Support for SPDX-formatted software build of materials (SBOM)¶
As of v0.14, releng-tool supported a series of formats to use for generating a SBOM document. All these formats are generic documents, not following any specification. With v0.16, this release introduces initial support for SPDX-styled SBOM documents (JSON and RDP/XML formats).
These documents attempt to follow the SPDX v2.3 specification. Assuming projects use valid SPDX license identifiers, generated SPDX SBOM documents should be compliant with the specification.
Support for Meson package types¶
Introduction of the
meson package type. These new package types allow a
developer to easily invoke Meson targets at various stages, without needing
invoke these tools inside a scripts package.
Accept module-specific local-sources using
Users overriding module-specific local-sources could do so using an at sign
@) to identify between a package and a target path. For example:
releng-tool --local-sources libfoo@~/devwork/libfoo
An issue using the
@ is that a user may not easily be able to use tab
completion for a target path in their shell environment. To help support
shells with tab completion support, these commands now accept an alternative
format using a colon (
:) character. For example:
releng-tool --local-sources libfoo:~/devwork/libfoo
Both formats are supported.
Two notable issues have been addressed from previous releases:
SBOM support when using the
htmlformat would generate a document with no package information. This has been corrected in this version.
A regression with
releng_copyhas been corrected. When using the copy call with a destination of a single relative path, the call would throw an exception (e.g. a call such as
releng_copy(src, 'output')would always fail). This was a result of an incorrect check that attempts to ensure the output directory exists, and fails to create an “empty” directory. With this new release,
releng_copyproperly handles a single relative path.