammy:isar-image-base',
- 'mc:qemuarm64-jammy:isar-image-base',
- 'mc:x86-pc-bookworm:isar-image-base',
]
self.init()
3.Run kas shell, setup CI prerequisites (avocado, qemu) and cleanup:
$ ./kas/kas-container shell kas/isar.yaml --command \
"rm -rf /work/build/conf && /work/scripts/ci_setup.sh"
4.Run the failed test:
$ cd /work/testsuite
$ avocado run citest.py:NoCrossTest.test_nocross$
Best regards,
Zhihang
On 10/22/25 17:39, 'Felix Moessbauer' via isar-users wrote:
> This patchset adds proper SBOM generation in the two standard formats
> SPDX and CycloneDX during the rootfs generation process.
>
> The generation is itself is handled by a SBOM generator `debsbom` [1]
> which is developed as an open source project at Siemens. It is still
> early in development, but it has enough features for what we require
> in isar. The required dependencies which are not yet available as
> Debian packages were minimally packaged directly in isar too.
>
> This is a followup of the previous RFC [2]. Since then the series has
> changed a lot. The SBOM generation was moved from a simple OE lib to
> `debsbom`. This also meant the introduction of a separate chroot was
> necessary. The SBOM generation process was also moved from the image
> step to the rootfs step, along with a lot of minor changes and
> improvements.
>
> [1] https://github.com/siemens/debsbom
> [2] https://groups.google.com/g/isar-users/c/8L-CF4BJY0I/m/p0N3o_zfAAAJ
>
> Changes since v2:
>
> - fix issues when HOST_ARCH != DISTRO_ARCH on derived distributions
> - update debsbom to v0.3.0, which fixes the Origin: bug reported in v2
> - generate SBOM for imager as well and create merged sbom of .wic image
> - resend imager manifest + wic manifest patches to reduce conflicts
>
> Note, that the patches p1-p5 are most important as they add basic SBOM
> support. The remaining patches address the imager + .wic bom part,
> which also can be merged later on.
>
> Changes since v1:
>
> - remove tarball
> - refactor packaging (auto-derive python dependencies)
> - only build missing packages (varies on bookworm, trixie, noble)
> - add ubuntu support
> - only generate sboms for supported distributions (bookworm/jammy and
> onwards)
> - update debsbom (includes bug fixes and more information for source
> packages)
>
> Christoph Steiger (3):
> meta: package python libraries for SBOM generation
> meta: package python3-debsbom
> meta: add SBOM generation with debsbom
>
> Felix Moessbauer (7):
> refactor: move get_rootfs_distro from sdk into rootfs
> override distro vendor in SBOM on Ubuntu
> add support to add imager dependencies to BOM
> wic: create uniform manifest describing all image components
> qemuamd64: add IMAGER_BOM entries
> imager: create SBOM of IMAGER_BOM packages
> wic: create uniform SBOM describing all image components
>
> doc/user_manual.md | 1 +
> meta-isar/conf/distro/ubuntu-common.inc | 2 +
> meta-isar/conf/machine/qemuamd64.conf | 1 +
> meta/classes/image-tools-extension.bbclass | 29 +++++++++
> meta/classes/image.bbclass | 14 +++-
> meta/classes/imagetypes_wic.bbclass | 30 +++++++++
> meta/classes/initramfs.bbclass | 3 +-
> meta/classes/rootfs.bbclass | 16 ++++-
> meta/classes/sbom.bbclass | 64 +++++++++++++++++++
> meta/classes/sdk.bbclass | 10 +--
> .../sbom-chroot/sbom-chroot.bb | 30 +++++++++
> .../python3-beartype/files/rules | 8 +++
> .../python3-beartype_0.19.0.bb | 29 +++++++++
> .../files/pybuild.testfiles | 1 +
> .../python3-cyclonedx-lib/files/rules | 8 +++
> .../python3-cyclonedx-lib_9.1.0.bb | 48 ++++++++++++++
> ...icense-description-in-pyproject.toml.patch | 28 ++++++++
> .../python3-debsbom/files/rules | 8 +++
> .../python3-debsbom/python3-debsbom_0.3.0.bb | 45 +++++++++++++
> .../python3-packageurl/files/rules | 8 +++
