On Wednesday, May 13, 2026 at 12:27 AM, Joshua Watt wrote:
> On Tue, May 12, 2026 at 11:02 AM Jérémie Dautheribes via
> lists.openembedded.org
> <[email protected]> wrote:
> >
> > Add support for optional zstd compression for all types of SBOMs,
> > including:
> > - image SBOM
> > - recipe SBOM
> > - SDK SBOM
> >
> > Zstd compression is applied if SPDX_SBOM_EXT ends with ".zst".
> >
> > Co-authored-by: Benjamin Robin (Schneider Electric)
> > <[email protected]>
> > Signed-off-by: Jérémie Dautheribes (Schneider Electric)
> > <[email protected]>
> > ---
> > meta/classes/create-spdx-3.0.bbclass | 3 ++-
> > meta/lib/oe/sbom30.py | 11 +++++++++--
> > 2 files changed, 11 insertions(+), 3 deletions(-)
> >
> > diff --git a/meta/classes/create-spdx-3.0.bbclass
> > b/meta/classes/create-spdx-3.0.bbclass
> > index 785edb9865..6cf8fa4688 100644
> > --- a/meta/classes/create-spdx-3.0.bbclass
> > +++ b/meta/classes/create-spdx-3.0.bbclass
> > @@ -75,7 +75,8 @@ SPDX_IMPORTS[doc] = "SPDX_IMPORTS is the base variable
> > that describes how to \
> > SPDX 3 spec. Optional but recommended"
> >
> > SPDX_SBOM_EXT ??= ".spdx.json"
> > -SPDX_SBOM_EXT[doc] = "SBOM file extension name."
> > +SPDX_SBOM_EXT[doc] = "SBOM file extension name.\
> > + If it ends with '.zst', SBOMs are automatically compressed using Zstd."
> >
> > # Agents
> > # Bitbake variables can be used to describe an SPDX Agent that may be
> > used
> > diff --git a/meta/lib/oe/sbom30.py b/meta/lib/oe/sbom30.py
> > index 0f1f9281ad..2184c1a07f 100644
> > --- a/meta/lib/oe/sbom30.py
> > +++ b/meta/lib/oe/sbom30.py
> > @@ -1036,8 +1036,15 @@ def write_jsonld_doc(d, objset, dest):
> > serializer = oe.spdx30.JSONLDInlineSerializer()
> >
> > objset.objects.add(objset.doc)
> > - with dest.open("wb") as f:
> > - serializer.write(objset, f, force_at_graph=True)
> > +
> > + if dest.name.endswith(".zst"):
>
> I'm not sure I like this detection mechanism; I think we usually do
> something more explicit for compression rather than relying on the
> suffix in other places?
Do you have an example somewhere in the code base?
I am not opposed to use a variable like `SPDX_COMPRESSED_SBOM`
and to have the following code "duplicated" (or create a function for it):
sbom_file_extension = ".spdx.json.zst" if compressed_sbom else ".spdx.json"
The goal was to simplify the code, and to allow user flexibility.
The user could choose any other extension (even if it violate the
ISO standard extension for SPDX documents).
>
> > + num_threads = int(d.getVar("BB_NUMBER_THREADS"))
>
> The API is oe.utils.parallel_make_argument()
Thanks, but for information all code instance calling
`bb.compress.zstd.open` use the BB_NUMBER_THREADS variable :)
So maybe this should be fixed by another patch?
>
> > + with bb.compress.zstd.open(dest, "w", num_threads=num_threads) as
> > f:
> > + serializer.write(objset, f, force_at_graph=True)
> > + else:
> > + with dest.open("wb") as f:
> > + serializer.write(objset, f, force_at_graph=True)
> > +
> > objset.objects.remove(objset.doc)
> >
> >
> >
> > --
> > 2.54.0
> >
> >
> >
> >
>
--
Benjamin Robin, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#236934):
https://lists.openembedded.org/g/openembedded-core/message/236934
Mute This Topic: https://lists.openembedded.org/mt/119282964/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
