From patchwork Wed Feb 25 12:36:29 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Benjamin Robin X-Patchwork-Id: 81931 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 76673FD3758 for ; Wed, 25 Feb 2026 12:37:03 +0000 (UTC) Received: from smtpout-02.galae.net (smtpout-02.galae.net [185.246.84.56]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.44112.1772023007652859293 for ; Wed, 25 Feb 2026 04:36:48 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@bootlin.com header.s=dkim header.b=Hr38ohbk; spf=pass (domain: bootlin.com, ip: 185.246.84.56, mailfrom: benjamin.robin@bootlin.com) Received: from smtpout-01.galae.net (smtpout-01.galae.net [212.83.139.233]) by smtpout-02.galae.net (Postfix) with ESMTPS id 8E27F1A1373; Wed, 25 Feb 2026 12:36:45 +0000 (UTC) Received: from mail.galae.net (mail.galae.net [212.83.136.155]) by smtpout-01.galae.net (Postfix) with ESMTPS id 634EC5FDE6; Wed, 25 Feb 2026 12:36:45 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id D2A6210369072; Wed, 25 Feb 2026 13:36:43 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=dkim; t=1772023004; h=from:subject:date:message-id:to:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references; bh=DREW44xKbTtafvbfcs50V1oslTz+w+1C0z47epTgDPQ=; b=Hr38ohbkZW9lE4w7wBC9pJNSPCZF60ZNTo2SEGMJGM1H9Rh9ah5+8BM33nIxs2HkKfJgz2 0QT+QylQsfdzBsCAVVVyruwAKzow9LedAmH9kAYRyHvaLGFIPCKtzFdNzOw8YDFFdCVERz D51TbFeHJHu6ZgiWTYxiufR5eknLsjAVmiBm99sY3AWojRtiU414Yf/xGm8oFsOd/w+mDG 74JcWlt41QIHf5ACEG7PorP7YK+H2Salkjmbjh16b2oBppV/CD7zocKkFwt19vB95etgpp oDP1VRZEdakSs+qQDMnViXLpuHIKwxxaT+EzXx2P90VZoaF/nE1XS0aDxRMcfA== From: Benjamin Robin Date: Wed, 25 Feb 2026 13:36:29 +0100 Subject: [PATCH v2 1/6] maintainers.inc: Sort list in alphabetical order MIME-Version: 1.0 Message-Id: <20260225-add-sbom-cve-check-v2-1-eeffa285b901@bootlin.com> References: <20260225-add-sbom-cve-check-v2-0-eeffa285b901@bootlin.com> In-Reply-To: <20260225-add-sbom-cve-check-v2-0-eeffa285b901@bootlin.com> To: openembedded-core@lists.openembedded.org Cc: ross.burton@arm.com, peter.marko@siemens.com, jpewhacker@gmail.com, olivier.benjamin@bootlin.com, antonin.godard@bootlin.com, mathieu.dubois-briand@bootlin.com, thomas.petazzoni@bootlin.com, Benjamin Robin X-Mailer: b4 0.14.3 X-Last-TLS-Session-Version: TLSv1.3 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Feb 2026 12:37:03 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231957 Signed-off-by: Benjamin Robin --- meta/conf/distro/include/maintainers.inc | 68 ++++++++++++++++---------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc index b5ab35d92a06..1a3490d6d625 100644 --- a/meta/conf/distro/include/maintainers.inc +++ b/meta/conf/distro/include/maintainers.inc @@ -67,8 +67,8 @@ RECIPE_MAINTAINER:pn-bindgen-cli = "Khem Raj " RECIPE_MAINTAINER:pn-binutils = "Khem Raj " RECIPE_MAINTAINER:pn-binutils-cross-${TARGET_ARCH} = "Khem Raj " RECIPE_MAINTAINER:pn-binutils-cross-canadian-${TRANSLATED_TARGET_ARCH} = "Khem Raj " -RECIPE_MAINTAINER:pn-binutils-testsuite = "Khem Raj " RECIPE_MAINTAINER:pn-binutils-crosssdk-${SDK_SYS} = "Khem Raj " +RECIPE_MAINTAINER:pn-binutils-testsuite = "Khem Raj " RECIPE_MAINTAINER:pn-bison = "Chen Qi " RECIPE_MAINTAINER:pn-blktrace = "Unassigned " RECIPE_MAINTAINER:pn-blueprint-compiler = "Liu Yiding " @@ -82,18 +82,18 @@ RECIPE_MAINTAINER:pn-btrfs-tools = "Wang Mingyu " RECIPE_MAINTAINER:pn-build-appliance-image = "Richard Purdie " RECIPE_MAINTAINER:pn-build-sysroots = "Richard Purdie " RECIPE_MAINTAINER:pn-builder = "Richard Purdie " -RECIPE_MAINTAINER:pn-buildtools-extended-tarball = "Richard Purdie " -RECIPE_MAINTAINER:pn-buildtools-tarball = "Richard Purdie " RECIPE_MAINTAINER:pn-buildtools-docs-tarball = "Richard Purdie " +RECIPE_MAINTAINER:pn-buildtools-extended-tarball = "Richard Purdie " RECIPE_MAINTAINER:pn-buildtools-make-tarball = "Richard Purdie " +RECIPE_MAINTAINER:pn-buildtools-tarball = "Richard Purdie " RECIPE_MAINTAINER:pn-busybox = "Andrej Valek " RECIPE_MAINTAINER:pn-busybox-inittab = "Denys Dmytriyenko " RECIPE_MAINTAINER:pn-bzip2 = "Denys Dmytriyenko " RECIPE_MAINTAINER:pn-ca-certificates = "Unassigned " RECIPE_MAINTAINER:pn-cairo = "Unassigned " +RECIPE_MAINTAINER:pn-cantarell-fonts = "Unassigned " RECIPE_MAINTAINER:pn-cargo = "Randy MacLeod " RECIPE_MAINTAINER:pn-cargo-c = "Deepesh Varatharajan " -RECIPE_MAINTAINER:pn-cantarell-fonts = "Unassigned " RECIPE_MAINTAINER:pn-ccache = "Robert Yang " RECIPE_MAINTAINER:pn-cdrtools-native = "Yi Zhao " RECIPE_MAINTAINER:pn-chrpath = "Yi Zhao " @@ -110,24 +110,24 @@ RECIPE_MAINTAINER:pn-connman-conf = "Ross Burton " RECIPE_MAINTAINER:pn-connman-gnome = "Ross Burton " RECIPE_MAINTAINER:pn-consolekit = "Chen Qi " RECIPE_MAINTAINER:pn-core-image-base = "Richard Purdie " +RECIPE_MAINTAINER:pn-core-image-full-cmdline = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-initramfs-boot = "Ross Burton " +RECIPE_MAINTAINER:pn-core-image-kernel-dev = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-minimal = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-minimal-dev = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-minimal-initramfs = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-minimal-mtdutils = "Richard Purdie " -RECIPE_MAINTAINER:pn-core-image-tiny-initramfs = "Richard Purdie " -RECIPE_MAINTAINER:pn-core-image-full-cmdline = "Richard Purdie " -RECIPE_MAINTAINER:pn-core-image-kernel-dev = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-ptest-all = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-ptest-fast = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-sato = "Richard Purdie " +RECIPE_MAINTAINER:pn-core-image-sato-dev = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-sato-sdk = "Richard Purdie " -RECIPE_MAINTAINER:pn-core-image-testcontroller-initramfs = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-testcontroller = "Richard Purdie " +RECIPE_MAINTAINER:pn-core-image-testcontroller-initramfs = "Richard Purdie " +RECIPE_MAINTAINER:pn-core-image-tiny-initramfs = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-weston = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-weston-sdk = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-x11 = "Richard Purdie " -RECIPE_MAINTAINER:pn-core-image-sato-dev = "Richard Purdie " RECIPE_MAINTAINER:pn-coreutils = "Chen Qi " RECIPE_MAINTAINER:pn-cpio = "Denys Dmytriyenko " RECIPE_MAINTAINER:pn-cracklib = "Unassigned " @@ -167,8 +167,8 @@ RECIPE_MAINTAINER:pn-dtc = "Wang Mingyu " RECIPE_MAINTAINER:pn-dwarfsrcfiles = "Unassigned " RECIPE_MAINTAINER:pn-e2fsprogs = "Robert Yang " RECIPE_MAINTAINER:pn-ed = "Unassigned " -RECIPE_MAINTAINER:pn-efivar = "Ross Burton " RECIPE_MAINTAINER:pn-efibootmgr = "Ross Burton " +RECIPE_MAINTAINER:pn-efivar = "Ross Burton " RECIPE_MAINTAINER:pn-elfutils = "Unassigned " RECIPE_MAINTAINER:pn-ell = "Unassigned " RECIPE_MAINTAINER:pn-enchant2 = "Unassigned " @@ -179,8 +179,8 @@ RECIPE_MAINTAINER:pn-ethtool = "Unassigned " RECIPE_MAINTAINER:pn-eudev = "Unassigned " RECIPE_MAINTAINER:pn-expat = "Yi Zhao " RECIPE_MAINTAINER:pn-expect = "Unassigned " -RECIPE_MAINTAINER:pn-ffmpeg = "Unassigned " RECIPE_MAINTAINER:pn-fastfloat = "Markus Volk " +RECIPE_MAINTAINER:pn-ffmpeg = "Unassigned " RECIPE_MAINTAINER:pn-file = "Yi Zhao " RECIPE_MAINTAINER:pn-findutils = "Chen Qi " RECIPE_MAINTAINER:pn-flac = "Michael Opdenacker " @@ -201,6 +201,7 @@ RECIPE_MAINTAINER:pn-gcc-crosssdk-${SDK_SYS} = "Khem Raj " RECIPE_MAINTAINER:pn-gcc-runtime = "Khem Raj " RECIPE_MAINTAINER:pn-gcc-sanitizers = "Khem Raj " RECIPE_MAINTAINER:pn-gcc-source-15.2.0 = "Khem Raj " +RECIPE_MAINTAINER:pn-gcompat = "Khem Raj " RECIPE_MAINTAINER:pn-gconf = "Ross Burton " RECIPE_MAINTAINER:pn-gcr = "Unassigned " RECIPE_MAINTAINER:pn-gdb = "Khem Raj " @@ -222,8 +223,8 @@ RECIPE_MAINTAINER:pn-glibc-locale = "Khem Raj " RECIPE_MAINTAINER:pn-glibc-mtrace = "Khem Raj " RECIPE_MAINTAINER:pn-glibc-scripts = "Khem Raj " RECIPE_MAINTAINER:pn-glibc-testsuite = "Khem Raj " -RECIPE_MAINTAINER:pn-gmp = "Khem Raj " RECIPE_MAINTAINER:pn-glslang = "Jose Quaresma " +RECIPE_MAINTAINER:pn-gmp = "Khem Raj " RECIPE_MAINTAINER:pn-gn = "Khem Raj " RECIPE_MAINTAINER:pn-gnome-desktop-testing = "Ross Burton " RECIPE_MAINTAINER:pn-gnu-config = "Robert Yang " @@ -241,7 +242,6 @@ RECIPE_MAINTAINER:pn-gobject-introspection = "Unassigned " RECIPE_MAINTAINER:pn-gstreamer1.0-vaapi = "Unassigned " RECIPE_MAINTAINER:pn-gtk+3 = "Ross Burton " -RECIPE_MAINTAINER:pn-gtk4 = "Markus Volk " RECIPE_MAINTAINER:pn-gtk-doc = "Unassigned " +RECIPE_MAINTAINER:pn-gtk4 = "Markus Volk " RECIPE_MAINTAINER:pn-gzip = "Denys Dmytriyenko " RECIPE_MAINTAINER:pn-harfbuzz = "Unassigned " RECIPE_MAINTAINER:pn-hdparm = "Denys Dmytriyenko " @@ -298,7 +298,6 @@ RECIPE_MAINTAINER:pn-iputils = "Unassigned " RECIPE_MAINTAINER:pn-iso-codes = "Wang Mingyu " RECIPE_MAINTAINER:pn-itstool = "Unassigned " RECIPE_MAINTAINER:pn-iw = "Unassigned " -RECIPE_MAINTAINER:pn-libjpeg-turbo = "Unassigned " RECIPE_MAINTAINER:pn-json-c = "Yi Zhao " RECIPE_MAINTAINER:pn-json-glib = "Yi Zhao " RECIPE_MAINTAINER:pn-kbd = "Unassigned " @@ -354,8 +353,8 @@ RECIPE_MAINTAINER:pn-libgcrypt = "Hongxu Jia " RECIPE_MAINTAINER:pn-libgfortran = "Khem Raj " RECIPE_MAINTAINER:pn-libgit2 = "Unassigned " RECIPE_MAINTAINER:pn-libgloss = "Alejandro Hernandez " -RECIPE_MAINTAINER:pn-libglvnd = "Dmitry Baryshkov " RECIPE_MAINTAINER:pn-libglu = "Ross Burton " +RECIPE_MAINTAINER:pn-libglvnd = "Dmitry Baryshkov " RECIPE_MAINTAINER:pn-libgpg-error = "Hongxu Jia " RECIPE_MAINTAINER:pn-libgudev = "Ross Burton " RECIPE_MAINTAINER:pn-libhandy = "Unassigned " @@ -364,14 +363,15 @@ RECIPE_MAINTAINER:pn-libice = "Unassigned " RECIPE_MAINTAINER:pn-libidn2 = "Ross Burton " RECIPE_MAINTAINER:pn-libinput = "Ross Burton " RECIPE_MAINTAINER:pn-libjitterentropy = "Ross Burton " +RECIPE_MAINTAINER:pn-libjpeg-turbo = "Unassigned " RECIPE_MAINTAINER:pn-libksba = "Unassigned " RECIPE_MAINTAINER:pn-libmatchbox = "Ross Burton " RECIPE_MAINTAINER:pn-libmd = "Unassigned " RECIPE_MAINTAINER:pn-libmicrohttpd = "Unassigned " RECIPE_MAINTAINER:pn-libmnl = "Khem Raj " -RECIPE_MAINTAINER:pn-libmpc = "Khem Raj " RECIPE_MAINTAINER:pn-libmodule-build-perl = "Tim Orling " RECIPE_MAINTAINER:pn-libmodulemd = "Unassigned " +RECIPE_MAINTAINER:pn-libmpc = "Khem Raj " RECIPE_MAINTAINER:pn-libnl = "Unassigned " RECIPE_MAINTAINER:pn-libnotify = "Unassigned " RECIPE_MAINTAINER:pn-libnsl2 = "Khem Raj " @@ -386,12 +386,11 @@ RECIPE_MAINTAINER:pn-libpipeline = "Wang Mingyu " RECIPE_MAINTAINER:pn-libpng = "Unassigned " RECIPE_MAINTAINER:pn-libportal = "Unassigned " RECIPE_MAINTAINER:pn-libproxy = "Unassigned " +RECIPE_MAINTAINER:pn-libpsl = "Unassigned " RECIPE_MAINTAINER:pn-libpthread-stubs = "Unassigned " RECIPE_MAINTAINER:pn-libptytty = "Unassigned " -RECIPE_MAINTAINER:pn-libpsl = "Unassigned " RECIPE_MAINTAINER:pn-librepo = "Wang Mingyu " RECIPE_MAINTAINER:pn-librsvg = "Unassigned " -RECIPE_MAINTAINER:pn-libstd-rs = "Randy MacLeod " RECIPE_MAINTAINER:pn-libsamplerate0 = "Unassigned " RECIPE_MAINTAINER:pn-libsass = "Simone Weiß " RECIPE_MAINTAINER:pn-libsdl2 = "Yi Zhao " @@ -404,6 +403,7 @@ RECIPE_MAINTAINER:pn-libsolv = "Unassigned " RECIPE_MAINTAINER:pn-libsoup = "Unassigned " RECIPE_MAINTAINER:pn-libssh2 = "Unassigned " RECIPE_MAINTAINER:pn-libssp-nonshared = "Khem Raj " +RECIPE_MAINTAINER:pn-libstd-rs = "Randy MacLeod " RECIPE_MAINTAINER:pn-libtasn1 = "Unassigned " RECIPE_MAINTAINER:pn-libtest-fatal-perl = "Tim Orling " RECIPE_MAINTAINER:pn-libtest-needs-perl = "Tim Orling " @@ -416,12 +416,12 @@ RECIPE_MAINTAINER:pn-libtool-cross = "Robert Yang " RECIPE_MAINTAINER:pn-libtool-native = "Robert Yang " RECIPE_MAINTAINER:pn-libtraceevent = "Bruce Ashfield " RECIPE_MAINTAINER:pn-libtry-tiny-perl = "Tim Orling " +RECIPE_MAINTAINER:pn-libubootenv = "Stefano Babic " RECIPE_MAINTAINER:pn-libucontext = "Khem Raj " RECIPE_MAINTAINER:pn-libunistring = "Unassigned " RECIPE_MAINTAINER:pn-libunwind = "Bruce Ashfield " RECIPE_MAINTAINER:pn-liburcu = "Wang Mingyu " RECIPE_MAINTAINER:pn-libusb1 = "Unassigned " -RECIPE_MAINTAINER:pn-libubootenv = "Stefano Babic " RECIPE_MAINTAINER:pn-libuv = "Unassigned " RECIPE_MAINTAINER:pn-libva = "Unassigned " RECIPE_MAINTAINER:pn-libva-initial = "Unassigned " @@ -433,11 +433,11 @@ RECIPE_MAINTAINER:pn-libx11 = "Unassigned " RECIPE_MAINTAINER:pn-libx11-compose-data = "Unassigned " RECIPE_MAINTAINER:pn-libxau = "Unassigned " RECIPE_MAINTAINER:pn-libxcb = "Unassigned " -RECIPE_MAINTAINER:pn-libxcvt = "Unassigned " RECIPE_MAINTAINER:pn-libxcomposite = "Unassigned " -RECIPE_MAINTAINER:pn-libxcursor = "Unassigned " RECIPE_MAINTAINER:pn-libxcrypt = "Khem Raj " RECIPE_MAINTAINER:pn-libxcrypt-compat = "Khem Raj " +RECIPE_MAINTAINER:pn-libxcursor = "Unassigned " +RECIPE_MAINTAINER:pn-libxcvt = "Unassigned " RECIPE_MAINTAINER:pn-libxdamage = "Unassigned " RECIPE_MAINTAINER:pn-libxdmcp = "Unassigned " RECIPE_MAINTAINER:pn-libxext = "Unassigned " @@ -473,20 +473,20 @@ RECIPE_MAINTAINER:pn-libxxf86vm = "Unassigned " RECIPE_MAINTAINER:pn-libyaml = "Wang Mingyu " RECIPE_MAINTAINER:pn-lighttpd = "Unassigned " RECIPE_MAINTAINER:pn-linux-dummy = "Unassigned " -RECIPE_MAINTAINER:pn-linux-yocto-fitimage = "Adrian Freihofer " RECIPE_MAINTAINER:pn-linux-firmware = "Unassigned " RECIPE_MAINTAINER:pn-linux-libc-headers = "Bruce Ashfield " RECIPE_MAINTAINER:pn-linux-yocto = "Bruce Ashfield " RECIPE_MAINTAINER:pn-linux-yocto-dev = "Bruce Ashfield " +RECIPE_MAINTAINER:pn-linux-yocto-fitimage = "Adrian Freihofer " RECIPE_MAINTAINER:pn-linux-yocto-rt = "Bruce Ashfield " RECIPE_MAINTAINER:pn-linux-yocto-tiny = "Bruce Ashfield " RECIPE_MAINTAINER:pn-lld = "Khem Raj " RECIPE_MAINTAINER:pn-lldb = "Khem Raj " +RECIPE_MAINTAINER:pn-llvm = "Khem Raj " RECIPE_MAINTAINER:pn-llvm-project-source-21.1.8 = "Khem Raj " RECIPE_MAINTAINER:pn-llvm-tblgen-native = "Khem Raj " -RECIPE_MAINTAINER:pn-llvm = "Khem Raj " -RECIPE_MAINTAINER:pn-logrotate = "Yi Zhao " RECIPE_MAINTAINER:pn-log4cplus = "Unassigned " +RECIPE_MAINTAINER:pn-logrotate = "Yi Zhao " RECIPE_MAINTAINER:pn-lrzsz = "Unassigned " RECIPE_MAINTAINER:pn-lsb-release = "Hongxu Jia " RECIPE_MAINTAINER:pn-lsof = "Ross Burton " @@ -496,17 +496,17 @@ RECIPE_MAINTAINER:pn-lttng-tools = "Richard Purdie " RECIPE_MAINTAINER:pn-nativesdk-qemu-helper = "Richard Purdie " RECIPE_MAINTAINER:pn-nativesdk-sdk-provides-dummy = "Richard Purdie " -RECIPE_MAINTAINER:pn-newlib = "Alejandro Hernandez " RECIPE_MAINTAINER:pn-ncurses = "Hongxu Jia " RECIPE_MAINTAINER:pn-neard = "Unassigned " RECIPE_MAINTAINER:pn-net-tools = "Unassigned " RECIPE_MAINTAINER:pn-netbase = "Unassigned " RECIPE_MAINTAINER:pn-nettle = "Unassigned " +RECIPE_MAINTAINER:pn-newlib = "Alejandro Hernandez " RECIPE_MAINTAINER:pn-nfs-export-root = "Robert Yang " RECIPE_MAINTAINER:pn-nfs-utils = "Robert Yang " RECIPE_MAINTAINER:pn-nghttp2 = "Unassigned " @@ -741,10 +741,10 @@ RECIPE_MAINTAINER:pn-python3-testtools = "Trevor Gamblin RECIPE_MAINTAINER:pn-python3-trove-classifiers = "Trevor Gamblin " RECIPE_MAINTAINER:pn-python3-typing-extensions = "Tim Orling " RECIPE_MAINTAINER:pn-python3-typogrify = "Trevor Gamblin " -RECIPE_MAINTAINER:pn-python3-uv-build = "Unassigned " RECIPE_MAINTAINER:pn-python3-unittest-automake-output = "Ross Burton " RECIPE_MAINTAINER:pn-python3-uritools = "Marta Rybczynska " RECIPE_MAINTAINER:pn-python3-urllib3 = "Tim Orling " +RECIPE_MAINTAINER:pn-python3-uv-build = "Unassigned " RECIPE_MAINTAINER:pn-python3-vcversioner = "Bruce Ashfield " RECIPE_MAINTAINER:pn-python3-wcwidth = "Tim Orling " RECIPE_MAINTAINER:pn-python3-webcolors = "Bruce Ashfield " @@ -766,8 +766,8 @@ RECIPE_MAINTAINER:pn-readline = "Hongxu Jia " RECIPE_MAINTAINER:pn-repo = "Unassigned " RECIPE_MAINTAINER:pn-resolvconf = "Chen Qi " RECIPE_MAINTAINER:pn-rgb = "Unassigned " -RECIPE_MAINTAINER:pn-rpcbind = "Hongxu Jia " RECIPE_MAINTAINER:pn-rng-tools = "Unassigned " +RECIPE_MAINTAINER:pn-rpcbind = "Hongxu Jia " RECIPE_MAINTAINER:pn-rpcsvc-proto = "Khem Raj " RECIPE_MAINTAINER:pn-rpm = "Robert Yang " RECIPE_MAINTAINER:pn-rpm-sequoia = "Zoltán Böszörményi " @@ -780,8 +780,8 @@ RECIPE_MAINTAINER:pn-rust = "Randy MacLeod " RECIPE_MAINTAINER:pn-rust-cross-canadian-${TRANSLATED_TARGET_ARCH} = "Randy MacLeod " RECIPE_MAINTAINER:pn-rxvt-unicode = "Unassigned " RECIPE_MAINTAINER:pn-sassc = "Simone Weiß " -RECIPE_MAINTAINER:pn-sato-screenshot = "Ross Burton " RECIPE_MAINTAINER:pn-sato-icon-theme = "Richard Purdie " +RECIPE_MAINTAINER:pn-sato-screenshot = "Ross Burton " RECIPE_MAINTAINER:pn-sbc = "Unassigned " RECIPE_MAINTAINER:pn-scdoc = "Alex Kiernan " RECIPE_MAINTAINER:pn-screen = "Unassigned " @@ -790,10 +790,10 @@ RECIPE_MAINTAINER:pn-sed = "Chen Qi " RECIPE_MAINTAINER:pn-serf = "Unassigned " RECIPE_MAINTAINER:pn-setserial = "Yi Zhao " RECIPE_MAINTAINER:pn-settings-daemon = "Unassigned " +RECIPE_MAINTAINER:pn-shaderc = "Jose Quaresma " RECIPE_MAINTAINER:pn-shadow = "Chen Qi " RECIPE_MAINTAINER:pn-shadow-securetty = "Chen Qi " RECIPE_MAINTAINER:pn-shadow-sysroot = "Chen Qi " -RECIPE_MAINTAINER:pn-shaderc = "Jose Quaresma " RECIPE_MAINTAINER:pn-shared-mime-info = "Unassigned " RECIPE_MAINTAINER:pn-shutdown-desktop = "Unassigned " RECIPE_MAINTAINER:pn-signing-keys = "Richard Purdie " @@ -819,9 +819,9 @@ RECIPE_MAINTAINER:pn-syslinux = "Unassigned " RECIPE_MAINTAINER:pn-sysstat = "Chen Qi " RECIPE_MAINTAINER:pn-systemd = "Chen Qi " RECIPE_MAINTAINER:pn-systemd-boot = "Chen Qi " +RECIPE_MAINTAINER:pn-systemd-boot-native = "Viswanath Kraleti " RECIPE_MAINTAINER:pn-systemd-bootchart = "Chen Qi " RECIPE_MAINTAINER:pn-systemd-bootconf = "Chen Qi " -RECIPE_MAINTAINER:pn-systemd-boot-native = "Viswanath Kraleti " RECIPE_MAINTAINER:pn-systemd-conf = "Chen Qi " RECIPE_MAINTAINER:pn-systemd-machine-units = "Chen Qi " RECIPE_MAINTAINER:pn-systemd-serialgetty = "Chen Qi " @@ -854,10 +854,10 @@ RECIPE_MAINTAINER:pn-uninative-tarball = "Richard Purdie X-Patchwork-Id: 81929 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 69409FD3756 for ; Wed, 25 Feb 2026 12:37:03 +0000 (UTC) Received: from smtpout-04.galae.net (smtpout-04.galae.net [185.171.202.116]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.44113.1772023008461795525 for ; Wed, 25 Feb 2026 04:36:48 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@bootlin.com header.s=dkim header.b=D1zMwHtf; spf=pass (domain: bootlin.com, ip: 185.171.202.116, mailfrom: benjamin.robin@bootlin.com) Received: from smtpout-01.galae.net (smtpout-01.galae.net [212.83.139.233]) by smtpout-04.galae.net (Postfix) with ESMTPS id 784A7C16544 for ; Wed, 25 Feb 2026 12:37:01 +0000 (UTC) Received: from mail.galae.net (mail.galae.net [212.83.136.155]) by smtpout-01.galae.net (Postfix) with ESMTPS id 7B8535FDE6; Wed, 25 Feb 2026 12:36:46 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id 0D34510368F91; Wed, 25 Feb 2026 13:36:44 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=dkim; t=1772023005; h=from:subject:date:message-id:to:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references; bh=ncwBr4bI6LeRExmjjz20l63Solgzb7hpLmCNQQdMidM=; b=D1zMwHtfS9akrajMiDfRa7ceb1p/CNfoUPs0hIWUXvjxQxO2Y+D22SfVZyllSmadsfd/c5 0ugg4Vb6RTKUkrTL6M2cx5LdpKTcjSxnRhp/M+GHlyvrndazARmVa511eiU6Fa4oEbSLCt PrUI9XKe+QSBVQ3nqHnoaGUPAbKyXXK14JFy5jkTGn7bVPcacTRuy37CVfjNsAERMQvXzB 2gHjhTteeWswa1P/ecu1MOoWf2V/rKfcoqvXSu9fQZ37npoFUUOY2MgsqOWFCcMb2iwOn6 e44MN1UZrWZyf8HFyA2NLg9YaFmu8oi0QcURPIW/ey/FbgBAGOcuk9U3KtWwvg== From: Benjamin Robin Date: Wed, 25 Feb 2026 13:36:30 +0100 Subject: [PATCH v2 2/6] python3-shacl2code: add recipe MIME-Version: 1.0 Message-Id: <20260225-add-sbom-cve-check-v2-2-eeffa285b901@bootlin.com> References: <20260225-add-sbom-cve-check-v2-0-eeffa285b901@bootlin.com> In-Reply-To: <20260225-add-sbom-cve-check-v2-0-eeffa285b901@bootlin.com> To: openembedded-core@lists.openembedded.org Cc: ross.burton@arm.com, peter.marko@siemens.com, jpewhacker@gmail.com, olivier.benjamin@bootlin.com, antonin.godard@bootlin.com, mathieu.dubois-briand@bootlin.com, thomas.petazzoni@bootlin.com, Benjamin Robin X-Mailer: b4 0.14.3 X-Last-TLS-Session-Version: TLSv1.3 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Feb 2026 12:37:03 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231958 - Build dependency of python3-spdx-python-model. - Part of the dependency chain for sbom-cve-check Signed-off-by: Benjamin Robin --- meta/conf/distro/include/maintainers.inc | 1 + .../python/python3-shacl2code_0.0.24.bb | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc index 1a3490d6d625..b3913a04140c 100644 --- a/meta/conf/distro/include/maintainers.inc +++ b/meta/conf/distro/include/maintainers.inc @@ -718,6 +718,7 @@ RECIPE_MAINTAINER:pn-python3-semantic-version = "Tim Orling X-Patchwork-Id: 81926 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 68784FD3752 for ; Wed, 25 Feb 2026 12:36:53 +0000 (UTC) Received: from smtpout-02.galae.net (smtpout-02.galae.net [185.246.84.56]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.44223.1772023009672094701 for ; Wed, 25 Feb 2026 04:36:49 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@bootlin.com header.s=dkim header.b=ARBXYhKl; spf=pass (domain: bootlin.com, ip: 185.246.84.56, mailfrom: benjamin.robin@bootlin.com) Received: from smtpout-01.galae.net (smtpout-01.galae.net [212.83.139.233]) by smtpout-02.galae.net (Postfix) with ESMTPS id 33FB51A137E; Wed, 25 Feb 2026 12:36:48 +0000 (UTC) Received: from mail.galae.net (mail.galae.net [212.83.136.155]) by smtpout-01.galae.net (Postfix) with ESMTPS id 08FB95FDE6; Wed, 25 Feb 2026 12:36:48 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id 471A410369130; Wed, 25 Feb 2026 13:36:46 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=dkim; t=1772023007; h=from:subject:date:message-id:to:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references; bh=fUlD5Ngb/RcTuKA/xSX1sd8GFTY4xHRHVrAq47clQwA=; b=ARBXYhKlJS9eStzwhIqU/YQ2LEypsf8AsriKb9vgkCXC+LfWBA8Ub2I7Q2cdeKbJJ59JOk ECz2CFFrVXR6VFZ+KEkLb8I6uX82W0lY3d7JkrMKqj9NYrn7m8YGVTSGXZkyIXiW57rDL9 phwtqFujp8aQReAW4RQaAe4rQSLlAjAj0YSn7THWv5A8hXlfj0puW1JLrF/mitsRWQVnel lLIZeDaWPwJBw8t76fD6qvPzzzb0JmA6YW3npil5tmTCQkTSbx6cPrTo9gs0dTqoLffQrg jVcYAdlheZOTrAN0NVaYl4tpMPFzEkFyt4UYIG/S8Y/LFyNMs/XxbBuYeUl/HQ== From: Benjamin Robin Date: Wed, 25 Feb 2026 13:36:31 +0100 Subject: [PATCH v2 3/6] python3-hatch-build-scripts: add recipe MIME-Version: 1.0 Message-Id: <20260225-add-sbom-cve-check-v2-3-eeffa285b901@bootlin.com> References: <20260225-add-sbom-cve-check-v2-0-eeffa285b901@bootlin.com> In-Reply-To: <20260225-add-sbom-cve-check-v2-0-eeffa285b901@bootlin.com> To: openembedded-core@lists.openembedded.org Cc: ross.burton@arm.com, peter.marko@siemens.com, jpewhacker@gmail.com, olivier.benjamin@bootlin.com, antonin.godard@bootlin.com, mathieu.dubois-briand@bootlin.com, thomas.petazzoni@bootlin.com, Benjamin Robin X-Mailer: b4 0.14.3 X-Last-TLS-Session-Version: TLSv1.3 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Feb 2026 12:36:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231959 - Build dependency of python3-spdx-python-model. - Part of the dependency chain for sbom-cve-check Signed-off-by: Benjamin Robin --- meta/conf/distro/include/maintainers.inc | 1 + .../python/python3-hatch-build-scripts_1.0.0.bb | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc index b3913a04140c..d65960f8e1bc 100644 --- a/meta/conf/distro/include/maintainers.inc +++ b/meta/conf/distro/include/maintainers.inc @@ -649,6 +649,7 @@ RECIPE_MAINTAINER:pn-python3-extras = "Trevor Gamblin " RECIPE_MAINTAINER:pn-python3-flit-core = "Tim Orling " RECIPE_MAINTAINER:pn-python3-git = "Trevor Gamblin " RECIPE_MAINTAINER:pn-python3-gitdb = "Trevor Gamblin " +RECIPE_MAINTAINER:pn-python3-hatch-build-scripts = "Benjamin Robin " RECIPE_MAINTAINER:pn-python3-hatch-fancy-pypi-readme = "Ross Burton " RECIPE_MAINTAINER:pn-python3-hatch-vcs = "Ross Burton " RECIPE_MAINTAINER:pn-python3-hatchling = "Ross Burton " diff --git a/meta/recipes-devtools/python/python3-hatch-build-scripts_1.0.0.bb b/meta/recipes-devtools/python/python3-hatch-build-scripts_1.0.0.bb new file mode 100644 index 000000000000..ba7d8b40ffc5 --- /dev/null +++ b/meta/recipes-devtools/python/python3-hatch-build-scripts_1.0.0.bb @@ -0,0 +1,12 @@ +SUMMARY = "A plugin for Hatch that runs build scripts and saves their artifacts" +HOMEPAGE = "https://pypi.org/project/hatch_build_scripts/" +SECTION = "devel/python" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=9ad584cda56221c7eaf48c23a5874a2a" + +PYPI_PACKAGE = "hatch_build_scripts" +SRC_URI[sha256sum] = "563735e2f265c9e1b92dece6f762309114505ffaf6e5d51d462eb6a3b4f14640" + +inherit pypi python_hatchling + +BBCLASSEXTEND = "native nativesdk" From patchwork Wed Feb 25 12:36:32 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Benjamin Robin X-Patchwork-Id: 81928 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 755E1FD3755 for ; Wed, 25 Feb 2026 12:36:53 +0000 (UTC) Received: from smtpout-02.galae.net (smtpout-02.galae.net [185.246.84.56]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.44224.1772023010864573241 for ; Wed, 25 Feb 2026 04:36:51 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@bootlin.com header.s=dkim header.b=mRGVGw6I; spf=pass (domain: bootlin.com, ip: 185.246.84.56, mailfrom: benjamin.robin@bootlin.com) Received: from smtpout-01.galae.net (smtpout-01.galae.net [212.83.139.233]) by smtpout-02.galae.net (Postfix) with ESMTPS id 61C411A1373; Wed, 25 Feb 2026 12:36:49 +0000 (UTC) Received: from mail.galae.net (mail.galae.net [212.83.136.155]) by smtpout-01.galae.net (Postfix) with ESMTPS id 38D6F5FDE6; Wed, 25 Feb 2026 12:36:49 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id A27AB103690AD; Wed, 25 Feb 2026 13:36:47 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=dkim; t=1772023008; h=from:subject:date:message-id:to:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references; bh=gqiibl6dEDMYmVanIu6m/CWDGNbEgcOWef3WIGqk0RI=; b=mRGVGw6IMIi/TfOONrIK9pny4fb85O1yc2QEnzWqmZ4trcKArYAHZz+rK47+XRY8AahqCU AORW/c2beYh5iY2AvzQGMNoTTil5bwvHOj063Tb06aJOGLNExiaRIMWN5BGjBpgdIxxpUP gyWyAYce0dz5JRsONqX8Pot3YmQtBFaCocUGz2I8YH26uoTJ8h8hzWztIG5rR9/xI4a4N2 zdE3eSNMZG924dC1ldo4yDUMUHh0075gv7doWuYI1Efj04xbEcKLvoyYgeEQryuqDgQuOn WQmA8V0TT0cMmD3XQ5mSJEzajMqOOwnFMvBN00LjnjRifP0PZ7V2yyTsNuH9Eg== From: Benjamin Robin Date: Wed, 25 Feb 2026 13:36:32 +0100 Subject: [PATCH v2 4/6] python3-spdx-python-model: add recipe MIME-Version: 1.0 Message-Id: <20260225-add-sbom-cve-check-v2-4-eeffa285b901@bootlin.com> References: <20260225-add-sbom-cve-check-v2-0-eeffa285b901@bootlin.com> In-Reply-To: <20260225-add-sbom-cve-check-v2-0-eeffa285b901@bootlin.com> To: openembedded-core@lists.openembedded.org Cc: ross.burton@arm.com, peter.marko@siemens.com, jpewhacker@gmail.com, olivier.benjamin@bootlin.com, antonin.godard@bootlin.com, mathieu.dubois-briand@bootlin.com, thomas.petazzoni@bootlin.com, Benjamin Robin X-Mailer: b4 0.14.3 X-Last-TLS-Session-Version: TLSv1.3 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Feb 2026 12:36:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231960 - Part of the dependency chain for sbom-cve-check Signed-off-by: Benjamin Robin --- meta/conf/distro/include/maintainers.inc | 1 + ...enerate-bindings-allow-to-use-local-files.patch | 58 ++++++++++++++++++++++ .../python/python3-spdx-python-model_0.0.4.bb | 37 ++++++++++++++ 3 files changed, 96 insertions(+) diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc index d65960f8e1bc..3bc1d00bc1c7 100644 --- a/meta/conf/distro/include/maintainers.inc +++ b/meta/conf/distro/include/maintainers.inc @@ -725,6 +725,7 @@ RECIPE_MAINTAINER:pn-python3-smartypants = "Trevor Gamblin +Date: Tue, 24 Feb 2026 10:59:25 +0100 +Subject: [PATCH] generate-bindings: allow to use local files + +shacl2code needs to download the following URLs during build time: + - https://spdx.org/rdf/3.0.1/spdx-model.ttl + - https://spdx.org/rdf/3.0.1/spdx-json-serialize-annotations.ttl + - https://spdx.org/rdf/3.0.1/spdx-context.jsonld + +There are a lot of package build tools that do not allow to download +a file during the build. So provide a way to use local file: +If the environment variable SHACL2CODE_SPDX_DIR is defined, load +the SPDX model and SPDX context from the directory specified by this +environment variable. + +Upstream-Status: Submitted [https://github.com/spdx/spdx-python-model/pull/19] + +Signed-off-by: Benjamin Robin +--- + gen/generate-bindings | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +diff --git a/gen/generate-bindings b/gen/generate-bindings +index b963c55a3bc9..bc7041ee3bb9 100755 +--- a/gen/generate-bindings ++++ b/gen/generate-bindings +@@ -14,12 +14,22 @@ echo "# Import all versions" > __init__.py + for v in $SPDX_VERSIONS; do + MODNAME="v$(echo "$v" | sed 's/[^a-zA-Z0-9_]/_/g')" + +- shacl2code generate --input https://spdx.org/rdf/$v/spdx-model.ttl \ +- --input https://spdx.org/rdf/$v/spdx-json-serialize-annotations.ttl \ +- --context https://spdx.org/rdf/$v/spdx-context.jsonld \ +- --license Apache-2.0 \ +- python \ +- -o "$MODNAME.py" ++ if [ -n "${SHACL2CODE_SPDX_DIR}" ] && [ -d "${SHACL2CODE_SPDX_DIR}/$v" ] ++ then ++ shacl2code generate --input "file://${SHACL2CODE_SPDX_DIR}/$v/spdx-model.ttl" \ ++ --input "file://${SHACL2CODE_SPDX_DIR}/$v/spdx-json-serialize-annotations.ttl" \ ++ --context-url "file://${SHACL2CODE_SPDX_DIR}/$v/spdx-context.jsonld" https://spdx.org/rdf/$v/spdx-context.jsonld \ ++ --license Apache-2.0 \ ++ python \ ++ -o "$MODNAME.py" ++ else ++ shacl2code generate --input https://spdx.org/rdf/$v/spdx-model.ttl \ ++ --input https://spdx.org/rdf/$v/spdx-json-serialize-annotations.ttl \ ++ --context https://spdx.org/rdf/$v/spdx-context.jsonld \ ++ --license Apache-2.0 \ ++ python \ ++ -o "$MODNAME.py" ++ fi + + echo "from . import $MODNAME" >> __init__.py + done +-- +2.53.0 diff --git a/meta/recipes-devtools/python/python3-spdx-python-model_0.0.4.bb b/meta/recipes-devtools/python/python3-spdx-python-model_0.0.4.bb new file mode 100644 index 000000000000..00c3b3913c2e --- /dev/null +++ b/meta/recipes-devtools/python/python3-spdx-python-model_0.0.4.bb @@ -0,0 +1,37 @@ +SUMMARY = "Generated Python code for SPDX Spec version 3" +HOMEPAGE = "https://pypi.org/project/spdx-python-model/" +SECTION = "devel/python" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327" + +PYPI_PACKAGE = "spdx_python_model" +SRC_URI[sha256sum] = "bdec725398babcbdd4bcb7c16cf23497d06a48d0ef3ea1edb19a3b0d431ab8c1" + +SRC_URI += " \ + https://spdx.org/rdf/3.0.1/spdx-context.jsonld;name=spdx1 \ + https://spdx.org/rdf/3.0.1/spdx-json-serialize-annotations.ttl;name=spdx2 \ + https://spdx.org/rdf/3.0.1/spdx-model.ttl;name=spdx3 \ + file://0001-generate-bindings-allow-to-use-local-files.patch \ +" + +SRC_URI[spdx1.sha256sum] = "c72b0928f094c83e5c127784edb1ebca2af74a104fcacc007c332b23cbc788bd" +SRC_URI[spdx2.sha256sum] = "c6a54b51230eb2bf3b31302546af201f303e0b7931c1db404d7f5b72b6f863e6" +SRC_URI[spdx3.sha256sum] = "30ebb4af2d70a9809044ef46f44cc3dc5125226d70f818a50ed2e1d5f404c593" + +inherit pypi python_hatchling + +export SHACL2CODE_SPDX_DIR = "${S}/spdx" + +do_configure:append() { + mkdir -p "${SHACL2CODE_SPDX_DIR}/3.0.1/" + cp ${UNPACKDIR}/spdx-context.jsonld "${SHACL2CODE_SPDX_DIR}/3.0.1/" + cp ${UNPACKDIR}/spdx-json-serialize-annotations.ttl "${SHACL2CODE_SPDX_DIR}/3.0.1/" + cp ${UNPACKDIR}/spdx-model.ttl "${SHACL2CODE_SPDX_DIR}/3.0.1/" +} + +DEPENDS += " \ + python3-shacl2code-native \ + python3-hatch-build-scripts-native \ +" + +BBCLASSEXTEND = "native nativesdk" From patchwork Wed Feb 25 12:36:33 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Benjamin Robin X-Patchwork-Id: 81927 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 69750FD3753 for ; Wed, 25 Feb 2026 12:36:53 +0000 (UTC) Received: from smtpout-04.galae.net (smtpout-04.galae.net [185.171.202.116]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.44225.1772023012495505386 for ; Wed, 25 Feb 2026 04:36:52 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@bootlin.com header.s=dkim header.b=Y1Q4Bllc; spf=pass (domain: bootlin.com, ip: 185.171.202.116, mailfrom: benjamin.robin@bootlin.com) Received: from smtpout-01.galae.net (smtpout-01.galae.net [212.83.139.233]) by smtpout-04.galae.net (Postfix) with ESMTPS id 68194C16542 for ; Wed, 25 Feb 2026 12:37:05 +0000 (UTC) Received: from mail.galae.net (mail.galae.net [212.83.136.155]) by smtpout-01.galae.net (Postfix) with ESMTPS id 6BB065FDE6; Wed, 25 Feb 2026 12:36:50 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id E30A410368D23; Wed, 25 Feb 2026 13:36:48 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=dkim; t=1772023009; h=from:subject:date:message-id:to:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references; bh=7xLK6dvGTmM6ZBn4pxHA+Smeu5BXYsHtbpKNAGsZU7o=; b=Y1Q4BllcY6yuh3iQPbf4xSD3YQCBp9I5iR1NLaPn0rh8Mb7TcwjeXBrYl5YOQouc45AS0y X3N1g05qXIHp9UpnbIGorWSSOwikOMOVxMfmzuh3TnEs35Zi+MvAbFOfN27jGOexYSMDXd j6MDm05KeNVeSZMVQOnzf5U0cRRYcR/Ua2ryaks9cFY6Z1gjepSMGMVAepI9HJfYEGPamu wLnH0+UNcm3NmzNW/oXMDQ2bXrQEOhgp1+sx8RQuoh1F/8OnfGc6aWZIslSgOoUXQiBXi2 IwustAVRCO4bEs11V2CXwqxgV2cPa8jAhgfpW23F7JYaloHoxELTWvPAKV6NYg== From: Benjamin Robin Date: Wed, 25 Feb 2026 13:36:33 +0100 Subject: [PATCH v2 5/6] sbom-cve-check: add recipe MIME-Version: 1.0 Message-Id: <20260225-add-sbom-cve-check-v2-5-eeffa285b901@bootlin.com> References: <20260225-add-sbom-cve-check-v2-0-eeffa285b901@bootlin.com> In-Reply-To: <20260225-add-sbom-cve-check-v2-0-eeffa285b901@bootlin.com> To: openembedded-core@lists.openembedded.org Cc: ross.burton@arm.com, peter.marko@siemens.com, jpewhacker@gmail.com, olivier.benjamin@bootlin.com, antonin.godard@bootlin.com, mathieu.dubois-briand@bootlin.com, thomas.petazzoni@bootlin.com, Benjamin Robin X-Mailer: b4 0.14.3 X-Last-TLS-Session-Version: TLSv1.3 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Feb 2026 12:36:53 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231961 Provide sbom-cve-check (native) executable. Signed-off-by: Benjamin Robin --- meta/conf/distro/include/maintainers.inc | 1 + .../python/python3-sbom-cve-check_1.1.0.bb | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc index 3bc1d00bc1c7..c43107ccdccd 100644 --- a/meta/conf/distro/include/maintainers.inc +++ b/meta/conf/distro/include/maintainers.inc @@ -714,6 +714,7 @@ RECIPE_MAINTAINER:pn-python3-rfc3987 = "Bruce Ashfield X-Patchwork-Id: 81930 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 693D7FD3755 for ; Wed, 25 Feb 2026 12:37:03 +0000 (UTC) Received: from smtpout-03.galae.net (smtpout-03.galae.net [185.246.85.4]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.44226.1772023013544869206 for ; Wed, 25 Feb 2026 04:36:53 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@bootlin.com header.s=dkim header.b=RVuO6iMb; spf=pass (domain: bootlin.com, ip: 185.246.85.4, mailfrom: benjamin.robin@bootlin.com) Received: from smtpout-01.galae.net (smtpout-01.galae.net [212.83.139.233]) by smtpout-03.galae.net (Postfix) with ESMTPS id CDE904E4111D; Wed, 25 Feb 2026 12:36:51 +0000 (UTC) Received: from mail.galae.net (mail.galae.net [212.83.136.155]) by smtpout-01.galae.net (Postfix) with ESMTPS id 9A05C5FDE6; Wed, 25 Feb 2026 12:36:51 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id F095C10368F91; Wed, 25 Feb 2026 13:36:49 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=dkim; t=1772023010; h=from:subject:date:message-id:to:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references; bh=E4TIDxTF8IauJZiTMNW4O/dPoefhxFJ30eZDsQM79C4=; b=RVuO6iMbI4qz8Vxbs7vFiaBYD/PzZa+C67nh/FsE6FuqSMBw1iveVsj+7jf+AUy7ueDTCL q/3JX7XiFesdRDV4Lvuuh2ORYqkm2cKm1zhJsSmjo8dllfxnXaFKAeflKuWy2Joxk08WvH eD6DZZ9rHEpGIcmYRGLDoPkShNnxFujZonf0+GG2WqaJRTPXVPmmPfqmfZ+nsMM+QfpkhG tYuN5y3XUHom3grVP9Hx6ILaPrWe19Gxg/nCmuQZUt79nU8AhO5Xxyv3v3apfcXXDHqwQ8 zifK1k/A2VwjbK6yGlcztAHcJFkZTMjxB2xg68NhlH6Vn46GKj+sIg3f1MZuHw== From: Benjamin Robin Date: Wed, 25 Feb 2026 13:36:34 +0100 Subject: [PATCH v2 6/6] sbom-cve-check.bbclass: Add class for post-build CVE analysis MIME-Version: 1.0 Message-Id: <20260225-add-sbom-cve-check-v2-6-eeffa285b901@bootlin.com> References: <20260225-add-sbom-cve-check-v2-0-eeffa285b901@bootlin.com> In-Reply-To: <20260225-add-sbom-cve-check-v2-0-eeffa285b901@bootlin.com> To: openembedded-core@lists.openembedded.org Cc: ross.burton@arm.com, peter.marko@siemens.com, jpewhacker@gmail.com, olivier.benjamin@bootlin.com, antonin.godard@bootlin.com, mathieu.dubois-briand@bootlin.com, thomas.petazzoni@bootlin.com, Benjamin Robin X-Mailer: b4 0.14.3 X-Last-TLS-Session-Version: TLSv1.3 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 25 Feb 2026 12:37:03 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/231962 By default, the CVE databases are downloaded using the following recipes: - sbom-cve-check-update-cvelist-native.bb - sbom-cve-check-update-nvd-native.bb The database download logic is implemented in sbom-cve-check-update-db.bbclass. The CVE databases are stored in the download directory (`DL_DIR`). Access to the database is managed using an exclusive file lock (`flock`) on the directory. During CVE analysis, sbom-cve-check acquires a shared lock, allowing multiple analyses to run in parallel. However, if the database is being updated, any ongoing CVE analysis is temporarily paused. This design ensures that, under normal circumstances, sbom-cve-check can run without requiring network access. If a user needs network access during execution (e.g., to download annotation databases), they can set `SBOM_CVE_CHECK_ALLOW_NETWORK` to "1". Signed-off-by: Benjamin Robin --- .../sbom-cve-check-update-db.bbclass | 87 ++++++++++++++++++++ meta/classes-recipe/sbom-cve-check.bbclass | 96 ++++++++++++++++++++++ .../meta/sbom-cve-check-update-cvelist-native.bb | 7 ++ .../meta/sbom-cve-check-update-nvd-native.bb | 7 ++ 4 files changed, 197 insertions(+) diff --git a/meta/classes-recipe/sbom-cve-check-update-db.bbclass b/meta/classes-recipe/sbom-cve-check-update-db.bbclass new file mode 100644 index 000000000000..4f62c831eb72 --- /dev/null +++ b/meta/classes-recipe/sbom-cve-check-update-db.bbclass @@ -0,0 +1,87 @@ +# SPDX-License-Identifier: MIT + +INHIBIT_DEFAULT_DEPS = "1" +EXCLUDE_FROM_WORLD = "1" + +inherit native + +deltask do_patch +deltask do_configure +deltask do_compile +deltask do_install +deltask do_populate_sysroot + +SBOM_CVE_CHECK_FETCH_PATH[doc] = "Path to the Git repository to be downloaded. \ + Should be prefixed by {DL_DIR}/sbom_cve_check/databases/" + +SBOM_CVE_CHECK_FETCH_URL[doc] = "Git clone URL of the CVE database" + +SBOM_CVE_CHECK_FETCH_INTERVAL ?= "57600" +SBOM_CVE_CHECK_FETCH_INTERVAL[doc] = "\ + CVE database update interval, in seconds. By default every 16 hours. \ + Use 0 to force the update. Use a negative value to skip the update. \ +" + +python do_fetch() { + from datetime import datetime, timezone, timedelta + import fcntl + import os + import pathlib + import subprocess + + bb.utils.export_proxies(d) + + fetch_interval = int(d.get("SBOM_CVE_CHECK_FETCH_INTERVAL")) + git_url = d.getVar("SBOM_CVE_CHECK_FETCH_URL") + git_dir = pathlib.Path(d.getVar("SBOM_CVE_CHECK_FETCH_PATH")) + git_dir.mkdir(parents=True, exist_ok=True) + + def _exec_git_cmd(args): + cmd = ["git"] + cmd.extend(args) + return subprocess.run( + cmd, + input="", + capture_output=True, + check=True, + cwd=git_dir, + encoding="utf-8", + ) + + # Lock the git directory: take an exclusive lock + lock_fd = os.open(git_dir, os.O_RDONLY | os.O_NOCTTY) + try: + fcntl.flock(lock_fd, fcntl.LOCK_EX) + + # Clone the git repository if it does not exist + if not git_dir.joinpath(".git", "HEAD").is_file(): + _exec_git_cmd(["clone", "--depth", "1", "--single-branch", git_url, "."]) + return + + # Check if an updated is necessary + if fetch_interval < 0: + return + + if fetch_interval > 0: + # Get date of last commit + r = _exec_git_cmd(["show", "-s", "--format=%ct", "HEAD"]) + commit_date = datetime.fromtimestamp(int(r.stdout.strip()), tz=timezone.utc) + delta_last_commit = datetime.now(timezone.utc) - commit_date + if delta_last_commit < timedelta(seconds=fetch_interval): + return + + _exec_git_cmd(["pull"]) + except subprocess.SubprocessError as e: + bb.error(f"{e.cmd} failed:\n{e.stdout}\n---\n{e.stderr}\n") + finally: + # Release the exclusive lock + os.close(lock_fd) +} + +do_fetch[file-checksums] = "" +do_fetch[vardeps] = " \ + SBOM_CVE_CHECK_FETCH_PATH \ + SBOM_CVE_CHECK_FETCH_URL \ + SBOM_CVE_CHECK_FETCH_INTERVAL \ +" +do_fetch[nostamp] = "1" diff --git a/meta/classes-recipe/sbom-cve-check.bbclass b/meta/classes-recipe/sbom-cve-check.bbclass new file mode 100644 index 000000000000..86e06bdf7c23 --- /dev/null +++ b/meta/classes-recipe/sbom-cve-check.bbclass @@ -0,0 +1,96 @@ +# SPDX-License-Identifier: MIT + +SBOM_CVE_CHECK_WORKDIR ??= "${WORKDIR}/sbom_cve_check" +SBOM_CVE_CHECK_DEPLOYDIR = "${SBOM_CVE_CHECK_WORKDIR}/image-deploy" + +SBOM_CVE_CHECK_EXTRA_ARGS[doc] = "Allow to specify extra arguments to sbom-cve-check. For example to add filtering" +SBOM_CVE_CHECK_EXTRA_ARGS ?= "" + +SBOM_CVE_CHECK_EXPORT_VARS[doc] = "List of variables that declare export files to generate. Each variable must have a 'type' and an 'ext' flag set" +SBOM_CVE_CHECK_EXPORT_VARS ?= "SBOM_CVE_CHECK_EXPORT_FILE" + +SBOM_CVE_CHECK_EXPORT_FILE[doc] = "Default configuration of generated export file" +SBOM_CVE_CHECK_EXPORT_FILE[type] ?= "spdx3" +SBOM_CVE_CHECK_EXPORT_FILE[ext] ?= ".cve-check.spdx.json" + +SBOM_CVE_CHECK_ALLOW_NETWORK[doc] = "Set to 1 to enable network usage." +SBOM_CVE_CHECK_ALLOW_NETWORK ?= "0" + +python do_sbom_cve_check() { + """ + Task: Run sbom-cve-check analysis on SBOM. + """ + import os + import bb + from oe.cve_check import update_symlinks + + if not bb.data.inherits_class("vex", d): + bb.fatal("Cannot execute sbom-cve-check missing vex inherit.") + if not bb.data.inherits_class("create-spdx-3.0", d): + bb.fatal("Cannot execute sbom-cve-check missing create-spdx-3.0 inherit.") + + sbom_path = d.expand("${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.spdx.json") + vex_manifest_path = d.expand("${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.json") + dl_db_dir = d.expand("${DL_DIR}/sbom_cve_check/databases") + deploy_dir = d.getVar("SBOM_CVE_CHECK_DEPLOYDIR") + img_link_name = d.getVar("IMAGE_LINK_NAME") + img_name = d.getVar("IMAGE_NAME") + + export_files = [] + for export_var in d.getVar("SBOM_CVE_CHECK_EXPORT_VARS").split(): + export_ext = d.getVarFlag(export_var, "ext") + export_path = f"{deploy_dir}/{img_name}{export_ext}" + export_link = f"{deploy_dir}/{img_link_name}{export_ext}" + export_type = d.getVarFlag(export_var, "type") + export_files.append((export_type, export_path, export_link)) + + cmd_env = os.environ.copy() + cmd_env["SBOM_CVE_CHECK_DATABASES_DIR"] = dl_db_dir + + cmd_args = [ + d.expand("${STAGING_BINDIR_NATIVE}/sbom-cve-check"), + "--sbom-path", + sbom_path, + "--yocto-vex-manifest", + vex_manifest_path, + ] + + for export_file in export_files: + cmd_args.extend( + ["--export-type", export_file[0], "--export-path", export_file[1]] + ) + + cmd_args.extend(d.getVar("SBOM_CVE_CHECK_EXTRA_ARGS").split()) + + try: + bb.note("Running: {}".format(" ".join(cmd_args))) + bb.process.run(cmd_args, env=cmd_env) + except bb.process.ExecutionError as e: + bb.fatal( + f"sbom-cve-check failed with exit code {e.exitcode}\n{e.stdout}\n{e.stderr}" + ) + return + + for export_file in export_files: + bb.note(f"sbom-cve-check exported: {export_file[1]}") + update_symlinks(export_file[1], export_file[2]) +} + +addtask do_sbom_cve_check after do_create_image_sbom_spdx before do_build + +SSTATETASKS += "do_sbom_cve_check" +SSTATE_SKIP_CREATION:task-sbom-cve-check = "1" +do_sbom_cve_check[cleandirs] = "${SBOM_CVE_CHECK_DEPLOYDIR}" +do_sbom_cve_check[sstate-inputdirs] = "${SBOM_CVE_CHECK_DEPLOYDIR}" +do_sbom_cve_check[sstate-outputdirs] = "${DEPLOY_DIR_IMAGE}" +do_sbom_cve_check[recrdeptask] += "do_create_image_sbom_spdx" +do_sbom_cve_check[depends] += " \ + python3-sbom-cve-check-native:do_populate_sysroot \ + ${@oe.utils.conditional('SBOM_CVE_CHECK_ALLOW_NETWORK','0',' \ + sbom-cve-check-update-cvelist-native:do_fetch \ + sbom-cve-check-update-nvd-native:do_fetch \ + ','',d)} \ +" + +do_sbom_cve_check[network] = "${SBOM_CVE_CHECK_ALLOW_NETWORK}" +do_sbom_cve_check[nostamp] = "1" diff --git a/meta/recipes-core/meta/sbom-cve-check-update-cvelist-native.bb b/meta/recipes-core/meta/sbom-cve-check-update-cvelist-native.bb new file mode 100644 index 000000000000..cd5ed680b4dd --- /dev/null +++ b/meta/recipes-core/meta/sbom-cve-check-update-cvelist-native.bb @@ -0,0 +1,7 @@ +SUMMARY = "Updates the CVE List database" +LICENSE = "MIT" + +SBOM_CVE_CHECK_FETCH_PATH = "${DL_DIR}/sbom_cve_check/databases/cvelist" +SBOM_CVE_CHECK_FETCH_URL = "https://github.com/CVEProject/cvelistV5.git" + +inherit sbom-cve-check-update-db diff --git a/meta/recipes-core/meta/sbom-cve-check-update-nvd-native.bb b/meta/recipes-core/meta/sbom-cve-check-update-nvd-native.bb new file mode 100644 index 000000000000..7add8e6bfba5 --- /dev/null +++ b/meta/recipes-core/meta/sbom-cve-check-update-nvd-native.bb @@ -0,0 +1,7 @@ +SUMMARY = "Updates the NVD CVE database" +LICENSE = "MIT" + +SBOM_CVE_CHECK_FETCH_PATH = "${DL_DIR}/sbom_cve_check/databases/nvd-fkie" +SBOM_CVE_CHECK_FETCH_URL = "https://github.com/fkie-cad/nvd-json-data-feeds.git" + +inherit sbom-cve-check-update-db