* [ptxdist] SBOM / manifest
@ 2021-10-05 13:38 Akshay Bhat
2021-10-05 13:58 ` Alexander Dahl
0 siblings, 1 reply; 5+ messages in thread
From: Akshay Bhat @ 2021-10-05 13:38 UTC (permalink / raw)
To: ptxdist
Hi,
Is there a way of generating a SBOM (Software Bill of Materials) i.e.
list all the software packages installed on the target with the
associated version and license info for a ptx-dist? Something similar
'make legal-info' in buildroot.
The closest I could find was:
ptxdist list-packages | xargs ptxdist package-info | grep -e package:
-e version: -e license:
Also are there any plans in the roadmap for supporting a SPDX SBOM?
Thanks,
Akshay
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [ptxdist] SBOM / manifest
2021-10-05 13:38 [ptxdist] SBOM / manifest Akshay Bhat
@ 2021-10-05 13:58 ` Alexander Dahl
2021-10-05 14:05 ` Michael Olbrich
2021-10-05 17:19 ` Christian Melki
0 siblings, 2 replies; 5+ messages in thread
From: Alexander Dahl @ 2021-10-05 13:58 UTC (permalink / raw)
To: ptxdist
[-- Attachment #1.1: Type: text/plain, Size: 1090 bytes --]
Hei hei,
On Tue, Oct 05, 2021 at 09:38:55AM -0400, Akshay Bhat wrote:
> Is there a way of generating a SBOM (Software Bill of Materials) i.e.
> list all the software packages installed on the target with the
> associated version and license info for a ptx-dist? Something similar
> 'make legal-info' in buildroot.
You can generate a license report like this:
ptxdist make license-report
You'll find the report in platform-foo/report as .pdf afterwards.
> The closest I could find was:
> ptxdist list-packages | xargs ptxdist package-info | grep -e package:
> -e version: -e license:
>
> Also are there any plans in the roadmap for supporting a SPDX SBOM?
Not sure. But the documentation has some hints:
https://www.ptxdist.org/doc/dev_licenses.html
HTH & Greets
Alex
--
/"\ ASCII RIBBON | »With the first link, the chain is forged. The first
\ / CAMPAIGN | speech censured, the first thought forbidden, the
X AGAINST | first freedom denied, chains us all irrevocably.«
/ \ HTML MAIL | (Jean-Luc Picard, quoting Judge Aaron Satie)
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
[-- Attachment #2: Type: text/plain, Size: 181 bytes --]
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [ptxdist] SBOM / manifest
2021-10-05 13:58 ` Alexander Dahl
@ 2021-10-05 14:05 ` Michael Olbrich
2021-10-05 17:22 ` Akshay Bhat
2021-10-05 17:19 ` Christian Melki
1 sibling, 1 reply; 5+ messages in thread
From: Michael Olbrich @ 2021-10-05 14:05 UTC (permalink / raw)
To: ptxdist
On Tue, Oct 05, 2021 at 03:58:15PM +0200, Alexander Dahl wrote:
> Hei hei,
>
> On Tue, Oct 05, 2021 at 09:38:55AM -0400, Akshay Bhat wrote:
> > Is there a way of generating a SBOM (Software Bill of Materials) i.e.
> > list all the software packages installed on the target with the
> > associated version and license info for a ptx-dist? Something similar
> > 'make legal-info' in buildroot.
>
> You can generate a license report like this:
>
> ptxdist make license-report
>
> You'll find the report in platform-foo/report as .pdf afterwards.
Or:
ptxdist make license-compliance-data
This generates platform-foo/release/license-compliance.yaml
This yaml file contains all the available informations about all packages.
> > The closest I could find was:
> > ptxdist list-packages | xargs ptxdist package-info | grep -e package:
> > -e version: -e license:
> >
> > Also are there any plans in the roadmap for supporting a SPDX SBOM?
It's somewhere on my mental todo list. It is probably possible to generated
it from the yaml mentioned above.
Michael
> Not sure. But the documentation has some hints:
>
> https://www.ptxdist.org/doc/dev_licenses.html
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [ptxdist] SBOM / manifest
2021-10-05 13:58 ` Alexander Dahl
2021-10-05 14:05 ` Michael Olbrich
@ 2021-10-05 17:19 ` Christian Melki
1 sibling, 0 replies; 5+ messages in thread
From: Christian Melki @ 2021-10-05 17:19 UTC (permalink / raw)
To: ptxdist
On 10/5/21 15:58, Alexander Dahl wrote:
> Hei hei,
>
> On Tue, Oct 05, 2021 at 09:38:55AM -0400, Akshay Bhat wrote:
>> Is there a way of generating a SBOM (Software Bill of Materials) i.e.
>> list all the software packages installed on the target with the
>> associated version and license info for a ptx-dist? Something similar
>> 'make legal-info' in buildroot.
>
> You can generate a license report like this:
>
> ptxdist make license-report
>
> You'll find the report in platform-foo/report as .pdf afterwards.
>
>> The closest I could find was:
>> ptxdist list-packages | xargs ptxdist package-info | grep -e package:
>> -e version: -e license:
>>
>> Also are there any plans in the roadmap for supporting a SPDX SBOM?
I'd second an implementation of a SPDX export of package usage, licence,
patch modifications and link dependencies.
It's much more usable with something like SPDX instead of a pdf.
>
> Not sure. But the documentation has some hints:
>
> https://www.ptxdist.org/doc/dev_licenses.html
>
> HTH & Greets
> Alex
>
>
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
> To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
>
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [ptxdist] SBOM / manifest
2021-10-05 14:05 ` Michael Olbrich
@ 2021-10-05 17:22 ` Akshay Bhat
0 siblings, 0 replies; 5+ messages in thread
From: Akshay Bhat @ 2021-10-05 17:22 UTC (permalink / raw)
To: ptxdist
On Tue, Oct 5, 2021 at 10:06 AM Michael Olbrich
<m.olbrich@pengutronix.de> wrote:
>
> On Tue, Oct 05, 2021 at 03:58:15PM +0200, Alexander Dahl wrote:
<snip>
> > You can generate a license report like this:
> >
> > ptxdist make license-report
> >
> > You'll find the report in platform-foo/report as .pdf afterwards.
>
> Or:
>
> ptxdist make license-compliance-data
>
> This generates platform-foo/release/license-compliance.yaml
>
> This yaml file contains all the available informations about all packages.
Thanks for the info Michael and Alex, this was helpful :)
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2021-10-05 17:23 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-05 13:38 [ptxdist] SBOM / manifest Akshay Bhat
2021-10-05 13:58 ` Alexander Dahl
2021-10-05 14:05 ` Michael Olbrich
2021-10-05 17:22 ` Akshay Bhat
2021-10-05 17:19 ` Christian Melki
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox