* [Buildroot] [PATCH] utils/generate-cyclonedx: fix monotonically increasing dependency list
@ 2025-10-07 17:40 Nevo Hed via buildroot
2025-10-07 19:31 ` Nevo Hed via buildroot
` (3 more replies)
0 siblings, 4 replies; 7+ messages in thread
From: Nevo Hed via buildroot @ 2025-10-07 17:40 UTC (permalink / raw)
To: buildroot; +Cc: Nevo Hed, Thomas Perale
From: Nevo Hed <nhed+github@starry.com>
Having mutables as default args has unexpected behaviors.
br2_parse_deps_recursively had a default arg `deps` initialized to the
empty list (`[]`) except that on subsequent calls from `main` deps would
already be populated from prior components.
---
utils/generate-cyclonedx | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/utils/generate-cyclonedx b/utils/generate-cyclonedx
index 60983ac1ea..7d3ef57ab3 100755
--- a/utils/generate-cyclonedx
+++ b/utils/generate-cyclonedx
@@ -238,7 +238,7 @@ def cyclonedx_vulnerabilities(show_info_dict):
} for cve, components in cves.items()]
-def br2_parse_deps_recursively(ref, show_info_dict, virtual=False, deps=[]):
+def br2_parse_deps_recursively(ref, show_info_dict, virtual=False, deps=None):
"""Parse dependencies from the show-info output. This function will
recursively collect all dependencies, and return a list where each dependency
is stated at most once.
@@ -258,6 +258,8 @@ def br2_parse_deps_recursively(ref, show_info_dict, virtual=False, deps=[]):
Returns:
list: A list of dependencies of the 'ref' package.
"""
+ if deps is None:
+ deps = []
for dep in show_info_dict.get(ref, {}).get("dependencies", []):
if dep not in deps:
if virtual or show_info_dict.get(dep, {}).get("virtual") is False:
--
2.51.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 7+ messages in thread* Re: [Buildroot] [PATCH] utils/generate-cyclonedx: fix monotonically increasing dependency list 2025-10-07 17:40 [Buildroot] [PATCH] utils/generate-cyclonedx: fix monotonically increasing dependency list Nevo Hed via buildroot @ 2025-10-07 19:31 ` Nevo Hed via buildroot 2025-10-07 20:07 ` Thomas Perale via buildroot ` (2 subsequent siblings) 3 siblings, 0 replies; 7+ messages in thread From: Nevo Hed via buildroot @ 2025-10-07 19:31 UTC (permalink / raw) To: buildroot; +Cc: Thomas Perale [-- Attachment #1.1: Type: text/plain, Size: 2974 bytes --] Forgot to mention my reproduction details $ python3 --version Python 3.13.7 With attached `show-info` json Before change: $ utils/generate-cyclonedx < /tmp/test-show-info.json | jq -c '.dependencies[] | [.ref, (.dependsOn|length) ]' ["buildroot",28] ["bzip2",0] ["c-ares",0] ["elfutils",2] ["expat",2] ["kmod",2] ["libarchive",4] ["libcap",4] ["libcurl",5] ["libgcrypt",6] ["libgpg-error",6] ["libopenssl",6] ["libxcrypt",6] ["libzlib",6] ["lzo",6] ["ncurses",6] ["pcre2",6] ["readline",7] ["skeleton-init-common",7] ["skeleton-init-systemd",8] ["socat",8] ["systemd",17] ["toolchain-external-custom",17] ["util-linux",19] ["util-linux-libs",19] ["vim",19] ["wget",20] ["which",20] ["xz",20] After change: $ utils/generate-cyclonedx < \ /tmp/test-show-info.json | \ jq -c '.dependencies[] | [.ref, (.dependsOn|length) ]' ["buildroot",28] ["bzip2",0] ["c-ares",0] ["elfutils",2] ["expat",0] ["kmod",1] ["libarchive",4] ["libcap",0] ["libcurl",1] ["libgcrypt",1] ["libgpg-error",0] ["libopenssl",0] ["libxcrypt",0] ["libzlib",0] ["lzo",0] ["ncurses",0] ["pcre2",0] ["readline",1] ["skeleton-init-common",0] ["skeleton-init-systemd",1] ["socat",0] ["systemd",15] ["toolchain-external-custom",0] ["util-linux",18] ["util-linux-libs",1] ["vim",1] ["wget",19] ["which",0] ["xz",0] On Tue, Oct 7, 2025 at 1:40 PM Nevo Hed <nhed+buildroot@starry.com> wrote: > From: Nevo Hed <nhed+github@starry.com> > > Having mutables as default args has unexpected behaviors. > br2_parse_deps_recursively had a default arg `deps` initialized to the > empty list (`[]`) except that on subsequent calls from `main` deps would > already be populated from prior components. > --- > utils/generate-cyclonedx | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/utils/generate-cyclonedx b/utils/generate-cyclonedx > index 60983ac1ea..7d3ef57ab3 100755 > --- a/utils/generate-cyclonedx > +++ b/utils/generate-cyclonedx > @@ -238,7 +238,7 @@ def cyclonedx_vulnerabilities(show_info_dict): > } for cve, components in cves.items()] > > > -def br2_parse_deps_recursively(ref, show_info_dict, virtual=False, > deps=[]): > +def br2_parse_deps_recursively(ref, show_info_dict, virtual=False, > deps=None): > """Parse dependencies from the show-info output. This function will > recursively collect all dependencies, and return a list where each > dependency > is stated at most once. > @@ -258,6 +258,8 @@ def br2_parse_deps_recursively(ref, show_info_dict, > virtual=False, deps=[]): > Returns: > list: A list of dependencies of the 'ref' package. > """ > + if deps is None: > + deps = [] > for dep in show_info_dict.get(ref, {}).get("dependencies", []): > if dep not in deps: > if virtual or show_info_dict.get(dep, {}).get("virtual") is > False: > -- > 2.51.0 > > [-- Attachment #1.2: Type: text/html, Size: 4280 bytes --] [-- Attachment #2: test-show-info.json --] [-- Type: application/json, Size: 37337 bytes --] [-- Attachment #3: Type: text/plain, Size: 150 bytes --] _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Buildroot] [PATCH] utils/generate-cyclonedx: fix monotonically increasing dependency list 2025-10-07 17:40 [Buildroot] [PATCH] utils/generate-cyclonedx: fix monotonically increasing dependency list Nevo Hed via buildroot 2025-10-07 19:31 ` Nevo Hed via buildroot @ 2025-10-07 20:07 ` Thomas Perale via buildroot 2025-11-20 22:32 ` Thomas Petazzoni via buildroot [not found] ` <20251226041452.1040838-1-nhed+github@starry.com> 3 siblings, 0 replies; 7+ messages in thread From: Thomas Perale via buildroot @ 2025-10-07 20:07 UTC (permalink / raw) To: Nevo Hed; +Cc: Thomas Perale, buildroot, Nevo Hed In reply of: > Having mutables as default args has unexpected behaviors. > br2_parse_deps_recursively had a default arg `deps` initialized to the > empty list (`[]`) except that on subsequent calls from `main` deps would > already be populated from prior components. Hi, thanks for the bug fix ! Reviewed-by: Thomas Perale <thomas.perale@mind.be> > --- > utils/generate-cyclonedx | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/utils/generate-cyclonedx b/utils/generate-cyclonedx > index 60983ac1ea..7d3ef57ab3 100755 > --- a/utils/generate-cyclonedx > +++ b/utils/generate-cyclonedx > @@ -238,7 +238,7 @@ def cyclonedx_vulnerabilities(show_info_dict): > } for cve, components in cves.items()] > > > -def br2_parse_deps_recursively(ref, show_info_dict, virtual=False, deps=[]): > +def br2_parse_deps_recursively(ref, show_info_dict, virtual=False, deps=None): > """Parse dependencies from the show-info output. This function will > recursively collect all dependencies, and return a list where each dependency > is stated at most once. > @@ -258,6 +258,8 @@ def br2_parse_deps_recursively(ref, show_info_dict, virtual=False, deps=[]): > Returns: > list: A list of dependencies of the 'ref' package. > """ > + if deps is None: > + deps = [] > for dep in show_info_dict.get(ref, {}).get("dependencies", []): > if dep not in deps: > if virtual or show_info_dict.get(dep, {}).get("virtual") is False: > -- > 2.51.0 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Buildroot] [PATCH] utils/generate-cyclonedx: fix monotonically increasing dependency list 2025-10-07 17:40 [Buildroot] [PATCH] utils/generate-cyclonedx: fix monotonically increasing dependency list Nevo Hed via buildroot 2025-10-07 19:31 ` Nevo Hed via buildroot 2025-10-07 20:07 ` Thomas Perale via buildroot @ 2025-11-20 22:32 ` Thomas Petazzoni via buildroot 2025-12-02 21:34 ` Nevo Hed via buildroot [not found] ` <20251226041452.1040838-1-nhed+github@starry.com> 3 siblings, 1 reply; 7+ messages in thread From: Thomas Petazzoni via buildroot @ 2025-11-20 22:32 UTC (permalink / raw) To: Nevo Hed via buildroot; +Cc: Nevo Hed, Nevo Hed, Thomas Perale Hello Nevo, On Tue, 7 Oct 2025 13:40:35 -0400 Nevo Hed via buildroot <buildroot@buildroot.org> wrote: > From: Nevo Hed <nhed+github@starry.com> > > Having mutables as default args has unexpected behaviors. > br2_parse_deps_recursively had a default arg `deps` initialized to the > empty list (`[]`) except that on subsequent calls from `main` deps would > already be populated from prior components. Thanks for your patch! However in order to make it applicable, we need you to add your Signed-off-by line. Perhaps you could send a v2 of you patch with your Signed-off-by line and the commit log extended with the reproduction details you shared as a reply? Thanks a lot! Thomas -- Thomas Petazzoni, co-owner and CEO, Bootlin Embedded Linux and Kernel engineering and training https://bootlin.com _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Buildroot] [PATCH] utils/generate-cyclonedx: fix monotonically increasing dependency list 2025-11-20 22:32 ` Thomas Petazzoni via buildroot @ 2025-12-02 21:34 ` Nevo Hed via buildroot 2025-12-03 7:46 ` Thomas Petazzoni via buildroot 0 siblings, 1 reply; 7+ messages in thread From: Nevo Hed via buildroot @ 2025-12-02 21:34 UTC (permalink / raw) To: Thomas Petazzoni; +Cc: Nevo Hed via buildroot, Thomas Perale [-- Attachment #1.1: Type: text/plain, Size: 1314 bytes --] Hi Yeah sorry about that - I rarely contribute here and am very much in the github pull-request mode I will add that and try to reformat the v2 Just one question - do I include or drop the `Reviewed-by: Thomas Perale < thomas.perale@mind.be>` line? (In my local repo I had updated from the patchworks)? Thanks --Nevo On Thu, Nov 20, 2025 at 5:32 PM Thomas Petazzoni < thomas.petazzoni@bootlin.com> wrote: > Hello Nevo, > > On Tue, 7 Oct 2025 13:40:35 -0400 > Nevo Hed via buildroot <buildroot@buildroot.org> wrote: > > > From: Nevo Hed <nhed+github@starry.com> > > > > Having mutables as default args has unexpected behaviors. > > br2_parse_deps_recursively had a default arg `deps` initialized to the > > empty list (`[]`) except that on subsequent calls from `main` deps would > > already be populated from prior components. > > Thanks for your patch! However in order to make it applicable, we need > you to add your Signed-off-by line. > > Perhaps you could send a v2 of you patch with your Signed-off-by line > and the commit log extended with the reproduction details you shared as > a reply? > > Thanks a lot! > > Thomas > -- > Thomas Petazzoni, co-owner and CEO, Bootlin > Embedded Linux and Kernel engineering and training > https://bootlin.com > [-- Attachment #1.2: Type: text/html, Size: 2002 bytes --] [-- Attachment #2: Type: text/plain, Size: 150 bytes --] _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [Buildroot] [PATCH] utils/generate-cyclonedx: fix monotonically increasing dependency list 2025-12-02 21:34 ` Nevo Hed via buildroot @ 2025-12-03 7:46 ` Thomas Petazzoni via buildroot 0 siblings, 0 replies; 7+ messages in thread From: Thomas Petazzoni via buildroot @ 2025-12-03 7:46 UTC (permalink / raw) To: Nevo Hed; +Cc: Nevo Hed via buildroot, Thomas Perale On Tue, 2 Dec 2025 16:34:55 -0500 Nevo Hed <nhed+buildroot@starry.com> wrote: > Yeah sorry about that - I rarely contribute here and am very much in the > github pull-request mode No worries! > > I will add that and try to reformat the v2 > > Just one question - do I include or drop the `Reviewed-by: Thomas Perale < > thomas.perale@mind.be>` line? (In my local repo I had updated from the > patchworks)? If you got a reviewed-by, and didn't make any substantial change, yes, please carry the reviewed-by in your next iteration. Thomas -- Thomas Petazzoni, co-owner and CEO, Bootlin Embedded Linux and Kernel engineering and training https://bootlin.com _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 7+ messages in thread
[parent not found: <20251226041452.1040838-1-nhed+github@starry.com>]
[parent not found: <20251226041452.1040838-2-nhed+github@starry.com>]
