From: "Antonin Godard" <antonin.godard@bootlin.com>
To: <stondo@gmail.com>, <openembedded-core@lists.openembedded.org>
Cc: <Ross.Burton@arm.com>, <jpewhacker@gmail.com>,
<stefano.tondo.ext@siemens.com>, <Peter.Marko@siemens.com>,
<adrian.freihofer@siemens.com>
Subject: Re: [OE-core] [PATCH v5 00/10] spdx30: SBOM enrichment and documentation
Date: Mon, 02 Mar 2026 17:15:26 +0100 [thread overview]
Message-ID: <DGSFIGH5C5HJ.G5NI0606QP4D@bootlin.com> (raw)
In-Reply-To: <20260302160114.46884-1-stefano.tondo.ext@siemens.com>
Hi,
On Mon Mar 2, 2026 at 5:01 PM CET, Stefano Tondo via lists.openembedded.org wrote:
> This v5 drops patch 07/11 ("spdx30: Include recipe base PURL in package
> external identifiers") from the v4 series, as it is now superseded by
> Joshua Watt's commit 874b2d301d ("spdx: Add yocto PURLs") which already
> includes oe.purl.get_base_purl(d) in the default SPDX_PACKAGE_URLS value,
> making the separate patch redundant.
>
> All other v4 patches are unchanged. See v4 cover letter for full context.
>
> Changes since v4:
> - Dropped 07/11: "spdx30: Include recipe base PURL in package external
> identifiers" — superseded by 874b2d301d (spdx: Add yocto PURLs,
> Joshua Watt, merged to master Jan 8 2026)
>
> Stefano Tondo (10):
> spdx30: Add configurable file filtering support
> spdx30: Add supplier support for image and SDK SBOMs
> spdx30: Add ecosystem-specific PURL generation
> spdx30: Add version extraction from SRCREV for Git source components
> spdx30: Add SPDX_GIT_PURL_MAPPINGS for Git hosting
> spdx30: Enrich source downloads with external refs and PURLs
> oeqa/selftest: Add test for download_location defensive handling
> spdx.py: Add test for version extraction patterns
> cve_check: Escape special characters in CPE 2.3 formatted strings
> spdx-common: Add documentation for undocumented SPDX variables
>
> meta/classes/create-spdx-3.0.bbclass | 20 ++
> meta/classes/spdx-common.bbclass | 63 +++++
> meta/lib/oe/cve_check.py | 37 ++-
> meta/lib/oe/spdx30_tasks.py | 329 ++++++++++++++++++++++++++-
> meta/lib/oeqa/selftest/cases/spdx.py | 75 ++++++
> 5 files changed, 518 insertions(+), 6 deletions(-)
If this series is accepted and merged, would you be able to help documenting the new
variables introduced by the series in the Yocto Project documentation? This
would be sent on the docs@lists.yoctoproject.org list.
Documentation for these variables would be in:
https://git.yoctoproject.org/yocto-docs/tree/documentation/ref-manual/variables.rst.
The SBOM document would also likely need an update:
https://git.yoctoproject.org/yocto-docs/tree/documentation/dev-manual/sbom.rst
It can most likely be based off the documentation you've already written through
the [doc] flag. I can help with the rST formatting. This would be greatly
appreciated!
Antonin
next prev parent reply other threads:[~2026-03-02 16:15 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-02 16:01 [PATCH v5 00/10] spdx30: SBOM enrichment and documentation Stefano Tondo
2026-03-02 16:01 ` [PATCH v5 01/10] spdx30: Add configurable file filtering support Stefano Tondo
2026-03-02 16:01 ` [PATCH v5 02/10] spdx30: Add supplier support for image and SDK SBOMs Stefano Tondo
2026-03-02 16:01 ` [PATCH v5 03/10] spdx30: Add ecosystem-specific PURL generation Stefano Tondo
2026-03-02 16:01 ` [PATCH v5 04/10] spdx30: Add version extraction from SRCREV for Git source components Stefano Tondo
2026-03-03 8:42 ` [OE-core] " Mathieu Dubois-Briand
2026-03-03 10:27 ` Tondo, Stefano
2026-03-02 16:01 ` [PATCH v5 05/10] spdx30: Add SPDX_GIT_PURL_MAPPINGS for Git hosting Stefano Tondo
2026-03-02 16:01 ` [PATCH v5 06/10] spdx30: Enrich source downloads with external refs and PURLs Stefano Tondo
2026-03-02 16:01 ` [PATCH v5 07/10] oeqa/selftest: Add test for download_location defensive handling Stefano Tondo
2026-03-02 16:01 ` [PATCH v5 08/10] spdx.py: Add test for version extraction patterns Stefano Tondo
2026-03-02 16:01 ` [PATCH v5 09/10] cve_check: Escape special characters in CPE 2.3 formatted strings Stefano Tondo
2026-03-02 16:01 ` [PATCH v5 10/10] spdx-common: Add documentation for undocumented SPDX variables Stefano Tondo
2026-03-02 16:15 ` Antonin Godard [this message]
2026-03-03 8:20 ` [OE-core] [PATCH v5 00/10] spdx30: SBOM enrichment and documentation Tondo, Stefano
2026-03-04 17:05 ` [PATCH v6 " Stefano Tondo
2026-03-04 17:05 ` [PATCH v6 01/10] spdx30: Add configurable file filtering support Stefano Tondo
2026-03-07 21:53 ` Joshua Watt
2026-03-04 17:05 ` [PATCH v6 02/10] spdx30: Add supplier support for image and SDK SBOMs Stefano Tondo
2026-03-04 17:05 ` [PATCH v6 03/10] spdx30: Add ecosystem-specific PURL generation Stefano Tondo
2026-03-04 17:05 ` [PATCH v6 04/10] spdx30: Add version extraction from SRCREV for Git source components Stefano Tondo
2026-03-07 22:32 ` Joshua Watt
2026-03-04 17:05 ` [PATCH v6 05/10] spdx30: Add SPDX_GIT_PURL_MAPPINGS for Git hosting Stefano Tondo
2026-03-04 17:05 ` [PATCH v6 06/10] spdx30: Enrich source downloads with external refs and PURLs Stefano Tondo
2026-03-04 17:05 ` [PATCH v6 07/10] oeqa/selftest: Add test for download_location defensive handling Stefano Tondo
2026-03-04 17:05 ` [PATCH v6 08/10] spdx.py: Add test for version extraction patterns Stefano Tondo
2026-03-04 17:05 ` [PATCH v6 09/10] cve_check: Escape special characters in CPE 2.3 formatted strings Stefano Tondo
2026-03-04 17:05 ` [PATCH v6 10/10] spdx-common: Add documentation for undocumented SPDX variables Stefano Tondo
2026-03-06 6:32 ` [PATCH v6 00/10] spdx30: SBOM enrichment and documentation Mathieu Dubois-Briand
2026-03-06 13:59 ` [OE-core][PATCH v7 " Stefano Tondo
2026-03-06 13:59 ` [OE-core][PATCH v7 01/10] spdx30: Add configurable file filtering support Stefano Tondo
2026-03-06 13:59 ` [OE-core][PATCH v7 02/10] spdx30: Add supplier support for image and SDK SBOMs Stefano Tondo
2026-03-07 21:55 ` Joshua Watt
2026-03-06 13:59 ` [OE-core][PATCH v7 03/10] spdx30: Add ecosystem-specific PURL generation Stefano Tondo
2026-03-07 22:15 ` Joshua Watt
2026-03-06 13:59 ` [OE-core][PATCH v7 04/10] spdx30: Add version extraction from SRCREV for Git source components Stefano Tondo
2026-03-06 13:59 ` [OE-core][PATCH v7 05/10] spdx30: Add SPDX_GIT_PURL_MAPPINGS for Git hosting Stefano Tondo
2026-03-06 13:59 ` [OE-core][PATCH v7 06/10] spdx30: Enrich source downloads with external refs and PURLs Stefano Tondo
2026-03-07 22:42 ` Joshua Watt
2026-03-06 13:59 ` [OE-core][PATCH v7 07/10] oeqa/selftest: Add test for download_location defensive handling Stefano Tondo
2026-03-07 22:48 ` Joshua Watt
2026-03-06 14:00 ` [OE-core][PATCH v7 08/10] spdx.py: Add test for version extraction patterns Stefano Tondo
