This introduces the following option:

• MK_SBOM: enables the generation of SBOM files during the build.

This option uses bomtool(1) from the pkgconf project, as provided by the MK_PKGCONF option. Consequently, MK_SBOM is automatically disabled when MK_PKGCONF is disabled.

The following parameters are available as well:

• BOMTOOL: Path to bomtool(1) (for SPDX version 2 files)
• SBOMDIR: Source directory for pkg-config files (release/sbom/pkgconfig)
• SPDXDIR: Destination for SPDX version 2 files (/usr/share/sbom/spdx)

Another tool from the pkgconf project, spdxtool(1), is planned for import and will use the following options:

• JSONLDDIR: Destination for SPDX version 3 files (/usr/share/sbom/jsonld)
• SPDXTOOL: Path to spdxtool(1) (for SPDX version 3 files)

Sponsored by: Alpha-Omega, The FreeBSD Foundation

After importing the corresponding .pc files in release/sbom/pkgconfig from https://github.com/illuusio/freebsd-src/tree/sbom-pkgconfig:

$ make buildworld
[...]
$ ls obj/amd64.amd64/tmp/usr/share/sbom/spdx/*.spdx
lib80211.spdx           libelftc.spdx           libpfctl.spdx
lib9p.spdx              libevent1.spdx          libpjdlog.spdx
libalias.spdx           libexecinfo.spdx        libpmc.spdx
[...]