<!-- https://www.goodfreephotos.com/food/bunch-of-stacked-pizza-boxes.jpg.php --> <section data-background="pizza-boxes.jpg" /> ##  --- ```bash [1-6|7-8] $ cat .../site-packages/setuptools-65.5.1.dist-info/METADATA ... Name: setuptools Version: 65.5.1 ... $ rpm -q python3.11-setuptools-wheel python3.11-setuptools-wheel-65.5.1-3.el9.noarch.rpm ``` --- ```bash [4] $ cat .../site-packages/setuptools-65.5.1.dist-info/METADATA ... Name: setuptools Version: 65.5.1-3 ... $ rpm -q python3.11-setuptools-wheel python3.11-setuptools-wheel-65.5.1-3.el9.noarch.rpm ``` --- # More metadata? ```bash [4] Metadata-Version: 2.6 Name: setuptools Version: 65.5.1 Whatever-Miro-Needs: python3.11-setuptools-wheel-65.5.1-3.el9.noarch.rpm Whatever-Lumír-Secretly-Desires: 🍍 on 🍕 ... ``` --- <!-- https://unsplash.com/photos/yellow-cheese-lot-on-brown-wooden-shelf-v9deD75EaRw --> <section data-background="cheese.jpg" /> --- ##  --- ```bash [4] Metadata-Version: 2.7 Name: pillow Version: 12.1.1 Is-In-This: libXau-1.0.9-3.el8.x86_64.rpm ... ``` --- # SBOM Software Bill-of-Materials --- <!-- https://unsplash.com/photos/round-cooked-pizza-x00CzBt4Dfk --> <section data-background="pizza.jpg" /> --- <!-- https://unsplash.com/photos/person-holding-white-textile-on-stainless-steel-tray-sGwGN4PEQac --> <section data-background="dough.jpg" /> --- <!-- https://unsplash.com/photos/red-cherry-tomatoes-nM6qrtnVKn8 --> <section data-background="tomatoes.jpg" /> --- <section style="font-size: 90%;"> ```json { "bomFormat": "CycloneDX", "specVersion": "1.5", "metadata": { "component": { "name": "pizza", "version": "1.0.0", "type": "application" } }, "components": [ { "name": "tomatoes", "version": "4.17.21", "licenses": [{"license": {"id": "MIT"}}], "type": "library" }, { "name": "pineapple", "version": "4.18.2", "licenses": [{"license": {"id": "MIT"}}], "type": "library" } ] } ``` --- # PEP 770 Improving measurability of Python packages with Software Bill-of-Materials --- # PEP 770 - common location in `*.dist-info/sboms` - any SBOM format - whatever you need in it --- <section style="font-size: 97%;"> ```bash [1,6-11|10] $ cat .../site-packages/setuptools-65.5.1.dist-info/sboms/bom.json { "bomFormat": "CycloneDX", "specVersion": "1.6", "components": [ { "type": "library", "name": "python3.11-setuptools", "version": "65.5.1-3.el9", "purl": "pkg:rpm/redhat/python3.11-setuptools@65.5.1-3.el9?arch=src" } ] } ``` --- <section style="font-size: 70%;"> ```bash [1|7-8,10-13|14-19|29-30,32-35] $ cat .../site-packages/pillow-12.1.1.dist-info/sboms/auditwheel.cdx.json | python -m json { "bomFormat": "CycloneDX", "specVersion": "1.4", "version": 1, "metadata": { "component": { "type": "library", "bom-ref": "pkg:pypi/pillow@12.1.1?file_name=pillow-12.1.1-cp314-cp314-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", "name": "pillow", "version": "12.1.1", "purl": "pkg:pypi/pillow@12.1.1?file_name=pillow-12.1.1-cp314-cp314-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl" }, "tools": [ { "name": "auditwheel", "version": "6.5.0" } ] }, "components": [ { "type": "library", "bom-ref": "pkg:pypi/pillow@12.1.1?file_name=pillow-12.1.1-cp314-cp314-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", "name": "pillow", "version": "12.1.1", "purl": "pkg:pypi/pillow@12.1.1?file_name=pillow-12.1.1-cp314-cp314-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl" }, { "type": "library", "bom-ref": "pkg:rpm/almalinux/libXau@1.0.9-3.el8#ac77887fa9a50833ff7a34d7e27ebe243468552bc94f6628693cb1dfdaf102e7", "name": "libXau", "version": "1.0.9-3.el8", "purl": "pkg:rpm/almalinux/libXau@1.0.9-3.el8" } ], "dependencies": [ { "ref": "pkg:pypi/pillow@12.1.1?file_name=pillow-12.1.1-cp314-cp314-manylinux_2_27_x86_64.manylinux_2_28_x86_64.whl", "dependsOn": [ "pkg:rpm/almalinux/libXau@1.0.9-3.el8#ac77887fa9a50833ff7a34d7e27ebe243468552bc94f6628693cb1dfdaf102e7" ] }, { "ref": "pkg:rpm/almalinux/libXau@1.0.9-3.el8#ac77887fa9a50833ff7a34d7e27ebe243468552bc94f6628693cb1dfdaf102e7" } ] } ``` --- ```bash $ cat .../site-packages/lumir-1.2.3.dist-info/sboms/pizza.yaml shape: round components: - pineapple - ... ``` --- <!-- https://unsplash.com/photos/orange-and-green-pineapple-fruits-ZS_RypKo9sk --> <section data-background="pineapple.jpg" /> --- <!-- https://icons.getbootstrap.com/icons/mastodon/ --> <svg xmlns="http://www.w3.org/2000/svg" width="35" height="35" fill="currentColor" viewBox="0 0 16 16"> <path d="M11.19 12.195c2.016-.24 3.77-1.475 3.99-2.603.348-1.778.32-4.339.32-4.339 0-3.47-2.286-4.488-2.286-4.488C12.062.238 10.083.017 8.027 0h-.05C5.92.017 3.942.238 2.79.765c0 0-2.285 1.017-2.285 4.488l-.002.662c-.004.64-.007 1.35.011 2.091.083 3.394.626 6.74 3.78 7.57 1.454.383 2.703.463 3.709.408 1.823-.1 2.847-.647 2.847-.647l-.06-1.317s-1.303.41-2.767.36c-1.45-.05-2.98-.156-3.215-1.928a4 4 0 0 1-.033-.496s1.424.346 3.228.428c1.103.05 2.137-.064 3.188-.189zm1.613-2.47H11.13v-4.08c0-.859-.364-1.295-1.091-1.295-.804 0-1.207.517-1.207 1.541v2.233H7.168V5.89c0-1.024-.403-1.541-1.207-1.541-.727 0-1.091.436-1.091 1.296v4.079H3.197V5.522q0-1.288.66-2.046c.456-.505 1.052-.764 1.793-.764.856 0 1.504.328 1.933.983L8 4.39l.417-.695c.429-.655 1.077-.983 1.934-.983.74 0 1.336.259 1.791.764q.662.757.661 2.046z"/> </svg> floss.social/<strong>@hroncok</strong>