{"id":2215862,"url":"http://patchwork.ozlabs.org/api/patches/2215862/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/patch/20260325133343.1008245-3-martin@strongswan.org/","project":{"id":27,"url":"http://patchwork.ozlabs.org/api/projects/27/?format=json","name":"Buildroot development","link_name":"buildroot","list_id":"buildroot.buildroot.org","list_email":"buildroot@buildroot.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260325133343.1008245-3-martin@strongswan.org>","list_archive_url":null,"date":"2026-03-25T13:33:40","name":"[v3,2/5] utils/generate-cyclonedx: remove indirect dependencies from root component","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"75241338c1e0af1f2f075ed8492e34ddd64e9328","submitter":{"id":736,"url":"http://patchwork.ozlabs.org/api/people/736/?format=json","name":"Martin Willi","email":"martin@strongswan.org"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/buildroot/patch/20260325133343.1008245-3-martin@strongswan.org/mbox/","series":[{"id":497444,"url":"http://patchwork.ozlabs.org/api/series/497444/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/list/?series=497444","date":"2026-03-25T13:33:39","name":"Extend CycloneDX metadata","version":3,"mbox":"http://patchwork.ozlabs.org/series/497444/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2215862/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2215862/checks/","tags":{},"related":[],"headers":{"Return-Path":"<buildroot-bounces@buildroot.org>","X-Original-To":["incoming-buildroot@patchwork.ozlabs.org","buildroot@buildroot.org"],"Delivered-To":["patchwork-incoming-buildroot@legolas.ozlabs.org","buildroot@buildroot.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=Jxo8ubij;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)"],"Received":["from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fgntf2Qskz1xy3\n\tfor <incoming-buildroot@patchwork.ozlabs.org>;\n Thu, 26 Mar 2026 00:34:02 +1100 (AEDT)","from localhost (localhost [127.0.0.1])\n\tby smtp3.osuosl.org (Postfix) with ESMTP id 5300261376;\n\tWed, 25 Mar 2026 13:33:58 +0000 (UTC)","from smtp3.osuosl.org ([127.0.0.1])\n by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id W5HhaV7Beq-u; Wed, 25 Mar 2026 13:33:57 +0000 (UTC)","from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp3.osuosl.org (Postfix) with ESMTP id 11B826136C;\n\tWed, 25 Mar 2026 13:33:57 +0000 (UTC)","from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])\n by lists1.osuosl.org (Postfix) with ESMTP id 2CC72F5\n for <buildroot@buildroot.org>; Wed, 25 Mar 2026 13:33:52 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n by smtp4.osuosl.org (Postfix) with ESMTP id 1304B41190\n for <buildroot@buildroot.org>; Wed, 25 Mar 2026 13:33:52 +0000 (UTC)","from smtp4.osuosl.org ([127.0.0.1])\n by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id V605j5vTUtB6 for <buildroot@buildroot.org>;\n Wed, 25 Mar 2026 13:33:51 +0000 (UTC)","from mail.codelabs.ch (mail.codelabs.ch [IPv6:2a02:168:860f:1::35])\n by smtp4.osuosl.org (Postfix) with ESMTPS id C03EC41116\n for <buildroot@buildroot.org>; Wed, 25 Mar 2026 13:33:50 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n by mail.codelabs.ch (Postfix) with ESMTP id 71CE95A0003;\n Wed, 25 Mar 2026 14:33:48 +0100 (CET)","from mail.codelabs.ch ([127.0.0.1])\n by localhost (fenrir.codelabs.ch [127.0.0.1]) (amavis, port 10024) with ESMTP\n id W5k_v6q4JU_Q; Wed, 25 Mar 2026 14:33:47 +0100 (CET)","from zbook.home (unknown [185.12.128.224])\n by mail.codelabs.ch (Postfix) with ESMTPSA id 33A715A0004;\n Wed, 25 Mar 2026 14:33:46 +0100 (CET)"],"X-Virus-Scanned":["amavis at osuosl.org","amavis at osuosl.org"],"X-Comment":"SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver=<UNKNOWN> ","DKIM-Filter":["OpenDKIM Filter v2.11.0 smtp3.osuosl.org 11B826136C","OpenDKIM Filter v2.11.0 smtp4.osuosl.org C03EC41116"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1774445637;\n\tbh=O37uHSBxuD52zgxnU8Vku2AXg3kBKETQ4TNuRF96Hqo=;\n\th=From:To:Cc:Date:In-Reply-To:References:Subject:List-Id:\n\t List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:\n\t From;\n\tb=Jxo8ubijjkW0w11LrrSvrCSXWvlw/i2ecx4HCF80r60HQifzN0gMzG1Zhnm7aQG76\n\t RQaOtafSKATa0YzhBwtcmbQ/fzufJwJLqc+udTsYaLlaYgEYOap11qLmcrLUijYcOm\n\t on9ak4sINIuRHonmqcTdVDWhKp5NFyAmSDcIcEFoYcqAHOt/rFmuXd6TdjO+UeO9BY\n\t h8S5hq4esrTfr8RqemW+9GSaxIFWHgfWzmozhn7mTiD/z8kh6k2jXUINzsacRz4YAA\n\t QZNVuIT7inW/N8vaWYP1txfopcJlIJOgSRGDUUx7f4KbcQBCPEXm9DEM/3q5Zs9aHs\n\t jjsuptgXeKilA==","Received-SPF":"Pass (mailfrom) identity=mailfrom;\n client-ip=2a02:168:860f:1::35;\n helo=mail.codelabs.ch; envelope-from=martin@strongswan.org;\n receiver=<UNKNOWN>","DMARC-Filter":"OpenDMARC Filter v1.4.2 smtp4.osuosl.org C03EC41116","From":"Martin Willi <martin@strongswan.org>","To":"buildroot@buildroot.org","Cc":"Thomas Perale <thomas.perale@mind.be>","Date":"Wed, 25 Mar 2026 14:33:40 +0100","Message-ID":"<20260325133343.1008245-3-martin@strongswan.org>","In-Reply-To":"<20260325133343.1008245-1-martin@strongswan.org>","References":"<20260325133343.1008245-1-martin@strongswan.org>","MIME-Version":"1.0","X-Mailman-Original-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple;\n d=strongswan.org; s=default; t=1774445626;\n bh=gxSAMouLf155N2FhJR5qwjpq6XNLUyY8J3wCpAwPhBc=;\n h=From:To:Cc:Subject:Date:In-Reply-To:References:From;\n b=NUGAlaKcJSipmGRQNkPK/g4NnmqL78h4u/SGE4UsfBHhJvNTkTVEEkSBHYxUlJicN\n Ha2voQSbeh/8pygNVgNviLgHEdOt+ahRQr8BHvKBLt3HHevlMIT2JkYv+7h+grB7Tp\n WFQnZnXPWGsodCqvNfIUATXCl+LzL8NClI6vs+GzVwZQ9OCTkRX65VNSGlxCl7nZOH\n 2SLM8yW+t/Cg0FhzKAcnhn7QmXYAvIeUSlec7FUI1VbvT5gvzyS82PqkhOi0W8tEWu\n G7A/2jMWxbz/dG+ljZjzfc/bhEtfcWDT1o+oAi/T5YpwA/xx0+ge0UfD+ntnQeFk9r\n N1BJtratKvgUA==","X-Mailman-Original-Authentication-Results":["smtp4.osuosl.org;\n dmarc=pass (p=none dis=none)\n header.from=strongswan.org","smtp4.osuosl.org;\n dkim=pass (2048-bit key,\n unprotected) header.d=strongswan.org header.i=@strongswan.org\n header.a=rsa-sha256 header.s=default header.b=NUGAlaKc"],"Subject":"[Buildroot] [PATCH v3 2/5] utils/generate-cyclonedx: remove\n indirect dependencies from root component","X-BeenThere":"buildroot@buildroot.