286644 – [new port] security/py-lib4sbom: library to parse and generate Software Bill of Materials

Bug 286644 - [new port] security/py-lib4sbom: library to parse and generate Software Bill of Materials

Summary: [new port] security/py-lib4sbom: library to parse and generate Software Bill ...

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Muhammad Moinur Rahman

URL:
Keywords:

Depends on:
Blocks:	286645
	Show dependency tree / graph

Reported:	2025-05-07 06:06 UTC by Tuukka Pasanen
Modified:	2025-07-16 15:31 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Patch to add Python lib4sbom to ports (5.25 KB, patch) 2025-05-07 06:06 UTC, Tuukka Pasanen	no flags	Details \| Diff
Patch to add Python lib4sbom to ports (5.22 KB, patch) 2025-05-08 09:42 UTC, Tuukka Pasanen	no flags	Details \| Diff
Patch to add Python lib4sbom to ports (5.11 KB, patch) 2025-06-26 06:09 UTC, Tuukka Pasanen	no flags	Details \| Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tuukka Pasanen 2025-05-07 06:06:47 UTC

Created attachment 260228 [details]
Patch to add Python lib4sbom to ports

Lib4SBOM is a library to parse and generate Software Bill of Materials (SBOMs).
It supports SBOMs created in both SPDX and CycloneDX formats.

Comment 1 Tuukka Pasanen 2025-05-08 06:48:07 UTC

I noticed that I made mistake in my patch. Is there way to update it?

Comment 2 Tuukka Pasanen 2025-05-08 09:42:15 UTC

Created attachment 260257 [details]
Patch to add Python lib4sbom to ports

Comment 3 Tuukka Pasanen 2025-06-26 06:09:33 UTC

Created attachment 261616 [details]
Patch to add Python lib4sbom to ports

Lib4SBOM is a library to parse and generate Software Bill of Materials (SBOMs).
It supports SBOMs created in both SPDX and CycloneDX formats.

Tested with Poudriere (14.2 and 14.3) and Portclippy to be compliant

Comment 4 Hiroki Tagato freebsd_committer

2025-06-26 13:06:39 UTC

Thanks for a new port submission.

A couple of comments:
- The contents of requirements.txt do not match the list of RUN_DEPENDS
  If there is no specific reason, the two should be the same including version range specifications.
- The port installs files into ${PREFIX}/lib/python3.11/site-packages/{examples,test,tools}
  The names of those directories are so generic and could be a potential source of name collisions. Are the files in those directories really necessary for the python package to operate? I doubt "test" is necessary. "examples" might be better installed into ${PREFIX}/share/examples/py311-lib4sbom if needed. I'm not sure about "tools".

Comment 5 commit-hook freebsd_committer

2025-07-16 15:28:01 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=b5444da848e3977e12c8da43895bd03325d2839f

commit b5444da848e3977e12c8da43895bd03325d2839f
Author:     Tuukka Pasanen <tuukka.pasanen@ilmi.fi>
AuthorDate: 2025-05-05 19:22:14 +0000
Commit:     Muhammad Moinur Rahman <bofh@FreeBSD.org>
CommitDate: 2025-07-16 14:53:24 +0000

    security/py-lib4sbom: New port

    Lib4SBOM is a library to parse and generate Software Bill of Materials
    (SBOMs).  It supports SBOMs created in both SPDX and CycloneDX formats.

    WWW: https://github.com/anthonyharrison/lib4sbom
    PR:             286644
    Sponsored by:   The FreeBSD Foundation

 security/Makefile                    |  1 +
 security/py-lib4sbom/Makefile (new)  | 86 ++++++++++++++++++++++++++++++++++++
 security/py-lib4sbom/distinfo (new)  |  3 ++
 security/py-lib4sbom/pkg-descr (new) | 17 +++++++
 4 files changed, 107 insertions(+)

Comment 6 Muhammad Moinur Rahman freebsd_committer

2025-07-16 15:31:58 UTC

Committed with changes.