| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20260210205424.11195-3-luis.augenstein@tngtech.com> Date: Tue, 10 Feb 2026 21:54:11 +0100 From: Luis Augenstein <luis.augenstein@...tech.com> To: nathan@...nel.org, nsc@...nel.org Cc: linux-kbuild@...r.kernel.org, linux-kernel@...r.kernel.org, akpm@...ux-foundation.org, gregkh@...uxfoundation.org, kstewart@...uxfoundation.org, maximilian.huber@...tech.com, Luis Augenstein <luis.augenstein@...tech.com> Subject: [PATCH 02/15] scripts/sbom: integrate script in make process integrate SBOM script into the kernel build process. Assisted-by: Claude Sonnet 4.5 Assisted-by: GLM-4.7 Co-developed-by: Maximilian Huber <maximilian.huber@...tech.com> Signed-off-by: Maximilian Huber <maximilian.huber@...tech.com> Signed-off-by: Luis Augenstein <luis.augenstein@...tech.com> --- .gitignore | 1 + MAINTAINERS | 6 ++++++ Makefile | 11 +++++++++-- scripts/sbom/Makefile | 33 +++++++++++++++++++++++++++++++++ scripts/sbom/sbom.py | 16 ++++++++++++++++ 5 files changed, 65 insertions(+), 2 deletions(-) create mode 100644 scripts/sbom/Makefile create mode 100644 scripts/sbom/sbom.py diff --git a/.gitignore b/.gitignore index 3a7241c941f5..f3372f15eb1b 100644 --- a/.gitignore +++ b/.gitignore @@ -48,6 +48,7 @@ *.s *.so *.so.dbg +*.spdx.json *.su *.symtypes *.tab.[ch] diff --git a/MAINTAINERS b/MAINTAINERS index f1b020588597..decbab52cef1 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -23365,6 +23365,12 @@ R: Marc Murphy <marc.murphy@...cloud.com> S: Supported F: arch/arm/boot/dts/ti/omap/am335x-sancloud* +SBOM +M: Luis Augenstein <luis.augenstein@...tech.com> +M: Maximilian Huber <maximilian.huber@...tech.com> +S: Maintained +F: scripts/sbom/ + SC1200 WDT DRIVER M: Zwane Mwaikambo <zwanem@...il.com> S: Maintained diff --git a/Makefile b/Makefile index 9d38125263fb..46d4be490d7f 100644 --- a/Makefile +++ b/Makefile @@ -772,7 +772,7 @@ endif # in addition to whatever we do anyway. # Just "make" or "make all" shall build modules as well -ifneq ($(filter all modules nsdeps compile_commands.json clang-%,$(MAKECMDGOALS)),) +ifneq ($(filter all modules nsdeps compile_commands.json clang-% sbom,$(MAKECMDGOALS)),) KBUILD_MODULES := y endif @@ -1612,7 +1612,7 @@ CLEAN_FILES += vmlinux.symvers modules-only.symvers \ modules.builtin.ranges vmlinux.o.map vmlinux.unstripped \ compile_commands.json rust/test \ rust-project.json .vmlinux.objs .vmlinux.export.c \ - .builtin-dtbs-list .builtin-dtb.S + .builtin-dtbs-list .builtin-dtb.S sbom-*.spdx.json # Directories & files removed with 'make mrproper' MRPROPER_FILES += include/config include/generated \ @@ -1728,6 +1728,7 @@ help: @echo '' @echo 'Tools:' @echo ' nsdeps - Generate missing symbol namespace dependencies' + @echo ' sbom - Generate Software Bill of Materials' @echo '' @echo 'Kernel selftest:' @echo ' kselftest - Build and run kernel selftest' @@ -2108,6 +2109,12 @@ nsdeps: export KBUILD_NSDEPS=1 nsdeps: modules $(Q)$(CONFIG_SHELL) $(srctree)/scripts/nsdeps +# Script to generate .spdx.json SBOM documents describing the build +# --------------------------------------------------------------------------- +PHONY += sbom +sbom: all + $(Q)$(MAKE) $(build)=scripts/sbom + # Clang Tooling # --------------------------------------------------------------------------- diff --git a/scripts/sbom/Makefile b/scripts/sbom/Makefile new file mode 100644 index 000000000000..6c8ec7356293 --- /dev/null +++ b/scripts/sbom/Makefile @@ -0,0 +1,33 @@ +# SPDX-License-Identifier: GPL-2.0-only OR MIT +# Copyright (C) 2025 TNG Technology Consulting GmbH + +SBOM_SOURCE_FILE := $(objtree)/sbom-source.spdx.json +SBOM_BUILD_FILE := $(objtree)/sbom-build.spdx.json +SBOM_OUTPUT_FILE := $(objtree)/sbom-output.spdx.json +SBOM_ROOTS_FILE := $(objtree)/sbom-roots.txt + + +ifeq ($(srctree),$(objtree)) + SBOM_TARGETS := $(SBOM_BUILD_FILE) $(SBOM_OUTPUT_FILE) +else + SBOM_TARGETS := $(SBOM_SOURCE_FILE) $(SBOM_BUILD_FILE) $(SBOM_OUTPUT_FILE) +endif + +SBOM_DEPS := $(objtree)/$(KBUILD_IMAGE) $(objtree)/include/generated/autoconf.h +ifdef CONFIG_MODULES + SBOM_DEPS += $(objtree)/modules.order +endif + +$(SBOM_TARGETS) &: $(SBOM_DEPS) + $(Q)echo " GEN $(notdir $(SBOM_TARGETS))" + + $(Q)printf "%s\n" "$(KBUILD_IMAGE)" > $(SBOM_ROOTS_FILE) + $(Q)if [ "$(CONFIG_MODULES)" = "y" ]; then \ + sed 's/\.o$$/.ko/' $(objtree)/modules.order >> $(SBOM_ROOTS_FILE); \ + fi + + $(Q)$(PYTHON3) $(srctree)/scripts/sbom/sbom.py + + $(Q)rm $(SBOM_ROOTS_FILE) + +$(obj)/: $(SBOM_TARGETS) diff --git a/scripts/sbom/sbom.py b/scripts/sbom/sbom.py new file mode 100644 index 000000000000..9c2e4c7f17ce --- /dev/null +++ b/scripts/sbom/sbom.py @@ -0,0 +1,16 @@ +#!/usr/bin/env python3 +# SPDX-License-Identifier: GPL-2.0-only OR MIT +# Copyright (C) 2025 TNG Technology Consulting GmbH + +""" +Compute software bill of materials in SPDX format describing a kernel build. +""" + + +def main(): + pass + + +# Call main method +if __name__ == "__main__": + main() -- 2.34.1
Powered by blists - more mailing lists