Hi, This patch series adds support for compressing all types of SBOMs (image, recipe, SDK) using zstd, similar to what we had previously with SPDX 2.2.
To do so, we introduce a new SPDX_SBOM_EXT variable containing the SBOM extension name. Based on this extension, we decide whether SBOMs should be compressed or not. This is optional and by default SBOMs are not compressed to keep the current behavior and not to break compatibility. This work was tested on the qemuarm64 machine on the following SBOMs: - core-image-minimal SBOM (image SBOM) - busybox SBOM (recipe SBOM) - core-image-minimal SDK SBOM (SDK SBOM) At first, instead of SPDX_SBOM_EXT, I used a boolean SPDX_COMPRESSED_SBOM variable to decide whether or not a SBOM should be compressed, but it led to a lot of code additions to SBOM consumers (for instance sbom-cve-check) to check whether the SBOM filename extension was ".spdx.json" or ".spdx.json.zst". Signed-off-by: Jérémie Dautheribes (Schneider Electric) <[email protected]> --- Jérémie Dautheribes (Schneider Electric) (2): spdx3: introduce SPDX_SBOM_EXT variable spdx3: support SBOM compression based on SPDX_SBOM_EXT meta/classes-recipe/sbom-cve-check.bbclass | 2 +- meta/classes/create-spdx-3.0.bbclass | 4 ++++ meta/classes/sbom-cve-check-recipe.bbclass | 2 +- meta/lib/oe/sbom30.py | 11 +++++++++-- meta/lib/oe/spdx30_tasks.py | 12 +++++++----- 5 files changed, 22 insertions(+), 9 deletions(-) --- base-commit: 4f7d1a0885d7d6f2a533f7388ed5f5a35d6f99bc change-id: 20260512-sbom-zstd-support-7bd9b13881e2 Best regards, -- Jérémie Dautheribes (Schneider Electric) <[email protected]>
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#236895): https://lists.openembedded.org/g/openembedded-core/message/236895 Mute This Topic: https://lists.openembedded.org/mt/119282962/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
