From nobody Tue Dec 30 10:22:54 2025 X-Original-To: dev-commits-doc-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dgTgL6Qkxz6Lhld for ; Tue, 30 Dec 2025 10:22:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4dgTgL39JHz47x2 for ; Tue, 30 Dec 2025 10:22:54 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1767090174; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=G8TnOE9GS6gT3wGaKE5RlftcOJE/AufKxaA0+i7blfE=; b=mmpiMM5NEqP9K33/5sMe39/P7iA3I7hXvlNeBTdOvm+x+LkO3wAopKob6muevib2k1rHBq S8AmJnvPpyEOd7E769uZ4os0jJTUcf9I7QN1g3PxpJUljh8as72MjIBhQ2h1K0hV3zmWCY ABvvx0NTxQrfNRET+vDWh2z6o2yFKTZ7Yz4+S4vqXk1qbd4JnyzEULFBwVbNlFrL//hUYN Ha+BNpWmdS7LGIfjkOdtGVs6YF7VP6mVhYObgvo+zIts1DI+TYidJS6BusMArsE3fKu9Z1 8TsPuT0agQDDAi3l+maKbykbVl/0rD7BSO+3S7veQ7QZ+Agvn/1/yicygwEnwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1767090174; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=G8TnOE9GS6gT3wGaKE5RlftcOJE/AufKxaA0+i7blfE=; b=tIWS5LcJVhOFyclObXlrb2JVBLldoaX+Z9NxzVf+oqx6Nj6FSXK+IPXxOm/kRugMaMUcum UrYkfXljISkuFNrQRtfO4zBfddyBXYviySQ64HvpY5+QiqloBLHsnIj5oxJZZg1Eoj242I YGYrXKrIr8L5uwBgXC+Ur+TtcK0VHgiPve8bhAZp+EIc/++RpJTPmqSC6Zj2XbqLrgnKA3 P/qkr9EmojjP75BXQqM1w1kJtejbiz+mUX3aVbiG1wwbkGfsrlfdeWoWWsjH6QoD38cR1A BeuZU6ZfmGlsHNLITJbx8NqKittXsA8Qb0NY/f2AzgmShyeHuGrOfBoaz6lFzQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1767090174; a=rsa-sha256; cv=none; b=kD/5B/jjbfOX2AWvXzy5Bohn37IGHayJQhOrTgMqH97AHrr/spCrXiQU/XSV2HYGVm7wxg rgRFJtKOF7dIuYYe44TXGhyixQfXSh4/W76gXiygtycBwUuJjMx8AnUmVQcrLueupw7aAq /40Azuu4hZpC4aFijCFRkD2ta9IRXhNBoILGPMDLroZ98e+QCfwnhI8A2Egnl6nowUNHYC 5nK7cfk8Gd3JKCiaTSasX3cCG10YZcMxkGENHmo9BsYbVFa4xYtX8dGOkJMjp4lrc2nNjt hMYp8lMuNSfZ6z2q8BpL0peEWFxqbdBaLKo5FNtQwGNTrXfBNpg9RarugiLGLA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4dgTgL2mGPzwqB for ; Tue, 30 Dec 2025 10:22:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 239ca by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Tue, 30 Dec 2025 10:22:54 +0000 To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org Cc: Tuukka Pasanen From: Lorenzo Salvadore Subject: git: fca85bb36a - main - Status/2025Q4/sbmo.adoc: Add report List-Id: Commit messages for all branches of the doc repository List-Archive: https://lists.freebsd.org/archives/dev-commits-doc-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-doc-all@freebsd.org Sender: owner-dev-commits-doc-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: salvadore X-Git-Repository: doc X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: fca85bb36a35d1a755dc9db7ee83a30796932bc7 Auto-Submitted: auto-generated Date: Tue, 30 Dec 2025 10:22:54 +0000 Message-Id: <6953a7fe.239ca.46238a14@gitrepo.freebsd.org> The branch main has been updated by salvadore: URL: https://cgit.FreeBSD.org/doc/commit/?id=fca85bb36a35d1a755dc9db7ee83a30796932bc7 commit fca85bb36a35d1a755dc9db7ee83a30796932bc7 Author: Tuukka Pasanen AuthorDate: 2025-12-30 10:22:02 +0000 Commit: Lorenzo Salvadore CommitDate: 2025-12-30 10:22:02 +0000 Status/2025Q4/sbmo.adoc: Add report Differential Revision: https://reviews.freebsd.org/D54345 --- .../en/status/report-2025-10-2025-12/sbom.adoc | 36 ++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/website/content/en/status/report-2025-10-2025-12/sbom.adoc b/website/content/en/status/report-2025-10-2025-12/sbom.adoc new file mode 100644 index 0000000000..ce23c3bfe2 --- /dev/null +++ b/website/content/en/status/report-2025-10-2025-12/sbom.adoc @@ -0,0 +1,36 @@ +=== FreeBSD Software Bill of Materials + +Links: + +link:https://github.com/pkgconf/pkgconf/pull/429[pkgconf PR 429 which adds spdxtool] URL: link:https://github.com/pkgconf/pkgconf/pull/429[] + +link:https://spdx.github.io/spdx-spec/v3.0.1/[SPDX Lite 3.0.1 documentation] URL: link:https://spdx.github.io/spdx-spec/v3.0.1/[] + +link:https://github.com/FreeBSDFoundation/alpha-omega-beach-cleaning/blob/illuusio/update-licenses/json-ld/FreeBSD.jsonld[FreeBSD SPDX 3.0.1 JSON-LD file: FreeBSD.jsonld] URL: link:https://github.com/FreeBSDFoundation/alpha-omega-beach-cleaning/blob/illuusio/update-licenses/json-ld/FreeBSD.jsonld[] + +link:https://github.com/illuusio/freebsd-src/tree/freebsd-sbom/share/sbom[Source files to make SBOM] URL: link:https://github.com/illuusio/freebsd-src/tree/freebsd-sbom/share/sbom[] + +link:https://github.com/FreeBSDFoundation/alpha-omega-beach-cleaning/blob/illuusio/update-licenses/license.md[Current status of license gathering for SBOM in Markdown file] URL: link:https://github.com/FreeBSDFoundation/alpha-omega-beach-cleaning/blob/illuusio/update-licenses/license.md[] + +link:https://reviews.freebsd.org/D53318[Add sbom target to Makefile and needed Lua scripts] URL: link:https://reviews.freebsd.org/D53318[] + +link:https://reviews.freebsd.org/D53317[Lua functions to handle make command output for specific FreeBSD ports targets] URL: link:https://reviews.freebsd.org/D53317[] + +link:https://reviews.freebsd.org/D53316[Add Lua Logging module to FreeBSD ports tree and introduce Lua functions and modules to ports] URL: link:https://reviews.freebsd.org/D53316[] + +Contact: Tuukka Pasanen + +The Software Bill of Materials (SBOM) project has been ongoing since May, with the goal of providing the necessary tooling to create SBOMs from FreeBSD Ports and the base system. + +One of the major developments in 2025Q4 was upstreaming spdxtool to the pkgconf upstream. The upstreamed code ensures that pkgconf tools have an SPDX Lite 3.0.1 profile-compatible SBOM creation tool with the next release. + +Another significant effort has been gathering information about applications that form part of the FreeBSD base system. +These applications are primarily located in the [.filename]#usr.bin#, [.filename]#usr.sbin#, [.filename]#sbin#, and [.filename]#bin# directories inside FreeBSD git repository. +The FreeBSD Alpha Omega Beach Cleaning project has been instrumental as it gathers information about third-party libraries and applications, and I have contributed to this effort. +Now there is Lua scripts and a file that can produce the needed files for pkgconf's spdxtool, which can be exported in SPDX JSON-LD format. + +Tools using this gathered information and current raw data can be found in my fork of the FreeBSD src tree. Mainly, all C and header files that hold SPDX-License-Identifier are now gathered and processed. + +There have also been efforts to upstream SBOM creation per package for FreeBSD Ports, but this has stalled and needs updating. + +If you want to help with this effort: + +* Add SPDX-License-Identifier headers to C and header files under the FreeBSD src. +* Verify that the files current SPDX-License-Identifier is correct. +* Verify that the gathered information is accurate. + Currently, all tools that have some man page for section 1, 7, and 8 are added, with descriptions taken from the man page using a script. + These may be incorrect. + +Sponsor: The FreeBSD Foundation