From patchwork Thu Feb 26 17:01:15 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Benjamin Robin X-Patchwork-Id: 82019 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1C673FD8FDE for ; Thu, 26 Feb 2026 17:01:42 +0000 (UTC) Received: from smtpout-02.galae.net (smtpout-02.galae.net [185.246.84.56]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.74937.1772125295993055612 for ; Thu, 26 Feb 2026 09:01:36 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@bootlin.com header.s=dkim header.b=XmkVQDrp; spf=pass (domain: bootlin.com, ip: 185.246.84.56, mailfrom: benjamin.robin@bootlin.com) Received: from smtpout-01.galae.net (smtpout-01.galae.net [212.83.139.233]) by smtpout-02.galae.net (Postfix) with ESMTPS id 8F20B1A1609; Thu, 26 Feb 2026 17:01:33 +0000 (UTC) Received: from mail.galae.net (mail.galae.net [212.83.136.155]) by smtpout-01.galae.net (Postfix) with ESMTPS id 63EA85FDE9; Thu, 26 Feb 2026 17:01:33 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id 1294E103693EF; Thu, 26 Feb 2026 18:01:31 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=dkim; t=1772125292; h=from:subject:date:message-id:to:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references; bh=QWblHacSvcNcPiXfQDFplu3wGlLp8tAS7wYpmvBAz1Q=; b=XmkVQDrp/GBTOvkfdKDCOUinn+RRs4CO3XbLHVRAhRV8cp4PD8SYvWndv3GWen9iiaEKeL rzA1DyZqt9q+1BDM8VplQLFFIuQABNfF78kZG70iRuzMIFdHHna+GguMXkiQxNXXDb0WRe V/k9rc6XOccaONMHx1ljKDKsDFfG+edvK+NhF5oQBWezEO/m+HMublhxAJJXipKkvdCt2u 96agj9Bu/hJ/fU5Vu4Djr5h4KYgW2aY8by5H1K6ckKmpS51/JXtGh2kiRdc7VKAPObkr6p iiT2obFUbd0oO0gxJ2iG8XD/j8W3sBjYQSme8nqUxg0MReXLPcO+mi2/qO8H2g== From: Benjamin Robin Date: Thu, 26 Feb 2026 18:01:15 +0100 Subject: [PATCH v3 1/6] maintainers.inc: Sort list in alphabetical order MIME-Version: 1.0 Message-Id: <20260226-add-sbom-cve-check-v3-1-2e60423f4d35@bootlin.com> References: <20260226-add-sbom-cve-check-v3-0-2e60423f4d35@bootlin.com> In-Reply-To: <20260226-add-sbom-cve-check-v3-0-2e60423f4d35@bootlin.com> To: openembedded-core@lists.openembedded.org Cc: ross.burton@arm.com, peter.marko@siemens.com, jpewhacker@gmail.com, olivier.benjamin@bootlin.com, antonin.godard@bootlin.com, mathieu.dubois-briand@bootlin.com, thomas.petazzoni@bootlin.com, Benjamin Robin X-Mailer: b4 0.14.3 X-Last-TLS-Session-Version: TLSv1.3 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 26 Feb 2026 17:01:42 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/232040 No modification was realized except sorting the content of the file. This way this is easier to add an entry; we just have to add a line into maintainers.inc file, and sort it again. Signed-off-by: Benjamin Robin --- meta/conf/distro/include/maintainers.inc | 68 ++++++++++++++++---------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc index b5ab35d92a06..1a3490d6d625 100644 --- a/meta/conf/distro/include/maintainers.inc +++ b/meta/conf/distro/include/maintainers.inc @@ -67,8 +67,8 @@ RECIPE_MAINTAINER:pn-bindgen-cli = "Khem Raj " RECIPE_MAINTAINER:pn-binutils = "Khem Raj " RECIPE_MAINTAINER:pn-binutils-cross-${TARGET_ARCH} = "Khem Raj " RECIPE_MAINTAINER:pn-binutils-cross-canadian-${TRANSLATED_TARGET_ARCH} = "Khem Raj " -RECIPE_MAINTAINER:pn-binutils-testsuite = "Khem Raj " RECIPE_MAINTAINER:pn-binutils-crosssdk-${SDK_SYS} = "Khem Raj " +RECIPE_MAINTAINER:pn-binutils-testsuite = "Khem Raj " RECIPE_MAINTAINER:pn-bison = "Chen Qi " RECIPE_MAINTAINER:pn-blktrace = "Unassigned " RECIPE_MAINTAINER:pn-blueprint-compiler = "Liu Yiding " @@ -82,18 +82,18 @@ RECIPE_MAINTAINER:pn-btrfs-tools = "Wang Mingyu " RECIPE_MAINTAINER:pn-build-appliance-image = "Richard Purdie " RECIPE_MAINTAINER:pn-build-sysroots = "Richard Purdie " RECIPE_MAINTAINER:pn-builder = "Richard Purdie " -RECIPE_MAINTAINER:pn-buildtools-extended-tarball = "Richard Purdie " -RECIPE_MAINTAINER:pn-buildtools-tarball = "Richard Purdie " RECIPE_MAINTAINER:pn-buildtools-docs-tarball = "Richard Purdie " +RECIPE_MAINTAINER:pn-buildtools-extended-tarball = "Richard Purdie " RECIPE_MAINTAINER:pn-buildtools-make-tarball = "Richard Purdie " +RECIPE_MAINTAINER:pn-buildtools-tarball = "Richard Purdie " RECIPE_MAINTAINER:pn-busybox = "Andrej Valek " RECIPE_MAINTAINER:pn-busybox-inittab = "Denys Dmytriyenko " RECIPE_MAINTAINER:pn-bzip2 = "Denys Dmytriyenko " RECIPE_MAINTAINER:pn-ca-certificates = "Unassigned " RECIPE_MAINTAINER:pn-cairo = "Unassigned " +RECIPE_MAINTAINER:pn-cantarell-fonts = "Unassigned " RECIPE_MAINTAINER:pn-cargo = "Randy MacLeod " RECIPE_MAINTAINER:pn-cargo-c = "Deepesh Varatharajan " -RECIPE_MAINTAINER:pn-cantarell-fonts = "Unassigned " RECIPE_MAINTAINER:pn-ccache = "Robert Yang " RECIPE_MAINTAINER:pn-cdrtools-native = "Yi Zhao " RECIPE_MAINTAINER:pn-chrpath = "Yi Zhao " @@ -110,24 +110,24 @@ RECIPE_MAINTAINER:pn-connman-conf = "Ross Burton " RECIPE_MAINTAINER:pn-connman-gnome = "Ross Burton " RECIPE_MAINTAINER:pn-consolekit = "Chen Qi " RECIPE_MAINTAINER:pn-core-image-base = "Richard Purdie " +RECIPE_MAINTAINER:pn-core-image-full-cmdline = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-initramfs-boot = "Ross Burton " +RECIPE_MAINTAINER:pn-core-image-kernel-dev = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-minimal = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-minimal-dev = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-minimal-initramfs = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-minimal-mtdutils = "Richard Purdie " -RECIPE_MAINTAINER:pn-core-image-tiny-initramfs = "Richard Purdie " -RECIPE_MAINTAINER:pn-core-image-full-cmdline = "Richard Purdie " -RECIPE_MAINTAINER:pn-core-image-kernel-dev = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-ptest-all = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-ptest-fast = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-sato = "Richard Purdie " +RECIPE_MAINTAINER:pn-core-image-sato-dev = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-sato-sdk = "Richard Purdie " -RECIPE_MAINTAINER:pn-core-image-testcontroller-initramfs = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-testcontroller = "Richard Purdie " +RECIPE_MAINTAINER:pn-core-image-testcontroller-initramfs = "Richard Purdie " +RECIPE_MAINTAINER:pn-core-image-tiny-initramfs = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-weston = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-weston-sdk = "Richard Purdie " RECIPE_MAINTAINER:pn-core-image-x11 = "Richard Purdie " -RECIPE_MAINTAINER:pn-core-image-sato-dev = "Richard Purdie " RECIPE_MAINTAINER:pn-coreutils = "Chen Qi " RECIPE_MAINTAINER:pn-cpio = "Denys Dmytriyenko " RECIPE_MAINTAINER:pn-cracklib = "Unassigned " @@ -167,8 +167,8 @@ RECIPE_MAINTAINER:pn-dtc = "Wang Mingyu " RECIPE_MAINTAINER:pn-dwarfsrcfiles = "Unassigned " RECIPE_MAINTAINER:pn-e2fsprogs = "Robert Yang " RECIPE_MAINTAINER:pn-ed = "Unassigned " -RECIPE_MAINTAINER:pn-efivar = "Ross Burton " RECIPE_MAINTAINER:pn-efibootmgr = "Ross Burton " +RECIPE_MAINTAINER:pn-efivar = "Ross Burton " RECIPE_MAINTAINER:pn-elfutils = "Unassigned " RECIPE_MAINTAINER:pn-ell = "Unassigned " RECIPE_MAINTAINER:pn-enchant2 = "Unassigned " @@ -179,8 +179,8 @@ RECIPE_MAINTAINER:pn-ethtool = "Unassigned " RECIPE_MAINTAINER:pn-eudev = "Unassigned " RECIPE_MAINTAINER:pn-expat = "Yi Zhao " RECIPE_MAINTAINER:pn-expect = "Unassigned " -RECIPE_MAINTAINER:pn-ffmpeg = "Unassigned " RECIPE_MAINTAINER:pn-fastfloat = "Markus Volk " +RECIPE_MAINTAINER:pn-ffmpeg = "Unassigned " RECIPE_MAINTAINER:pn-file = "Yi Zhao " RECIPE_MAINTAINER:pn-findutils = "Chen Qi " RECIPE_MAINTAINER:pn-flac = "Michael Opdenacker " @@ -201,6 +201,7 @@ RECIPE_MAINTAINER:pn-gcc-crosssdk-${SDK_SYS} = "Khem Raj " RECIPE_MAINTAINER:pn-gcc-runtime = "Khem Raj " RECIPE_MAINTAINER:pn-gcc-sanitizers = "Khem Raj " RECIPE_MAINTAINER:pn-gcc-source-15.2.0 = "Khem Raj " +RECIPE_MAINTAINER:pn-gcompat = "Khem Raj " RECIPE_MAINTAINER:pn-gconf = "Ross Burton " RECIPE_MAINTAINER:pn-gcr = "Unassigned " RECIPE_MAINTAINER:pn-gdb = "Khem Raj " @@ -222,8 +223,8 @@ RECIPE_MAINTAINER:pn-glibc-locale = "Khem Raj " RECIPE_MAINTAINER:pn-glibc-mtrace = "Khem Raj " RECIPE_MAINTAINER:pn-glibc-scripts = "Khem Raj " RECIPE_MAINTAINER:pn-glibc-testsuite = "Khem Raj " -RECIPE_MAINTAINER:pn-gmp = "Khem Raj " RECIPE_MAINTAINER:pn-glslang = "Jose Quaresma " +RECIPE_MAINTAINER:pn-gmp = "Khem Raj " RECIPE_MAINTAINER:pn-gn = "Khem Raj " RECIPE_MAINTAINER:pn-gnome-desktop-testing = "Ross Burton " RECIPE_MAINTAINER:pn-gnu-config = "Robert Yang " @@ -241,7 +242,6 @@ RECIPE_MAINTAINER:pn-gobject-introspection = "Unassigned " RECIPE_MAINTAINER:pn-gstreamer1.0-vaapi = "Unassigned " RECIPE_MAINTAINER:pn-gtk+3 = "Ross Burton " -RECIPE_MAINTAINER:pn-gtk4 = "Markus Volk " RECIPE_MAINTAINER:pn-gtk-doc = "Unassigned " +RECIPE_MAINTAINER:pn-gtk4 = "Markus Volk " RECIPE_MAINTAINER:pn-gzip = "Denys Dmytriyenko " RECIPE_MAINTAINER:pn-harfbuzz = "Unassigned " RECIPE_MAINTAINER:pn-hdparm = "Denys Dmytriyenko " @@ -298,7 +298,6 @@ RECIPE_MAINTAINER:pn-iputils = "Unassigned " RECIPE_MAINTAINER:pn-iso-codes = "Wang Mingyu " RECIPE_MAINTAINER:pn-itstool = "Unassigned " RECIPE_MAINTAINER:pn-iw = "Unassigned " -RECIPE_MAINTAINER:pn-libjpeg-turbo = "Unassigned " RECIPE_MAINTAINER:pn-json-c = "Yi Zhao " RECIPE_MAINTAINER:pn-json-glib = "Yi Zhao " RECIPE_MAINTAINER:pn-kbd = "Unassigned " @@ -354,8 +353,8 @@ RECIPE_MAINTAINER:pn-libgcrypt = "Hongxu Jia " RECIPE_MAINTAINER:pn-libgfortran = "Khem Raj " RECIPE_MAINTAINER:pn-libgit2 = "Unassigned " RECIPE_MAINTAINER:pn-libgloss = "Alejandro Hernandez " -RECIPE_MAINTAINER:pn-libglvnd = "Dmitry Baryshkov " RECIPE_MAINTAINER:pn-libglu = "Ross Burton " +RECIPE_MAINTAINER:pn-libglvnd = "Dmitry Baryshkov " RECIPE_MAINTAINER:pn-libgpg-error = "Hongxu Jia " RECIPE_MAINTAINER:pn-libgudev = "Ross Burton " RECIPE_MAINTAINER:pn-libhandy = "Unassigned " @@ -364,14 +363,15 @@ RECIPE_MAINTAINER:pn-libice = "Unassigned " RECIPE_MAINTAINER:pn-libidn2 = "Ross Burton " RECIPE_MAINTAINER:pn-libinput = "Ross Burton " RECIPE_MAINTAINER:pn-libjitterentropy = "Ross Burton " +RECIPE_MAINTAINER:pn-libjpeg-turbo = "Unassigned " RECIPE_MAINTAINER:pn-libksba = "Unassigned " RECIPE_MAINTAINER:pn-libmatchbox = "Ross Burton " RECIPE_MAINTAINER:pn-libmd = "Unassigned " RECIPE_MAINTAINER:pn-libmicrohttpd = "Unassigned " RECIPE_MAINTAINER:pn-libmnl = "Khem Raj " -RECIPE_MAINTAINER:pn-libmpc = "Khem Raj " RECIPE_MAINTAINER:pn-libmodule-build-perl = "Tim Orling " RECIPE_MAINTAINER:pn-libmodulemd = "Unassigned " +RECIPE_MAINTAINER:pn-libmpc = "Khem Raj " RECIPE_MAINTAINER:pn-libnl = "Unassigned " RECIPE_MAINTAINER:pn-libnotify = "Unassigned " RECIPE_MAINTAINER:pn-libnsl2 = "Khem Raj " @@ -386,12 +386,11 @@ RECIPE_MAINTAINER:pn-libpipeline = "Wang Mingyu " RECIPE_MAINTAINER:pn-libpng = "Unassigned " RECIPE_MAINTAINER:pn-libportal = "Unassigned " RECIPE_MAINTAINER:pn-libproxy = "Unassigned " +RECIPE_MAINTAINER:pn-libpsl = "Unassigned " RECIPE_MAINTAINER:pn-libpthread-stubs = "Unassigned " RECIPE_MAINTAINER:pn-libptytty = "Unassigned " -RECIPE_MAINTAINER:pn-libpsl = "Unassigned " RECIPE_MAINTAINER:pn-librepo = "Wang Mingyu " RECIPE_MAINTAINER:pn-librsvg = "Unassigned " -RECIPE_MAINTAINER:pn-libstd-rs = "Randy MacLeod " RECIPE_MAINTAINER:pn-libsamplerate0 = "Unassigned " RECIPE_MAINTAINER:pn-libsass = "Simone Weiß " RECIPE_MAINTAINER:pn-libsdl2 = "Yi Zhao " @@ -404,6 +403,7 @@ RECIPE_MAINTAINER:pn-libsolv = "Unassigned " RECIPE_MAINTAINER:pn-libsoup = "Unassigned " RECIPE_MAINTAINER:pn-libssh2 = "Unassigned " RECIPE_MAINTAINER:pn-libssp-nonshared = "Khem Raj " +RECIPE_MAINTAINER:pn-libstd-rs = "Randy MacLeod " RECIPE_MAINTAINER:pn-libtasn1 = "Unassigned " RECIPE_MAINTAINER:pn-libtest-fatal-perl = "Tim Orling " RECIPE_MAINTAINER:pn-libtest-needs-perl = "Tim Orling " @@ -416,12 +416,12 @@ RECIPE_MAINTAINER:pn-libtool-cross = "Robert Yang " RECIPE_MAINTAINER:pn-libtool-native = "Robert Yang " RECIPE_MAINTAINER:pn-libtraceevent = "Bruce Ashfield " RECIPE_MAINTAINER:pn-libtry-tiny-perl = "Tim Orling " +RECIPE_MAINTAINER:pn-libubootenv = "Stefano Babic " RECIPE_MAINTAINER:pn-libucontext = "Khem Raj " RECIPE_MAINTAINER:pn-libunistring = "Unassigned " RECIPE_MAINTAINER:pn-libunwind = "Bruce Ashfield " RECIPE_MAINTAINER:pn-liburcu = "Wang Mingyu " RECIPE_MAINTAINER:pn-libusb1 = "Unassigned " -RECIPE_MAINTAINER:pn-libubootenv = "Stefano Babic " RECIPE_MAINTAINER:pn-libuv = "Unassigned " RECIPE_MAINTAINER:pn-libva = "Unassigned " RECIPE_MAINTAINER:pn-libva-initial = "Unassigned " @@ -433,11 +433,11 @@ RECIPE_MAINTAINER:pn-libx11 = "Unassigned " RECIPE_MAINTAINER:pn-libx11-compose-data = "Unassigned " RECIPE_MAINTAINER:pn-libxau = "Unassigned " RECIPE_MAINTAINER:pn-libxcb = "Unassigned " -RECIPE_MAINTAINER:pn-libxcvt = "Unassigned " RECIPE_MAINTAINER:pn-libxcomposite = "Unassigned " -RECIPE_MAINTAINER:pn-libxcursor = "Unassigned " RECIPE_MAINTAINER:pn-libxcrypt = "Khem Raj " RECIPE_MAINTAINER:pn-libxcrypt-compat = "Khem Raj " +RECIPE_MAINTAINER:pn-libxcursor = "Unassigned " +RECIPE_MAINTAINER:pn-libxcvt = "Unassigned " RECIPE_MAINTAINER:pn-libxdamage = "Unassigned " RECIPE_MAINTAINER:pn-libxdmcp = "Unassigned " RECIPE_MAINTAINER:pn-libxext = "Unassigned " @@ -473,20 +473,20 @@ RECIPE_MAINTAINER:pn-libxxf86vm = "Unassigned " RECIPE_MAINTAINER:pn-libyaml = "Wang Mingyu " RECIPE_MAINTAINER:pn-lighttpd = "Unassigned " RECIPE_MAINTAINER:pn-linux-dummy = "Unassigned " -RECIPE_MAINTAINER:pn-linux-yocto-fitimage = "Adrian Freihofer " RECIPE_MAINTAINER:pn-linux-firmware = "Unassigned " RECIPE_MAINTAINER:pn-linux-libc-headers = "Bruce Ashfield " RECIPE_MAINTAINER:pn-linux-yocto = "Bruce Ashfield " RECIPE_MAINTAINER:pn-linux-yocto-dev = "Bruce Ashfield " +RECIPE_MAINTAINER:pn-linux-yocto-fitimage = "Adrian Freihofer " RECIPE_MAINTAINER:pn-linux-yocto-rt = "Bruce Ashfield " RECIPE_MAINTAINER:pn-linux-yocto-tiny = "Bruce Ashfield " RECIPE_MAINTAINER:pn-lld = "Khem Raj " RECIPE_MAINTAINER:pn-lldb = "Khem Raj " +RECIPE_MAINTAINER:pn-llvm = "Khem Raj " RECIPE_MAINTAINER:pn-llvm-project-source-21.1.8 = "Khem Raj " RECIPE_MAINTAINER:pn-llvm-tblgen-native = "Khem Raj " -RECIPE_MAINTAINER:pn-llvm = "Khem Raj " -RECIPE_MAINTAINER:pn-logrotate = "Yi Zhao " RECIPE_MAINTAINER:pn-log4cplus = "Unassigned " +RECIPE_MAINTAINER:pn-logrotate = "Yi Zhao " RECIPE_MAINTAINER:pn-lrzsz = "Unassigned " RECIPE_MAINTAINER:pn-lsb-release = "Hongxu Jia " RECIPE_MAINTAINER:pn-lsof = "Ross Burton " @@ -496,17 +496,17 @@ RECIPE_MAINTAINER:pn-lttng-tools = "Richard Purdie " RECIPE_MAINTAINER:pn-nativesdk-qemu-helper = "Richard Purdie " RECIPE_MAINTAINER:pn-nativesdk-sdk-provides-dummy = "Richard Purdie " -RECIPE_MAINTAINER:pn-newlib = "Alejandro Hernandez " RECIPE_MAINTAINER:pn-ncurses = "Hongxu Jia " RECIPE_MAINTAINER:pn-neard = "Unassigned " RECIPE_MAINTAINER:pn-net-tools = "Unassigned " RECIPE_MAINTAINER:pn-netbase = "Unassigned " RECIPE_MAINTAINER:pn-nettle = "Unassigned " +RECIPE_MAINTAINER:pn-newlib = "Alejandro Hernandez " RECIPE_MAINTAINER:pn-nfs-export-root = "Robert Yang " RECIPE_MAINTAINER:pn-nfs-utils = "Robert Yang " RECIPE_MAINTAINER:pn-nghttp2 = "Unassigned " @@ -741,10 +741,10 @@ RECIPE_MAINTAINER:pn-python3-testtools = "Trevor Gamblin RECIPE_MAINTAINER:pn-python3-trove-classifiers = "Trevor Gamblin " RECIPE_MAINTAINER:pn-python3-typing-extensions = "Tim Orling " RECIPE_MAINTAINER:pn-python3-typogrify = "Trevor Gamblin " -RECIPE_MAINTAINER:pn-python3-uv-build = "Unassigned " RECIPE_MAINTAINER:pn-python3-unittest-automake-output = "Ross Burton " RECIPE_MAINTAINER:pn-python3-uritools = "Marta Rybczynska " RECIPE_MAINTAINER:pn-python3-urllib3 = "Tim Orling " +RECIPE_MAINTAINER:pn-python3-uv-build = "Unassigned " RECIPE_MAINTAINER:pn-python3-vcversioner = "Bruce Ashfield " RECIPE_MAINTAINER:pn-python3-wcwidth = "Tim Orling " RECIPE_MAINTAINER:pn-python3-webcolors = "Bruce Ashfield " @@ -766,8 +766,8 @@ RECIPE_MAINTAINER:pn-readline = "Hongxu Jia " RECIPE_MAINTAINER:pn-repo = "Unassigned " RECIPE_MAINTAINER:pn-resolvconf = "Chen Qi " RECIPE_MAINTAINER:pn-rgb = "Unassigned " -RECIPE_MAINTAINER:pn-rpcbind = "Hongxu Jia " RECIPE_MAINTAINER:pn-rng-tools = "Unassigned " +RECIPE_MAINTAINER:pn-rpcbind = "Hongxu Jia " RECIPE_MAINTAINER:pn-rpcsvc-proto = "Khem Raj " RECIPE_MAINTAINER:pn-rpm = "Robert Yang " RECIPE_MAINTAINER:pn-rpm-sequoia = "Zoltán Böszörményi " @@ -780,8 +780,8 @@ RECIPE_MAINTAINER:pn-rust = "Randy MacLeod " RECIPE_MAINTAINER:pn-rust-cross-canadian-${TRANSLATED_TARGET_ARCH} = "Randy MacLeod " RECIPE_MAINTAINER:pn-rxvt-unicode = "Unassigned " RECIPE_MAINTAINER:pn-sassc = "Simone Weiß " -RECIPE_MAINTAINER:pn-sato-screenshot = "Ross Burton " RECIPE_MAINTAINER:pn-sato-icon-theme = "Richard Purdie " +RECIPE_MAINTAINER:pn-sato-screenshot = "Ross Burton " RECIPE_MAINTAINER:pn-sbc = "Unassigned " RECIPE_MAINTAINER:pn-scdoc = "Alex Kiernan " RECIPE_MAINTAINER:pn-screen = "Unassigned " @@ -790,10 +790,10 @@ RECIPE_MAINTAINER:pn-sed = "Chen Qi " RECIPE_MAINTAINER:pn-serf = "Unassigned " RECIPE_MAINTAINER:pn-setserial = "Yi Zhao " RECIPE_MAINTAINER:pn-settings-daemon = "Unassigned " +RECIPE_MAINTAINER:pn-shaderc = "Jose Quaresma " RECIPE_MAINTAINER:pn-shadow = "Chen Qi " RECIPE_MAINTAINER:pn-shadow-securetty = "Chen Qi " RECIPE_MAINTAINER:pn-shadow-sysroot = "Chen Qi " -RECIPE_MAINTAINER:pn-shaderc = "Jose Quaresma " RECIPE_MAINTAINER:pn-shared-mime-info = "Unassigned " RECIPE_MAINTAINER:pn-shutdown-desktop = "Unassigned " RECIPE_MAINTAINER:pn-signing-keys = "Richard Purdie " @@ -819,9 +819,9 @@ RECIPE_MAINTAINER:pn-syslinux = "Unassigned " RECIPE_MAINTAINER:pn-sysstat = "Chen Qi " RECIPE_MAINTAINER:pn-systemd = "Chen Qi " RECIPE_MAINTAINER:pn-systemd-boot = "Chen Qi " +RECIPE_MAINTAINER:pn-systemd-boot-native = "Viswanath Kraleti " RECIPE_MAINTAINER:pn-systemd-bootchart = "Chen Qi " RECIPE_MAINTAINER:pn-systemd-bootconf = "Chen Qi " -RECIPE_MAINTAINER:pn-systemd-boot-native = "Viswanath Kraleti " RECIPE_MAINTAINER:pn-systemd-conf = "Chen Qi " RECIPE_MAINTAINER:pn-systemd-machine-units = "Chen Qi " RECIPE_MAINTAINER:pn-systemd-serialgetty = "Chen Qi " @@ -854,10 +854,10 @@ RECIPE_MAINTAINER:pn-uninative-tarball = "Richard Purdie X-Patchwork-Id: 82018 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1C632FD8FD6 for ; Thu, 26 Feb 2026 17:01:42 +0000 (UTC) Received: from smtpout-02.galae.net (smtpout-02.galae.net [185.246.84.56]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.74828.1772125299900504083 for ; Thu, 26 Feb 2026 09:01:40 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@bootlin.com header.s=dkim header.b=STMHU9D+; spf=pass (domain: bootlin.com, ip: 185.246.84.56, mailfrom: benjamin.robin@bootlin.com) Received: from smtpout-01.galae.net (smtpout-01.galae.net [212.83.139.233]) by smtpout-02.galae.net (Postfix) with ESMTPS id 65C251A1577; Thu, 26 Feb 2026 17:01:38 +0000 (UTC) Received: from mail.galae.net (mail.galae.net [212.83.136.155]) by smtpout-01.galae.net (Postfix) with ESMTPS id 3BE715FDE9; Thu, 26 Feb 2026 17:01:38 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id 2D57E103693FA; Thu, 26 Feb 2026 18:01:33 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=dkim; t=1772125293; h=from:subject:date:message-id:to:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references; bh=ncwBr4bI6LeRExmjjz20l63Solgzb7hpLmCNQQdMidM=; b=STMHU9D+MJlTfYKk+tQU4jYtGr4FNZ9FhdQXxGbXOTkIjhwZSryOs04k5YFR4M5soI4SRo grnYSGlm+qYh0qTXNnX4EIr40t4D8TCoLWxcWGl32hrsZvaRo65whzamCVnJDys0KQoJhJ yZtWMRRjxlAnvBtc+/6it9z+o2EsdY9qIvdLia6KKHWwhS5Oo1aH889cmh9a8MjQaiKS8t I0fvnmAdZi0xhBf90k5cwWRSvNsNo3gPyFLdFvORQa6mV9bbz8bmOPvadh0o+3I/c/n8vs VwC6vTbDNegmvXRyq0z3v3lXY8XStgX/6a5MBJGPC6vA9Zg4g1dVtErn0ycIoA== From: Benjamin Robin Date: Thu, 26 Feb 2026 18:01:16 +0100 Subject: [PATCH v3 2/6] python3-shacl2code: add recipe MIME-Version: 1.0 Message-Id: <20260226-add-sbom-cve-check-v3-2-2e60423f4d35@bootlin.com> References: <20260226-add-sbom-cve-check-v3-0-2e60423f4d35@bootlin.com> In-Reply-To: <20260226-add-sbom-cve-check-v3-0-2e60423f4d35@bootlin.com> To: openembedded-core@lists.openembedded.org Cc: ross.burton@arm.com, peter.marko@siemens.com, jpewhacker@gmail.com, olivier.benjamin@bootlin.com, antonin.godard@bootlin.com, mathieu.dubois-briand@bootlin.com, thomas.petazzoni@bootlin.com, Benjamin Robin X-Mailer: b4 0.14.3 X-Last-TLS-Session-Version: TLSv1.3 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 26 Feb 2026 17:01:42 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/232041 - Build dependency of python3-spdx-python-model. - Part of the dependency chain for sbom-cve-check Signed-off-by: Benjamin Robin --- meta/conf/distro/include/maintainers.inc | 1 + .../python/python3-shacl2code_0.0.24.bb | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc index 1a3490d6d625..b3913a04140c 100644 --- a/meta/conf/distro/include/maintainers.inc +++ b/meta/conf/distro/include/maintainers.inc @@ -718,6 +718,7 @@ RECIPE_MAINTAINER:pn-python3-semantic-version = "Tim Orling X-Patchwork-Id: 82020 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D8419FD8FDF for ; Thu, 26 Feb 2026 17:01:51 +0000 (UTC) Received: from smtpout-02.galae.net (smtpout-02.galae.net [185.246.84.56]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.74831.1772125304860180029 for ; Thu, 26 Feb 2026 09:01:45 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@bootlin.com header.s=dkim header.b=EIP3cDex; spf=pass (domain: bootlin.com, ip: 185.246.84.56, mailfrom: benjamin.robin@bootlin.com) Received: from smtpout-01.galae.net (smtpout-01.galae.net [212.83.139.233]) by smtpout-02.galae.net (Postfix) with ESMTPS id 595A81A1577; Thu, 26 Feb 2026 17:01:43 +0000 (UTC) Received: from mail.galae.net (mail.galae.net [212.83.136.155]) by smtpout-01.galae.net (Postfix) with ESMTPS id 2D2C25FDE9; Thu, 26 Feb 2026 17:01:43 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id 2EC8A103693FE; Thu, 26 Feb 2026 18:01:37 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=dkim; t=1772125298; h=from:subject:date:message-id:to:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references; bh=fUlD5Ngb/RcTuKA/xSX1sd8GFTY4xHRHVrAq47clQwA=; b=EIP3cDexo1gXtX5jyKmr74QywPOk5yZeHNnu7phI3mC37qT1Jq/tI98QOpRGWWx4Tx2FxZ aWyh+QVYx2xhtSVqwJttL6/v+Cmc6bW6vXPjvXgqUHQMv0OxKp6t+LcqOvZLk7or3iwXCK EGZ35kwV5Q7NsOaeijnXr+Fnuy0Ee1Q0i5R0UdNvaWgYjb6MDr2cP3IK9K0zALkrNzjDpw sV4YCIozt8ZHVSeqRfR+o3Y3EkE2B21jEpDBQQJRqQITVXETCqaVafx338oAKJG0sXjhzs j9FuLsFobH0C/kpzydlOsAQshMt4I9Rc1XVoBy8I8YiKeDfImhOK+p7rZvL2Pg== From: Benjamin Robin Date: Thu, 26 Feb 2026 18:01:17 +0100 Subject: [PATCH v3 3/6] python3-hatch-build-scripts: add recipe MIME-Version: 1.0 Message-Id: <20260226-add-sbom-cve-check-v3-3-2e60423f4d35@bootlin.com> References: <20260226-add-sbom-cve-check-v3-0-2e60423f4d35@bootlin.com> In-Reply-To: <20260226-add-sbom-cve-check-v3-0-2e60423f4d35@bootlin.com> To: openembedded-core@lists.openembedded.org Cc: ross.burton@arm.com, peter.marko@siemens.com, jpewhacker@gmail.com, olivier.benjamin@bootlin.com, antonin.godard@bootlin.com, mathieu.dubois-briand@bootlin.com, thomas.petazzoni@bootlin.com, Benjamin Robin X-Mailer: b4 0.14.3 X-Last-TLS-Session-Version: TLSv1.3 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 26 Feb 2026 17:01:51 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/232042 - Build dependency of python3-spdx-python-model. - Part of the dependency chain for sbom-cve-check Signed-off-by: Benjamin Robin --- meta/conf/distro/include/maintainers.inc | 1 + .../python/python3-hatch-build-scripts_1.0.0.bb | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc index b3913a04140c..d65960f8e1bc 100644 --- a/meta/conf/distro/include/maintainers.inc +++ b/meta/conf/distro/include/maintainers.inc @@ -649,6 +649,7 @@ RECIPE_MAINTAINER:pn-python3-extras = "Trevor Gamblin " RECIPE_MAINTAINER:pn-python3-flit-core = "Tim Orling " RECIPE_MAINTAINER:pn-python3-git = "Trevor Gamblin " RECIPE_MAINTAINER:pn-python3-gitdb = "Trevor Gamblin " +RECIPE_MAINTAINER:pn-python3-hatch-build-scripts = "Benjamin Robin " RECIPE_MAINTAINER:pn-python3-hatch-fancy-pypi-readme = "Ross Burton " RECIPE_MAINTAINER:pn-python3-hatch-vcs = "Ross Burton " RECIPE_MAINTAINER:pn-python3-hatchling = "Ross Burton " diff --git a/meta/recipes-devtools/python/python3-hatch-build-scripts_1.0.0.bb b/meta/recipes-devtools/python/python3-hatch-build-scripts_1.0.0.bb new file mode 100644 index 000000000000..ba7d8b40ffc5 --- /dev/null +++ b/meta/recipes-devtools/python/python3-hatch-build-scripts_1.0.0.bb @@ -0,0 +1,12 @@ +SUMMARY = "A plugin for Hatch that runs build scripts and saves their artifacts" +HOMEPAGE = "https://pypi.org/project/hatch_build_scripts/" +SECTION = "devel/python" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=9ad584cda56221c7eaf48c23a5874a2a" + +PYPI_PACKAGE = "hatch_build_scripts" +SRC_URI[sha256sum] = "563735e2f265c9e1b92dece6f762309114505ffaf6e5d51d462eb6a3b4f14640" + +inherit pypi python_hatchling + +BBCLASSEXTEND = "native nativesdk" From patchwork Thu Feb 26 17:01:18 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Benjamin Robin X-Patchwork-Id: 82021 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D83E3FD8FDE for ; Thu, 26 Feb 2026 17:01:51 +0000 (UTC) Received: from smtpout-04.galae.net (smtpout-04.galae.net [185.171.202.116]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.74835.1772125310226798780 for ; Thu, 26 Feb 2026 09:01:50 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@bootlin.com header.s=dkim header.b=b2Te7OQ0; spf=pass (domain: bootlin.com, ip: 185.171.202.116, mailfrom: benjamin.robin@bootlin.com) Received: from smtpout-01.galae.net (smtpout-01.galae.net [212.83.139.233]) by smtpout-04.galae.net (Postfix) with ESMTPS id B1808C4069A; Thu, 26 Feb 2026 17:02:03 +0000 (UTC) Received: from mail.galae.net (mail.galae.net [212.83.136.155]) by smtpout-01.galae.net (Postfix) with ESMTPS id 36CA25FDE9; Thu, 26 Feb 2026 17:01:48 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id D1870103693EF; Thu, 26 Feb 2026 18:01:42 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=dkim; t=1772125303; h=from:subject:date:message-id:to:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references; bh=gqiibl6dEDMYmVanIu6m/CWDGNbEgcOWef3WIGqk0RI=; b=b2Te7OQ0PIl7eSKvhA8vsKTqHIuCMROfMU7Ccldj2QLw1b5iQLjxOEYbK40MJ6ZSYqleKQ fasX+9wpzfV6nqTKRcTxIxrAdcAqI9opwlHUwM1nayhem8KiwRXPXt6JVw+o5VGfJChkmb 4x8rOo2oclYNSC602AhKR1T/eMAfWKaRw5bSyT8iHy9dGwjPaJi383mtLJF9w9BFch/4pi WkIpIicTkif0+l2kr/uc6G98dDxdZJ6qfEy5BujW4SQk7lcYDJvxGydaaWbRVX7XVSqhnS q4cfUfRrAUWK7iJnWuflqYDppqURjeb8yXWyKCyZgvjHEbRtWLFQXvLMrYGotA== From: Benjamin Robin Date: Thu, 26 Feb 2026 18:01:18 +0100 Subject: [PATCH v3 4/6] python3-spdx-python-model: add recipe MIME-Version: 1.0 Message-Id: <20260226-add-sbom-cve-check-v3-4-2e60423f4d35@bootlin.com> References: <20260226-add-sbom-cve-check-v3-0-2e60423f4d35@bootlin.com> In-Reply-To: <20260226-add-sbom-cve-check-v3-0-2e60423f4d35@bootlin.com> To: openembedded-core@lists.openembedded.org Cc: ross.burton@arm.com, peter.marko@siemens.com, jpewhacker@gmail.com, olivier.benjamin@bootlin.com, antonin.godard@bootlin.com, mathieu.dubois-briand@bootlin.com, thomas.petazzoni@bootlin.com, Benjamin Robin X-Mailer: b4 0.14.3 X-Last-TLS-Session-Version: TLSv1.3 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 26 Feb 2026 17:01:51 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/232043 - Part of the dependency chain for sbom-cve-check Signed-off-by: Benjamin Robin --- meta/conf/distro/include/maintainers.inc | 1 + ...enerate-bindings-allow-to-use-local-files.patch | 58 ++++++++++++++++++++++ .../python/python3-spdx-python-model_0.0.4.bb | 37 ++++++++++++++ 3 files changed, 96 insertions(+) diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc index d65960f8e1bc..3bc1d00bc1c7 100644 --- a/meta/conf/distro/include/maintainers.inc +++ b/meta/conf/distro/include/maintainers.inc @@ -725,6 +725,7 @@ RECIPE_MAINTAINER:pn-python3-smartypants = "Trevor Gamblin +Date: Tue, 24 Feb 2026 10:59:25 +0100 +Subject: [PATCH] generate-bindings: allow to use local files + +shacl2code needs to download the following URLs during build time: + - https://spdx.org/rdf/3.0.1/spdx-model.ttl + - https://spdx.org/rdf/3.0.1/spdx-json-serialize-annotations.ttl + - https://spdx.org/rdf/3.0.1/spdx-context.jsonld + +There are a lot of package build tools that do not allow to download +a file during the build. So provide a way to use local file: +If the environment variable SHACL2CODE_SPDX_DIR is defined, load +the SPDX model and SPDX context from the directory specified by this +environment variable. + +Upstream-Status: Submitted [https://github.com/spdx/spdx-python-model/pull/19] + +Signed-off-by: Benjamin Robin +--- + gen/generate-bindings | 22 ++++++++++++++++------ + 1 file changed, 16 insertions(+), 6 deletions(-) + +diff --git a/gen/generate-bindings b/gen/generate-bindings +index b963c55a3bc9..bc7041ee3bb9 100755 +--- a/gen/generate-bindings ++++ b/gen/generate-bindings +@@ -14,12 +14,22 @@ echo "# Import all versions" > __init__.py + for v in $SPDX_VERSIONS; do + MODNAME="v$(echo "$v" | sed 's/[^a-zA-Z0-9_]/_/g')" + +- shacl2code generate --input https://spdx.org/rdf/$v/spdx-model.ttl \ +- --input https://spdx.org/rdf/$v/spdx-json-serialize-annotations.ttl \ +- --context https://spdx.org/rdf/$v/spdx-context.jsonld \ +- --license Apache-2.0 \ +- python \ +- -o "$MODNAME.py" ++ if [ -n "${SHACL2CODE_SPDX_DIR}" ] && [ -d "${SHACL2CODE_SPDX_DIR}/$v" ] ++ then ++ shacl2code generate --input "file://${SHACL2CODE_SPDX_DIR}/$v/spdx-model.ttl" \ ++ --input "file://${SHACL2CODE_SPDX_DIR}/$v/spdx-json-serialize-annotations.ttl" \ ++ --context-url "file://${SHACL2CODE_SPDX_DIR}/$v/spdx-context.jsonld" https://spdx.org/rdf/$v/spdx-context.jsonld \ ++ --license Apache-2.0 \ ++ python \ ++ -o "$MODNAME.py" ++ else ++ shacl2code generate --input https://spdx.org/rdf/$v/spdx-model.ttl \ ++ --input https://spdx.org/rdf/$v/spdx-json-serialize-annotations.ttl \ ++ --context https://spdx.org/rdf/$v/spdx-context.jsonld \ ++ --license Apache-2.0 \ ++ python \ ++ -o "$MODNAME.py" ++ fi + + echo "from . import $MODNAME" >> __init__.py + done +-- +2.53.0 diff --git a/meta/recipes-devtools/python/python3-spdx-python-model_0.0.4.bb b/meta/recipes-devtools/python/python3-spdx-python-model_0.0.4.bb new file mode 100644 index 000000000000..00c3b3913c2e --- /dev/null +++ b/meta/recipes-devtools/python/python3-spdx-python-model_0.0.4.bb @@ -0,0 +1,37 @@ +SUMMARY = "Generated Python code for SPDX Spec version 3" +HOMEPAGE = "https://pypi.org/project/spdx-python-model/" +SECTION = "devel/python" +LICENSE = "Apache-2.0" +LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327" + +PYPI_PACKAGE = "spdx_python_model" +SRC_URI[sha256sum] = "bdec725398babcbdd4bcb7c16cf23497d06a48d0ef3ea1edb19a3b0d431ab8c1" + +SRC_URI += " \ + https://spdx.org/rdf/3.0.1/spdx-context.jsonld;name=spdx1 \ + https://spdx.org/rdf/3.0.1/spdx-json-serialize-annotations.ttl;name=spdx2 \ + https://spdx.org/rdf/3.0.1/spdx-model.ttl;name=spdx3 \ + file://0001-generate-bindings-allow-to-use-local-files.patch \ +" + +SRC_URI[spdx1.sha256sum] = "c72b0928f094c83e5c127784edb1ebca2af74a104fcacc007c332b23cbc788bd" +SRC_URI[spdx2.sha256sum] = "c6a54b51230eb2bf3b31302546af201f303e0b7931c1db404d7f5b72b6f863e6" +SRC_URI[spdx3.sha256sum] = "30ebb4af2d70a9809044ef46f44cc3dc5125226d70f818a50ed2e1d5f404c593" + +inherit pypi python_hatchling + +export SHACL2CODE_SPDX_DIR = "${S}/spdx" + +do_configure:append() { + mkdir -p "${SHACL2CODE_SPDX_DIR}/3.0.1/" + cp ${UNPACKDIR}/spdx-context.jsonld "${SHACL2CODE_SPDX_DIR}/3.0.1/" + cp ${UNPACKDIR}/spdx-json-serialize-annotations.ttl "${SHACL2CODE_SPDX_DIR}/3.0.1/" + cp ${UNPACKDIR}/spdx-model.ttl "${SHACL2CODE_SPDX_DIR}/3.0.1/" +} + +DEPENDS += " \ + python3-shacl2code-native \ + python3-hatch-build-scripts-native \ +" + +BBCLASSEXTEND = "native nativesdk" From patchwork Thu Feb 26 17:01:19 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Benjamin Robin X-Patchwork-Id: 82022 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D3025FD8FE0 for ; Thu, 26 Feb 2026 17:02:01 +0000 (UTC) Received: from smtpout-02.galae.net (smtpout-02.galae.net [185.246.84.56]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.74944.1772125315098081363 for ; Thu, 26 Feb 2026 09:01:55 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@bootlin.com header.s=dkim header.b=sY0zMxrC; spf=pass (domain: bootlin.com, ip: 185.246.84.56, mailfrom: benjamin.robin@bootlin.com) Received: from smtpout-01.galae.net (smtpout-01.galae.net [212.83.139.233]) by smtpout-02.galae.net (Postfix) with ESMTPS id 99C941A1577; Thu, 26 Feb 2026 17:01:53 +0000 (UTC) Received: from mail.galae.net (mail.galae.net [212.83.136.155]) by smtpout-01.galae.net (Postfix) with ESMTPS id 707355FDE9; Thu, 26 Feb 2026 17:01:53 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id EE30A103693FF; Thu, 26 Feb 2026 18:01:47 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=dkim; t=1772125308; h=from:subject:date:message-id:to:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references; bh=7xLK6dvGTmM6ZBn4pxHA+Smeu5BXYsHtbpKNAGsZU7o=; b=sY0zMxrC7yJUMCBMAwHDPcskfN2G42iTdCQuShJGG7MQhlB+iepNX9lcv+nAcoT3WKTdaM gWb5p7XXtu151MeEmO4nyMmDyA4JxnCW4LA4hUz33tnPFT0ZCAmsSv40zWBo6cVLpyOWS4 VSKS1wZTe9enO0VrQrL1q/xfuUk0p4vhDb7MiWyWFMVVeiGHBssTAJ+2L53xeCvA0D9yJG 5JDDgWUhYfFZPkuaE26WGeJ9R3nKZvxSZyszRB2XxOA+nEtEuVet7Scjjmju8JPXGjxc1X /pcRokCmoRL//cTTJyp3e871QQyeEKBD2dr+/vtCN7lK9sufBSKqpVQUQKEoOQ== From: Benjamin Robin Date: Thu, 26 Feb 2026 18:01:19 +0100 Subject: [PATCH v3 5/6] sbom-cve-check: add recipe MIME-Version: 1.0 Message-Id: <20260226-add-sbom-cve-check-v3-5-2e60423f4d35@bootlin.com> References: <20260226-add-sbom-cve-check-v3-0-2e60423f4d35@bootlin.com> In-Reply-To: <20260226-add-sbom-cve-check-v3-0-2e60423f4d35@bootlin.com> To: openembedded-core@lists.openembedded.org Cc: ross.burton@arm.com, peter.marko@siemens.com, jpewhacker@gmail.com, olivier.benjamin@bootlin.com, antonin.godard@bootlin.com, mathieu.dubois-briand@bootlin.com, thomas.petazzoni@bootlin.com, Benjamin Robin X-Mailer: b4 0.14.3 X-Last-TLS-Session-Version: TLSv1.3 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 26 Feb 2026 17:02:01 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/232044 Provide sbom-cve-check (native) executable. Signed-off-by: Benjamin Robin --- meta/conf/distro/include/maintainers.inc | 1 + .../python/python3-sbom-cve-check_1.1.0.bb | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc index 3bc1d00bc1c7..c43107ccdccd 100644 --- a/meta/conf/distro/include/maintainers.inc +++ b/meta/conf/distro/include/maintainers.inc @@ -714,6 +714,7 @@ RECIPE_MAINTAINER:pn-python3-rfc3987 = "Bruce Ashfield X-Patchwork-Id: 82023 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D5A77FD8FDA for ; Thu, 26 Feb 2026 17:02:01 +0000 (UTC) Received: from smtpout-02.galae.net (smtpout-02.galae.net [185.246.84.56]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.74948.1772125319174455010 for ; Thu, 26 Feb 2026 09:01:59 -0800 Authentication-Results: mx.groups.io; dkim=fail reason="dkim: body hash did not verify" header.i=@bootlin.com header.s=dkim header.b=uDiQBNIi; spf=pass (domain: bootlin.com, ip: 185.246.84.56, mailfrom: benjamin.robin@bootlin.com) Received: from smtpout-01.galae.net (smtpout-01.galae.net [212.83.139.233]) by smtpout-02.galae.net (Postfix) with ESMTPS id A792B1A1577; Thu, 26 Feb 2026 17:01:57 +0000 (UTC) Received: from mail.galae.net (mail.galae.net [212.83.136.155]) by smtpout-01.galae.net (Postfix) with ESMTPS id 7179C5FDE9; Thu, 26 Feb 2026 17:01:57 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id 2643110369405; Thu, 26 Feb 2026 18:01:52 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=dkim; t=1772125314; h=from:subject:date:message-id:to:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references; bh=S39Ozp0RUOVaHqXoLtnsAe3rB/X3kPqrr7u8eOK7kak=; b=uDiQBNIijuC5OArwlQH0zHmklHqaBZxKDBC1Xz4LcnyHOuD3zpJ9uJoBAtrOymmjPXOwP5 4ur3TRo6ryP9DIPksvT7I3K+1Esyew2yrNgx1e0fMXmfPFWvCmAQulDqZQoKEGKuBlJ2KL oxdIYQGQfLBwsi716dR0QUeIqmBW4AElRYFLCmfbri5lFfFnA1E1/237aJ5TlGeo/Z/Vlq /YuL++Vg4QgcRwnwaPmDgBUTJ/qhGpBRpZWOrK8bkRc98bV7BN55ejj80SdA+z6QTCCean tSghEwhUV2BlLVbOx22xEAUAseZhoPoXZuSlHhmKQfuuu2jQZqlAwXiGGxQD3w== From: Benjamin Robin Date: Thu, 26 Feb 2026 18:01:20 +0100 Subject: [PATCH v3 6/6] sbom-cve-check.bbclass: Add class for post-build CVE analysis MIME-Version: 1.0 Message-Id: <20260226-add-sbom-cve-check-v3-6-2e60423f4d35@bootlin.com> References: <20260226-add-sbom-cve-check-v3-0-2e60423f4d35@bootlin.com> In-Reply-To: <20260226-add-sbom-cve-check-v3-0-2e60423f4d35@bootlin.com> To: openembedded-core@lists.openembedded.org Cc: ross.burton@arm.com, peter.marko@siemens.com, jpewhacker@gmail.com, olivier.benjamin@bootlin.com, antonin.godard@bootlin.com, mathieu.dubois-briand@bootlin.com, thomas.petazzoni@bootlin.com, Benjamin Robin X-Mailer: b4 0.14.3 X-Last-TLS-Session-Version: TLSv1.3 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 26 Feb 2026 17:02:01 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/232045 By default, the CVE databases are downloaded using the following recipes: - sbom-cve-check-update-cvelist-native.bb - sbom-cve-check-update-nvd-native.bb The database download logic is implemented in sbom-cve-check-update-db.bbclass. The CVE databases are stored in the download directory (`DL_DIR`). Access to the database is managed using an exclusive file lock (`flock`) on the directory. During CVE analysis, sbom-cve-check acquires a shared lock, allowing multiple analyses to run in parallel. However, if the database is being updated, any ongoing CVE analysis is temporarily paused. This design ensures that, under normal circumstances, sbom-cve-check can run without requiring network access. If a user needs network access during execution (e.g., to download annotation databases), they can set `SBOM_CVE_CHECK_ALLOW_NETWORK` to "1". Signed-off-by: Benjamin Robin --- .../sbom-cve-check-update-db.bbclass | 87 ++++++++++++++++++++ meta/classes-recipe/sbom-cve-check.bbclass | 96 ++++++++++++++++++++++ meta/conf/distro/include/maintainers.inc | 2 + .../meta/sbom-cve-check-update-cvelist-native.bb | 7 ++ .../meta/sbom-cve-check-update-nvd-native.bb | 7 ++ 5 files changed, 199 insertions(+) diff --git a/meta/classes-recipe/sbom-cve-check-update-db.bbclass b/meta/classes-recipe/sbom-cve-check-update-db.bbclass new file mode 100644 index 000000000000..4f62c831eb72 --- /dev/null +++ b/meta/classes-recipe/sbom-cve-check-update-db.bbclass @@ -0,0 +1,87 @@ +# SPDX-License-Identifier: MIT + +INHIBIT_DEFAULT_DEPS = "1" +EXCLUDE_FROM_WORLD = "1" + +inherit native + +deltask do_patch +deltask do_configure +deltask do_compile +deltask do_install +deltask do_populate_sysroot + +SBOM_CVE_CHECK_FETCH_PATH[doc] = "Path to the Git repository to be downloaded. \ + Should be prefixed by {DL_DIR}/sbom_cve_check/databases/" + +SBOM_CVE_CHECK_FETCH_URL[doc] = "Git clone URL of the CVE database" + +SBOM_CVE_CHECK_FETCH_INTERVAL ?= "57600" +SBOM_CVE_CHECK_FETCH_INTERVAL[doc] = "\ + CVE database update interval, in seconds. By default every 16 hours. \ + Use 0 to force the update. Use a negative value to skip the update. \ +" + +python do_fetch() { + from datetime import datetime, timezone, timedelta + import fcntl + import os + import pathlib + import subprocess + + bb.utils.export_proxies(d) + + fetch_interval = int(d.get("SBOM_CVE_CHECK_FETCH_INTERVAL")) + git_url = d.getVar("SBOM_CVE_CHECK_FETCH_URL") + git_dir = pathlib.Path(d.getVar("SBOM_CVE_CHECK_FETCH_PATH")) + git_dir.mkdir(parents=True, exist_ok=True) + + def _exec_git_cmd(args): + cmd = ["git"] + cmd.extend(args) + return subprocess.run( + cmd, + input="", + capture_output=True, + check=True, + cwd=git_dir, + encoding="utf-8", + ) + + # Lock the git directory: take an exclusive lock + lock_fd = os.open(git_dir, os.O_RDONLY | os.O_NOCTTY) + try: + fcntl.flock(lock_fd, fcntl.LOCK_EX) + + # Clone the git repository if it does not exist + if not git_dir.joinpath(".git", "HEAD").is_file(): + _exec_git_cmd(["clone", "--depth", "1", "--single-branch", git_url, "."]) + return + + # Check if an updated is necessary + if fetch_interval < 0: + return + + if fetch_interval > 0: + # Get date of last commit + r = _exec_git_cmd(["show", "-s", "--format=%ct", "HEAD"]) + commit_date = datetime.fromtimestamp(int(r.stdout.strip()), tz=timezone.utc) + delta_last_commit = datetime.now(timezone.utc) - commit_date + if delta_last_commit < timedelta(seconds=fetch_interval): + return + + _exec_git_cmd(["pull"]) + except subprocess.SubprocessError as e: + bb.error(f"{e.cmd} failed:\n{e.stdout}\n---\n{e.stderr}\n") + finally: + # Release the exclusive lock + os.close(lock_fd) +} + +do_fetch[file-checksums] = "" +do_fetch[vardeps] = " \ + SBOM_CVE_CHECK_FETCH_PATH \ + SBOM_CVE_CHECK_FETCH_URL \ + SBOM_CVE_CHECK_FETCH_INTERVAL \ +" +do_fetch[nostamp] = "1" diff --git a/meta/classes-recipe/sbom-cve-check.bbclass b/meta/classes-recipe/sbom-cve-check.bbclass new file mode 100644 index 000000000000..86e06bdf7c23 --- /dev/null +++ b/meta/classes-recipe/sbom-cve-check.bbclass @@ -0,0 +1,96 @@ +# SPDX-License-Identifier: MIT + +SBOM_CVE_CHECK_WORKDIR ??= "${WORKDIR}/sbom_cve_check" +SBOM_CVE_CHECK_DEPLOYDIR = "${SBOM_CVE_CHECK_WORKDIR}/image-deploy" + +SBOM_CVE_CHECK_EXTRA_ARGS[doc] = "Allow to specify extra arguments to sbom-cve-check. For example to add filtering" +SBOM_CVE_CHECK_EXTRA_ARGS ?= "" + +SBOM_CVE_CHECK_EXPORT_VARS[doc] = "List of variables that declare export files to generate. Each variable must have a 'type' and an 'ext' flag set" +SBOM_CVE_CHECK_EXPORT_VARS ?= "SBOM_CVE_CHECK_EXPORT_FILE" + +SBOM_CVE_CHECK_EXPORT_FILE[doc] = "Default configuration of generated export file" +SBOM_CVE_CHECK_EXPORT_FILE[type] ?= "spdx3" +SBOM_CVE_CHECK_EXPORT_FILE[ext] ?= ".cve-check.spdx.json" + +SBOM_CVE_CHECK_ALLOW_NETWORK[doc] = "Set to 1 to enable network usage." +SBOM_CVE_CHECK_ALLOW_NETWORK ?= "0" + +python do_sbom_cve_check() { + """ + Task: Run sbom-cve-check analysis on SBOM. + """ + import os + import bb + from oe.cve_check import update_symlinks + + if not bb.data.inherits_class("vex", d): + bb.fatal("Cannot execute sbom-cve-check missing vex inherit.") + if not bb.data.inherits_class("create-spdx-3.0", d): + bb.fatal("Cannot execute sbom-cve-check missing create-spdx-3.0 inherit.") + + sbom_path = d.expand("${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.spdx.json") + vex_manifest_path = d.expand("${DEPLOY_DIR_IMAGE}/${IMAGE_LINK_NAME}.json") + dl_db_dir = d.expand("${DL_DIR}/sbom_cve_check/databases") + deploy_dir = d.getVar("SBOM_CVE_CHECK_DEPLOYDIR") + img_link_name = d.getVar("IMAGE_LINK_NAME") + img_name = d.getVar("IMAGE_NAME") + + export_files = [] + for export_var in d.getVar("SBOM_CVE_CHECK_EXPORT_VARS").split(): + export_ext = d.getVarFlag(export_var, "ext") + export_path = f"{deploy_dir}/{img_name}{export_ext}" + export_link = f"{deploy_dir}/{img_link_name}{export_ext}" + export_type = d.getVarFlag(export_var, "type") + export_files.append((export_type, export_path, export_link)) + + cmd_env = os.environ.copy() + cmd_env["SBOM_CVE_CHECK_DATABASES_DIR"] = dl_db_dir + + cmd_args = [ + d.expand("${STAGING_BINDIR_NATIVE}/sbom-cve-check"), + "--sbom-path", + sbom_path, + "--yocto-vex-manifest", + vex_manifest_path, + ] + + for export_file in export_files: + cmd_args.extend( + ["--export-type", export_file[0], "--export-path", export_file[1]] + ) + + cmd_args.extend(d.getVar("SBOM_CVE_CHECK_EXTRA_ARGS").split()) + + try: + bb.note("Running: {}".format(" ".join(cmd_args))) + bb.process.run(cmd_args, env=cmd_env) + except bb.process.ExecutionError as e: + bb.fatal( + f"sbom-cve-check failed with exit code {e.exitcode}\n{e.stdout}\n{e.stderr}" + ) + return + + for export_file in export_files: + bb.note(f"sbom-cve-check exported: {export_file[1]}") + update_symlinks(export_file[1], export_file[2]) +} + +addtask do_sbom_cve_check after do_create_image_sbom_spdx before do_build + +SSTATETASKS += "do_sbom_cve_check" +SSTATE_SKIP_CREATION:task-sbom-cve-check = "1" +do_sbom_cve_check[cleandirs] = "${SBOM_CVE_CHECK_DEPLOYDIR}" +do_sbom_cve_check[sstate-inputdirs] = "${SBOM_CVE_CHECK_DEPLOYDIR}" +do_sbom_cve_check[sstate-outputdirs] = "${DEPLOY_DIR_IMAGE}" +do_sbom_cve_check[recrdeptask] += "do_create_image_sbom_spdx" +do_sbom_cve_check[depends] += " \ + python3-sbom-cve-check-native:do_populate_sysroot \ + ${@oe.utils.conditional('SBOM_CVE_CHECK_ALLOW_NETWORK','0',' \ + sbom-cve-check-update-cvelist-native:do_fetch \ + sbom-cve-check-update-nvd-native:do_fetch \ + ','',d)} \ +" + +do_sbom_cve_check[network] = "${SBOM_CVE_CHECK_ALLOW_NETWORK}" +do_sbom_cve_check[nostamp] = "1" diff --git a/meta/conf/distro/include/maintainers.inc b/meta/conf/distro/include/maintainers.inc index c43107ccdccd..a48db2df7b2f 100644 --- a/meta/conf/distro/include/maintainers.inc +++ b/meta/conf/distro/include/maintainers.inc @@ -787,6 +787,8 @@ RECIPE_MAINTAINER:pn-sassc = "Simone Weiß " RECIPE_MAINTAINER:pn-sato-icon-theme = "Richard Purdie " RECIPE_MAINTAINER:pn-sato-screenshot = "Ross Burton " RECIPE_MAINTAINER:pn-sbc = "Unassigned " +RECIPE_MAINTAINER:pn-sbom-cve-check-update-cvelist-native = "Benjamin Robin " +RECIPE_MAINTAINER:pn-sbom-cve-check-update-nvd-native = "Benjamin Robin " RECIPE_MAINTAINER:pn-scdoc = "Alex Kiernan " RECIPE_MAINTAINER:pn-screen = "Unassigned " RECIPE_MAINTAINER:pn-seatd = "Unassigned " diff --git a/meta/recipes-core/meta/sbom-cve-check-update-cvelist-native.bb b/meta/recipes-core/meta/sbom-cve-check-update-cvelist-native.bb new file mode 100644 index 000000000000..cd5ed680b4dd --- /dev/null +++ b/meta/recipes-core/meta/sbom-cve-check-update-cvelist-native.bb @@ -0,0 +1,7 @@ +SUMMARY = "Updates the CVE List database" +LICENSE = "MIT" + +SBOM_CVE_CHECK_FETCH_PATH = "${DL_DIR}/sbom_cve_check/databases/cvelist" +SBOM_CVE_CHECK_FETCH_URL = "https://github.com/CVEProject/cvelistV5.git" + +inherit sbom-cve-check-update-db diff --git a/meta/recipes-core/meta/sbom-cve-check-update-nvd-native.bb b/meta/recipes-core/meta/sbom-cve-check-update-nvd-native.bb new file mode 100644 index 000000000000..7add8e6bfba5 --- /dev/null +++ b/meta/recipes-core/meta/sbom-cve-check-update-nvd-native.bb @@ -0,0 +1,7 @@ +SUMMARY = "Updates the NVD CVE database" +LICENSE = "MIT" + +SBOM_CVE_CHECK_FETCH_PATH = "${DL_DIR}/sbom_cve_check/databases/nvd-fkie" +SBOM_CVE_CHECK_FETCH_URL = "https://github.com/fkie-cad/nvd-json-data-feeds.git" + +inherit sbom-cve-check-update-db