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Discussion and development of buildroot <buildroot.buildroot.org>","List-Unsubscribe":"<https://lists.buildroot.org/mailman/options/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=unsubscribe>","List-Archive":"<http://lists.buildroot.org/pipermail/buildroot/>","List-Post":"<mailto:buildroot@buildroot.org>","List-Help":"<mailto:buildroot-request@buildroot.org?subject=help>","List-Subscribe":"<https://lists.buildroot.org/mailman/listinfo/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@buildroot.org","Sender":"\"buildroot\" <buildroot-bounces@buildroot.org>"},"content":"Commit dc4af8bfa979 (\"utils/generate-cyclonedx: use direct dependencies\")\nremoves indirect dependencies from any listed component, as required by\nCycloneDX. The root component, however, still includes indirect dependencies,\nas it just takes the components from the show-info output.\n\nFix this by collecting all component dependencies, and then filter the root\ncomponent dependencies to include direct dependencies only.\n\nSigned-off-by: Martin Willi <martin@strongswan.org>\n---\n .../tests/utils/test_generate_cyclonedx.py     |  3 +++\n utils/generate-cyclonedx                       | 18 +++++++++++++++++-\n 2 files changed, 20 insertions(+), 1 deletion(-)","diff":"diff --git a/support/testing/tests/utils/test_generate_cyclonedx.py b/support/testing/tests/utils/test_generate_cyclonedx.py\nindex 20f67b48a7a8..9b041ffb61fb 100644\n--- a/support/testing/tests/utils/test_generate_cyclonedx.py\n+++ b/support/testing/tests/utils/test_generate_cyclonedx.py\n@@ -126,6 +126,9 @@ class TestGenerateCycloneDX(unittest.TestCase):\n         foo_deps = next(d for d in result[\"dependencies\"] if d[\"ref\"] == \"package-foo\")\n         self.assertEqual(foo_deps[\"dependsOn\"], [\"package-bar\", \"skeleton-baz\"])\n \n+        project_deps = next(d for d in result[\"dependencies\"] if d[\"ref\"] == \"buildroot\")\n+        self.assertEqual(project_deps[\"dependsOn\"], [\"host-tool\", \"package-foo\"])\n+\n     def test_virtual(self):\n         result = self._run_script([\"--virtual\"])\n \ndiff --git a/utils/generate-cyclonedx b/utils/generate-cyclonedx\nindex 35198a47cfdd..70abd7af7c89 100755\n--- a/utils/generate-cyclonedx\n+++ b/utils/generate-cyclonedx\n@@ -385,6 +385,22 @@ def br2_parse_deps(ref, show_info_dict, virtual=False) -> list:\n     return list(deps)\n \n \n+def br2_root_deps(show_info_dict, virtual=False) -> list:\n+    \"\"\"Retrieve the list of direct dependencies of the root component.\n+\n+    Args:\n+        show_info_dict (dict): The JSON output of the show-info command.\n+        virtual (bool): Whether to resolve virtual dependencies to their providers.\n+\n+    Returns:\n+        list: List of direct dependencies of the root component.\n+    \"\"\"\n+    indirect = set()\n+    for ref in show_info_dict:\n+        indirect.update(br2_parse_deps(ref, show_info_dict, virtual))\n+    return [ref for ref in show_info_dict if ref not in indirect]\n+\n+\n def main():\n     parser = argparse.ArgumentParser(\n             description='''Create a CycloneDX SBoM for the Buildroot configuration.\n@@ -447,7 +463,7 @@ def main():\n             cyclonedx_component(name, comp) for name, comp in filtered_show_info_dict.items()\n         ],\n         \"dependencies\": [\n-            cyclonedx_dependency(args.project_name, list(filtered_show_info_dict)),\n+            cyclonedx_dependency(args.project_name, br2_root_deps(filtered_show_info_dict, args.virtual)),\n             *[cyclonedx_dependency(ref, br2_parse_deps(ref, show_info_dict, args.virtual))\n               for ref in filtered_show_info_dict],\n         ],\n","prefixes":["v3","2/5"]}