2026-03-07 22:51 ` Joshua Watt
2026-03-06 14:00 ` [OE-core][PATCH v7 09/10] cve_check: Escape special characters in CPE 2.3 formatted strings Stefano Tondo
2026-03-07 22:01 ` Joshua Watt
2026-03-06 14:00 ` [OE-core][PATCH v7 10/10] spdx-common: Add documentation for undocumented SPDX variables Stefano Tondo
2026-03-07 22:03 ` Joshua Watt
2026-03-09 13:28 ` [OE-core][PATCH v8 0/7] SPDX 3.0 SBOM enrichment and compliance improvements stondo
2026-03-09 13:28 ` [OE-core][PATCH v8 1/7] spdx30: Add configurable file exclusion pattern support stondo
2026-03-11 20:29 ` Joshua Watt
2026-03-09 13:28 ` [OE-core][PATCH v8 2/7] spdx30: Add supplier support for image and SDK SBOMs stondo
2026-03-11 20:31 ` Joshua Watt
2026-03-09 13:28 ` [OE-core][PATCH v8 3/7] spdx30: Add ecosystem-specific PURL generation via bbclasses stondo
2026-03-11 20:34 ` Joshua Watt
2026-03-09 13:28 ` [OE-core][PATCH v8 4/7] spdx30: Enrich source downloads with version and PURL stondo
2026-03-11 22:49 ` Joshua Watt
2026-03-11 22:51 ` Joshua Watt
2026-03-09 13:28 ` [OE-core][PATCH v8 5/7] oeqa/selftest: Add tests for source download enrichment stondo
2026-03-11 20:40 ` Joshua Watt
2026-03-09 13:28 ` [OE-core][PATCH v8 6/7] cve_check: Escape special characters in CPE 2.3 strings stondo
2026-03-11 20:44 ` Joshua Watt
2026-03-09 13:28 ` [OE-core][PATCH v8 7/7] spdx-common: Add documentation for undocumented SPDX variables stondo
2026-03-11 20:42 ` Joshua Watt
2026-03-12 15:38 ` [OE-core][PATCH v9 0/7] SPDX 3.0 SBOM enrichment and compliance improvements stondo
2026-03-12 15:38 ` [OE-core][PATCH v9 1/7] spdx30: Add configurable file exclusion pattern support stondo
2026-03-12 15:38 ` [OE-core][PATCH v9 2/7] spdx30: Add supplier support for image and SDK SBOMs stondo
2026-03-12 15:38 ` [OE-core][PATCH v9 3/7] spdx30: Add ecosystem-specific PURL generation via bbclasses stondo
2026-03-19 10:25 ` Richard Purdie
2026-03-12 15:38 ` [OE-core][PATCH v9 4/7] spdx30: Enrich source downloads with version and PURL stondo
2026-03-12 15:38 ` [OE-core][PATCH v9 5/7] oeqa/selftest: Add tests for source download enrichment stondo
2026-03-13 6:14 ` Mathieu Dubois-Briand
2026-03-13 8:30 ` Tondo, Stefano
2026-03-12 15:38 ` [OE-core][PATCH v9 6/7] cve_check: Escape special characters in CPE 2.3 strings stondo
2026-03-12 15:38 ` [OE-core][PATCH v9 7/7] spdx-common: Add documentation for undocumented SPDX variables stondo
2026-03-20 16:49 ` [OE-core][PATCH v10 0/7] SPDX 3.0 SBOM enrichment and compliance improvements stondo
2026-03-20 16:49 ` [OE-core][PATCH v10 1/7] spdx30: Add configurable file exclusion pattern support stondo
2026-03-20 16:49 ` [OE-core][PATCH v10 2/7] spdx30: Add supplier support for image and SDK SBOMs stondo
2026-03-20 16:49 ` [OE-core][PATCH v10 3/7] spdx30: Add ecosystem-specific PURL generation via bbclasses stondo
2026-03-20 16:49 ` [OE-core][PATCH v10 4/7] spdx30: Enrich source downloads with version and PURL stondo
2026-03-20 16:49 ` [OE-core][PATCH v10 5/7] oeqa/selftest: Add tests for source download enrichment stondo
2026-03-20 16:49 ` [OE-core][PATCH v10 6/7] cve_check: Escape special characters in CPE 2.3 strings stondo
2026-03-20 16:49 ` [OE-core][PATCH v10 7/7] spdx-common: Add documentation for undocumented SPDX variables stondo
2026-03-20 17:13 ` [OE-core][PATCH v10 0/7] SPDX 3.0 SBOM enrichment and compliance improvements Richard Purdie
2026-03-20 17:22 ` [OE-core][PATCH v9 " Mathieu Dubois-Briand
2026-03-20 17:24 ` Mathieu Dubois-Briand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DGSFIGH5C5HJ.G5NI0606QP4D@bootlin.com \
--to=antonin.godard@bootlin.com \
--cc=Peter.Marko@siemens.com \
--cc=Ross.Burton@arm.com \
--cc=adrian.freihofer@siemens.com \
--cc=jpewhacker@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=stefano.tondo.ext@siemens.com \
--cc=stondo@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox