From patchwork Thu Apr 4 12:43:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Perale X-Patchwork-Id: 1919795 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org; envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org) Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4V9LtM68Slz1yYf for ; Thu, 4 Apr 2024 23:44:59 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 19A8441806; Thu, 4 Apr 2024 12:44:58 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id pGvL_5c2ie_6; Thu, 4 Apr 2024 12:44:57 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.166.34; helo=ash.osuosl.org; envelope-from=buildroot-bounces@buildroot.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org C78A841810 Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp4.osuosl.org (Postfix) with ESMTP id C78A841810; Thu, 4 Apr 2024 12:44:56 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 481F51BF3D8 for ; Thu, 4 Apr 2024 12:44:55 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 42DA060FA0 for ; Thu, 4 Apr 2024 12:44:55 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id qMRZO2vgzK03 for ; Thu, 4 Apr 2024 12:44:54 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::32e; helo=mail-wm1-x32e.google.com; envelope-from=thomas.perale@essensium.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp3.osuosl.org EFCF660F22 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org EFCF660F22 Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com [IPv6:2a00:1450:4864:20::32e]) by smtp3.osuosl.org (Postfix) with ESMTPS id EFCF660F22 for ; Thu, 4 Apr 2024 12:44:53 +0000 (UTC) Received: by mail-wm1-x32e.google.com with SMTP id 5b1f17b1804b1-4156c4fe401so6284795e9.1 for ; Thu, 04 Apr 2024 05:44:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712234692; x=1712839492; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=7JOeo7j9Pxmz0sUpOFSCRrCAgMke4Jnz6RO5DUYdPRk=; b=m0xN+yiokMFvwqf0qxh+TbpD0OL5RGW0ElSIVydaUtdGPDV0DmtXUjvBSzuYQD5t2y T2VAp8SqDHytvwMObq+YXH7qu+GuuQ9CJJsGIzEhwGMWS7sYvzL5tosM7klwbDYhulAV BZQuSxb8ntKx42oIqOKlrhBYPFZW6tP5CepF8sjol5VzLv/QTDq7IEeNTa7ZlhyGCfJN e+KI+DbRRYm+N2zZtXQtMHAdygzHWaOrlpwi7FG1ALZWKO1y2Ocgo5muAdg7AbEpfY2l 2iJKaWRndi/czvAzvLkGN5wPoDuu7Z+pSfgnIYy4qj8VqgFXdxxWlPK6VF8OGEatu4qB PJrQ== X-Gm-Message-State: AOJu0YyHg2PWm28m0a+L03F4tFlQIOA9dwJuw/oEzDqQwg+qGsJfEFlo YgZ9N92+OgTxRfCDycbmctOE36SFcsuTIWDLR6AzBxncbjlKKGVcWQFUFUtuFb3gWXMonUw23RC n X-Google-Smtp-Source: AGHT+IEd1zJMa3rSpRs2f3F1A8daQl1umfR4O7PIuaX0fsDCRDmzK2zBGrWXz+L0Z8c7SAYypJt5ww== X-Received: by 2002:a5d:58c8:0:b0:33e:a1ec:bb69 with SMTP id o8-20020a5d58c8000000b0033ea1ecbb69mr1608876wrf.40.1712234691589; Thu, 04 Apr 2024 05:44:51 -0700 (PDT) Received: from localhost.localdomain ([79.132.235.33]) by smtp.gmail.com with ESMTPSA id r5-20020a056000014500b00341dc343e21sm19913663wrx.65.2024.04.04.05.44.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Apr 2024 05:44:51 -0700 (PDT) X-Google-Original-From: Thomas Perale To: buildroot@buildroot.org Date: Thu, 4 Apr 2024 14:43:25 +0200 Message-ID: <20240404124329.768546-2-thomas.perale@mind.be> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240404124329.768546-1-thomas.perale@mind.be> References: <20240404124329.768546-1-thomas.perale@mind.be> MIME-Version: 1.0 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=essensium.com; s=google; t=1712234692; x=1712839492; darn=buildroot.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=7JOeo7j9Pxmz0sUpOFSCRrCAgMke4Jnz6RO5DUYdPRk=; b=GEwFZ0rHDjzk0EOW7kU54BNcJgYKmiG65a0ZQT0bXfB1pv2os6VZJ55BHAaMWnIIlZ GWzIbkm5EsGqyaLN+nZgvOWTS/G/O5iwVNEi5O14+u39seZ9+1QuVh2yj2U/Q2WCmmht TxZ81bl9hUyKURBzordGNi5aEx49+Mt5HRMP/G2/gGUfgihLDQGuHPp+wtrwuvZgFMZ6 r9XGwyEgwz2oqVhfJI6EjXP+HS+biECoxZ3aE6cX4IoCFe+0/AtdMfhXbvKjzYT7XTpX q4p9Fl1EEmH9geCX+/QJ8Qpepxb4J1K+iGRXq+am8taM2di8IFH+7hJaQEJDf1TZZuZT vVaw== X-Mailman-Original-Authentication-Results: smtp3.osuosl.org; dmarc=pass (p=quarantine dis=none) header.from=essensium.com X-Mailman-Original-Authentication-Results: smtp3.osuosl.org; dkim=pass (2048-bit key, unprotected) header.d=essensium.com header.i=@essensium.com header.a=rsa-sha256 header.s=google header.b=GEwFZ0rH Subject: [Buildroot] [RFC PATCH 1/5] package/pkg-generic.mk: add PURL package variable X-BeenThere: buildroot@buildroot.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Thomas Perale via buildroot From: Thomas Perale Reply-To: Thomas Perale Cc: Thomas Perale , Thomas Petazzoni Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" PURL stands for 'package URL', it's a specification that standardize how packages are identified and located. PURL is used to reference the same package across different package manager, tracking tools, API and databases. A purl is a URL composed of seven components: scheme:type/namespace/name@version?qualifiers#subpath - scheme: always 'pkg' (required) - type: package manager used to install the package, download origin, type of package (required) - namespace: name prefix, type specific additional information (optional) - name: package name (required) - version: package version (optional) - qualifiers: extra information (optional) - subpath: extra subpath relative to package root (optional) A PURL for the purl-spec repository looks like this: pkg:github/package-url/purl-spec@346589846130317464b677bc4eab30bf5040183a It contains information like the provenance (github), organization (package-url), name (purl-spec) and version (34658984...). This patch introduces an auto-generated PURL for non internal packages (packages with a `_SOURCE` variable), with the possibility for each package to define their own PURL by defining the following variable: _PURL If the variable is not defined it will be generated as follows: $(2)_PURL = pkg:generic/$$($(2)_RAWNAME)@$$($(2)_VERSION) The type 'generic' is used by default but can be extended in the future to support github, gitlab, etc ... For more information, see https://github.com/package-url/purl-spec Signed-off-by: Thomas Perale --- package/pkg-generic.mk | 12 ++++++++++++ 1 file changed, 12 insertions(+) -- 2.44.0 diff --git a/package/pkg-generic.mk b/package/pkg-generic.mk index 577a148c1e..0966b714ff 100644 --- a/package/pkg-generic.mk +++ b/package/pkg-generic.mk @@ -754,6 +754,18 @@ ifeq ($$($(2)_CPE_ID_VALID),YES) $(2)_CPE_ID = $$($(2)_CPE_ID_PREFIX):$$($(2)_CPE_ID_VENDOR):$$($(2)_CPE_ID_PRODUCT):$$($(2)_CPE_ID_VERSION):$$($(2)_CPE_ID_UPDATE):*:*:*:*:*:* endif # ifeq ($$($(2)_CPE_ID_VALID),YES) +# If no package url (purl) is set, a generic purl is created for non internal +# packages. +# see https://github.com/package-url/purl-spec +ifndef $(2)_PURL + ifdef $(3)_PURL + $(2)_PURL = $$($(3)_PURL) + endif + ifdef $(2)_SOURCE + $(2)_PURL = pkg:generic/$$($(2)_RAWNAME)@$$($(2)_VERSION) + endif +endif + # When a target package is a toolchain dependency set this variable to # 'NO' so the 'toolchain' dependency is not added to prevent a circular # dependency. From patchwork Thu Apr 4 12:43:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Perale X-Patchwork-Id: 1919796 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org; envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org) Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4V9LtR2fDfz1yYn for ; Thu, 4 Apr 2024 23:45:03 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id A7DD041A7D; Thu, 4 Apr 2024 12:45:01 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id ZubgGBaUJiXy; Thu, 4 Apr 2024 12:45:00 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.166.34; helo=ash.osuosl.org; envelope-from=buildroot-bounces@buildroot.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org B1A3741A48 Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp4.osuosl.org (Postfix) with ESMTP id B1A3741A48; Thu, 4 Apr 2024 12:45:00 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 0D2921BF3D8 for ; Thu, 4 Apr 2024 12:44:56 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 0769D60F22 for ; Thu, 4 Apr 2024 12:44:56 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id CV9dJetQ1mge for ; Thu, 4 Apr 2024 12:44:55 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::429; helo=mail-wr1-x429.google.com; envelope-from=thomas.perale@essensium.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp3.osuosl.org E491660F75 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org E491660F75 Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com [IPv6:2a00:1450:4864:20::429]) by smtp3.osuosl.org (Postfix) with ESMTPS id E491660F75 for ; Thu, 4 Apr 2024 12:44:54 +0000 (UTC) Received: by mail-wr1-x429.google.com with SMTP id ffacd0b85a97d-3436b096690so1588031f8f.1 for ; Thu, 04 Apr 2024 05:44:54 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712234692; x=1712839492; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=SdLXZdlgmIr74B17vXp11v05sD1s6UAunp4OWgZlNgE=; b=WJuW2JqPKgqLqK3yMxKaCoeXB/pg/qQU5F+Dboda7mjViWlLiwkfrQFjNJOx7q5FOt DwzNGbtbcFK8xcyR7cvru6fp2lOzvTZI6wh8buDl0lEAtL69UT0/cg1kb5rXy6hqSpiB 1Mzr0joe7d8z04v7GXQwR+jknR1/e2BdHvGa+hEB7TJNnCP3J8KS7aXXJ5/qgkunAouR s5WmY+1zxje/aDRXqp6qlkIk0RGx6ZVesXZjIfrQXouvtFkcEiMs9xNC3h4HkqYz3jkC rObiwy1HB5mCVgcFA4PisVE0+S4XZrZqCcvIGvjGOvDLZ4JMq+yweSq6QX9XSBUZxbju 5I0w== X-Gm-Message-State: AOJu0YzFiEfXckEXjCzli1y+CCoh94IMGpAiDk4Cbx98PwccwyiHtTnf 6DuufZOYXs0T/+xp7kgEEhdCeagQLauHN2JzKRh+RwxDDbAI1bAQ+u9HiBkQBKMfYa59TqS1TsH F X-Google-Smtp-Source: AGHT+IEhPBDPLKpL/89RFOLPIBZr8EkzVjwcO498MPi+nwP4W4fyJ7kx0Ygl1XNJcd4ITIVvqqRyxA== X-Received: by 2002:a5d:5242:0:b0:343:b748:9af2 with SMTP id k2-20020a5d5242000000b00343b7489af2mr1928871wrc.19.1712234692219; Thu, 04 Apr 2024 05:44:52 -0700 (PDT) Received: from localhost.localdomain ([79.132.235.33]) by smtp.gmail.com with ESMTPSA id r5-20020a056000014500b00341dc343e21sm19913663wrx.65.2024.04.04.05.44.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Apr 2024 05:44:51 -0700 (PDT) X-Google-Original-From: Thomas Perale To: buildroot@buildroot.org Date: Thu, 4 Apr 2024 14:43:26 +0200 Message-ID: <20240404124329.768546-3-thomas.perale@mind.be> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240404124329.768546-1-thomas.perale@mind.be> References: <20240404124329.768546-1-thomas.perale@mind.be> MIME-Version: 1.0 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=essensium.com; s=google; t=1712234692; x=1712839492; darn=buildroot.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=SdLXZdlgmIr74B17vXp11v05sD1s6UAunp4OWgZlNgE=; b=SDnzGmf14mhWCkCwGJmOJWAEEF/Jry/eOFX6xHWt9Uv0WSWcENEog0/rCdl2/Q6r5R s5EpR1A98YFsb35g4PeTqii1Ie5qo7fd+0/CEX0p6kGgItONkQWdEok3ficDTO6mv4Gd B62pNp8hD8CYi2MYOCKpaQwJMpihIhNRe+BwdOTkFPSPKG/bqAoOxrXJn8oDYdeOaGVa TBdJ6mBt0yyOB9J5PP1/HnLQzpF0MI5uGcF0ZGypcIBN/tytQTBHa50D0LGnZhKgK9J9 gR+jD2JM3PguUQNVcFyn8vQqDlq+mWl5k0ScycMZAJjPtAW1ku46tf5wv2Tpt9fC1tF1 82Hw== X-Mailman-Original-Authentication-Results: smtp3.osuosl.org; dmarc=pass (p=quarantine dis=none) header.from=essensium.com X-Mailman-Original-Authentication-Results: smtp3.osuosl.org; dkim=pass (2048-bit key) header.d=essensium.com header.i=@essensium.com header.a=rsa-sha256 header.s=google header.b=SDnzGmf1 Subject: [Buildroot] [RFC PATCH 2/5] package/pkg-utils.mk: urlencode/urldecode macros X-BeenThere: buildroot@buildroot.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Thomas Perale via buildroot From: Thomas Perale Reply-To: Thomas Perale Cc: Thomas Perale , Thomas Petazzoni Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" This patch introduces two new macros: - urlencode - urldecode URL encoding consists of converting ASCII characters into a percent symbol followed by a two digit hexadecimal code. And the other way around for URL decoding. The macros encode/decode a string passed as an argument by escaping the following characters: - '%' is replaced by %25 - 'space' is replaced by %20 The characters covered by this patch is non exhaustive. Because the Make language treats spaces as different entry of a list, the aim of those macros is to provide a well known encoding method to escape text containing spaces into a string that won't be treated as a list by the Make language. Signed-off-by: Thomas Perale --- package/pkg-utils.mk | 12 ++++++++++++ 1 file changed, 12 insertions(+) -- 2.44.0 diff --git a/package/pkg-utils.mk b/package/pkg-utils.mk index 723bbe4e24..b8cfb85fca 100644 --- a/package/pkg-utils.mk +++ b/package/pkg-utils.mk @@ -329,3 +329,15 @@ define NXP_EXTRACT_HELPER find $(@D)/$(basename $(notdir $(1))) -mindepth 1 -maxdepth 1 -exec mv {} $(@D) \; rmdir $(@D)/$(basename $(notdir $(1))) endef + +# urlencode -- returns an url encoded string. +# - encode % into %25 +# - encode spaces into %20 +# +# $(1): text +urlencode = $(subst $(space),%20,$(subst %,%25,$(1))) + +# urldecode -- decode an url encoded string. +# +# $(1): text +urldecode = $(subst %25,%,$(subst %20,$(space),$(1))) From patchwork Thu Apr 4 12:43:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Perale X-Patchwork-Id: 1919797 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org (client-ip=140.211.166.137; helo=smtp4.osuosl.org; envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org) Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4V9LtW5Lwlz1yYP for ; Thu, 4 Apr 2024 23:45:07 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id E8E8441A42; Thu, 4 Apr 2024 12:45:05 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id blUGpcRIECHe; Thu, 4 Apr 2024 12:45:04 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.166.34; helo=ash.osuosl.org; envelope-from=buildroot-bounces@buildroot.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 5015C41AFC Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp4.osuosl.org (Postfix) with ESMTP id 5015C41AFC; Thu, 4 Apr 2024 12:45:04 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id C0A0C1BF3D8 for ; Thu, 4 Apr 2024 12:44:56 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id AE8D24039D for ; Thu, 4 Apr 2024 12:44:56 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id jdS9gSfo8s-u for ; Thu, 4 Apr 2024 12:44:55 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::42d; helo=mail-wr1-x42d.google.com; envelope-from=thomas.perale@essensium.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp2.osuosl.org 4C14D4040A DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 4C14D4040A Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) by smtp2.osuosl.org (Postfix) with ESMTPS id 4C14D4040A for ; Thu, 4 Apr 2024 12:44:55 +0000 (UTC) Received: by mail-wr1-x42d.google.com with SMTP id ffacd0b85a97d-3438d7a05aaso557268f8f.0 for ; Thu, 04 Apr 2024 05:44:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712234693; x=1712839493; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=A181ER9TRYyfmZ3iXkznrbPDVh6m/n/NeVSSiu499ck=; b=dvFMMYQ49KG3A+GduKkKrGQrgofqdSf0I0eNN5rJ/XyvqK29W65AecbqpNrqwzmGb1 +gg/BGkFzDtJdk+QEMKJZ1BZUmdYiCPIm8Yhz+LLB/Q0rP8uVOx8zW0I6L4uMKhylZo0 CBhUqmz3M6HS/R7gE4lhkjKFH2XCdOF4Ggy3FIIFfDxDOCuFd7tBxTh9ECLzxnRky/xf cD9ZzNYRjJzt275O2TUA5Y6sgZSuW8XoOs9oU25HvCYQWmv8DpcOu0HRB7CfciDeduNT OD6ub+VUMzRHRuTAIx26S784hbpAwX8u4a1AjIREsC1FaVOd85gy5AWe6UdbQZDipKTY 7YZg== X-Gm-Message-State: AOJu0Yy7GxFePU8gXcZrjL7ZGYbi4JpvfvojS4J8I42F1lcHYRJtzsmE +K0VMIK/mQG0MVRW6EOpMMFPurn4iM9VikUWn0AweknG8Bt19MqSF1YimFOrM9dcAqDm5UgaIri r X-Google-Smtp-Source: AGHT+IHOl51yfEJIBU+L+0qpKVhzeqD8IQUJlIzfU96JQ/59Rdv29nJJIgnT7iiNd8IByJFaoJRcYw== X-Received: by 2002:a5d:6845:0:b0:341:c9bc:6340 with SMTP id o5-20020a5d6845000000b00341c9bc6340mr2584767wrw.12.1712234693028; Thu, 04 Apr 2024 05:44:53 -0700 (PDT) Received: from localhost.localdomain ([79.132.235.33]) by smtp.gmail.com with ESMTPSA id r5-20020a056000014500b00341dc343e21sm19913663wrx.65.2024.04.04.05.44.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Apr 2024 05:44:52 -0700 (PDT) X-Google-Original-From: Thomas Perale To: buildroot@buildroot.org Date: Thu, 4 Apr 2024 14:43:27 +0200 Message-ID: <20240404124329.768546-4-thomas.perale@mind.be> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240404124329.768546-1-thomas.perale@mind.be> References: <20240404124329.768546-1-thomas.perale@mind.be> MIME-Version: 1.0 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=essensium.com; s=google; t=1712234693; x=1712839493; darn=buildroot.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=A181ER9TRYyfmZ3iXkznrbPDVh6m/n/NeVSSiu499ck=; b=Y1Eml+Lt4Csa4t08FkIs86xzyV+KxjoSF59P4wngc+TiYeWlnlkp0phowtNA0faNCe Ba+njp+nqLi2UyyFRHI7yXJg4uTtYcWFRuTVoUCzq9ZI52JBc8C8V9v4Y6JTTEpLfsIG 5IK4TMUaBQba0cjyWRAfu7yttiy6qzpNrEN05jutP6kRgGkZv+Uy3WrIdk6VxGPt54kf PMKHXu9JKSPTZ8tc5SinXVxyMC0WavG2mJxDEauepyBOmNhC0unyxu3fVlbq3L1VjFO6 y50AL29ezUNTUvtX6qnsp+F3nnweB+/vBK1ODNz/c6+Tu+oHgOKVL5sSkLA3fS8cuHLo gm4A== X-Mailman-Original-Authentication-Results: smtp2.osuosl.org; dmarc=pass (p=quarantine dis=none) header.from=essensium.com X-Mailman-Original-Authentication-Results: smtp2.osuosl.org; dkim=pass (2048-bit key, unprotected) header.d=essensium.com header.i=@essensium.com header.a=rsa-sha256 header.s=google header.b=Y1Eml+Lt Subject: [Buildroot] [RFC PATCH 3/5] support/misc/cyclonedx.mk: support CycloneDX format X-BeenThere: buildroot@buildroot.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Thomas Perale via buildroot From: Thomas Perale Reply-To: Thomas Perale Cc: Thomas Perale , Thomas Petazzoni Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" CycloneDX is a software bill of materials (SBOM) specification. There is a growing need to generate SBOM from buildroot configurations. Right now there are different solutions available for buildroot users `show-info`, `legal-info` and `pkg-stats`. They all generate similar information (`show-info` showing more) but in a format that is specific to buildroot. This is the reason this patch introduces a new SBOM output type for buildroot: CycloneDX. CycloneDX is a format already supported by tools such as https://dependencytrack.org/ that helps track softwares, vulnerabilities, etc ... To match the functionality of `show-info`, buildroot internal packages will also be present in the SBOM with a reduced set of property. Internal packages are defined as packages without `_SOURCE` defined. In a future patch more properties can be added to cover the functionality of `show-info`, `legal-info` and `pkg-stats`. The CycloneDX SBOM output as a stripped JSON formatted line as there are already macros available to work with JSON in buildroot. For more information, see https://cyclonedx.org/ and https://cyclonedx.org/docs/1.5/json/ Signed-off-by: Thomas Perale --- support/misc/cyclonedx.mk | 197 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 197 insertions(+) create mode 100644 support/misc/cyclonedx.mk -- 2.44.0 diff --git a/support/misc/cyclonedx.mk b/support/misc/cyclonedx.mk new file mode 100644 index 0000000000..3906a3b60a --- /dev/null +++ b/support/misc/cyclonedx.mk @@ -0,0 +1,197 @@ +################################################################################ +# +# This file contains various utility functions used to create a SBOM +# in the JSON CycloneDX format. +# +# https://cyclonedx.org/docs/1.5/json/ +# +################################################################################ + +# Note: to avoid conflict with _VERSION `_SPEC` is added +CYCLONEDX_VERSION_SPEC = 1.5 + +# +# Licenses list helper functions +# Since licenses in buildroot are comma separated list and the 'make' language +# uses spaces to create list we need to replace the spaces of licenses name +# by a character not used in any licenses name. +# +# _cyclonedx-licenses-as-list: create a list from the url-encoded comma +# separeted license list. +# +# $(1): an url-encoded comma separeted list +# +# Turns "Public%20Domain,%20GPL-2.0" into "Public%20Domain GPL-2.0" +_cyclonedx-licenses-as-list = $(subst $(comma)%20,$(space),$(1)) + +# _cyclonedx-license -- create an entry of a cyclonedx component license list +# +# For more information on license object see +# https://cyclonedx.org/docs/1.5/json/#components_items_licenses_oneOf_i0_items_license +# +# $(1): a single url-encoded license name +define _cyclonedx-license + { + "license": { + "name": $(call mk-json-str,$(1)) + } + }, +endef + +# _cyclonedx-licenses -- create a licenses list formatted for a CycloneDX +# component +# +# $(1): a comma separated license list +# +# KNOWN ISSUE: Licenses name that include a parenthesis with comma inside, +# will result be misinterpreted as multiple licenses name: +# - host-util-linux: LGPL-2.1+ (libblkid, libfdisk, libmount) +define _cyclonedx-licenses + $(foreach license,$(call _cyclonedx-licenses-as-list,$(call urlencode,$(1))), + $(call urldecode,$(call _cyclonedx-license,$(license))) + ) +endef + +# Note about patch list: this patch list might not be complete. +# There is no variable yet that stores the patch list without applying them. +_cyclonedx-patches-list = $(foreach patchdir,\ + $(addsuffix /$($(1)_PKGDIR),$(CURDIR)) $(addsuffix /$($(1)_RAWNAME),$(call qstrip,$(BR2_GLOBAL_PATCH_DIR))),\ + $(wildcard $(addsuffix /*.patch,$(patchdir)))\ +) + +# _cyclonedx-patch -- single entry of a patch list. +# It's required to pass the type of the patch it can be +# either: unofficial, monkey, backport or cherry-pick. +# Since there is no information available about each +# patches, we mark them as "unofficial". +# +# $(1): single patch path +define _cyclonedx-patch + { + "type": "unofficial", + "diff": { + "text": { + "content": $(call mk-json-str,$(file < $(1))) + } + } + }, +endef + +# _cyclonedx-patches -- patch list are stored under the pedigree entry used to +# document how a component is modified. +# +# $(1): patch path list +define _cyclonedx-patches + $(intcmp $(words $(1)),0,,, + "pedigree": {\ + "patches": [\ + $(foreach patch,$(1),\ + $(call _cyclonedx-patch,$(patch))\ + )\ + ]\ + }$(comma)\ + ) +endef + +# _cyclonedx-component -- representation of a package for the CycloneDX format +# - bom-ref: is a unique identifier used to refer to this component in the +# 'dependencies' section. +# - type: is a required property since we don't have enough information about +# the package from its definition CycloneDX spec recommend setting it +# to 'library'. +# - properties: is used to add additional information that doesn't fit the +# current CycloneDX specification. +# - BR_TYPE: {host|target} +# +# $(1): upper-case package name +# +# KNWON ISSUE: packages with a custom tarball (linux,uboot,...) will have the +# 'version' property set to 'custom'. +define _cyclonedx-component + { + "bom-ref": $(call mk-json-str,$($(1)_NAME)), + "name": $(call mk-json-str,$(if $($(1)_RAWNAME),$($(1)_RAWNAME),$($(1)_NAME))), + "type": "library", + $(if $($(1)_SOURCE), + "version": $(call mk-json-str,$($(1)_DL_VERSION))$(comma) + "licenses": [ + $(call _cyclonedx-licenses,$($(1)_LICENSE)) \ + ]$(comma) + ) + $(if $($(1)_PURL), \ + "purl": $(call mk-json-str,$($(1)_PURL))$(comma) \ + ) + $(if $($(1)_CPE_ID_VALID), \ + "cpe": $(call mk-json-str,$($(1)_CPE_ID))$(comma) \ + ) + $(call _cyclonedx-patches,$(call _cyclonedx-patches-list,$(1))) + "properties": [{ + "name": "BR_TYPE", + "value": $(call mk-json-str,$($(1)_TYPE)) + }], + }, +endef + +# _cyclonedx-dependency -- create dependency relationships between components. +# - ref: reference to a component bom-ref. +# - dependsOn: array of component bom-ref identifier to create the dependencies. +# +# $(1): upper-case package name +define _cyclonedx-dependency + $(if $($(1)_FINAL_RECURSIVE_DEPENDENCIES), + { + "ref": $(call mk-json-str,$($(1)_NAME))$(comma) + "dependsOn": [ + $(call make-comma-list,$(foreach p,\ + $($(1)_FINAL_RECURSIVE_DEPENDENCIES), \ + $(call mk-json-str,$(p))\ + )) + ] + }$(comma) + ) +endef + +# cyclonedx-json -- return a CycloneDX SBOM formatted as a JSON dictionnary. +# - bomFormat: required field is always "CycloneDX" +# - specVersion: required field with CycloneDX spec version +# - version: is used by software that accept CycloneDX SBOM to differentiate +# the different SBOM. The bigger the number the newer the SBOM is. +# Here it's set to '1' and it should be incremented when the resulting +# SBOM is edited later. +# The CycloneDX spec mentions that an 'uuid' property can also be used to +# differentiate SBOM but is not included because there is no native command +# to generate an uuid in buildroot. +# +# $(1): packages list +define cyclonedx-json + $(call clean-json,{ + "bomFormat": "CycloneDX"$(comma) + "$$schema": "http://cyclonedx.org/schema/bom-$(CYCLONEDX_VERSION_SPEC).schema.json"$(comma) + "specVersion": $(call mk-json-str,$(CYCLONEDX_VERSION_SPEC))$(comma) + "version": 1$(comma) + "components": [ \ + $(foreach p,$(1), \ + $(call _cyclonedx-component,$(call UPPERCASE,$(p))) \ + ) \ + ]$(comma) + "dependencies": [ + { + "ref": "buildroot"$(comma)\ + "dependsOn": [$(call make-comma-list,\ + $(foreach p,$(1),$(call mk-json-str,$(p)))\ + )]\ + }$(comma) + $(foreach p,$(1),\ + $(call _cyclonedx-dependency,$(call UPPERCASE,$(p)),$(2)) \ + ) \ + ]$(comma) + "metadata": { + "component": { + "bom-ref": "buildroot"$(comma) + "name": "buildroot"$(comma) + "type": "firmware"$(comma) + "version": $(call mk-json-str,$(BR2_VERSION_FULL)) + } + } + }) +endef From patchwork Thu Apr 4 12:43:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Perale X-Patchwork-Id: 1919798 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org; envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org) Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4V9Ltb4Hqfz1yYP for ; Thu, 4 Apr 2024 23:45:11 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 0EA8941AEC; Thu, 4 Apr 2024 12:45:10 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id jLDxRd1lnceX; Thu, 4 Apr 2024 12:45:08 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.166.34; helo=ash.osuosl.org; envelope-from=buildroot-bounces@buildroot.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org B37F741AEF Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp4.osuosl.org (Postfix) with ESMTP id B37F741AEF; Thu, 4 Apr 2024 12:45:07 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id DC35F1BF3D8 for ; Thu, 4 Apr 2024 12:44:57 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id D6EEC822C5 for ; Thu, 4 Apr 2024 12:44:57 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id 2Rfc7DkaTTBv for ; Thu, 4 Apr 2024 12:44:56 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::32d; helo=mail-wm1-x32d.google.com; envelope-from=thomas.perale@essensium.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp1.osuosl.org 1388D822C3 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 1388D822C3 Received: from mail-wm1-x32d.google.com (mail-wm1-x32d.google.com [IPv6:2a00:1450:4864:20::32d]) by smtp1.osuosl.org (Postfix) with ESMTPS id 1388D822C3 for ; Thu, 4 Apr 2024 12:44:55 +0000 (UTC) Received: by mail-wm1-x32d.google.com with SMTP id 5b1f17b1804b1-4162bac95d4so2341255e9.2 for ; Thu, 04 Apr 2024 05:44:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712234694; x=1712839494; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rNU09pGtD6b0UvtrkWEIHTZ/qNE3UHDkKCIRnUcIjJQ=; b=uttv8ligrwoNDHsgiA8p7EkZNQKFASCSrRD+ulPH2uga0zKdLl6DOB1NyioO6CqjHE 6CoKG83IvnIXxOYItRIEx3KL3gvr+Gy9NJ1IJ7FeebKn2pNjfGjvaC/KG917BksqcYXz 9jFsjkia+xTi7gNH5n1+xLit5W6zk8onL/AuMs74j/L/+PoBSL1MXe5Pa82j9qX+Lk/k jKDxytSUGt4hk1Xse/9xxwvSfrWky8qjILljrAeXjCBmul5ij6v7X9Nr4/Mm9P1IPa6k hKoIUjhWjShBQLWPBjcj09SeEhRbanRnBeByTd9nd3zLTqv/W5xvTzrpS8sFz62t6Jgg wxIg== X-Gm-Message-State: AOJu0YyCPmIUix+j37GBzW2SJXDAuZdRdHLwpoPrcuvzAW2+W412FR8K woB44RZo8vT2fum29nE4SWOfQ5Dsl4Dzvtu4uFA+jPc+4bX2TiuXUkiYqh9aI0weSscu95zy7Bm O X-Google-Smtp-Source: AGHT+IHloMbPJmi73hx6SEpvUvBoIkbUW/wYMNvBIOWOx6Fu91lMZH05ez0I8DRJX8yaOOKvDaXeKg== X-Received: by 2002:adf:f1d1:0:b0:343:41ef:ab1e with SMTP id z17-20020adff1d1000000b0034341efab1emr1876498wro.44.1712234693691; Thu, 04 Apr 2024 05:44:53 -0700 (PDT) Received: from localhost.localdomain ([79.132.235.33]) by smtp.gmail.com with ESMTPSA id r5-20020a056000014500b00341dc343e21sm19913663wrx.65.2024.04.04.05.44.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Apr 2024 05:44:53 -0700 (PDT) X-Google-Original-From: Thomas Perale To: buildroot@buildroot.org Date: Thu, 4 Apr 2024 14:43:28 +0200 Message-ID: <20240404124329.768546-5-thomas.perale@mind.be> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240404124329.768546-1-thomas.perale@mind.be> References: <20240404124329.768546-1-thomas.perale@mind.be> MIME-Version: 1.0 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=essensium.com; s=google; t=1712234694; x=1712839494; darn=buildroot.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=rNU09pGtD6b0UvtrkWEIHTZ/qNE3UHDkKCIRnUcIjJQ=; b=CCBRK7x3KiD2S+jNDtSWFPMB++aWeo/KadjeXOqkQq+mIQBV6fYKDfE1MvGBO6ZnXS NXSmfdSa896srDgF3w/ZIKZJy9rjG8DxRKJh0RoMu+jRsmr+U2s5HtdHdwkZ1BwBPhN1 sF3vI78oJgWDBTbr8Wv8zvLuWhpUQq7Reow/PM4MzNDSmghKvIDRF2HqP6YimxKPO5u1 XuhE4DD7klyB1EITRTA78+fUSr/CVuijwntt1Cd6JDTzP5s93HQlReFvjFruNTnFBW3L pPZwDBUmiyLnGcWfBn3xe6hPYTHamJNQKFM+cWH4xzc0cykvbY77n31wul01/FNSD9P9 S5AQ== X-Mailman-Original-Authentication-Results: smtp1.osuosl.org; dmarc=pass (p=quarantine dis=none) header.from=essensium.com X-Mailman-Original-Authentication-Results: smtp1.osuosl.org; dkim=pass (2048-bit key, unprotected) header.d=essensium.com header.i=@essensium.com header.a=rsa-sha256 header.s=google header.b=CCBRK7x3 Subject: [Buildroot] [RFC PATCH 4/5] support/misc/cyclonedx.mk: support spdx license check X-BeenThere: buildroot@buildroot.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Thomas Perale via buildroot From: Thomas Perale Reply-To: Thomas Perale Cc: Thomas Perale , Thomas Petazzoni Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" To improve the tracking of the licenses of the components, the file `support/misc/cyclonedx-spdx.mk` that contains a definition of every approved SPDX licenses ID is included in this patch. This file has been generated by the `support/misc/cyclonedx-spdx.mk` rule included `support/misc/cyclonedx.mk`. It will remain there to re-generate the file if it's updated. Knowing if a license name is a valid SPDX ID or not, allows tools such as Dependency Track to directly show the license content of components with a known SPDX ID. Signed-off-by: Thomas Perale --- support/misc/cyclonedx-spdx.mk | 617 +++++++++++++++++++++++++++++++++ support/misc/cyclonedx.mk | 35 +- 2 files changed, 651 insertions(+), 1 deletion(-) create mode 100644 support/misc/cyclonedx-spdx.mk -- 2.44.0 diff --git a/support/misc/cyclonedx-spdx.mk b/support/misc/cyclonedx-spdx.mk new file mode 100644 index 0000000000..81c387fd23 --- /dev/null +++ b/support/misc/cyclonedx-spdx.mk @@ -0,0 +1,617 @@ +# List of approved SPDX license +# See https://raw.githubusercontent.com/CycloneDX/specification/1.5/schema/spdx.schema.json +define spdx +0BSD +AAL +Abstyles +AdaCore-doc +Adobe-2006 +Adobe-Glyph +ADSL +AFL-1.1 +AFL-1.2 +AFL-2.0 +AFL-2.1 +AFL-3.0 +Afmparse +AGPL-1.0 +AGPL-1.0-only +AGPL-1.0-or-later +AGPL-3.0 +AGPL-3.0-only +AGPL-3.0-or-later +Aladdin +AMDPLPA +AML +AMPAS +ANTLR-PD +ANTLR-PD-fallback +Apache-1.0 +Apache-1.1 +Apache-2.0 +APAFML +APL-1.0 +App-s2p +APSL-1.0 +APSL-1.1 +APSL-1.2 +APSL-2.0 +Arphic-1999 +Artistic-1.0 +Artistic-1.0-cl8 +Artistic-1.0-Perl +Artistic-2.0 +ASWF-Digital-Assets-1.0 +ASWF-Digital-Assets-1.1 +Baekmuk +Bahyph +Barr +Beerware +Bitstream-Charter +Bitstream-Vera +BitTorrent-1.0 +BitTorrent-1.1 +blessing +BlueOak-1.0.0 +Boehm-GC +Borceux +Brian-Gladman-3-Clause +BSD-1-Clause +BSD-2-Clause +BSD-2-Clause-FreeBSD +BSD-2-Clause-NetBSD +BSD-2-Clause-Patent +BSD-2-Clause-Views +BSD-3-Clause +BSD-3-Clause-Attribution +BSD-3-Clause-Clear +BSD-3-Clause-LBNL +BSD-3-Clause-Modification +BSD-3-Clause-No-Military-License +BSD-3-Clause-No-Nuclear-License +BSD-3-Clause-No-Nuclear-License-2014 +BSD-3-Clause-No-Nuclear-Warranty +BSD-3-Clause-Open-MPI +BSD-4-Clause +BSD-4-Clause-Shortened +BSD-4-Clause-UC +BSD-4.3RENO +BSD-4.3TAHOE +BSD-Advertising-Acknowledgement +BSD-Attribution-HPND-disclaimer +BSD-Protection +BSD-Source-Code +BSL-1.0 +BUSL-1.1 +bzip2-1.0.5 +bzip2-1.0.6 +C-UDA-1.0 +CAL-1.0 +CAL-1.0-Combined-Work-Exception +Caldera +CATOSL-1.1 +CC-BY-1.0 +CC-BY-2.0 +CC-BY-2.5 +CC-BY-2.5-AU +CC-BY-3.0 +CC-BY-3.0-AT +CC-BY-3.0-DE +CC-BY-3.0-IGO +CC-BY-3.0-NL +CC-BY-3.0-US +CC-BY-4.0 +CC-BY-NC-1.0 +CC-BY-NC-2.0 +CC-BY-NC-2.5 +CC-BY-NC-3.0 +CC-BY-NC-3.0-DE +CC-BY-NC-4.0 +CC-BY-NC-ND-1.0 +CC-BY-NC-ND-2.0 +CC-BY-NC-ND-2.5 +CC-BY-NC-ND-3.0 +CC-BY-NC-ND-3.0-DE +CC-BY-NC-ND-3.0-IGO +CC-BY-NC-ND-4.0 +CC-BY-NC-SA-1.0 +CC-BY-NC-SA-2.0 +CC-BY-NC-SA-2.0-DE +CC-BY-NC-SA-2.0-FR +CC-BY-NC-SA-2.0-UK +CC-BY-NC-SA-2.5 +CC-BY-NC-SA-3.0 +CC-BY-NC-SA-3.0-DE +CC-BY-NC-SA-3.0-IGO +CC-BY-NC-SA-4.0 +CC-BY-ND-1.0 +CC-BY-ND-2.0 +CC-BY-ND-2.5 +CC-BY-ND-3.0 +CC-BY-ND-3.0-DE +CC-BY-ND-4.0 +CC-BY-SA-1.0 +CC-BY-SA-2.0 +CC-BY-SA-2.0-UK +CC-BY-SA-2.1-JP +CC-BY-SA-2.5 +CC-BY-SA-3.0 +CC-BY-SA-3.0-AT +CC-BY-SA-3.0-DE +CC-BY-SA-3.0-IGO +CC-BY-SA-4.0 +CC-PDDC +CC0-1.0 +CDDL-1.0 +CDDL-1.1 +CDL-1.0 +CDLA-Permissive-1.0 +CDLA-Permissive-2.0 +CDLA-Sharing-1.0 +CECILL-1.0 +CECILL-1.1 +CECILL-2.0 +CECILL-2.1 +CECILL-B +CECILL-C +CERN-OHL-1.1 +CERN-OHL-1.2 +CERN-OHL-P-2.0 +CERN-OHL-S-2.0 +CERN-OHL-W-2.0 +CFITSIO +checkmk +ClArtistic +Clips +CMU-Mach +CNRI-Jython +CNRI-Python +CNRI-Python-GPL-Compatible +COIL-1.0 +Community-Spec-1.0 +Condor-1.1 +copyleft-next-0.3.0 +copyleft-next-0.3.1 +Cornell-Lossless-JPEG +CPAL-1.0 +CPL-1.0 +CPOL-1.02 +Crossword +CrystalStacker +CUA-OPL-1.0 +Cube +curl +D-FSL-1.0 +diffmark +DL-DE-BY-2.0 +DOC +Dotseqn +DRL-1.0 +DSDP +dtoa +dvipdfm +ECL-1.0 +ECL-2.0 +eCos-2.0 +EFL-1.0 +EFL-2.0 +eGenix +Elastic-2.0 +Entessa +EPICS +EPL-1.0 +EPL-2.0 +ErlPL-1.1 +etalab-2.0 +EUDatagrid +EUPL-1.0 +EUPL-1.1 +EUPL-1.2 +Eurosym +Fair +FDK-AAC +Frameworx-1.0 +FreeBSD-DOC +FreeImage +FSFAP +FSFUL +FSFULLR +FSFULLRWD +FTL +GD +GFDL-1.1 +GFDL-1.1-invariants-only +GFDL-1.1-invariants-or-later +GFDL-1.1-no-invariants-only +GFDL-1.1-no-invariants-or-later +GFDL-1.1-only +GFDL-1.1-or-later +GFDL-1.2 +GFDL-1.2-invariants-only +GFDL-1.2-invariants-or-later +GFDL-1.2-no-invariants-only +GFDL-1.2-no-invariants-or-later +GFDL-1.2-only +GFDL-1.2-or-later +GFDL-1.3 +GFDL-1.3-invariants-only +GFDL-1.3-invariants-or-later +GFDL-1.3-no-invariants-only +GFDL-1.3-no-invariants-or-later +GFDL-1.3-only +GFDL-1.3-or-later +Giftware +GL2PS +Glide +Glulxe +GLWTPL +gnuplot +GPL-1.0 +GPL-1.0+ +GPL-1.0-only +GPL-1.0-or-later +GPL-2.0 +GPL-2.0+ +GPL-2.0-only +GPL-2.0-or-later +GPL-2.0-with-autoconf-exception +GPL-2.0-with-bison-exception +GPL-2.0-with-classpath-exception +GPL-2.0-with-font-exception +GPL-2.0-with-GCC-exception +GPL-3.0 +GPL-3.0+ +GPL-3.0-only +GPL-3.0-or-later +GPL-3.0-with-autoconf-exception +GPL-3.0-with-GCC-exception +Graphics-Gems +gSOAP-1.3b +HaskellReport +Hippocratic-2.1 +HP-1986 +HPND +HPND-export-US +HPND-Markus-Kuhn +HPND-sell-variant +HPND-sell-variant-MIT-disclaimer +HTMLTIDY +IBM-pibs +ICU +IEC-Code-Components-EULA +IJG +IJG-short +ImageMagick +iMatix +Imlib2 +Info-ZIP +Inner-Net-2.0 +Intel +Intel-ACPI +Interbase-1.0 +IPA +IPL-1.0 +ISC +Jam +JasPer-2.0 +JPL-image +JPNIC +JSON +Kazlib +Knuth-CTAN +LAL-1.2 +LAL-1.3 +Latex2e +Latex2e-translated-notice +Leptonica +LGPL-2.0 +LGPL-2.0+ +LGPL-2.0-only +LGPL-2.0-or-later +LGPL-2.1 +LGPL-2.1+ +LGPL-2.1-only +LGPL-2.1-or-later +LGPL-3.0 +LGPL-3.0+ +LGPL-3.0-only +LGPL-3.0-or-later +LGPLLR +Libpng +libpng-2.0 +libselinux-1.0 +libtiff +libutil-David-Nugent +LiLiQ-P-1.1 +LiLiQ-R-1.1 +LiLiQ-Rplus-1.1 +Linux-man-pages-1-para +Linux-man-pages-copyleft +Linux-man-pages-copyleft-2-para +Linux-man-pages-copyleft-var +Linux-OpenIB +LOOP +LPL-1.0 +LPL-1.02 +LPPL-1.0 +LPPL-1.1 +LPPL-1.2 +LPPL-1.3a +LPPL-1.3c +LZMA-SDK-9.11-to-9.20 +LZMA-SDK-9.22 +MakeIndex +Martin-Birgmeier +metamail +Minpack +MirOS +MIT +MIT-0 +MIT-advertising +MIT-CMU +MIT-enna +MIT-feh +MIT-Festival +MIT-Modern-Variant +MIT-open-group +MIT-Wu +MITNFA +Motosoto +mpi-permissive +mpich2 +MPL-1.0 +MPL-1.1 +MPL-2.0 +MPL-2.0-no-copyleft-exception +mplus +MS-LPL +MS-PL +MS-RL +MTLL +MulanPSL-1.0 +MulanPSL-2.0 +Multics +Mup +NAIST-2003 +NASA-1.3 +Naumen +NBPL-1.0 +NCGL-UK-2.0 +NCSA +Net-SNMP +NetCDF +Newsletr +NGPL +NICTA-1.0 +NIST-PD +NIST-PD-fallback +NIST-Software +NLOD-1.0 +NLOD-2.0 +NLPL +Nokia +NOSL +Noweb +NPL-1.0 +NPL-1.1 +NPOSL-3.0 +NRL +NTP +NTP-0 +Nunit +O-UDA-1.0 +OCCT-PL +OCLC-2.0 +ODbL-1.0 +ODC-By-1.0 +OFFIS +OFL-1.0 +OFL-1.0-no-RFN +OFL-1.0-RFN +OFL-1.1 +OFL-1.1-no-RFN +OFL-1.1-RFN +OGC-1.0 +OGDL-Taiwan-1.0 +OGL-Canada-2.0 +OGL-UK-1.0 +OGL-UK-2.0 +OGL-UK-3.0 +OGTSL +OLDAP-1.1 +OLDAP-1.2 +OLDAP-1.3 +OLDAP-1.4 +OLDAP-2.0 +OLDAP-2.0.1 +OLDAP-2.1 +OLDAP-2.2 +OLDAP-2.2.1 +OLDAP-2.2.2 +OLDAP-2.3 +OLDAP-2.4 +OLDAP-2.5 +OLDAP-2.6 +OLDAP-2.7 +OLDAP-2.8 +OLFL-1.3 +OML +OpenPBS-2.3 +OpenSSL +OPL-1.0 +OPL-UK-3.0 +OPUBL-1.0 +OSET-PL-2.1 +OSL-1.0 +OSL-1.1 +OSL-2.0 +OSL-2.1 +OSL-3.0 +Parity-6.0.0 +Parity-7.0.0 +PDDL-1.0 +PHP-3.0 +PHP-3.01 +Plexus +PolyForm-Noncommercial-1.0.0 +PolyForm-Small-Business-1.0.0 +PostgreSQL +PSF-2.0 +psfrag +psutils +Python-2.0 +Python-2.0.1 +Qhull +QPL-1.0 +QPL-1.0-INRIA-2004 +Rdisc +RHeCos-1.1 +RPL-1.1 +RPL-1.5 +RPSL-1.0 +RSA-MD +RSCPL +Ruby +SAX-PD +Saxpath +SCEA +SchemeReport +Sendmail +Sendmail-8.23 +SGI-B-1.0 +SGI-B-1.1 +SGI-B-2.0 +SGP4 +SHL-0.5 +SHL-0.51 +SimPL-2.0 +SISSL +SISSL-1.2 +Sleepycat +SMLNJ +SMPPL +SNIA +snprintf +Spencer-86 +Spencer-94 +Spencer-99 +SPL-1.0 +SSH-OpenSSH +SSH-short +SSPL-1.0 +StandardML-NJ +SugarCRM-1.1.3 +SunPro +SWL +Symlinks +TAPR-OHL-1.0 +TCL +TCP-wrappers +TermReadKey +TMate +TORQUE-1.1 +TOSL +TPDL +TPL-1.0 +TTWL +TU-Berlin-1.0 +TU-Berlin-2.0 +UCAR +UCL-1.0 +Unicode-DFS-2015 +Unicode-DFS-2016 +Unicode-TOU +UnixCrypt +Unlicense +UPL-1.0 +Vim +VOSTROM +VSL-1.0 +W3C +W3C-19980720 +W3C-20150513 +w3m +Watcom-1.0 +Widget-Workshop +Wsuipa +WTFPL +wxWindows +X11 +X11-distribute-modifications-variant +Xdebug-1.03 +Xerox +Xfig +XFree86-1.1 +xinetd +xlock +Xnet +xpp +XSkat +YPL-1.0 +YPL-1.1 +Zed +Zend-2.0 +Zimbra-1.3 +Zimbra-1.4 +Zlib +zlib-acknowledgement +ZPL-1.1 +ZPL-2.0 +ZPL-2.1 +389-exception +Asterisk-exception +Autoconf-exception-2.0 +Autoconf-exception-3.0 +Autoconf-exception-generic +Autoconf-exception-macro +Bison-exception-2.2 +Bootloader-exception +Classpath-exception-2.0 +CLISP-exception-2.0 +cryptsetup-OpenSSL-exception +DigiRule-FOSS-exception +eCos-exception-2.0 +Fawkes-Runtime-exception +FLTK-exception +Font-exception-2.0 +freertos-exception-2.0 +GCC-exception-2.0 +GCC-exception-3.1 +GNAT-exception +gnu-javamail-exception +GPL-3.0-interface-exception +GPL-3.0-linking-exception +GPL-3.0-linking-source-exception +GPL-CC-1.0 +GStreamer-exception-2005 +GStreamer-exception-2008 +i2p-gpl-java-exception +KiCad-libraries-exception +LGPL-3.0-linking-exception +libpri-OpenH323-exception +Libtool-exception +Linux-syscall-note +LLGPL +LLVM-exception +LZMA-exception +mif-exception +Nokia-Qt-exception-1.1 +OCaml-LGPL-linking-exception +OCCT-exception-1.0 +OpenJDK-assembly-exception-1.0 +openvpn-openssl-exception +PS-or-PDF-font-exception-20170817 +QPL-1.0-INRIA-2004-exception +Qt-GPL-exception-1.0 +Qt-LGPL-exception-1.1 +Qwt-exception-1.0 +SHL-2.0 +SHL-2.1 +SWI-exception +Swift-exception +u-boot-exception-2.0 +Universal-FOSS-exception-1.0 +vsftpd-openssl-exception +WxWindows-exception-3.1 +x11vnc-openssl-exception +endef diff --git a/support/misc/cyclonedx.mk b/support/misc/cyclonedx.mk index 3906a3b60a..1d7199c92c 100644 --- a/support/misc/cyclonedx.mk +++ b/support/misc/cyclonedx.mk @@ -7,6 +7,8 @@ # ################################################################################ +include support/misc/cyclonedx-spdx.mk + # Note: to avoid conflict with _VERSION `_SPEC` is added CYCLONEDX_VERSION_SPEC = 1.5 @@ -24,6 +26,22 @@ CYCLONEDX_VERSION_SPEC = 1.5 # Turns "Public%20Domain,%20GPL-2.0" into "Public%20Domain GPL-2.0" _cyclonedx-licenses-as-list = $(subst $(comma)%20,$(space),$(1)) +# _cyclonedx-license-attribute -- according to CycloneDX spec correct SPDX +# licenses must use the 'id' key while +# other use the 'name' key. +# If a SPDX license is followed by parenthesis +# to describe its scope it will be threated as +# a non SPDX license. +# +# $(1): a license name with space encoded. Since all official SPDX license names +# are a single word (no spaces), it's not an issue to keep them url-encoded. +define _cyclonedx-license-attribute + $(if $(filter $(spdx),$(1)), \ + "id", \ + "name" \ + ) +endef + # _cyclonedx-license -- create an entry of a cyclonedx component license list # # For more information on license object see @@ -33,7 +51,8 @@ _cyclonedx-licenses-as-list = $(subst $(comma)%20,$(space),$(1)) define _cyclonedx-license { "license": { - "name": $(call mk-json-str,$(1)) + $(call _cyclonedx-license-attribute,$(1)): + $(call mk-json-str,$(1)) } }, endef @@ -195,3 +214,17 @@ define cyclonedx-json } }) endef + +# Use this rule to update the `cyclonedx-spdx.mk` file. The rule will +# override the cyclonedx-spdx.mk file with a variable called 'spdx' that +# contains the list of the SPDX license supported by CycloneDX spec. +.PHONY: support/misc/cyclonedx-spdx.mk +support/misc/cyclonedx-spdx.mk: + $(WGET) -O - https://raw.githubusercontent.com/CycloneDX/specification/$(CYCLONEDX_VERSION_SPEC)/schema/spdx.schema.json | \ + $(JQ) jq -r '.enum[]' | { \ + echo '# List of approved SPDX license'; \ + echo '# See https://raw.githubusercontent.com/CycloneDX/specification/1.5/schema/spdx.schema.json'; \ + echo 'define spdx'; \ + cat; \ + echo 'endef'; \ + } > $@ From patchwork Thu Apr 4 12:43:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thomas Perale X-Patchwork-Id: 1919799 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org; envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org) Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4V9Ltg2gJCz1yYP for ; Thu, 4 Apr 2024 23:45:15 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id C30B041B36; Thu, 4 Apr 2024 12:45:13 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id PnGSHwB8lVgl; Thu, 4 Apr 2024 12:45:13 +0000 (UTC) X-Comment: SPF check N/A for local connections - client-ip=140.211.166.34; helo=ash.osuosl.org; envelope-from=buildroot-bounces@buildroot.org; receiver= DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.osuosl.org 9BB8441A85 Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp4.osuosl.org (Postfix) with ESMTP id 9BB8441A85; Thu, 4 Apr 2024 12:45:12 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 126371BF98E for ; Thu, 4 Apr 2024 12:44:58 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id F40EA822C3 for ; Thu, 4 Apr 2024 12:44:57 +0000 (UTC) X-Virus-Scanned: amavis at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP id k6mEhNo_yYsD for ; Thu, 4 Apr 2024 12:44:57 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2a00:1450:4864:20::431; helo=mail-wr1-x431.google.com; envelope-from=thomas.perale@essensium.com; receiver= DMARC-Filter: OpenDMARC Filter v1.4.2 smtp1.osuosl.org 0CEAE82311 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp1.osuosl.org 0CEAE82311 Received: from mail-wr1-x431.google.com (mail-wr1-x431.google.com [IPv6:2a00:1450:4864:20::431]) by smtp1.osuosl.org (Postfix) with ESMTPS id 0CEAE82311 for ; Thu, 4 Apr 2024 12:44:56 +0000 (UTC) Received: by mail-wr1-x431.google.com with SMTP id ffacd0b85a97d-3436b096690so1588073f8f.1 for ; Thu, 04 Apr 2024 05:44:56 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712234695; x=1712839495; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LF8bTtJWvToL8qbdb5HB/Onvhz1yU262H5M2GBH0+2Q=; b=eJitUgH1Eum4Ix9DiZPhnXMvi2RL49xd1sV1pje6G3zBfi2AdFO+X0WKu9jNkYwHgz sIQfsmgODdSL4tItYuL5N6vWXFHHnSl/kuWf/Dpv7lLWadFaFgwzq4g93ng6igaZlHfE 4Tw01IO2gYvaBBJCzoUNgj7/sjwNPCIBtYE8azCB3qX0liBHMsCsB79r6O083Yv8e81S k4Fh2QUrcfqs7U8vTbw7eITCXOqbsU19Ke7z1oNrwKq3yboEZipRlhyajt2shus7r4XV iv5ArO+TW0wMepUIfDvFDSJqRABNix9xA1v4N5UHJZgTXn0+MrHOoEXVC0V3Zg9rzDt/ 4ySg== X-Gm-Message-State: AOJu0YyVdIk6HkkJW4ex3HZgWDN62IC7w1tJNWLShBoXAWb/ZbmAYpTt OIXaw/ooeHG74yj346EFv5JxNDUPCzSyGYob9xyDbdTYn6Ye4NZm2l1CyJpRz2EZIhYd/QFNb5Y K X-Google-Smtp-Source: AGHT+IEFRSvImpwLMVcBTE6zSLbnCJxcWtnynf4MrlSvCZHw4qAplVM/u11NKGD/x9B6+D2kf4eTlA== X-Received: by 2002:adf:a4d4:0:b0:343:c997:35f3 with SMTP id h20-20020adfa4d4000000b00343c99735f3mr1100379wrb.21.1712234694793; Thu, 04 Apr 2024 05:44:54 -0700 (PDT) Received: from localhost.localdomain ([79.132.235.33]) by smtp.gmail.com with ESMTPSA id r5-20020a056000014500b00341dc343e21sm19913663wrx.65.2024.04.04.05.44.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Apr 2024 05:44:54 -0700 (PDT) X-Google-Original-From: Thomas Perale To: buildroot@buildroot.org Date: Thu, 4 Apr 2024 14:43:29 +0200 Message-ID: <20240404124329.768546-6-thomas.perale@mind.be> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240404124329.768546-1-thomas.perale@mind.be> References: <20240404124329.768546-1-thomas.perale@mind.be> MIME-Version: 1.0 X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=essensium.com; s=google; t=1712234695; x=1712839495; darn=buildroot.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=LF8bTtJWvToL8qbdb5HB/Onvhz1yU262H5M2GBH0+2Q=; b=Pts/oxth0JPKwYL1QHuNyeTlF17TcIxNL7JmUCmrpnmJczZ6ALL8VVYxyEUht1fKnq LCvnZbaZoICJ/nTmWpja4qbBSnA32/xJ4MycWx6DD0XvE0UlPTVRNows8cd+J5RsrF5D XggYYzhIjzWOpbVtPSEyZtwU4XO0Yhme0ppUHygzgAk3cZ0IfL6QSCqWgqRZmb/IE9xS mliTX/O2d28MU9IgIBfbHe8I9r1g64WPzOB4AVHYt/Or7N4nsxeTPNrDn/gwRaIWwnur OOTPi7RJxWub0hEEP4KcIS6THJaIPa4m3CZIMCv8nuH6skHJfviDNoVULvk+dvg6gJ3h LV4A== X-Mailman-Original-Authentication-Results: smtp1.osuosl.org; dmarc=pass (p=quarantine dis=none) header.from=essensium.com X-Mailman-Original-Authentication-Results: smtp1.osuosl.org; dkim=pass (2048-bit key) header.d=essensium.com header.i=@essensium.com header.a=rsa-sha256 header.s=google header.b=Pts/oxth Subject: [Buildroot] [RFC PATCH 5/5] Makefile: add command to generate SBOM in CycloneDX format X-BeenThere: buildroot@buildroot.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Thomas Perale via buildroot From: Thomas Perale Reply-To: Thomas Perale Cc: Thomas Perale , Thomas Petazzoni Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" This patch adds a new command to generate a JSON SBOM in the CycloneDX format based on the packages selected in the dot config. Usage: make cyclonedx Signed-off-by: Thomas Perale --- Makefile | 13 +++++++++++++ 1 file changed, 13 insertions(+) -- 2.44.0 diff --git a/Makefile b/Makefile index 91973cca60..43344673c0 100644 --- a/Makefile +++ b/Makefile @@ -155,6 +155,8 @@ MAKEOVERRIDES := # Include some helper macros and variables include support/misc/utils.mk +# Include CycloneDX SBOM support +include support/misc/cyclonedx.mk # Set variables related to in-tree or out-of-tree build. # Here, both $(O) and $(CURDIR) are absolute canonical paths. @@ -924,6 +926,16 @@ show-info: ) \ ) +.PHONY: cyclonedx +cyclonedx: + @: + $(info $(call cyclonedx-json, \ + $(sort $(foreach p,$(PACKAGES) $(TARGETS_ROOTFS), \ + $(p) $($(call UPPERCASE,$(p))_FINAL_RECURSIVE_DEPENDENCIES)) \ + ) \ + ) \ + ) + .PHONY: pkg-stats pkg-stats: @cd "$(CONFIG_DIR)" ; \ @@ -1185,6 +1197,7 @@ help: @echo ' source - download all sources needed for offline-build' @echo ' external-deps - list external packages used' @echo ' legal-info - generate info about license compliance' + @echo ' cyclonedx - generate info about packages, as a CycloneDX formatted json blurb' @echo ' show-info - generate info about packages, as a JSON blurb' @echo ' pkg-stats - generate info about packages as JSON and HTML' @echo ' printvars - dump internal variables selected with VARS=...'