From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-alma10-1.taild15c8.ts.net [100.103.45.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B3B75367B96; Mon, 22 Jun 2026 13:34:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=100.103.45.18 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782135288; cv=none; b=oGkVPC5hyw9svb2tgQf0hKFbe7w7ahbxkvIxxRT5dBFRUxV+gETZOz/v9hMYaEyyjv7Wd9n9hTEb5+oErjNO3Ubn26382bzOqwrhVdrtnK25vkHutzzJ8bkJayIca5dLlSfodaYSYPSarffy/l+jLSj9GIFtRGKsBQaVu+AZE/I= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782135288; c=relaxed/simple; bh=4MY+M4qgG10WWrMAJ1dUG72E6Q/QQNDa5LQzyrlVvxY=; h=Date:From:To:Cc:Subject:Message-ID:MIME-Version:Content-Type: Content-Disposition; b=L0MdhyJIBAc3uuoWB1Mf5cfCLCcyShvi1EqFgtitUKh7Gtfs6wzgSLWXdC10fPt+3+nouUtZEcfvVpRH1YEuAJxuTJIfqUsud/EssgG98cHXcFkthKeDg8fdNJBEZZmdNSdGH1RG7ZCRhXMmWus+Fue1tSuYNJ4YWYjOXAVZxtk= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=MkFmhxh0; arc=none smtp.client-ip=100.103.45.18 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="MkFmhxh0" Received: by smtp.kernel.org (Postfix) with ESMTPSA id D5F471F000E9; Mon, 22 Jun 2026 13:34:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linuxfoundation.org; s=korg; t=1782135286; bh=/F8jNR8yX5+dMeK7MFjUvcGY7vVIBg0GKatGxRJIAAs=; h=Date:From:To:Cc:Subject; b=MkFmhxh0kb3EzQEMIRfSqJFwGN4vubTWWRhQAcOFCR90iMFRiEspJuEoORaSjE4C3 1OtHCKapMyqBVujYZzwNjXO3l7a++bXcO8Wc3Yg8hORG7bY8rHQXzqiaCth+9ePUha bzZZGK2OnTQEki5/A+sWFzohxLE6TDzLgC58GKn4= Date: Mon, 22 Jun 2026 15:34:46 +0200 From: Greg KH To: Linus Torvalds , Andrew Morton Cc: Thomas Gleixner , linux-kernel@vger.kernel.org, linux-spdx@vger.kernel.org Subject: [GIT PULL] SPDX updates for 7.2-rc1 Message-ID: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline The following changes since commit 5200f5f493f79f14bbdc349e402a40dfb32f23c8: Linux 7.1-rc4 (2026-05-17 13:59:58 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/spdx.git tags/spdx-7.2-rc1 for you to fetch changes up to 880bae5f1269b4d81bb2a254963e84377cd37bc1: scripts/sbom: add unit tests for SPDX-License-Identifier parsing (2026-05-22 13:14:41 +0200) ---------------------------------------------------------------- SPDX patches for 7.2-rc1 Here is a "big" set of SPDX-like patches for 7.2-rc1. It is the addition of the ability for the kernel build process to generate a Software Bill of Materials (SBOM) in the SPDX format, that matches up exactly with just the files that are actually built for the specific kernel image generated. To generate a sbom, after the kernel has been built, just do: make sbom and marvel at the JSON file that is generated... This is needed by users for environments in which a SBOM is required (medical, automotive, anything shipped in the EU, etc.) and cuts down by a massive size the "naive" SBOM solution that many vendors have done by just including _all_ of the kernel files in the resulting document. This result is still a giant JSON file, that I am told parses properly, so we just have to trust that it is properly inclusive as attempting to parse that thing by hand is impossible. The scripts here are self-contained python scripts, no additional libraries or tools to create the SBOM are needed, which is important for many build systems. Overall it's just a bit over 4000 lines of "simple" python code, the most complex part is the regex matching lines, but those are nothing compared to what we maintain in scripts/checkpatch.pl today... The various parts where the tool touches the kbuild subsystem have been acked by the kbuild maintainer, so all should be good here. All of these patches have been in linux-next for weeks with no reported problems. Signed-off-by: Greg Kroah-Hartman ---------------------------------------------------------------- Luis Augenstein (15): scripts/sbom: add documentation scripts/sbom: integrate script in make process scripts/sbom: setup sbom logging scripts/sbom: add command parsers scripts/sbom: add cmd graph generation scripts/sbom: add additional dependency sources for cmd graph scripts/sbom: add SPDX classes scripts/sbom: add JSON-LD serialization scripts/sbom: add shared SPDX elements scripts/sbom: collect file metadata scripts/sbom: add SPDX output graph scripts/sbom: add SPDX source graph scripts/sbom: add SPDX build graph scripts/sbom: add unit tests for command parsers scripts/sbom: add unit tests for SPDX-License-Identifier parsing .gitignore | 1 + Documentation/tools/index.rst | 1 + Documentation/tools/sbom/sbom.rst | 206 ++++++++ MAINTAINERS | 6 + Makefile | 28 +- scripts/sbom/sbom.py | 135 ++++++ scripts/sbom/sbom/__init__.py | 0 scripts/sbom/sbom/cmd_graph/__init__.py | 7 + scripts/sbom/sbom/cmd_graph/cmd_file.py | 162 +++++++ scripts/sbom/sbom/cmd_graph/cmd_graph.py | 46 ++ scripts/sbom/sbom/cmd_graph/cmd_graph_node.py | 142 ++++++ scripts/sbom/sbom/cmd_graph/deps_parser.py | 52 +++ .../sbom/sbom/cmd_graph/hardcoded_dependencies.py | 87 ++++ scripts/sbom/sbom/cmd_graph/incbin_parser.py | 42 ++ .../sbom/cmd_graph/savedcmd_parser/__init__.py | 6 + .../savedcmd_parser/command_parser_registry.py | 516 +++++++++++++++++++++ .../cmd_graph/savedcmd_parser/command_splitter.py | 128 +++++ .../cmd_graph/savedcmd_parser/savedcmd_parser.py | 67 +++ .../sbom/cmd_graph/savedcmd_parser/tokenizer.py | 92 ++++ scripts/sbom/sbom/config.py | 320 +++++++++++++ scripts/sbom/sbom/environment.py | 192 ++++++++ scripts/sbom/sbom/path_utils.py | 22 + scripts/sbom/sbom/sbom_logging.py | 94 ++++ scripts/sbom/sbom/spdx/__init__.py | 7 + scripts/sbom/sbom/spdx/build.py | 17 + scripts/sbom/sbom/spdx/core.py | 170 +++++++ scripts/sbom/sbom/spdx/serialization.py | 62 +++ scripts/sbom/sbom/spdx/simplelicensing.py | 20 + scripts/sbom/sbom/spdx/software.py | 69 +++ scripts/sbom/sbom/spdx/spdxId.py | 36 ++ scripts/sbom/sbom/spdx_graph/__init__.py | 7 + scripts/sbom/sbom/spdx_graph/build_spdx_graphs.py | 83 ++++ scripts/sbom/sbom/spdx_graph/kernel_file.py | 315 +++++++++++++ .../sbom/sbom/spdx_graph/shared_spdx_elements.py | 32 ++ scripts/sbom/sbom/spdx_graph/spdx_build_graph.py | 318 +++++++++++++ scripts/sbom/sbom/spdx_graph/spdx_graph_model.py | 36 ++ scripts/sbom/sbom/spdx_graph/spdx_output_graph.py | 187 ++++++++ scripts/sbom/sbom/spdx_graph/spdx_source_graph.py | 130 ++++++ scripts/sbom/tests/__init__.py | 0 scripts/sbom/tests/cmd_graph/__init__.py | 0 .../sbom/tests/cmd_graph/test_savedcmd_parser.py | 443 ++++++++++++++++++ scripts/sbom/tests/spdx_graph/__init__.py | 0 scripts/sbom/tests/spdx_graph/test_kernel_file.py | 35 ++ 43 files changed, 4317 insertions(+), 2 deletions(-) create mode 100644 Documentation/tools/sbom/sbom.rst create mode 100644 scripts/sbom/sbom.py create mode 100644 scripts/sbom/sbom/__init__.py create mode 100644 scripts/sbom/sbom/cmd_graph/__init__.py create mode 100644 scripts/sbom/sbom/cmd_graph/cmd_file.py create mode 100644 scripts/sbom/sbom/cmd_graph/cmd_graph.py create mode 100644 scripts/sbom/sbom/cmd_graph/cmd_graph_node.py create mode 100644 scripts/sbom/sbom/cmd_graph/deps_parser.py create mode 100644 scripts/sbom/sbom/cmd_graph/hardcoded_dependencies.py create mode 100644 scripts/sbom/sbom/cmd_graph/incbin_parser.py create mode 100644 scripts/sbom/sbom/cmd_graph/savedcmd_parser/__init__.py create mode 100644 scripts/sbom/sbom/cmd_graph/savedcmd_parser/command_parser_registry.py create mode 100644 scripts/sbom/sbom/cmd_graph/savedcmd_parser/command_splitter.py create mode 100644 scripts/sbom/sbom/cmd_graph/savedcmd_parser/savedcmd_parser.py create mode 100644 scripts/sbom/sbom/cmd_graph/savedcmd_parser/tokenizer.py create mode 100644 scripts/sbom/sbom/config.py create mode 100644 scripts/sbom/sbom/environment.py create mode 100644 scripts/sbom/sbom/path_utils.py create mode 100644 scripts/sbom/sbom/sbom_logging.py create mode 100644 scripts/sbom/sbom/spdx/__init__.py create mode 100644 scripts/sbom/sbom/spdx/build.py create mode 100644 scripts/sbom/sbom/spdx/core.py create mode 100644 scripts/sbom/sbom/spdx/serialization.py create mode 100644 scripts/sbom/sbom/spdx/simplelicensing.py create mode 100644 scripts/sbom/sbom/spdx/software.py create mode 100644 scripts/sbom/sbom/spdx/spdxId.py create mode 100644 scripts/sbom/sbom/spdx_graph/__init__.py create mode 100644 scripts/sbom/sbom/spdx_graph/build_spdx_graphs.py create mode 100644 scripts/sbom/sbom/spdx_graph/kernel_file.py create mode 100644 scripts/sbom/sbom/spdx_graph/shared_spdx_elements.py create mode 100644 scripts/sbom/sbom/spdx_graph/spdx_build_graph.py create mode 100644 scripts/sbom/sbom/spdx_graph/spdx_graph_model.py create mode 100644 scripts/sbom/sbom/spdx_graph/spdx_output_graph.py create mode 100644 scripts/sbom/sbom/spdx_graph/spdx_source_graph.py create mode 100644 scripts/sbom/tests/__init__.py create mode 100644 scripts/sbom/tests/cmd_graph/__init__.py create mode 100644 scripts/sbom/tests/cmd_graph/test_savedcmd_parser.py create mode 100644 scripts/sbom/tests/spdx_graph/__init__.py create mode 100644 scripts/sbom/tests/spdx_graph/test_kernel_file.py