> .../python3-packageurl_0.16.0.bb | 33 ++++++++++
> .../python3-py-serializable/files/rules | 8 +++
> .../python3-py-serializable_2.0.0.bb | 38 +++++++++++
> .../python3-spdx-tools/files/rules | 25 ++++++++
> .../python3-spdx-tools_0.8.3.bb | 46 +++++++++++++
> 25 files changed, 521 insertions(+), 12 deletions(-)
> create mode 100644 meta/classes/sbom.bbclass
> create mode 100644 meta/recipes-devtools/sbom-chroot/sbom-chroot.bb
> create mode 100644 meta/recipes-support/python3-beartype/files/rules
> create mode 100644 meta/recipes-support/python3-beartype/python3-beartype_0.19.0.bb
> create mode 100644 meta/recipes-support/python3-cyclonedx-lib/files/pybuild.testfiles
> create mode 100644 meta/recipes-support/python3-cyclonedx-lib/files/rules
> create mode 100644 meta/recipes-support/python3-cyclonedx-lib/python3-cyclonedx-lib_9.1.0.bb
> create mode 100644 meta/recipes-support/python3-debsbom/files/0001-Use-old-license-description-in-pyproject.toml.patch
> create mode 100644 meta/recipes-support/python3-debsbom/files/rules
> create mode 100644 meta/recipes-support/python3-debsbom/python3-debsbom_0.3.0.bb
> create mode 100644 meta/recipes-support/python3-packageurl/files/rules
> create mode 100644 meta/recipes-support/python3-packageurl/python3-packageurl_0.16.0.bb
> create mode 100644 meta/recipes-support/python3-py-serializable/files/rules
> create mode 100644 meta/recipes-support/python3-py-serializable/python3-py-serializable_2.0.0.bb
> create mode 100644 meta/recipes-support/python3-spdx-tools/files/rules
> create mode 100644 meta/recipes-support/python3-spdx-tools/python3-spdx-tools_0.8.3.bb
>
--
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/b9ad7124-339c-4701-b99e-09b0c02f428e%40ilbers.de.
prev parent reply other threads:[~2025-11-03 15:33 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-22 15:39 'Felix Moessbauer' via isar-users
2025-10-22 15:39 ` [PATCH v3 01/10] refactor: move get_rootfs_distro from sdk into rootfs 'Felix Moessbauer' via isar-users
2025-10-22 15:39 ` [PATCH v3 02/10] meta: package python libraries for SBOM generation 'Felix Moessbauer' via isar-users
2025-10-22 15:39 ` [PATCH v3 03/10] meta: package python3-debsbom 'Felix Moessbauer' via isar-users
2025-10-22 15:39 ` [PATCH v3 04/10] meta: add SBOM generation with debsbom 'Felix Moessbauer' via isar-users
2025-10-22 15:39 ` [PATCH v3 05/10] override distro vendor in SBOM on Ubuntu 'Felix Moessbauer' via isar-users
2025-10-22 15:39 ` [PATCH v3 06/10] add support to add imager dependencies to BOM 'Felix Moessbauer' via isar-users
2025-10-22 15:39 ` [PATCH v3 07/10] wic: create uniform manifest describing all image components 'Felix Moessbauer' via isar-users
2025-10-22 15:39 ` [PATCH v3 08/10] qemuamd64: add IMAGER_BOM entries 'Felix Moessbauer' via isar-users
2025-10-22 15:39 ` [PATCH v3 09/10] imager: create SBOM of IMAGER_BOM packages 'Felix Moessbauer' via isar-users
2025-10-22 15:39 ` [PATCH v3 10/10] wic: create uniform SBOM describing all image components 'Felix Moessbauer' via isar-users
2025-10-24 8:33 ` [PATCH v3 00/10] Add SBOM generation with debsbom 'Bouska, Zdenek' via isar-users
2025-10-24 8:59 ` 'MOESSBAUER, Felix' via isar-users
2025-10-24 9:37 ` 'Bouska, Zdenek' via isar-users
2025-10-24 10:02 ` 'MOESSBAUER, Felix' via isar-users
2025-10-27 7:54 ` 'Bouska, Zdenek' via isar-users
2025-10-27 9:24 ` 'MOESSBAUER, Felix' via isar-users
2025-11-03 15:33 ` Zhihang Wei [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b9ad7124-339c-4701-b99e-09b0c02f428e@ilbers.de \
--to=wzh@ilbers.de \
--cc=cedric.hombourger@siemens.com \
--cc=christoph.steiger@siemens.com \
--cc=felix.moessbauer@siemens.com \
--cc=isar-users@googlegroups.com \
--cc=jan.kiszka@siemens.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox