From: Quentin Schulz via buildroot <buildroot@buildroot.org>
To: Thomas Perale <thomas.perale@mind.be>, buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH v5 1/8] utils/generate-cyclonedx: use tuple for version
Date: Thu, 9 Apr 2026 14:08:48 +0200 [thread overview]
Message-ID: <af55c098-2733-49fa-8d98-ffeb8072de94@cherry.de> (raw)
In-Reply-To: <20260311140457.140041-2-thomas.perale@mind.be>
Hi Thomas,
On 3/11/26 3:04 PM, Thomas Perale via buildroot wrote:
> Allows to compare different (major, minor) version easily.
>
> In next commit, an optional newer version of CycloneDX will be
> introduced and this syntax makes it easy to compare without introducing
> a dependency to 'packaging.version'.
>
> Signed-off-by: Thomas Perale <thomas.perale@mind.be>
> ---
> utils/generate-cyclonedx | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/utils/generate-cyclonedx b/utils/generate-cyclonedx
> index 2b6c6d63d3..eff55bf598 100755
> --- a/utils/generate-cyclonedx
> +++ b/utils/generate-cyclonedx
> @@ -20,13 +20,13 @@ import sys
> import re
>
>
> -CYCLONEDX_VERSION = "1.6"
> -SPDX_SCHEMA_URL = f"https://raw.githubusercontent.com/CycloneDX/specification/{CYCLONEDX_VERSION}/schema/spdx.schema.json"
> +CYCLONEDX_VERSION = (1, 6)
> +SPDX_SCHEMA_URL = "https://raw.githubusercontent.com/CycloneDX/specification/{}.{}/schema/
How about generating the version with
'.'.join(str(x) for x in CYCLONEDX_VERSION)
? This way, we support when there are patch versions as well (1.6.1
exists after all).
Maybe a class for the version would be best, then we can convert to
(__init__) and from (__str__) the class to a string and compare two
versions against each other (using tuples or list for example;
__eq__/__lt__).
Now I'm wondering whether the SPDX schema version needs to be in sync
with the BOM schema? Because while there exists a 1.6.1 SPDX schema
which differs from 1.6 SPDX schema, see commit 5f3ee8066491 ("Updating
SPDX license list to 3.24.0."), the BOM schema too is different but it's
kept under the same name of bom-1.6.schema.json (and the $id is the same).
Also, are we validating that our SBOM generated by this script is
actually CycloneDX version X.Y compatible? Should we download the
bom-1.6.schema.json and validate it with e.g. jsonschema?
Cheers,
Quentin
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2026-04-09 12:09 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-11 14:04 [Buildroot] [PATCH v5 0/8] Support CycloneDX v1.7 Thomas Perale via buildroot
2026-03-11 14:04 ` [Buildroot] [PATCH v5 1/8] utils/generate-cyclonedx: use tuple for version Thomas Perale via buildroot
2026-04-09 12:08 ` Quentin Schulz via buildroot [this message]
2026-04-09 20:27 ` Thomas Perale via buildroot
2026-03-11 14:04 ` [Buildroot] [PATCH v5 2/8] utils/generate-cyclonedx: move license download in a function Thomas Perale via buildroot
2026-04-09 12:12 ` Quentin Schulz via buildroot
2026-03-11 14:04 ` [Buildroot] [PATCH v5 3/8] utils/generate-cyclonedx: move utility function Thomas Perale via buildroot
2026-04-09 12:27 ` Quentin Schulz via buildroot
2026-03-11 14:04 ` [Buildroot] [PATCH v5 4/8] utils/generate-cyclonedx: encapsulate CycloneDX generation functions Thomas Perale via buildroot
2026-03-11 14:04 ` [Buildroot] [PATCH v5 5/8] utils/generate-cyclonedx: optional bump to v1.7 Thomas Perale via buildroot
2026-04-09 12:40 ` Quentin Schulz via buildroot
2026-03-11 14:04 ` [Buildroot] [PATCH v5 6/8] utils/generate-cyclonedx: mark host packages as external Thomas Perale via buildroot
2026-04-09 12:58 ` Quentin Schulz via buildroot
2026-04-09 20:42 ` Thomas Perale via buildroot
2026-04-09 20:43 ` Thomas Perale via buildroot
2026-04-10 9:12 ` Quentin Schulz via buildroot
2026-03-11 14:04 ` [Buildroot] [PATCH v5 7/8] utils/generate-cyclonedx: add 'id' property to resolves Thomas Perale via buildroot
2026-04-09 13:22 ` Quentin Schulz via buildroot
2026-04-09 20:24 ` Thomas Perale via buildroot
2026-03-11 14:04 ` [Buildroot] [PATCH v5 8/8] utils/generate-cyclonedx: split vulnerabilities per state Thomas Perale via buildroot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=af55c098-2733-49fa-8d98-ffeb8072de94@cherry.de \
--to=buildroot@buildroot.org \
--cc=quentin.schulz@cherry.de \
--cc=thomas.perale@mind.be \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox