From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Wed, 19 Nov 2025 17:59:09 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-lf1-f64.google.com (mail-lf1-f64.google.com [209.85.167.64]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 5AJGx5DV005218 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 19 Nov 2025 17:59:05 +0100 Received: by mail-lf1-f64.google.com with SMTP id 2adb3069b0e04-5944b3cb6fcsf5624623e87.2 for ; Wed, 19 Nov 2025 08:59:05 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1763571539; cv=pass; d=google.com; s=arc-20240605; b=EzB57syGEo4nsN3OwjNKeQWYwIT8oL66D93yzGsP+JA4s5LTHwYzoYCw7ktyWSSuFa B9WELP4xGR2+O7qNUhrC/yvjBAUbu+Kv1UzGCgDwwTVY7h8qxdXyfJONgCkW9yUZQS1d LGUY6fWg7VGG4v9U9luARqIMNgB7dj3FBKjRU0YEx9dXoDH3i7SQCaoIigNWAVS2X0ka J9z3QUNY1gCkCqYQdSjoGDShnoHsmIj6fUSKu+4WqCOMEtkwRk12tTEnO44Ipl3BCsDu AmdmQ1jZLfHrRfdULatiL5pzBEk7pLvtf6I4vndrG6uu+gwDuQR4tVeIpt1pk2G0fpIc /Qfw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:content-transfer-encoding :in-reply-to:from:content-language:references:cc:to:subject :user-agent:mime-version:date:message-id:sender:dkim-signature; bh=xMy/9ByQ3bdz/kDfUrTv3ABc/luPQWLZANJvQqYcfTo=; fh=FiGnOeZ3t+DIXpe/g4nzCpLI/FBNmpkf354zYxEh1F4=; b=KRVXsSnHSBBGZyW2WVjMgdow+wugLvIWzVRt47BjBuBFf6JWpw+GZQxeZGRLu7Mr5T lge2GT21g5XKNnmZBL38ac50zoUXb9+aKrXg04BAfmNJD0d5ttBZLlPKcs6c6vvFBN0F 7E9DfmO/AyIMWzWrCfDx13vxJhFRsKdfwNZP6ZaOMloqSFogm/rjEyP5q0uJzNgoVy78 aD3oQqCX6sdPiquRYdwroXaRgtIADJiCY9452pIv2pfRt+30y7WZmQldccvExOk7jllS q87uZWHPYd2qA9U3F5S8KDGZBZBO6QEAznOW+0HNXhuwcIIqaL+Qo/B7hNmdWEuGhvT0 jrcg==; darn=ilbers.de ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of wzh@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=wzh@ilbers.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1763571539; x=1764176339; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:content-transfer-encoding:in-reply-to:from :content-language:references:cc:to:subject:user-agent:mime-version :date:message-id:sender:from:to:cc:subject:date:message-id:reply-to; bh=xMy/9ByQ3bdz/kDfUrTv3ABc/luPQWLZANJvQqYcfTo=; b=c+SkulLobS59BnuKwA4hJPrtMQjULLKQfGE8YyWPgLndYN9B1NiZujfgC2yjPrKSDF NXhFciukJ1Fee/laCBaljm9ju8u1g1zjwT0oyqYG/xpHxI5/RRN7bSiLQAjT9rik4Me6 6Y+rrmwb91r16cyK20g05V/zdQ7WBQDWR7Q8zsSGK4snx8fuH0T+LUH7TGHFgzF3Sm+u 1hEqu/7Sb4+OW66FVIT9ddSAOD3HmvKR5/tldzxJEYpIMcuLVuzldaXzBJcAJkOfdI7k hWKtghhc7Nsxv0fjJqqaemxdt51miBJeeZtPN7sa+DdNSiG/URVMOVhJJPU6kci4++/Y +jhQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763571539; x=1764176339; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence :x-original-authentication-results:x-original-sender :content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id :x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=xMy/9ByQ3bdz/kDfUrTv3ABc/luPQWLZANJvQqYcfTo=; b=wht1+06wfrv3pYFE1XcWwepw7D4XGqMLN8+aiuJM5QgVzi/344nPdBpJceX+kkUNLX Hs7gGHisVfJKfAHBAUmhhl+N29YJE1KCKBOR9/grG1gZx3uk9uDLlSoHi8VCHOP0sDB2 NswU/QpnSqIozU5PbQcahs1lVGA2GCqhs14zCb3T2B1JmUXJVuL9Bm2QScMak6mNVVk5 L7QFYMRpUE7F3ft01CZugn9jFcRxXHitYgHSanqyODSd2hYATn+MLu+GQI5yyeaDhli2 p1t/d/WdxxeXljAq3k8vxJf/VzSO0t2sNf9+LtOtYFOPSgrBZIA3d4f+hVgR15ZExjdq long== Sender: isar-users@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCV0BrGubVM91p/cN2tHLdFdwHW2GF0ur5KjF173oHyzxJ2xZLk+wHECnXHuG80SZyoChVYp@ilbers.de X-Gm-Message-State: AOJu0YxleEAr7ZDhAbZt1zXqu3k+OMXpQ49mTdGBtmi+KPi58bE7NmZW N9p+GEAvxFuC00fxPD6FmChvg2wUdOaYPtpRzXdEz7WJKglCcFdTkN9s X-Google-Smtp-Source: AGHT+IFPoXiRbS38R+kkpv9XFSJsvsp4qi2dSXjI0xpzHGBm1W9V77c8gwbskUliG7PPNTCHTMz9Og== X-Received: by 2002:a05:6512:3054:b0:591:c898:e82b with SMTP id 2adb3069b0e04-595841eed9dmr7655576e87.8.1763571539096; Wed, 19 Nov 2025 08:58:59 -0800 (PST) X-BeenThere: isar-users@googlegroups.com; h="Ae8XA+bcXjDKqSiF6p0aGXju9n9XkjTQT2uf9Txdgs01BWDSJA==" Received: by 2002:ac2:5695:0:b0:595:9984:8ca9 with SMTP id 2adb3069b0e04-59599848d10ls141246e87.1.-pod-prod-07-eu; Wed, 19 Nov 2025 08:58:56 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCUhUxbYvTgsDb5b5RKtAEAx2+OmxFjfAwRnZw/Vrhlj6jc+rFd4KTecXyMaEYDGTyAgcyiYCahMjUuw@googlegroups.com X-Received: by 2002:a05:6512:3b29:b0:57e:c91a:44be with SMTP id 2adb3069b0e04-595841eee43mr6180089e87.9.1763571536219; Wed, 19 Nov 2025 08:58:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1763571536; cv=none; d=google.com; s=arc-20240605; b=KT/jaKHZYOGSkOoeMLpzmO/0bs6/5Bhe1m9OyJI6Fsy6zddyW8x02VX4N4JascGMEu WK2baF67ctrGw51QsGKo9CrODN04YHog44uYS1nHuMabnD54An0u2/cHMwFpelE9owHQ 6RYu/zpQznYBKvnQ3qmBgYGOhw1y7PalzHQNxfMk+aGlyVqp9SkyE1PcU/VCvFNMINDm jjwU6iHhTV39Nf4j8z/gBN1hTdlN4B58/xm1fccrHgr6RHz2jSII9Mn3P7LzOI3n61vz Q1d7AMqoVAnzHrz1TZwdHwJGv/w3NGqTVQY7GJAgo2xXfP1EMwvzZUOBnSfaF6nBdI/Z 1gOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:user-agent:mime-version:date:message-id; bh=h2V35zs/dXm+0y1eDiZDzRAZGUf6RwR/QI+MAouJZaE=; fh=FT712DOVxz33jy+Ux5qxNQ/w8Qan2G7/y/KXgc7oIHM=; b=NBsQCmlVfgQ+a4xF+n4i6xRDelxW7wjHjx6cyo8vdPtOgmrnYMlJTxW2XlpjOhr/8j 0LtWd22AQsiymciBbD9+Ju5Un3q3hY+a08pcj53SgFWxwlR2SX7D9yt+dyLnrlieReEW e/87TPeb2O6Hxs4TN5wxJ2630Quj6BJFqHkhw9e0CIONx82Kdwke/lvkzIN4kjdkrr+D Is6RYTtmlqeRwFy0OI+7djuAofAx6iexyprlO2TCBV9kzlRO+1BzkRq9o63g9XhJpdPA d5x55p1Xb2L/BGLKVu6ULpx8YeLusFT8fr2/WkziD6kg+6bdeMILkZRW4+RC78YYi+D4 8Zqw==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of wzh@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=wzh@ilbers.de Received: from shymkent.ilbers.de (shymkent.ilbers.de. [85.214.156.166]) by gmr-mx.google.com with ESMTPS id 2adb3069b0e04-595803dc553si469779e87.7.2025.11.19.08.58.55 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Wed, 19 Nov 2025 08:58:56 -0800 (PST) Received-SPF: pass (google.com: domain of wzh@ilbers.de designates 85.214.156.166 as permitted sender) client-ip=85.214.156.166; Received: from [192.168.178.117] ([88.130.203.42]) (authenticated bits=0) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPSA id 5AJGws6c005208 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 19 Nov 2025 17:58:54 +0100 Message-ID: Date: Wed, 19 Nov 2025 17:58:55 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v4 04/10] meta: add SBOM generation with debsbom To: Quirin Gylstorff , isar-users@googlegroups.com Cc: Felix Moessbauer References: <20251117132436.511686-1-felix.moessbauer@siemens.com> <20251117132436.511686-5-felix.moessbauer@siemens.com> <3e82b347-3151-414f-9eb8-dd63108294f7@siemens.com> Content-Language: en-US From: Zhihang Wei In-Reply-To: <3e82b347-3151-414f-9eb8-dd63108294f7@siemens.com> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-4.6 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2, RCVD_IN_RP_CERTIFIED,RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-Original-Sender: wzh@ilbers.de X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of wzh@ilbers.de designates 85.214.156.166 as permitted sender) smtp.mailfrom=wzh@ilbers.de Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-TUID: 24BAJDfhvaVo On 11/19/25 16:54, 'Quirin Gylstorff' via isar-users wrote: > > > On 11/17/25 14:24, 'Felix Moessbauer' via isar-users wrote: >> From: Christoph Steiger >> >> Generate SBOMs for every rootfs that is created. These SBOMs are placed >> in the image deploy directory. >> >> For the generation a small chroot with debsbom installed is created and >> from that the rootfs of the image is scanned. >> >> The sbom generation is bound to the rootfs feature `generate-sbom` >> which is activated per default now. >> >> Signed-off-by: Christoph Steiger >> Signed-off-by: Felix Moessbauer >> --- >> =C2=A0 meta/classes/image.bbclass=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= |=C2=A0 1 + >> =C2=A0 meta/classes/initramfs.bbclass=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 |=C2=A0 3 +- >> =C2=A0 meta/classes/rootfs.bbclass=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 | = 14 +++- >> =C2=A0 meta/classes/sbom.bbclass=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0 | 64 +++++++++++++++++++ >> =C2=A0 meta/classes/sdk.bbclass=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0= =C2=A0=C2=A0 |=C2=A0 2 +- >> =C2=A0 .../sbom-chroot/sbom-chroot.bb=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2= =A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 | 30 +++++++++ >> =C2=A0 6 files changed, 111 insertions(+), 3 deletions(-) >> =C2=A0 create mode 100644 meta/classes/sbom.bbclass >> =C2=A0 create mode 100644 meta/recipes-devtools/sbom-chroot/sbom-chroot.= bb >> >> diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass >> index 1fa71c17..29324920 100644 >> --- a/meta/classes/image.bbclass >> +++ b/meta/classes/image.bbclass >> @@ -99,6 +99,7 @@ ROOTFS_FEATURES +=3D "\ >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 clean-log-files \ >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 clean-debconf-cache \ >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 populate-systemd-preset \ >> +=C2=A0=C2=A0=C2=A0 generate-sbom \ >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 " >> =C2=A0 ROOTFS_PACKAGES +=3D "${IMAGE_PREINSTALL}=20 >> ${@isar_multiarch_packages('IMAGE_INSTALL', d)}" >> =C2=A0 ROOTFS_MANIFEST_DEPLOY_DIR ?=3D "${DEPLOY_DIR_IMAGE}" >> diff --git a/meta/classes/initramfs.bbclass=20 >> b/meta/classes/initramfs.bbclass >> index 862bd873..570780e1 100644 >> --- a/meta/classes/initramfs.bbclass >> +++ b/meta/classes/initramfs.bbclass >> @@ -22,11 +22,12 @@ INITRAMFS_FULLNAME =3D "${PN}-${DISTRO}-${MACHINE}" >> =C2=A0 # Bill-of-material >> =C2=A0 ROOTFS_MANIFEST_DEPLOY_DIR =3D "${DEPLOY_DIR_IMAGE}" >> =C2=A0 ROOTFS_PACKAGE_SUFFIX =3D "${INITRAMFS_FULLNAME}" >> +SBOM_DISTRO_NAME:append =3D "-initramfs" >> =C2=A0 =C2=A0 DEPENDS +=3D "${INITRAMFS_INSTALL}" >> =C2=A0 =C2=A0 ROOTFSDIR =3D "${INITRAMFS_ROOTFS}" >> -ROOTFS_FEATURES =3D "generate-manifest" >> +ROOTFS_FEATURES =3D "generate-manifest generate-sbom" >> =C2=A0 ROOTFS_PACKAGES =3D "${INITRAMFS_GENERATOR_PKG}=20 >> ${INITRAMFS_PREINSTALL} ${INITRAMFS_INSTALL}" >> =C2=A0 =C2=A0 # validate if have incompatible packages in the installati= on list >> diff --git a/meta/classes/rootfs.bbclass b/meta/classes/rootfs.bbclass >> index c045bfc0..b3ca9e16 100644 >> --- a/meta/classes/rootfs.bbclass >> +++ b/meta/classes/rootfs.bbclass >> @@ -3,6 +3,8 @@ >> =C2=A0 =C2=A0 inherit deb-dl-dir >> =C2=A0 +inherit sbom >> + >> =C2=A0 ROOTFS_ARCH ?=3D "${DISTRO_ARCH}" >> =C2=A0 ROOTFS_DISTRO ?=3D "${DISTRO}" >> =C2=A0 @@ -28,11 +30,18 @@ INITRD_IMAGE ?=3D "" >> =C2=A0 # available features are: >> =C2=A0 # 'clean-package-cache' - delete package cache from rootfs >> =C2=A0 # 'generate-manifest' - generate a package manifest of the rootfs= =20 >> into ${ROOTFS_MANIFEST_DEPLOY_DIR} >> +# 'generate-sbom' - generate a SBOM of the rootfs into=20 >> ${DEPLOY_DIR_SBOM} >> =C2=A0 # 'export-dpkg-status' - exports /var/lib/dpkg/status file to=20 >> ${ROOTFS_DPKGSTATUS_DEPLOY_DIR} >> =C2=A0 # 'clean-log-files' - delete log files that are not owned by pack= ages >> =C2=A0 # 'populate-systemd-preset' - enable systemd units according to= =20 >> systemd presets >> + >> =C2=A0 # 'generate-initrd' - generate debian default initrd >> =C2=A0 ROOTFS_FEATURES +=3D "${@ 'generate-initrd' if=20 >> d.getVar('INITRD_IMAGE') =3D=3D '' else ''}" >> +# only supported from bookworm / jammy on >> +ROOTFS_FEATURES:remove:buster =3D "generate-sbom" >> +ROOTFS_FEATURES:remove:bullseye =3D "generate-sbom" >> +ROOTFS_FEATURES:remove:jammy =3D "generate-sbom" >> +ROOTFS_FEATURES:remove:focal =3D "generate-sbom" >> =C2=A0 =C2=A0 ROOTFS_APT_ARGS=3D"install --yes -o Debug::pkgProblemResol= ver=3Dyes" >> =C2=A0 @@ -478,6 +487,9 @@ cache_dbg_pkgs() { >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 fi >> =C2=A0 } >> =C2=A0 +# The sbom generator needs the apt-cache, hence run before=20 >> cleaning it >> +ROOTFS_POSTPROCESS_COMMAND +=3D=20 >> "${@bb.utils.contains('ROOTFS_FEATURES', 'generate-sbom',=20 >> 'do_generate_sbom', '', d)}" >> + >> =C2=A0 ROOTFS_POSTPROCESS_COMMAND +=3D=20 >> "${@bb.utils.contains('ROOTFS_FEATURES', 'clean-package-cache',=20 >> 'rootfs_postprocess_clean_package_cache', '', d)}" >> =C2=A0 rootfs_postprocess_clean_package_cache() { >> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 sudo -E chroot '${ROOTFSDIR}' \ >> @@ -647,7 +659,7 @@ python do_rootfs() { >> =C2=A0 } >> =C2=A0 addtask rootfs before do_build >> =C2=A0 -do_rootfs_postprocess[depends] =3D "base-apt:do_cache=20 >> isar-apt:do_cache_config" >> +do_rootfs_postprocess[depends] =3D "base-apt:do_cache=20 >> isar-apt:do_cache_config ${@bb.utils.contains('ROOTFS_FEATURES',=20 >> 'generate-sbom', 'sbom-chroot:do_sbomchroot_deploy', '', d)}" >> =C2=A0 =C2=A0 SSTATETASKS +=3D "do_rootfs_install" >> =C2=A0 SSTATECREATEFUNCS +=3D "rootfs_install_sstate_prepare" >> diff --git a/meta/classes/sbom.bbclass b/meta/classes/sbom.bbclass >> new file mode 100644 >> index 00000000..fd41296c >> --- /dev/null >> +++ b/meta/classes/sbom.bbclass >> @@ -0,0 +1,64 @@ >> +# This software is a part of ISAR. >> +# Copyright (C) 2025 Siemens >> +# >> +# SPDX-License-Identifier: MIT >> + >> +# sbom type to generate, accepted are "cdx" or "spdx" >> +SBOM_TYPES ?=3D "spdx cdx" >> + >> +SBOM_DEBSBOM_TYPE_ARGS =3D "${@"-t " + " -t=20 >> ".join(d.getVar("SBOM_TYPES").split())}" >> + >> +# general user variables >> +SBOM_DISTRO_SUPPLIER ?=3D "ISAR" >> +SBOM_DISTRO_NAME ?=3D "ISAR-Debian-GNU-Linux" >> +SBOM_DISTRO_VERSION ?=3D "1" >> +SBOM_DISTRO_SUMMARY ?=3D "Linux distribution built with ISAR" >> +SBOM_BASE_DISTRO_VENDOR ??=3D "debian" >> +SBOM_DOCUMENT_UUID ?=3D "" >> + >> +# SPDX specific user variables >> +SBOM_SPDX_NAMESPACE_PREFIX ?=3D "https://spdx.org/spdxdocs" >> + >> +DEPLOY_DIR_SBOM =3D "${DEPLOY_DIR_IMAGE}" >> + >> +SBOM_DIR =3D "${DEPLOY_DIR}/sbom" >> +SBOM_CHROOT =3D "${SBOM_DIR}/sbom-chroot" >> + >> +# adapted from the isar-cip-core image_uuid.bbclass >> +def generate_document_uuid(d, warn_not_repr=3DTrue): >> +=C2=A0=C2=A0=C2=A0 import uuid >> + >> +=C2=A0=C2=A0=C2=A0 base_hash =3D d.getVar("BB_TASKHASH") >> +=C2=A0=C2=A0=C2=A0 if base_hash is None: >> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 if warn_not_repr: >> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 bb.w= arn("no BB_TASKHASH available, SBOM UUID is not=20 >> reproducible") >> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 return uuid.uuid4() >> +=C2=A0=C2=A0=C2=A0 return str(uuid.UUID(base_hash[:32], version=3D4)) >> + >> +def sbom_doc_uuid(d): >> +=C2=A0=C2=A0=C2=A0 if not d.getVar("SBOM_DOCUMENT_UUID"): >> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 d.setVar("SBOM_DOCUMENT_UUID= ", generate_document_uuid(d)) >> + >> +generate_sbom() { >> +=C2=A0=C2=A0=C2=A0 sudo mkdir -p ${SBOM_CHROOT}/mnt/rootfs=20 >> ${SBOM_CHROOT}/mnt/deploy-dir >> + >> +=C2=A0=C2=A0=C2=A0 TIMESTAMP=3D$(date --iso-8601=3Ds -d @${SOURCE_DATE_= EPOCH}) >> +=C2=A0=C2=A0=C2=A0 bwrap \ >> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 --unshare-user \ >> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 --unshare-pid \ >> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 --bind ${SBOM_CHROOT} / \ >> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 --bind ${ROOTFSDIR} /mnt/roo= tfs \ >> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 --bind ${DEPLOY_DIR_SBOM} /m= nt/deploy-dir \ >> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 -- debsbom -v generate ${SBO= M_DEBSBOM_TYPE_ARGS} -r=20 >> /mnt/rootfs -o /mnt/deploy-dir/'${PN}-${DISTRO}-${MACHINE}' \ >> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 --di= stro-name '${SBOM_DISTRO_NAME}' --distro-supplier=20 >> '${SBOM_DISTRO_SUPPLIER}' \ >> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 --di= stro-version '${SBOM_DISTRO_VERSION}' --distro-arch=20 >> '${DISTRO_ARCH}' \ >> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 --ba= se-distro-vendor '${SBOM_BASE_DISTRO_VENDOR}' \ >> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 --cd= x-serialnumber '${SBOM_DOCUMENT_UUID}' \ >> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 --sp= dx-namespace=20 >> '${SBOM_SPDX_NAMESPACE_PREFIX}'-'${SBOM_DOCUMENT_UUID}' \ >> +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 --ti= mestamp $TIMESTAMP >> +} > This breaks the build of custom initrds on=C2=A0=C2=A0 next=20 > 3f55e8574865de46bb795b60c3c3569567494aa7. Can you try master branch, or an earlier next at=20 49d4f8d81264b50e5d9c43a9d235c2a729164d28? I suspect this is related with a mistake I made last Friday when=20 clearing the conflict to merge "image: introduce IMAGE_INITRD, deprecate INITRD_IMAGE=20 "=20 to next. Zhihang > > For cip-core I got: > > ERROR: cip-core-initramfs-1.0-r0 do_rootfs_postprocess:=20 > ExecutionError('/work/build/tmp/work/cip-core-trixie-amd64/cip-core-initr= amfs-qemu-amd64/1.0-r0/temp/run.generate_sbom.161385',=20 > 1, None, None) > ERROR: Logfile of failure stored in:=20 > /work/build/tmp/work/cip-core-trixie-amd64/cip-core-initramfs-qemu-amd64/= 1.0-r0/temp/log.do_rootfs_postprocess.161385 > Log data follows: > | DEBUG: Executing python function do_rootfs_postprocess > | DEBUG: Executing shell function rootfs_do_mounts > | DEBUG: Shell function rootfs_do_mounts finished > | DEBUG: Executing shell function rootfs_do_qemu > | DEBUG: Shell function rootfs_do_qemu finished > | DEBUG: Executing python function do_generate_sbom > | DEBUG: Executing shell function generate_sbom > | bwrap: Can't find source path=20 > /work/build/tmp/deploy/images/qemu-amd64: No such file or directory > | WARNING: exit code 1 from a shell command. > | DEBUG: Python function do_generate_sbom finished > | DEBUG: Executing shell function rootfs_do_umounts > | DEBUG: Shell function rootfs_do_umounts finished > | DEBUG: Python function do_rootfs_postprocess finished > ERROR: Task=20 > (/work/build/../../repo/recipes-initramfs/cip-core-initramfs/cip-core-ini= tramfs.bb:do_rootfs_postprocess)=20 > failed with exit code '1' > > The integration is at=20 > https://gitlab.com/cip-project/cip-core/isar-cip-core/-/tree/qg/add-debsb= om?ref_type=3Dheads > > Quirin >> + >> +python do_generate_sbom() { >> +=C2=A0=C2=A0=C2=A0 sbom_doc_uuid(d) >> +=C2=A0=C2=A0=C2=A0 bb.build.exec_func("generate_sbom", d) >> +} >> diff --git a/meta/classes/sdk.bbclass b/meta/classes/sdk.bbclass >> index 00cae0da..d57269e5 100644 >> --- a/meta/classes/sdk.bbclass >> +++ b/meta/classes/sdk.bbclass >> @@ -47,7 +47,7 @@ SDK_PREINSTALL +=3D " \ >> =C2=A0 ROOTFS_ARCH:class-sdk =3D "${HOST_ARCH}" >> =C2=A0 ROOTFS_DISTRO:class-sdk =3D "${@get_rootfs_distro(d)}" >> =C2=A0 ROOTFS_PACKAGES:class-sdk =3D "sdk-files ${SDK_TOOLCHAIN}=20 >> ${SDK_PREINSTALL} ${@isar_multiarch_packages('SDK_INSTALL', d)}" >> -ROOTFS_FEATURES:append:class-sdk =3D " clean-package-cache=20 >> generate-manifest export-dpkg-status" >> +ROOTFS_FEATURES:append:class-sdk =3D " clean-package-cache=20 >> generate-manifest export-dpkg-status generate-sbom" >> =C2=A0 ROOTFS_MANIFEST_DEPLOY_DIR:class-sdk =3D "${DEPLOY_DIR_SDKCHROOT}= " >> =C2=A0 ROOTFS_DPKGSTATUS_DEPLOY_DIR:class-sdk =3D "${DEPLOY_DIR_SDKCHROO= T}" >> =C2=A0 diff --git a/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb=20 >> b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb >> new file mode 100644 >> index 00000000..58200382 >> --- /dev/null >> +++ b/meta/recipes-devtools/sbom-chroot/sbom-chroot.bb >> @@ -0,0 +1,30 @@ >> +# This software is a part of ISAR. >> +# >> +# Copyright (C) 2025 Siemens >> + >> +LICENSE =3D "gpl-2.0" >> +LIC_FILES_CHKSUM =3D=20 >> "file://${LAYERDIR_core}/licenses/COPYING.GPLv2;md5=3D751419260aa954499f= 7abaabaa882bbe" >> + >> +PV =3D "1.0" >> + >> +inherit rootfs >> + >> +ROOTFS_ARCH =3D "${HOST_ARCH}" >> +ROOTFS_DISTRO =3D "${@get_rootfs_distro(d)}" >> +ROOTFS_BASE_DISTRO =3D "${HOST_BASE_DISTRO}" >> + >> +ROOTFS_FEATURES =3D "no-generate-initrd" >> +ROOTFS_INSTALL_COMMAND:remove =3D "rootfs_restore_initrd_tooling" >> + >> +# additional packages for the SBOM chroot >> +SBOM_IMAGE_INSTALL =3D "python3-debsbom" >> +DEPENDS +=3D "python3-debsbom" >> + >> +ROOTFSDIR =3D "${WORKDIR}/rootfs" >> +ROOTFS_PACKAGES =3D "${SBOM_IMAGE_INSTALL}" >> + >> +do_sbomchroot_deploy[dirs] =3D "${SBOM_DIR}" >> +do_sbomchroot_deploy() { >> +=C2=A0=C2=A0=C2=A0 ln -Tfsr "${ROOTFSDIR}" "${SBOM_CHROOT}" >> +} >> +addtask do_sbomchroot_deploy before do_build after do_rootfs > --=20 You received this message because you are subscribed to the Google Groups "= isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/= e879969d-71d8-4ba0-a393-e323a1b67bce%40ilbers.de.