0.16 (2023-05-07)

Support for SPDX-formatted software build of materials (SBOM)

As of v0.14, releng-tool supported a series of formats to use for generating a SBOM document. All these formats are generic documents, not following any specification. With v0.16, this release introduces initial support for SPDX-styled SBOM documents (JSON and RDP/XML formats).

These documents attempt to follow the SPDX v2.3 specification. Assuming projects use valid SPDX license identifiers, generated SPDX SBOM documents should be compliant with the specification.

Support for Meson package types

Introduction of the meson package type. These new package types allow a developer to easily invoke Meson targets at various stages, without needing invoke these tools inside a scripts package.

Accept module-specific local-sources using :

Users overriding module-specific local-sources could do so using an at sign (@) to identify between a package and a target path. For example:

releng-tool --local-sources libfoo@~/devwork/libfoo

An issue using the @ is that a user may not easily be able to use tab completion for a target path in their shell environment. To help support shells with tab completion support, these commands now accept an alternative format using a colon (:) character. For example:

releng-tool --local-sources libfoo:~/devwork/libfoo

Both formats are supported.

Notable fixes

Two notable issues have been addressed from previous releases:

  1. SBOM support when using the html format would generate a document with no package information. This has been corrected in this version.

  2. A regression with releng_copy has been corrected. When using the copy call with a destination of a single relative path, the call would throw an exception (e.g. a call such as releng_copy(src, 'output') would always fail). This was a result of an incorrect check that attempts to ensure the output directory exists, and fails to create an “empty” directory. With this new release, releng_copy properly handles a single relative path.