From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Tue, 05 Oct 2021 16:06:05 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1mXl53-0006XI-37 for lore@lore.pengutronix.de; Tue, 05 Oct 2021 16:06:05 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1mXl52-0007hR-KD; Tue, 05 Oct 2021 16:06:04 +0200 Received: from ptx.hi.pengutronix.de ([2001:67c:670:100:1d::c0]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1mXl4t-0007h7-68 for ptxdist@pengutronix.de; Tue, 05 Oct 2021 16:05:55 +0200 Received: from mol by ptx.hi.pengutronix.de with local (Exim 4.92) (envelope-from ) id 1mXl4s-0006EP-RY for ptxdist@pengutronix.de; Tue, 05 Oct 2021 16:05:54 +0200 Date: Tue, 5 Oct 2021 16:05:54 +0200 From: Michael Olbrich To: ptxdist@pengutronix.de Message-ID: <20211005140554.GI28441@pengutronix.de> Mail-Followup-To: ptxdist@pengutronix.de References: <20211005135815.dalyv3zl6i7737yk@falbala.internal.home.lespocky.de> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20211005135815.dalyv3zl6i7737yk@falbala.internal.home.lespocky.de> X-Sent-From: Pengutronix Hildesheim X-URL: http://www.pengutronix.de/ X-IRC: #ptxdist @freenode X-Accept-Language: de,en X-Accept-Content-Type: text/plain X-Uptime: 16:02:28 up 229 days, 17:26, 150 users, load average: 0.74, 0.38, 0.29 User-Agent: Mutt/1.10.1 (2018-07-13) Subject: Re: [ptxdist] SBOM / manifest X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false On Tue, Oct 05, 2021 at 03:58:15PM +0200, Alexander Dahl wrote: > Hei hei, > > On Tue, Oct 05, 2021 at 09:38:55AM -0400, Akshay Bhat wrote: > > Is there a way of generating a SBOM (Software Bill of Materials) i.e. > > list all the software packages installed on the target with the > > associated version and license info for a ptx-dist? Something similar > > 'make legal-info' in buildroot. > > You can generate a license report like this: > > ptxdist make license-report > > You'll find the report in platform-foo/report as .pdf afterwards. Or: ptxdist make license-compliance-data This generates platform-foo/release/license-compliance.yaml This yaml file contains all the available informations about all packages. > > The closest I could find was: > > ptxdist list-packages | xargs ptxdist package-info | grep -e package: > > -e version: -e license: > > > > Also are there any plans in the roadmap for supporting a SPDX SBOM? It's somewhere on my mental todo list. It is probably possible to generated it from the yaml mentioned above. Michael > Not sure. But the documentation has some hints: > > https://www.ptxdist.org/doc/dev_licenses.html -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ ptxdist mailing list ptxdist@pengutronix.de To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de