> -----Original Message----- > From: [email protected] > <[email protected]> On Behalf Of Jérémie Dautheribes > via lists.openembedded.org > Sent: den 13 maj 2026 09:47 > To: Joshua Watt <[email protected]> > Cc: [email protected]; [email protected]; > [email protected]; [email protected] > Subject: Re: [OE-core][PATCH 2/2] spdx3: support SBOM compression based on > SPDX_SBOM_EXT > > Hello Joshua, > > On 13/05/2026 00:27, Joshua Watt wrote: > > On Tue, May 12, 2026 at 11:02 AM Jérémie Dautheribes via > > lists.openembedded.org > > <[email protected]> wrote: > >> > >> Add support for optional zstd compression for all types of SBOMs, > >> including: > >> - image SBOM > >> - recipe SBOM > >> - SDK SBOM > >> > >> Zstd compression is applied if SPDX_SBOM_EXT ends with ".zst". > >> > >> Co-authored-by: Benjamin Robin (Schneider Electric) > >> <[email protected]> > >> Signed-off-by: Jérémie Dautheribes (Schneider Electric) > >> <[email protected]> > >> --- > >> meta/classes/create-spdx-3.0.bbclass | 3 ++- > >> meta/lib/oe/sbom30.py | 11 +++++++++-- > >> 2 files changed, 11 insertions(+), 3 deletions(-) > >> > >> diff --git a/meta/classes/create-spdx-3.0.bbclass > >> b/meta/classes/create-spdx-3.0.bbclass > >> index 785edb9865..6cf8fa4688 100644 > >> --- a/meta/classes/create-spdx-3.0.bbclass > >> +++ b/meta/classes/create-spdx-3.0.bbclass > >> @@ -75,7 +75,8 @@ SPDX_IMPORTS[doc] = "SPDX_IMPORTS is the base variable > >> that describes how to \ > >> SPDX 3 spec. Optional but recommended" > >> > >> SPDX_SBOM_EXT ??= ".spdx.json" > >> -SPDX_SBOM_EXT[doc] = "SBOM file extension name." > >> +SPDX_SBOM_EXT[doc] = "SBOM file extension name.\ > >> + If it ends with '.zst', SBOMs are automatically compressed using > >> Zstd." > >> > >> # Agents > >> # Bitbake variables can be used to describe an SPDX Agent that may be > >> used > >> diff --git a/meta/lib/oe/sbom30.py b/meta/lib/oe/sbom30.py > >> index 0f1f9281ad..2184c1a07f 100644 > >> --- a/meta/lib/oe/sbom30.py > >> +++ b/meta/lib/oe/sbom30.py > >> @@ -1036,8 +1036,15 @@ def write_jsonld_doc(d, objset, dest): > >> serializer = oe.spdx30.JSONLDInlineSerializer() > >> > >> objset.objects.add(objset.doc) > >> - with dest.open("wb") as f: > >> - serializer.write(objset, f, force_at_graph=True) > >> + > >> + if dest.name.endswith(".zst"): > > > > I'm not sure I like this detection mechanism; I think we usually do > > something more explicit for compression rather than relying on the > > suffix in other places? > > Maybe we should then introduce a SPDX_COMPRESSED_SBOM boolean variable, > which would be used by SPDX_SBOM_EXT_SUFFIX to determine whether ".zst" > is appended to the SBOM file name or not. Then, we could check in the > `write_jsonld_doc` function whether compression is enabled based on this > SPDX_COMPRESSED_SBOM variable. > > What do you think? Do you have any other suggestions?
If you use something like: SPDX_COMPRESSION = "zstd" then you make it more future proof if someone wants to add support for some other compression format. > > Best regards, > -- > Jérémie Dautheribes, Bootlin > Embedded Linux and Kernel engineering > https://bootlin.com //Peter
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#236940): https://lists.openembedded.org/g/openembedded-core/message/236940 Mute This Topic: https://lists.openembedded.org/mt/119282964/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
