Page MenuHomeFreeBSD
Files F152944349

D56299.diff
No OneTemporary
Actions

D56299.diff
View Options

diff --git a/website/content/en/status/report-2026-01-2026-03/sbom.adoc b/website/content/en/status/report-2026-01-2026-03/sbom.adoc
new file mode 100644
--- /dev/null
+++ b/website/content/en/status/report-2026-01-2026-03/sbom.adoc
@@ -0,0 +1,37 @@
+=== FreeBSD Software Bill of Materials
+
+Links: +
+link:https://github.com/pkgconf/pkgconf/pull/484[spdxtool: Add parameter for using URI as SPDX id] URL: link:https://github.com/pkgconf/pkgconf/pull/484[] +
+link:https://github.com/pkgconf/pkgconf/pull/483[spdxtool: Add cli parameter for changing SPDX id] URL: link:https://github.com/pkgconf/pkgconf/pull/483[] +
+link:https://github.com/pkgconf/pkgconf/pull/475[spdxtool: spdxtool: Add homepage handling] URL: link:https://github.com/pkgconf/pkgconf/pull/475[] +
+link:https://github.com/pkgconf/pkgconf/pull/474[spdxtool: Add source handling to SBOM] URL: link:https://github.com/pkgconf/pkgconf/pull/474[] +
+link:https://github.com/pkgconf/pkgconf/pull/473[spdxtool: Add support for copyright text] URL: link:https://github.com/pkgconf/pkgconf/pull/473[] +
+link:https://github.com/pkgconf/pkgconf/pull/461[spdxtool: Rework of License-tag SDPX expression evaluation] URL: link:https://github.com/pkgconf/pkgconf/pull/461[] +
+link:https://github.com/pkgconf/pkgconf/pull/450[Add some stricter compiler warnings and overcome new warnings ] URL: link:https://github.com/pkgconf/pkgconf/pull/450[] +
+link:https://github.com/pkgconf/pkgconf/pull/447[libpkgconf/libpkgconf.h: Add printf-like attributes to functions] URL: link:https://github.com/pkgconf/pkgconf/pull/447[] +
+link:https://github.com/pkgconf/pkgconf/pull/446[spdxtool: Update variables that are const to const] URL: link:https://github.com/pkgconf/pkgconf/pull/446[] +
+link:https://github.com/pkgconf/pkgconf/pull/445[man/spdxtool.1: Add man page for spdxtool] URL: link:https://github.com/pkgconf/pkgconf/pull/445[] +
+link:https://cgit.freebsd.org/src/log/?qt=author&q=Tuukka+Pasanen[Added SPDX-License-Identifiers] URL: link:https://cgit.freebsd.org/src/log/?qt=author&q=Tuukka+Pasanen[] +
+link:https://github.com/freebsd/freebsd-src/compare/main...illuusio:freebsd-src:update-spdx-licenses[SPDX-License-Identifiers up-to review and waiting for upstreaming] URL: link:https://github.com/freebsd/freebsd-src/compare/main...illuusio:freebsd-src:update-spdx-licenses[] +
+link:https://reviews.freebsd.org/D55461[Issue open for commenting and review: caesar: Add SPDX-License-Identifier tags] URL: https://reviews.freebsd.org/D55461[] +
+link:https://github.com/illuusio/freebsd-src/tree/sbom-pkgconfig/release/sbom[.pc file for SBOM metadata (WIP)] URL: https://github.com/illuusio/freebsd-src/tree/sbom-pkgconfig/release/sbom
+
+Contact: Tuukka Pasanen <tuukka.pasanen@ilmi.fi>
+
+The FreeBSD Software Bill of Materials (SBOM) project started in 2025 and continued in 2026.
+Work in 2026 has focused more on the EU Cyber Resilience Act (CRA), and the effort has shifted toward delivering a framework for FreeBSD source.
+
+In the first quarter of 2026, SBOM work was delivered in three categories:
+* Pkgconf upstream work, especially with spdxtool-tool, which is used for creating SPDX Lite 3.0.1 JSON-LD SBOMs from [.filename]#.pc#-files. +
+Several missing features have been added and are under active development by pkgconf contributors. +
+The tool is now nearly compatible with SPDX Lite 3.0.1 requirements and is ready for general use. +
+Additionally, there is an effort to import pkgconf as part of the FreeBSD source, led by Pierre Pronchery.
+* Adding missing SPDX-License-Identifier to files under the FreeBSD source in the [.filename]#bin#, [.filename]#sbin#, [.filename]#usr.bin#, and [.filename]#usr.sbin# directories.
+* Creating [.filename]#.pc#-files for SBOM. The first patch is expected to land in 2026Q2, starting with files from [.filename]#bin#.
+
+If you want to help with this effort:
+* Verify that SPDX-License-Identifier licenses are correct and assist with upstreaming files.
+* Verify that [.filename]#.pc# files contain accurate information and help upstreaming them to git.
+* Assist in reviewing the pkgconf import to the FreeBSD source.
+
+Sponsor: The FreeBSD Foundation

File Metadata

Mime Type
text/plain
Expires
Sun, Apr 19, 5:56 AM (9 h, 9 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
31526269
Default Alt Text
D56299.diff (4 KB)

Event Timeline