On Tue, May 12, 2026 at 4:27 PM Joshua Watt <[email protected]> wrote: > > On Tue, May 12, 2026 at 11:02 AM Jérémie Dautheribes via > lists.openembedded.org > <[email protected]> wrote: > > > > Add support for optional zstd compression for all types of SBOMs, > > including: > > - image SBOM > > - recipe SBOM > > - SDK SBOM
We should perhaps also implement decompression when reading in documents, so that the intermediate documents are compressed as well; if we are allowing the final documents to be compressed, I don't see a compelling reason why we wouldn't just compress all of them. > > > > Zstd compression is applied if SPDX_SBOM_EXT ends with ".zst". > > > > Co-authored-by: Benjamin Robin (Schneider Electric) > > <[email protected]> > > Signed-off-by: Jérémie Dautheribes (Schneider Electric) > > <[email protected]> > > --- > > meta/classes/create-spdx-3.0.bbclass | 3 ++- > > meta/lib/oe/sbom30.py | 11 +++++++++-- > > 2 files changed, 11 insertions(+), 3 deletions(-) > > > > diff --git a/meta/classes/create-spdx-3.0.bbclass > > b/meta/classes/create-spdx-3.0.bbclass > > index 785edb9865..6cf8fa4688 100644 > > --- a/meta/classes/create-spdx-3.0.bbclass > > +++ b/meta/classes/create-spdx-3.0.bbclass > > @@ -75,7 +75,8 @@ SPDX_IMPORTS[doc] = "SPDX_IMPORTS is the base variable > > that describes how to \ > > SPDX 3 spec. Optional but recommended" > > > > SPDX_SBOM_EXT ??= ".spdx.json" > > -SPDX_SBOM_EXT[doc] = "SBOM file extension name." > > +SPDX_SBOM_EXT[doc] = "SBOM file extension name.\ > > + If it ends with '.zst', SBOMs are automatically compressed using Zstd." > > > > # Agents > > # Bitbake variables can be used to describe an SPDX Agent that may be > > used > > diff --git a/meta/lib/oe/sbom30.py b/meta/lib/oe/sbom30.py > > index 0f1f9281ad..2184c1a07f 100644 > > --- a/meta/lib/oe/sbom30.py > > +++ b/meta/lib/oe/sbom30.py > > @@ -1036,8 +1036,15 @@ def write_jsonld_doc(d, objset, dest): > > serializer = oe.spdx30.JSONLDInlineSerializer() > > > > objset.objects.add(objset.doc) > > - with dest.open("wb") as f: > > - serializer.write(objset, f, force_at_graph=True) > > + > > + if dest.name.endswith(".zst"): > > I'm not sure I like this detection mechanism; I think we usually do > something more explicit for compression rather than relying on the > suffix in other places? > > > + num_threads = int(d.getVar("BB_NUMBER_THREADS")) > > The API is oe.utils.parallel_make_argument() > > > + with bb.compress.zstd.open(dest, "w", num_threads=num_threads) as > > f: > > + serializer.write(objset, f, force_at_graph=True) > > + else: > > + with dest.open("wb") as f: > > + serializer.write(objset, f, force_at_graph=True) > > + > > objset.objects.remove(objset.doc) > > > > > > > > -- > > 2.54.0 > > > > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#236917): https://lists.openembedded.org/g/openembedded-core/message/236917 Mute This Topic: https://lists.openembedded.org/mt/119282964/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
