[{"id":3669131,"web_url":"http://patchwork.ozlabs.org/comment/3669131/","msgid":"<20260325144322.383432-1-thomas.perale@mind.be>","list_archive_url":null,"date":"2026-03-25T14:43:22","subject":"Re: [Buildroot] [PATCH v3 2/5] utils/generate-cyclonedx: remove\n indirect dependencies from root component","submitter":{"id":87308,"url":"http://patchwork.ozlabs.org/api/people/87308/","name":"Thomas Perale","email":"thomas.perale@mind.be"},"content":"Acked-By: Thomas Perale <thomas.perale@mind.be>\n\nIn reply of:\n> Commit dc4af8bfa979 (\"utils/generate-cyclonedx: use direct dependencies\")\n> removes indirect dependencies from any listed component, as required by\n> CycloneDX. The root component, however, still includes indirect dependencies,\n> as it just takes the components from the show-info output.\n> \n> Fix this by collecting all component dependencies, and then filter the root\n> component dependencies to include direct dependencies only.\n> \n> Signed-off-by: Martin Willi <martin@strongswan.org>\n\n> ---\n>  .../tests/utils/test_generate_cyclonedx.py     |  3 +++\n>  utils/generate-cyclonedx                       | 18 +++++++++++++++++-\n>  2 files changed, 20 insertions(+), 1 deletion(-)\n> \n> diff --git a/support/testing/tests/utils/test_generate_cyclonedx.py b/support/testing/tests/utils/test_generate_cyclonedx.py\n> index 20f67b48a7a8..9b041ffb61fb 100644\n> --- a/support/testing/tests/utils/test_generate_cyclonedx.py\n> +++ b/support/testing/tests/utils/test_generate_cyclonedx.py\n> @@ -126,6 +126,9 @@ class TestGenerateCycloneDX(unittest.TestCase):\n>          foo_deps = next(d for d in result[\"dependencies\"] if d[\"ref\"] == \"package-foo\")\n>          self.assertEqual(foo_deps[\"dependsOn\"], [\"package-bar\", \"skeleton-baz\"])\n>  \n> +        project_deps = next(d for d in result[\"dependencies\"] if d[\"ref\"] == \"buildroot\")\n> +        self.assertEqual(project_deps[\"dependsOn\"], [\"host-tool\", \"package-foo\"])\n> +\n>      def test_virtual(self):\n>          result = self._run_script([\"--virtual\"])\n>  \n> diff --git a/utils/generate-cyclonedx b/utils/generate-cyclonedx\n> index 35198a47cfdd..70abd7af7c89 100755\n> --- a/utils/generate-cyclonedx\n> +++ b/utils/generate-cyclonedx\n> @@ -385,6 +385,22 @@ def br2_parse_deps(ref, show_info_dict, virtual=False) -> list:\n>      return list(deps)\n>  \n>  \n> +def br2_root_deps(show_info_dict, virtual=False) -> list:\n> +    \"\"\"Retrieve the list of direct dependencies of the root component.\n> +\n\nNIT: I would add a simple line of text that explain what the function does in practice.\n\n\"This function return all components that are not a dependency of any other component\"\n\n> +    Args:\n> +        show_info_dict (dict): The JSON output of the show-info command.\n> +        virtual (bool): Whether to resolve virtual dependencies to their providers.\n> +\n> +    Returns:\n> +        list: List of direct dependencies of the root component.\n> +    \"\"\"\n> +    indirect = set()\n> +    for ref in show_info_dict:\n> +        indirect.update(br2_parse_deps(ref, show_info_dict, virtual))\n> +    return [ref for ref in show_info_dict if ref not in indirect]\n> +\n> +\n>  def main():\n>      parser = argparse.ArgumentParser(\n>              description='''Create a CycloneDX SBoM for the Buildroot configuration.\n> @@ -447,7 +463,7 @@ def main():\n>              cyclonedx_component(name, comp) for name, comp in filtered_show_info_dict.items()\n>          ],\n>          \"dependencies\": [\n> -            cyclonedx_dependency(args.project_name, list(filtered_show_info_dict)),\n> +            cyclonedx_dependency(args.project_name, br2_root_deps(filtered_show_info_dict, args.virtual)),\n>              *[cyclonedx_dependency(ref, br2_parse_deps(ref, show_info_dict, args.virtual))\n>                for ref in filtered_show_info_dict],\n>          ],\n> -- \n> 2.43.0\n> \n> _______________________________________________\n> buildroot mailing list\n> buildroot@buildroot.org\n> https://lists.buildroot.org/mailman/listinfo/buildroot","headers":{"Return-Path":"<buildroot-bounces@buildroot.org>","X-Original-To":["incoming-buildroot@patchwork.ozlabs.org","buildroot@buildroot.org"],"Delivered-To":["patchwork-incoming-buildroot@legolas.ozlabs.org","buildroot@buildroot.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=CA6jt1no;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)"],"Received":["from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fgqQr1T3mz1y1K\n\tfor <incoming-buildroot@patchwork.ozlabs.org>;\n Thu, 26 Mar 2026 01:43:32 +1100 (AEDT)","from localhost (localhost [127.0.0.1])\n\tby smtp1.osuosl.org (Postfix) with ESMTP id CA976821B7;\n\tWed, 25 Mar 2026 14:43:29 +0000 (UTC)","from smtp1.osuosl.org ([127.0.0.1])\n by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id j5sapfoCOysl; Wed, 25 Mar 2026 14:43:28 +0000 (UTC)","from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp1.osuosl.org (Postfix) with ESMTP id E8A3D81F36;\n\tWed, 25 Mar 2026 14:43:27 +0000 (UTC)","from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])\n by lists1.osuosl.org (Postfix) with ESMTP id A6DABF5\n for <buildroot@buildroot.org>; Wed, 25 Mar 2026 14:43:26 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n by smtp1.osuosl.org (Postfix) with ESMTP id 9E80381F36\n for <buildroot@buildroot.org>; Wed, 25 Mar 2026 14:43:26 +0000 (UTC)","from smtp1.osuosl.org ([127.0.0.1])\n by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id 6fBS7pPGcPnz for <buildroot@buildroot.org>;\n Wed, 25 Mar 2026 14:43:25 +0000 (UTC)","from mail-wm1-x335.google.com (mail-wm1-x335.google.com\n [IPv6:2a00:1450:4864:20::335])\n by smtp1.osuosl.org (Postfix) with ESMTPS id 4846481D19\n for <buildroot@buildroot.org>; Wed, 25 Mar 2026 14:43:25 +0000 (UTC)","by mail-wm1-x335.google.com with SMTP id\n 5b1f17b1804b1-486fe655187so64065365e9.2\n for <buildroot@buildroot.org>; Wed, 25 Mar 2026 07:43:24 -0700 (PDT)","from arch ([79.132.232.220]) by smtp.gmail.com with ESMTPSA id\n ffacd0b85a97d-43b919cf1c4sm189193f8f.23.2026.03.25.07.43.22\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Wed, 25 Mar 2026 07:43:22 -0700 (PDT)"],"X-Virus-Scanned":["amavis at osuosl.org","amavis at osuosl.org"],"X-Comment":"SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver=<UNKNOWN> ","DKIM-Filter":["OpenDKIM Filter v2.11.0 smtp1.osuosl.org E8A3D81F36","OpenDKIM Filter v2.11.0 smtp1.osuosl.org 4846481D19"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1774449808;\n\tbh=R7C2bMNWMG9VM+/WukQ90fuSsvAkRcxVkoKNPTMZsl4=;\n\th=To:Cc:Date:In-Reply-To:References:Subject:List-Id:\n\t List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:\n\t From:Reply-To:From;\n\tb=CA6jt1noRPzZKD09NHLKIwyBQGNwFK8V3ope2hBPtSGcZf7TK8Qtxz9/NQNI7JK0h\n\t +x3oXARuIt7/4t+an5cYJSD3J2JnjO9jh9TfYzycGslx4DvAq6qUSqUpYbS/+wZqhD\n\t wcq4vArfnoIjXE2Pzvr1KXNaSOGREMqv+wrPWl5W34p8m53DGzrrHLA/Q2GE+iM1tB\n\t gumCxYuVqUDDOjquHJp8zuEA1QrS9L9M3istRDuWieYXQliuQeCxdpmX3NBMB1V3wS\n\t TP+mII6qOrW7I4YQwpfmQNW6z/QX3GOF9kGo1orZlbJ03WtS1avZp/bb2BmrlhIqzL\n\t X6VOc+eXKwlHg==","Received-SPF":"Pass (mailfrom) identity=mailfrom;\n client-ip=2a00:1450:4864:20::335; helo=mail-wm1-x335.google.com;\n envelope-from=thomas.perale@essensium.com; receiver=<UNKNOWN>","DMARC-Filter":"OpenDMARC Filter v1.4.2 smtp1.osuosl.org 4846481D19","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1774449803; x=1775054603;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from\n :to:cc:subject:date:message-id:reply-to;\n bh=zo9h7LpVoD/y/FSI5GEsIQVlBlEi/Flk60MAPkC51T0=;\n b=Da2gnKwsXQBsfe0WmPojjQcQnJtfeTLAUkv8jyosakp8C42c/BTpRonmzTHuGF0Dzr\n FdvyXuRXymq+8HBjX6G5+oNofcE+ZtzuBJw/IgUnL0qk4xXoiwYdqlEyXAjTZNvDkIKo\n 7kDwsYNQLV2YrPM9Z3QANfoPSwURuxySkUISAo3vm4gcTyxnLMS2+Gpb1C6Zt1xzvhRn\n wq5F/CCCbYpNyfnd8lAAHozBPiaDDkv2NAAKwGOIP0V9Q+bLXiERL4uCS2Dew+rGqt59\n 2De17mvua+3fVUMQDNEESMXHB91L4TZoE1bk/D3CE3D2I2yi6I2ShTCw0JV/f4maSTVk\n xoNA==","X-Forwarded-Encrypted":"i=1;\n AJvYcCUXigYJmAGJfXd5WF3bi/0wUugKa+rEpmaSzfE733naC9vDr6hT0SsXhz4w6bNV7liixL1tnltCrV0=@buildroot.org","X-Gm-Message-State":"AOJu0YyLa5Faxdf1RpokyLO47Wb/rPyAAmOgAcfhbo9SuIgFKjzP+S4x\n uET8Hpa/L0HZ4akQG5zE+yWZCxW5aYS4hjLnTnyIm7vH16b7stc1cv957YiT1rPdwqI=","X-Gm-Gg":"ATEYQzy9llMxjpUNOxAvq+7I2W2HNpEdZmGKIG6XFueJ8T+BdKsPL8EmJvmRnVhEgSU\n jbgwG1UzV3qhp1v1jMnq8Mjp0JXO2PvA/ewA0ILhekGtSOizYQbv0AKj7Tce/4y9eN6uPwuw9q6\n Hlkcu/rhZsq5towbzMyyhR/RMeU6Gz+8jn4Evg8YWqnqBzrJCV7l17TvcNc0vub6fBrKtGFDcAu\n FmgSb4HNRJqD/bp6Pd9zPhVYVqkwblu7X0QVqZrx7Zz+Fziii93my9ApOcwvZVzgXL513kDIhA3\n aOR37ThC9xujG20Ced2HUl/TQeb6BFnR0rnGWxCooChn+1s5djNbFlL8FzLR2uHlC1pZplTwdJV\n 4TWYumu0L64ovdGhfpDrkZKa1H8Dw3ddrcQxLiz6xNdPGYmWN5f+K0CaZgE2EWrKAJoAc/LXyIg\n JlKK+XTbVvRcqeU8CROk1X/InEBzU=","X-Received":"by 2002:a05:600c:4685:b0:485:2ce2:4c87 with SMTP id\n 5b1f17b1804b1-48715fc3562mr61059485e9.4.1774449802979;\n Wed, 25 Mar 2026 07:43:22 -0700 (PDT)","To":"Martin Willi <martin@strongswan.org>","Cc":"Thomas Perale <thomas.perale@mind.be>,\n\tbuildroot@buildroot.org","Date":"Wed, 25 Mar 2026 15:43:22 +0100","Message-ID":"<20260325144322.383432-1-thomas.perale@mind.be>","X-Mailer":"git-send-email 2.53.0","In-Reply-To":"<20260325133343.1008245-3-martin@strongswan.org>","References":"<20260325133343.1008245-3-martin@strongswan.org>","MIME-Version":"1.0","X-Mailman-Original-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=mind.be; s=google; t=1774449803; x=1775054603; darn=buildroot.org;\n h=content-transfer-encoding:mime-version:references:in-reply-to\n :message-id:date:subject:cc:to:from:from:to:cc:subject:date\n :message-id:reply-to;\n bh=zo9h7LpVoD/y/FSI5GEsIQVlBlEi/Flk60MAPkC51T0=;\n b=bhU43Mge0L9gUnvtb7U8spHtuKqe7ZjFo5XRwchSbMFziamKefRMQp/zLwwvqirYcG\n wcOzZx86BL3TX91XCgHZtGECfRvjTu39/VI/6BsBoFbvmFSXatPqRIcJWomrTvzFKe00\n pU8HKadKBFMGI0uYB0RiyjSPnRApFPcCvDM3FnLJuGdQfN5mMq7DlCD4ozqLIFwgykaU\n ZDOXU1Oo/JKj7XPVcD5qOFMW4GG1gzHzpbywj6xuGuL777kYBU72EsaHgeAVI0bgdw49\n Qt/ib6ysfCsChd/oyGiOMnC9XxQ4renfnw1G57+4cJB+3rPD32lbFUcA2RJDcT8cHMQG\n tJZA==","X-Mailman-Original-Authentication-Results":["smtp1.osuosl.org;\n dmarc=pass (p=quarantine dis=none)\n header.from=mind.be","smtp1.osuosl.org;\n dkim=pass (2048-bit key,\n unprotected) header.d=mind.be header.i=@mind.be header.a=rsa-sha256\n header.s=google header.b=bhU43Mge"],"Subject":"Re: [Buildroot] [PATCH v3 2/5] utils/generate-cyclonedx: remove\n indirect dependencies from root component","X-BeenThere":"buildroot@buildroot.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Discussion and development of buildroot <buildroot.buildroot.org>","List-Unsubscribe":"<https://lists.buildroot.org/mailman/options/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=unsubscribe>","List-Archive":"<http://lists.buildroot.org/pipermail/buildroot/>","List-Post":"<mailto:buildroot@buildroot.org>","List-Help":"<mailto:buildroot-request@buildroot.org?subject=help>","List-Subscribe":"<https://lists.buildroot.org/mailman/listinfo/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=subscribe>","From":"Thomas Perale via buildroot <buildroot@buildroot.org>","Reply-To":"Thomas Perale <thomas.perale@mind.be>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@buildroot.org","Sender":"\"buildroot\" <buildroot-bounces@buildroot.org>"}}]