Date: Thu, 16 Apr 2026 16:33:12 +0000 From: Lorenzo Salvadore <salvadore@FreeBSD.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org Cc: Tuukka Pasanen <tuukka.pasanen@ilmi.fi> Subject: git: 4f9d23a304 - main - Status/2026Q1/sbom.adoc: Add report Message-ID: <69e10f48.278aa.7ec0d476@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by salvadore: URL: https://cgit.FreeBSD.org/doc/commit/?id=4f9d23a304ceb9e718a44d32e47688c9ccf2eaf2 commit 4f9d23a304ceb9e718a44d32e47688c9ccf2eaf2 Author: Tuukka Pasanen <tuukka.pasanen@ilmi.fi> AuthorDate: 2026-04-16 16:25:17 +0000 Commit: Lorenzo Salvadore <salvadore@FreeBSD.org> CommitDate: 2026-04-16 16:25:17 +0000 Status/2026Q1/sbom.adoc: Add report Reviewed by: status (Graham Percival <gperciva@tarsnap.com>) Differential Revision: https://reviews.freebsd.org/D56299 --- .../en/status/report-2026-01-2026-03/sbom.adoc | 37 ++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/website/content/en/status/report-2026-01-2026-03/sbom.adoc b/website/content/en/status/report-2026-01-2026-03/sbom.adoc new file mode 100644 index 0000000000..5226014c67 --- /dev/null +++ b/website/content/en/status/report-2026-01-2026-03/sbom.adoc @@ -0,0 +1,37 @@ +=== FreeBSD Software Bill of Materials + +Links: + +link:https://github.com/pkgconf/pkgconf/pull/484[spdxtool: Add parameter for using URI as SPDX id] URL: link:https://github.com/pkgconf/pkgconf/pull/484[] + +link:https://github.com/pkgconf/pkgconf/pull/483[spdxtool: Add cli parameter for changing SPDX id] URL: link:https://github.com/pkgconf/pkgconf/pull/483[] + +link:https://github.com/pkgconf/pkgconf/pull/475[spdxtool: spdxtool: Add homepage handling] URL: link:https://github.com/pkgconf/pkgconf/pull/475[] + +link:https://github.com/pkgconf/pkgconf/pull/474[spdxtool: Add source handling to SBOM] URL: link:https://github.com/pkgconf/pkgconf/pull/474[] + +link:https://github.com/pkgconf/pkgconf/pull/473[spdxtool: Add support for copyright text] URL: link:https://github.com/pkgconf/pkgconf/pull/473[] + +link:https://github.com/pkgconf/pkgconf/pull/461[spdxtool: Rework of License-tag SDPX expression evaluation] URL: link:https://github.com/pkgconf/pkgconf/pull/461[] + +link:https://github.com/pkgconf/pkgconf/pull/450[Add some stricter compiler warnings and overcome new warnings ] URL: link:https://github.com/pkgconf/pkgconf/pull/450[] + +link:https://github.com/pkgconf/pkgconf/pull/447[libpkgconf/libpkgconf.h: Add printf-like attributes to functions] URL: link:https://github.com/pkgconf/pkgconf/pull/447[] + +link:https://github.com/pkgconf/pkgconf/pull/446[spdxtool: Update variables that are const to const] URL: link:https://github.com/pkgconf/pkgconf/pull/446[] + +link:https://github.com/pkgconf/pkgconf/pull/445[man/spdxtool.1: Add man page for spdxtool] URL: link:https://github.com/pkgconf/pkgconf/pull/445[] + +link:https://cgit.freebsd.org/src/log/?qt=author&q=Tuukka+Pasanen[Added SPDX-License-Identifiers] URL: link:https://cgit.freebsd.org/src/log/?qt=author&q=Tuukka+Pasanen[] + +link:https://github.com/freebsd/freebsd-src/compare/main...illuusio:freebsd-src:update-spdx-licenses[SPDX-License-Identifiers up-to review and waiting for upstreaming] URL: link:https://github.com/freebsd/freebsd-src/compare/main...illuusio:freebsd-src:update-spdx-licenses[] + +link:https://reviews.freebsd.org/D55461[Issue open for commenting and review: caesar: Add SPDX-License-Identifier tags] URL: https://reviews.freebsd.org/D55461[] + +link:https://github.com/illuusio/freebsd-src/tree/sbom-pkgconfig/release/sbom[.pc file for SBOM metadata (WIP)] URL: https://github.com/illuusio/freebsd-src/tree/sbom-pkgconfig/release/sbom + +Contact: Tuukka Pasanen <tuukka.pasanen@ilmi.fi> + +The FreeBSD Software Bill of Materials (SBOM) project started in 2025 and continued in 2026. +Work in 2026 has focused more on the EU Cyber Resilience Act (CRA), and the effort has shifted toward delivering a framework for FreeBSD source. + +In the first quarter of 2026, SBOM work was delivered in three categories: +* Pkgconf upstream work, especially with spdxtool-tool, which is used for creating SPDX Lite 3.0.1 JSON-LD SBOMs from [.filename]#.pc#-files. + +Several missing features have been added and are under active development by pkgconf contributors. + +The tool is now nearly compatible with SPDX Lite 3.0.1 requirements and is ready for general use. + +Additionally, there is an effort to import pkgconf as part of the FreeBSD source, led by Pierre Pronchery. +* Adding missing SPDX-License-Identifier to files under the FreeBSD source in the [.filename]#bin#, [.filename]#sbin#, [.filename]#usr.bin#, and [.filename]#usr.sbin# directories. +* Creating [.filename]#.pc#-files for SBOM. The first patch is expected to land in 2026Q2, starting with files from [.filename]#bin#. + +If you want to help with this effort: +* Verify that SPDX-License-Identifier licenses are correct and assist with upstreaming files. +* Verify that [.filename]#.pc# files contain accurate information and help upstreaming them to git. +* Assist in reviewing the pkgconf import to the FreeBSD source. + +Sponsor: The FreeBSD Foundationhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69e10f48.278aa.7ec0d476>