From: "Jérémie Dautheribes" <jeremie.dautheribes@bootlin.com>
To: Joshua Watt <jpewhacker@gmail.com>
Cc: openembedded-core@lists.openembedded.org,
miquel.raynal@bootlin.com, thomas.petazzoni@bootlin.com,
benjamin.robin@bootlin.com
Subject: Re: [OE-core][PATCH 2/2] spdx3: support SBOM compression based on SPDX_SBOM_EXT
Date: Wed, 13 May 2026 10:03:54 +0200 [thread overview]
Message-ID: <b227586e-0d54-4134-bf93-1a6d717b9cf5@bootlin.com> (raw)
In-Reply-To: <18AF106AF6BDC73B.3227972@lists.openembedded.org>
On 13/05/2026 09:47, Jérémie Dautheribes via lists.openembedded.org wrote:
> Hello Joshua,
>
> On 13/05/2026 00:27, Joshua Watt wrote:
>> On Tue, May 12, 2026 at 11:02 AM Jérémie Dautheribes via
>> lists.openembedded.org
>> <jeremie.dautheribes=bootlin.com@lists.openembedded.org> wrote:
>>>
>>> Add support for optional zstd compression for all types of SBOMs,
>>> including:
>>> - image SBOM
>>> - recipe SBOM
>>> - SDK SBOM
>>>
>>> Zstd compression is applied if SPDX_SBOM_EXT ends with ".zst".
>>>
>>> Co-authored-by: Benjamin Robin (Schneider Electric)
>>> <benjamin.robin@bootlin.com>
>>> Signed-off-by: Jérémie Dautheribes (Schneider Electric)
>>> <jeremie.dautheribes@bootlin.com>
>>> ---
>>> meta/classes/create-spdx-3.0.bbclass | 3 ++-
>>> meta/lib/oe/sbom30.py | 11 +++++++++--
>>> 2 files changed, 11 insertions(+), 3 deletions(-)
>>>
>>> diff --git a/meta/classes/create-spdx-3.0.bbclass b/meta/classes/
>>> create-spdx-3.0.bbclass
>>> index 785edb9865..6cf8fa4688 100644
>>> --- a/meta/classes/create-spdx-3.0.bbclass
>>> +++ b/meta/classes/create-spdx-3.0.bbclass
>>> @@ -75,7 +75,8 @@ SPDX_IMPORTS[doc] = "SPDX_IMPORTS is the base
>>> variable that describes how to \
>>> SPDX 3 spec. Optional but recommended"
>>>
>>> SPDX_SBOM_EXT ??= ".spdx.json"
>>> -SPDX_SBOM_EXT[doc] = "SBOM file extension name."
>>> +SPDX_SBOM_EXT[doc] = "SBOM file extension name.\
>>> + If it ends with '.zst', SBOMs are automatically compressed using
>>> Zstd."
>>>
>>> # Agents
>>> # Bitbake variables can be used to describe an SPDX Agent that
>>> may be used
>>> diff --git a/meta/lib/oe/sbom30.py b/meta/lib/oe/sbom30.py
>>> index 0f1f9281ad..2184c1a07f 100644
>>> --- a/meta/lib/oe/sbom30.py
>>> +++ b/meta/lib/oe/sbom30.py
>>> @@ -1036,8 +1036,15 @@ def write_jsonld_doc(d, objset, dest):
>>> serializer = oe.spdx30.JSONLDInlineSerializer()
>>>
>>> objset.objects.add(objset.doc)
>>> - with dest.open("wb") as f:
>>> - serializer.write(objset, f, force_at_graph=True)
>>> +
>>> + if dest.name.endswith(".zst"):
>>
>> I'm not sure I like this detection mechanism; I think we usually do
>> something more explicit for compression rather than relying on the
>> suffix in other places?
>
> Maybe we should then introduce a SPDX_COMPRESSED_SBOM boolean variable,
> which would be used by SPDX_SBOM_EXT_SUFFIX to determine whether ".zst"
> is appended to the SBOM file name or not. Then, we could check in the
> `write_jsonld_doc` function whether compression is enabled based on this
> SPDX_COMPRESSED_SBOM variable.
>
After further thought, that solution would not work well since
`write_jsonld_doc` is not only used for SBOM generation.
--
Jérémie Dautheribes, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
prev parent reply other threads:[~2026-05-13 8:04 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-12 17:01 [OE-core][PATCH 0/2] spdx3: support SBOM compression with Zstd Jérémie Dautheribes (Schneider Electric )
2026-05-12 17:01 ` [OE-core][PATCH 1/2] spdx3: introduce SPDX_SBOM_EXT variable Jérémie Dautheribes (Schneider Electric )
2026-05-12 22:24 ` Joshua Watt
2026-05-12 17:01 ` [OE-core][PATCH 2/2] spdx3: support SBOM compression based on SPDX_SBOM_EXT Jérémie Dautheribes (Schneider Electric )
2026-05-12 19:54 ` Richard Purdie
2026-05-12 22:27 ` Joshua Watt
2026-05-12 22:29 ` Joshua Watt
2026-05-13 7:07 ` Benjamin Robin
2026-05-13 7:35 ` Jérémie Dautheribes
2026-05-13 7:18 ` Benjamin Robin
2026-05-13 7:47 ` Jérémie Dautheribes
2026-05-13 8:02 ` Peter Kjellerstedt
[not found] ` <18AF106AF6BDC73B.3227972@lists.openembedded.org>
2026-05-13 8:03 ` Jérémie Dautheribes [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b227586e-0d54-4134-bf93-1a6d717b9cf5@bootlin.com \
--to=jeremie.dautheribes@bootlin.com \
--cc=benjamin.robin@bootlin.com \
--cc=jpewhacker@gmail.com \
--cc=miquel.raynal@bootlin.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=thomas.petazzoni@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.