* Re: [Buildroot] [PATCH v2 1/1] utils/generate-cyclonedx: fix monotonically increasing dependency list [not found] ` <20251226041452.1040838-2-nhed+github@starry.com> @ 2025-12-26 19:55 ` Nevo Hed via buildroot 0 siblings, 0 replies; 7+ messages in thread From: Nevo Hed via buildroot @ 2025-12-26 19:55 UTC (permalink / raw) To: buildroot; +Cc: Thomas Perale, Thomas Petazzoni [-- Attachment #1.1: Type: text/plain, Size: 3498 bytes --] I sent an updated patch last night and not seeing it in patchworks Not sure what I did wrong or if there are issues with patchworks (I did experience non-responsiveness today) On Thu, Dec 25, 2025 at 11:15 PM Nevo Hed <nhed@starry.com> wrote: > From: Nevo Hed <nhed+buildroot@starry.com> > > Having mutables as default args has unexpected behaviors. > br2_parse_deps_recursively had a default arg `deps` initialized to the > empty list (`[]`) except that on subsequent calls from `main` deps would > already be populated from prior components. > > Reproduction details: > > $ python3 --version > Python 3.13.7 > > Run this script which > - Emits a very reduced set of a very theoretical `make show-info`. > - Runs utils/generate-cyclonedx on that set as input. > - Reduces the generate-cyclonedx output to pairs of component name > and dependencies for that component. > > --- > function dummy_json_input { > echo '{ > "systemd": { > "type": "target", > "name": "systemd", > "virtual": false, > "version": "256.7", > "dependencies": [ > "bzip2" > ] > }, > "bzip2": { > "type": "target", > "name": "bzip2", > "virtual": false, > "version": "1.0.8" > }, > "util-linux": { > "type": "target", > "name": "util-linux", > "virtual": false, > "version": "2.40.2", > "dependencies": [ > "systemd" > ] > } > }' > } > > dummy_json_input | \ > utils/generate-cyclonedx | \ > jq -c '.dependencies[] | [.ref, (.dependsOn|length) ]' > --- > > Output before change: > ["buildroot",3] > ["systemd",1] > ["bzip2",1] > ["util-linux",2] > > Output after change: > ["buildroot",3] > ["systemd",1] > ["bzip2",0] > ["util-linux",2] > > We can see in the "before" that the number of dependencies is > monotonically increasing - specifically the bzip2 input is listed > without dependencies but sows as having dependencies in the output. > The "after" output shows 0 dependencoes for that component. > > Reviewed-by: Thomas Perale <thomas.perale@mind.be> > Signed-off-by: Nevo Hed <nhed+buildroot@starry.com> > --- > utils/generate-cyclonedx | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/utils/generate-cyclonedx b/utils/generate-cyclonedx > index a103b7b707..9d5451793d 100755 > --- a/utils/generate-cyclonedx > +++ b/utils/generate-cyclonedx > @@ -337,7 +337,7 @@ def cyclonedx_vulnerabilities(show_info_dict): > } for cve, components in cves.items()] > > > -def br2_parse_deps_recursively(ref, show_info_dict, virtual=False, > deps=[]): > +def br2_parse_deps_recursively(ref, show_info_dict, virtual=False, > deps=None): > """Parse dependencies from the show-info output. This function will > recursively collect all dependencies, and return a list where each > dependency > is stated at most once. > @@ -357,6 +357,8 @@ def br2_parse_deps_recursively(ref, show_info_dict, > virtual=False, deps=[]): > Returns: > list: A list of dependencies of the 'ref' package. > """ > + if deps is None: > + deps = [] > for dep in show_info_dict.get(ref, {}).get("dependencies", []): > if dep not in deps: > if virtual or show_info_dict.get(dep, {}).get("virtual") is > False: > -- > 2.51.0 > > [-- Attachment #1.2: Type: text/html, Size: 4826 bytes --] [-- Attachment #2: Type: text/plain, Size: 150 bytes --] _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2025-12-26 19:56 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-10-07 17:40 [Buildroot] [PATCH] utils/generate-cyclonedx: fix monotonically increasing dependency list Nevo Hed via buildroot
2025-10-07 19:31 ` Nevo Hed via buildroot
2025-10-07 20:07 ` Thomas Perale via buildroot
2025-11-20 22:32 ` Thomas Petazzoni via buildroot
2025-12-02 21:34 ` Nevo Hed via buildroot
2025-12-03 7:46 ` Thomas Petazzoni via buildroot
[not found] ` <20251226041452.1040838-1-nhed+github@starry.com>
[not found] ` <20251226041452.1040838-2-nhed+github@starry.com>
2025-12-26 19:55 ` [Buildroot] [PATCH v2 1/1] " Nevo Hed via buildroot
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox