diff --git a/arm-software/embedded/CMakeLists.txt b/arm-software/embedded/CMakeLists.txt index 36d045b17bae..3cfa7e492f2a 100644 --- a/arm-software/embedded/CMakeLists.txt +++ b/arm-software/embedded/CMakeLists.txt @@ -319,6 +319,12 @@ if(LLVM_TOOLCHAIN_C_LIBRARY MATCHES "^newlib") DESTINATION bin COMPONENT llvm-toolchain-${LLVM_TOOLCHAIN_C_LIBRARY}-configs ) + install( + FILES + ${CMAKE_CURRENT_SOURCE_DIR}/sbom_atfe_newlib.spdx.json + DESTINATION . + COMPONENT llvm-toolchain-${LLVM_TOOLCHAIN_C_LIBRARY}-configs + ) install( DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/newlib-samples/ @@ -354,6 +360,13 @@ if(LLVM_TOOLCHAIN_C_LIBRARY STREQUAL llvmlibc) COMPONENT llvm-toolchain-llvmlibc-configs ) + install( + FILES + ${CMAKE_CURRENT_SOURCE_DIR}/sbom_atfe_llvmlibc.spdx.json + DESTINATION . + COMPONENT llvm-toolchain-llvmlibc-configs + ) + install( DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/llvmlibc-samples/src @@ -687,7 +700,7 @@ install( ) install( - FILES CHANGELOG.md LICENSE.txt README.md + FILES CHANGELOG.md LICENSE.txt README.md sbom_atfe.spdx.json DESTINATION . COMPONENT llvm-toolchain-docs ) diff --git a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fp_nomve.json b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fp_nomve.json index ddbe52d27698..9f38407b4c3b 100644 --- a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fp_nomve.json +++ b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fp_nomve.json @@ -21,8 +21,8 @@ "PICOLIBC_BUILD_TYPE": "release", "ENABLE_CXX_LIBS": "ON", "ENABLE_LIBC_TESTS": "ON", - "ENABLE_COMPILER_RT_TESTS": "OFF", - "ENABLE_LIBCXX_TESTS": "OFF" + "ENABLE_COMPILER_RT_TESTS": "ON", + "ENABLE_LIBCXX_TESTS": "ON" }, "newlib": { "ENABLE_CXX_LIBS": "ON", @@ -37,4 +37,4 @@ "ENABLE_LIBCXX_TESTS": "OFF" } } -} \ No newline at end of file +} diff --git a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fp_nomve_exn_rtti.json b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fp_nomve_exn_rtti.json index 6d02e76689ba..6961b11b2758 100644 --- a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fp_nomve_exn_rtti.json +++ b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fp_nomve_exn_rtti.json @@ -21,8 +21,8 @@ "PICOLIBC_BUILD_TYPE": "release", "ENABLE_CXX_LIBS": "ON", "ENABLE_LIBC_TESTS": "ON", - "ENABLE_COMPILER_RT_TESTS": "OFF", - "ENABLE_LIBCXX_TESTS": "OFF" + "ENABLE_COMPILER_RT_TESTS": "ON", + "ENABLE_LIBCXX_TESTS": "ON" }, "newlib": { "ENABLE_CXX_LIBS": "ON", @@ -37,4 +37,4 @@ "ENABLE_LIBCXX_TESTS": "OFF" } } -} \ No newline at end of file +} diff --git a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fp_nomve_pacret_bti.json b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fp_nomve_pacret_bti.json index 8e9e8f78b673..c5ddfff49093 100644 --- a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fp_nomve_pacret_bti.json +++ b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fp_nomve_pacret_bti.json @@ -21,8 +21,8 @@ "PICOLIBC_BUILD_TYPE": "release", "ENABLE_CXX_LIBS": "ON", "ENABLE_LIBC_TESTS": "ON", - "ENABLE_COMPILER_RT_TESTS": "OFF", - "ENABLE_LIBCXX_TESTS": "OFF" + "ENABLE_COMPILER_RT_TESTS": "ON", + "ENABLE_LIBCXX_TESTS": "ON" }, "newlib": { "ENABLE_CXX_LIBS": "ON", @@ -37,4 +37,4 @@ "ENABLE_LIBCXX_TESTS": "OFF" } } -} \ No newline at end of file +} diff --git a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fp_nomve_pacret_bti_exn_rtti.json b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fp_nomve_pacret_bti_exn_rtti.json index ec4110e8ce25..4687480919e2 100644 --- a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fp_nomve_pacret_bti_exn_rtti.json +++ b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fp_nomve_pacret_bti_exn_rtti.json @@ -21,8 +21,8 @@ "PICOLIBC_BUILD_TYPE": "release", "ENABLE_CXX_LIBS": "ON", "ENABLE_LIBC_TESTS": "ON", - "ENABLE_COMPILER_RT_TESTS": "OFF", - "ENABLE_LIBCXX_TESTS": "OFF" + "ENABLE_COMPILER_RT_TESTS": "ON", + "ENABLE_LIBCXX_TESTS": "ON" }, "newlib": { "ENABLE_CXX_LIBS": "ON", @@ -37,4 +37,4 @@ "ENABLE_LIBCXX_TESTS": "OFF" } } -} \ No newline at end of file +} diff --git a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fpdp_nomve.json b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fpdp_nomve.json index fb28a2a770d7..8d5a0dd6f553 100644 --- a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fpdp_nomve.json +++ b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fpdp_nomve.json @@ -21,8 +21,8 @@ "PICOLIBC_BUILD_TYPE": "release", "ENABLE_CXX_LIBS": "ON", "ENABLE_LIBC_TESTS": "ON", - "ENABLE_COMPILER_RT_TESTS": "OFF", - "ENABLE_LIBCXX_TESTS": "OFF" + "ENABLE_COMPILER_RT_TESTS": "ON", + "ENABLE_LIBCXX_TESTS": "ON" }, "newlib": { "ENABLE_CXX_LIBS": "ON", @@ -37,4 +37,4 @@ "ENABLE_LIBCXX_TESTS": "OFF" } } -} \ No newline at end of file +} diff --git a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fpdp_nomve_exn_rtti.json b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fpdp_nomve_exn_rtti.json index b81fd0019030..6421517bcee7 100644 --- a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fpdp_nomve_exn_rtti.json +++ b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fpdp_nomve_exn_rtti.json @@ -21,8 +21,8 @@ "PICOLIBC_BUILD_TYPE": "release", "ENABLE_CXX_LIBS": "ON", "ENABLE_LIBC_TESTS": "ON", - "ENABLE_COMPILER_RT_TESTS": "OFF", - "ENABLE_LIBCXX_TESTS": "OFF" + "ENABLE_COMPILER_RT_TESTS": "ON", + "ENABLE_LIBCXX_TESTS": "ON" }, "newlib": { "ENABLE_CXX_LIBS": "ON", @@ -37,4 +37,4 @@ "ENABLE_LIBCXX_TESTS": "OFF" } } -} \ No newline at end of file +} diff --git a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fpdp_nomve_pacret_bti.json b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fpdp_nomve_pacret_bti.json index 24fd0d09e025..60122f7faed8 100644 --- a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fpdp_nomve_pacret_bti.json +++ b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fpdp_nomve_pacret_bti.json @@ -21,8 +21,8 @@ "PICOLIBC_BUILD_TYPE": "release", "ENABLE_CXX_LIBS": "ON", "ENABLE_LIBC_TESTS": "ON", - "ENABLE_COMPILER_RT_TESTS": "OFF", - "ENABLE_LIBCXX_TESTS": "OFF" + "ENABLE_COMPILER_RT_TESTS": "ON", + "ENABLE_LIBCXX_TESTS": "ON" }, "newlib": { "ENABLE_CXX_LIBS": "ON", @@ -37,4 +37,4 @@ "ENABLE_LIBCXX_TESTS": "OFF" } } -} \ No newline at end of file +} diff --git a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fpdp_nomve_pacret_bti_exn_rtti.json b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fpdp_nomve_pacret_bti_exn_rtti.json index cef3207b729d..e96a7075120b 100644 --- a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fpdp_nomve_pacret_bti_exn_rtti.json +++ b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_fpdp_nomve_pacret_bti_exn_rtti.json @@ -21,8 +21,8 @@ "PICOLIBC_BUILD_TYPE": "release", "ENABLE_CXX_LIBS": "ON", "ENABLE_LIBC_TESTS": "ON", - "ENABLE_COMPILER_RT_TESTS": "OFF", - "ENABLE_LIBCXX_TESTS": "OFF" + "ENABLE_COMPILER_RT_TESTS": "ON", + "ENABLE_LIBCXX_TESTS": "ON" }, "newlib": { "ENABLE_CXX_LIBS": "ON", @@ -37,4 +37,4 @@ "ENABLE_LIBCXX_TESTS": "OFF" } } -} \ No newline at end of file +} diff --git a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_nofp_mve.json b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_nofp_mve.json index 03133255f6ec..b91cef923167 100644 --- a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_nofp_mve.json +++ b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_nofp_mve.json @@ -21,8 +21,8 @@ "PICOLIBC_BUILD_TYPE": "release", "ENABLE_CXX_LIBS": "ON", "ENABLE_LIBC_TESTS": "ON", - "ENABLE_COMPILER_RT_TESTS": "OFF", - "ENABLE_LIBCXX_TESTS": "OFF" + "ENABLE_COMPILER_RT_TESTS": "ON", + "ENABLE_LIBCXX_TESTS": "ON" }, "newlib": { "ENABLE_CXX_LIBS": "ON", @@ -37,4 +37,4 @@ "ENABLE_LIBCXX_TESTS": "OFF" } } -} \ No newline at end of file +} diff --git a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_nofp_mve_exn_rtti.json b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_nofp_mve_exn_rtti.json index f4c7df92321e..00581ad26cfe 100644 --- a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_nofp_mve_exn_rtti.json +++ b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_nofp_mve_exn_rtti.json @@ -21,8 +21,8 @@ "PICOLIBC_BUILD_TYPE": "release", "ENABLE_CXX_LIBS": "ON", "ENABLE_LIBC_TESTS": "ON", - "ENABLE_COMPILER_RT_TESTS": "OFF", - "ENABLE_LIBCXX_TESTS": "OFF" + "ENABLE_COMPILER_RT_TESTS": "ON", + "ENABLE_LIBCXX_TESTS": "ON" }, "newlib": { "ENABLE_CXX_LIBS": "ON", @@ -37,4 +37,4 @@ "ENABLE_LIBCXX_TESTS": "OFF" } } -} \ No newline at end of file +} diff --git a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_nofp_mve_pacret_bti.json b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_nofp_mve_pacret_bti.json index 3ac88c1461ed..15f97d542e8e 100644 --- a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_nofp_mve_pacret_bti.json +++ b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_nofp_mve_pacret_bti.json @@ -21,8 +21,8 @@ "PICOLIBC_BUILD_TYPE": "release", "ENABLE_CXX_LIBS": "ON", "ENABLE_LIBC_TESTS": "ON", - "ENABLE_COMPILER_RT_TESTS": "OFF", - "ENABLE_LIBCXX_TESTS": "OFF" + "ENABLE_COMPILER_RT_TESTS": "ON", + "ENABLE_LIBCXX_TESTS": "ON" }, "newlib": { "ENABLE_CXX_LIBS": "ON", @@ -37,4 +37,4 @@ "ENABLE_LIBCXX_TESTS": "OFF" } } -} \ No newline at end of file +} diff --git a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_nofp_mve_pacret_bti_exn_rtti.json b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_nofp_mve_pacret_bti_exn_rtti.json index 40b8811ebc31..361e62f82ab8 100644 --- a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_nofp_mve_pacret_bti_exn_rtti.json +++ b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_hard_nofp_mve_pacret_bti_exn_rtti.json @@ -21,8 +21,8 @@ "PICOLIBC_BUILD_TYPE": "release", "ENABLE_CXX_LIBS": "ON", "ENABLE_LIBC_TESTS": "ON", - "ENABLE_COMPILER_RT_TESTS": "OFF", - "ENABLE_LIBCXX_TESTS": "OFF" + "ENABLE_COMPILER_RT_TESTS": "ON", + "ENABLE_LIBCXX_TESTS": "ON" }, "newlib": { "ENABLE_CXX_LIBS": "ON", @@ -37,4 +37,4 @@ "ENABLE_LIBCXX_TESTS": "OFF" } } -} \ No newline at end of file +} diff --git a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_soft_nofp_nomve.json b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_soft_nofp_nomve.json index b9a7b0a71b23..d33e23995b54 100644 --- a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_soft_nofp_nomve.json +++ b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_soft_nofp_nomve.json @@ -21,8 +21,8 @@ "PICOLIBC_BUILD_TYPE": "release", "ENABLE_CXX_LIBS": "ON", "ENABLE_LIBC_TESTS": "ON", - "ENABLE_COMPILER_RT_TESTS": "OFF", - "ENABLE_LIBCXX_TESTS": "OFF" + "ENABLE_COMPILER_RT_TESTS": "ON", + "ENABLE_LIBCXX_TESTS": "ON" }, "newlib": { "ENABLE_CXX_LIBS": "ON", @@ -37,4 +37,4 @@ "ENABLE_LIBCXX_TESTS": "OFF" } } -} \ No newline at end of file +} diff --git a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_soft_nofp_nomve_exn_rtti.json b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_soft_nofp_nomve_exn_rtti.json index 0b898180116e..1ccf93631f50 100644 --- a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_soft_nofp_nomve_exn_rtti.json +++ b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_soft_nofp_nomve_exn_rtti.json @@ -21,8 +21,8 @@ "PICOLIBC_BUILD_TYPE": "release", "ENABLE_CXX_LIBS": "ON", "ENABLE_LIBC_TESTS": "ON", - "ENABLE_COMPILER_RT_TESTS": "OFF", - "ENABLE_LIBCXX_TESTS": "OFF" + "ENABLE_COMPILER_RT_TESTS": "ON", + "ENABLE_LIBCXX_TESTS": "ON" }, "newlib": { "ENABLE_CXX_LIBS": "ON", @@ -37,4 +37,4 @@ "ENABLE_LIBCXX_TESTS": "OFF" } } -} \ No newline at end of file +} diff --git a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_soft_nofp_nomve_pacret_bti.json b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_soft_nofp_nomve_pacret_bti.json index 711e65fcd94a..d23bd103f2bf 100644 --- a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_soft_nofp_nomve_pacret_bti.json +++ b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_soft_nofp_nomve_pacret_bti.json @@ -21,8 +21,8 @@ "PICOLIBC_BUILD_TYPE": "release", "ENABLE_CXX_LIBS": "ON", "ENABLE_LIBC_TESTS": "ON", - "ENABLE_COMPILER_RT_TESTS": "OFF", - "ENABLE_LIBCXX_TESTS": "OFF" + "ENABLE_COMPILER_RT_TESTS": "ON", + "ENABLE_LIBCXX_TESTS": "ON" }, "newlib": { "ENABLE_CXX_LIBS": "ON", @@ -37,4 +37,4 @@ "ENABLE_LIBCXX_TESTS": "OFF" } } -} \ No newline at end of file +} diff --git a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_soft_nofp_nomve_pacret_bti_exn_rtti.json b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_soft_nofp_nomve_pacret_bti_exn_rtti.json index 451889a4edc5..fce4b251989f 100644 --- a/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_soft_nofp_nomve_pacret_bti_exn_rtti.json +++ b/arm-software/embedded/arm-multilib/json/variants/armv8.1m.main_soft_nofp_nomve_pacret_bti_exn_rtti.json @@ -21,8 +21,8 @@ "PICOLIBC_BUILD_TYPE": "release", "ENABLE_CXX_LIBS": "ON", "ENABLE_LIBC_TESTS": "ON", - "ENABLE_COMPILER_RT_TESTS": "OFF", - "ENABLE_LIBCXX_TESTS": "OFF" + "ENABLE_COMPILER_RT_TESTS": "ON", + "ENABLE_LIBCXX_TESTS": "ON" }, "newlib": { "ENABLE_CXX_LIBS": "ON", @@ -37,4 +37,4 @@ "ENABLE_LIBCXX_TESTS": "OFF" } } -} \ No newline at end of file +} diff --git a/arm-software/embedded/arm-multilib/json/variants/armv8m.main_hard_fp.json b/arm-software/embedded/arm-multilib/json/variants/armv8m.main_hard_fp.json index 53f90ba2160a..7edefd1526fb 100644 --- a/arm-software/embedded/arm-multilib/json/variants/armv8m.main_hard_fp.json +++ b/arm-software/embedded/arm-multilib/json/variants/armv8m.main_hard_fp.json @@ -21,8 +21,8 @@ "PICOLIBC_BUILD_TYPE": "release", "ENABLE_CXX_LIBS": "ON", "ENABLE_LIBC_TESTS": "ON", - "ENABLE_COMPILER_RT_TESTS": "OFF", - "ENABLE_LIBCXX_TESTS": "OFF" + "ENABLE_COMPILER_RT_TESTS": "ON", + "ENABLE_LIBCXX_TESTS": "ON" }, "newlib": { "ENABLE_CXX_LIBS": "ON", @@ -37,4 +37,4 @@ "ENABLE_LIBCXX_TESTS": "OFF" } } -} \ No newline at end of file +} diff --git a/arm-software/embedded/arm-multilib/json/variants/armv8m.main_hard_fp_exn_rtti.json b/arm-software/embedded/arm-multilib/json/variants/armv8m.main_hard_fp_exn_rtti.json index da48ef18ba15..7730ef7aa566 100644 --- a/arm-software/embedded/arm-multilib/json/variants/armv8m.main_hard_fp_exn_rtti.json +++ b/arm-software/embedded/arm-multilib/json/variants/armv8m.main_hard_fp_exn_rtti.json @@ -21,8 +21,8 @@ "PICOLIBC_BUILD_TYPE": "release", "ENABLE_CXX_LIBS": "ON", "ENABLE_LIBC_TESTS": "ON", - "ENABLE_COMPILER_RT_TESTS": "OFF", - "ENABLE_LIBCXX_TESTS": "OFF" + "ENABLE_COMPILER_RT_TESTS": "ON", + "ENABLE_LIBCXX_TESTS": "ON" }, "newlib": { "ENABLE_CXX_LIBS": "ON", @@ -37,4 +37,4 @@ "ENABLE_LIBCXX_TESTS": "OFF" } } -} \ No newline at end of file +} diff --git a/arm-software/embedded/arm-multilib/json/variants/armv8m.main_soft_nofp.json b/arm-software/embedded/arm-multilib/json/variants/armv8m.main_soft_nofp.json index 28f257200fcb..1dd680d97c0e 100644 --- a/arm-software/embedded/arm-multilib/json/variants/armv8m.main_soft_nofp.json +++ b/arm-software/embedded/arm-multilib/json/variants/armv8m.main_soft_nofp.json @@ -21,8 +21,8 @@ "PICOLIBC_BUILD_TYPE": "release", "ENABLE_CXX_LIBS": "ON", "ENABLE_LIBC_TESTS": "ON", - "ENABLE_COMPILER_RT_TESTS": "OFF", - "ENABLE_LIBCXX_TESTS": "OFF" + "ENABLE_COMPILER_RT_TESTS": "ON", + "ENABLE_LIBCXX_TESTS": "ON" }, "newlib": { "ENABLE_CXX_LIBS": "ON", @@ -37,4 +37,4 @@ "ENABLE_LIBCXX_TESTS": "OFF" } } -} \ No newline at end of file +} diff --git a/arm-software/embedded/arm-multilib/json/variants/armv8m.main_soft_nofp_exn_rtti.json b/arm-software/embedded/arm-multilib/json/variants/armv8m.main_soft_nofp_exn_rtti.json index 66b697019773..9dc99e6e752a 100644 --- a/arm-software/embedded/arm-multilib/json/variants/armv8m.main_soft_nofp_exn_rtti.json +++ b/arm-software/embedded/arm-multilib/json/variants/armv8m.main_soft_nofp_exn_rtti.json @@ -21,8 +21,8 @@ "PICOLIBC_BUILD_TYPE": "release", "ENABLE_CXX_LIBS": "ON", "ENABLE_LIBC_TESTS": "ON", - "ENABLE_COMPILER_RT_TESTS": "OFF", - "ENABLE_LIBCXX_TESTS": "OFF" + "ENABLE_COMPILER_RT_TESTS": "ON", + "ENABLE_LIBCXX_TESTS": "ON" }, "newlib": { "ENABLE_CXX_LIBS": "ON", @@ -37,4 +37,4 @@ "ENABLE_LIBCXX_TESTS": "OFF" } } -} \ No newline at end of file +} diff --git a/arm-software/embedded/scripts/SBOM_Scripts/spdx2_document_from_scratch_ATfE.py b/arm-software/embedded/scripts/SBOM_Scripts/spdx2_document_from_scratch_ATfE.py new file mode 100644 index 000000000000..7cf3159882e5 --- /dev/null +++ b/arm-software/embedded/scripts/SBOM_Scripts/spdx2_document_from_scratch_ATfE.py @@ -0,0 +1,300 @@ +# SPDX-FileCopyrightText: 2023 spdx contributors +# +# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +# +# Purpose: This script helps to generate SBOM for ATfE. +# +# Installation: Kindly refer https://github.com/spdx/tools-python for pre-requisite installation. +# +# Usage: python spdx2_document_from_scratch_ATfE.py +# +# Output file generated: sbom_atfe.spdx.json +# +import logging +import uuid +from datetime import datetime +from typing import List + +from spdx_tools.common.spdx_licensing import spdx_licensing +from spdx_tools.spdx.model import ( + Actor, + ActorType, + CreationInfo, + Document, + Package, + Relationship, + RelationshipType, +) +from spdx_tools.spdx.validation.document_validator import validate_full_spdx_document +from spdx_tools.spdx.validation.validation_message import ValidationMessage +from spdx_tools.spdx.writer.write_anything import write_file + +# This example shows how to use the spdx-tools to create an SPDX document from scratch, +# validate it and write it to a file. + +def create_Package( + name, + uuid, + download_location, + actorType, + personName, + personEmail, + license, + licenseComment, +): + package = Package( + name=name, + spdx_id=uuid, + download_location=download_location, + supplier=Actor(actorType, personName, personEmail), + originator=Actor(actorType, personName, personEmail), + files_analyzed=False, + license_concluded=spdx_licensing.parse(license), + license_declared=spdx_licensing.parse(license), + license_comment=licenseComment, + ) + + return package + +# First up, we need general information about the creation of the document, summarised by the CreationInfo class. +creation_info = CreationInfo( + spdx_version="SPDX-2.3", + spdx_id="SPDXRef-DOCUMENT", + name="Arm Toolchain for Embedded", + data_license="CC0-1.0", + document_namespace="https://github.com/arm/arm-toolchain/tree/arm-software/arm-software/embedded", + creators=[ + Actor(ActorType.ORGANIZATION, "Arm Limited", "open-source-office@arm.com") + ], + created=datetime(2025, 3, 5), +) + +# creation_info is the only required property of the Document class (have a look there!), the rest are optional lists. +# So, we are set up to create a new document instance. +document = Document(creation_info) + +# The document currently does not describe anything. Let's create a package that we can add to it. +# The Package class has quite a few properties (have a look there!), +# but only name, spdx_id and download_location are mandatory in SPDX v2.3. +package_url = ( + "https://github.com/arm/arm-toolchain/tree/arm-software/arm-software/embedded" +) +package_uuid_atfe = "SPDXRef-Package-" + str( + uuid.uuid5(uuid.NAMESPACE_URL, package_url) +) +package_atfe = create_Package( + "Arm Toolchain for Embedded", + package_uuid_atfe, + package_url, + ActorType.ORGANIZATION, + "Arm Limited", + "open-source-office@arm.com", + "Apache-2.0 WITH LLVM-exception", + "", +) + +package_url = "https://github.com/llvm/llvm-project" +package_uuid_llvm = "SPDXRef-Package-" + str( + uuid.uuid5(uuid.NAMESPACE_URL, "https://github.com/llvm/llvm-project") +) +package_llvm = create_Package( + "llvm-project", + package_uuid_llvm, + package_url, + ActorType.ORGANIZATION, + "https://foundation.llvm.org/", + "info@llvm.org", + "Apache-2.0 WITH LLVM-exception", + "", +) + +package_url = "https://github.com/llvm/llvm-project/tree/main/clang" +package_uuid_clang = "SPDXRef-Package-" + str( + uuid.uuid5(uuid.NAMESPACE_URL, package_url) +) +package_clang = create_Package( + "clang", + package_uuid_clang, + package_url, + ActorType.ORGANIZATION, + "https://foundation.llvm.org/", + "info@llvm.org", + "Apache-2.0 WITH LLVM-exception", + "", +) + +package_url = "https://github.com/llvm/llvm-project/tree/main/lld" +package_uuid_lld = "SPDXRef-Package-" + str(uuid.uuid5(uuid.NAMESPACE_URL, package_url)) +package_lld = create_Package( + "lld", + package_uuid_lld, + package_url, + ActorType.ORGANIZATION, + "https://foundation.llvm.org/", + "info@llvm.org", + "Apache-2.0 WITH LLVM-exception", + "", +) + +package_url = "https://github.com/llvm/llvm-project/tree/main/compiler-rt" +package_uuid_compiler_rt = "SPDXRef-Package-" + str( + uuid.uuid5(uuid.NAMESPACE_URL, package_url) +) +package_compiler_rt = create_Package( + "compiler-rt", + package_uuid_compiler_rt, + package_url, + ActorType.ORGANIZATION, + "https://foundation.llvm.org/", + "info@llvm.org", + "Apache-2.0 WITH LLVM-exception", + "", +) + +package_url = "https://github.com/llvm/llvm-project/tree/main/libcxx" +package_uuid_libcxx = "SPDXRef-Package-" + str( + uuid.uuid5(uuid.NAMESPACE_URL, package_url) +) +package_libcxx = create_Package( + "libcxx", + package_uuid_libcxx, + package_url, + ActorType.ORGANIZATION, + "https://foundation.llvm.org/", + "info@llvm.org", + "Apache-2.0 WITH LLVM-exception", + "", +) + +package_url = "https://github.com/llvm/llvm-project/tree/main/libcxxabi" +package_uuid_libcxxabi = "SPDXRef-Package-" + str( + uuid.uuid5(uuid.NAMESPACE_URL, package_url) +) +package_libcxxabi = create_Package( + "libcxxabi", + package_uuid_libcxxabi, + package_url, + ActorType.ORGANIZATION, + "https://foundation.llvm.org/", + "info@llvm.org", + "Apache-2.0 WITH LLVM-exception", + "", +) + +package_url = "https://github.com/llvm/llvm-project/tree/main/libunwind" +package_uuid_libunwind = "SPDXRef-Package-" + str( + uuid.uuid5(uuid.NAMESPACE_URL, package_url) +) +package_libunwind = create_Package( + "libunwind", + package_uuid_libunwind, + package_url, + ActorType.ORGANIZATION, + "https://foundation.llvm.org/", + "info@llvm.org", + "Apache-2.0 WITH LLVM-exception", + "", +) + +package_url = "https://github.com/picolibc/picolibc" +package_uuid_picolibc = "SPDXRef-Package-" + str( + uuid.uuid5(uuid.NAMESPACE_URL, package_url) +) +package_picolibc = create_Package( + "picolibc", + package_uuid_picolibc, + package_url, + ActorType.PERSON, + "Keith Packard", + "https://github.com/keith-packard", + "", + "Detailed list of licenses is at: https://github.com/picolibc/picolibc/blob/main/COPYING.picolibc", +) + +# Now that we have a package defined, we can add it to the document's package property. +document.packages = [ + package_atfe, + package_llvm, + package_clang, + package_lld, + package_compiler_rt, + package_libcxx, + package_libcxxabi, + package_libunwind, + package_picolibc, +] + +# A DESCRIBES relationship asserts that the document indeed describes the package. +describes_relationship = Relationship( + "SPDXRef-DOCUMENT", RelationshipType.DESCRIBES, package_uuid_atfe +) +document.relationships = [describes_relationship] + +# Assuming the package contains those two files, we create two CONTAINS relationships. + +# This library uses run-time type checks when assigning properties. +# Because in-place alterations like .append() circumvent these checks, we don't use them here. + +# We now have created a document with basic creation information, describing a package that contains two files. +# You can also add Annotations, Snippets and ExtractedLicensingInfo to the document in an analogous manner to the above. +# Have a look at their respective classes if you are unsure about their properties. + +# Assuming the package contains those two files, we create two CONTAINS relationships. +contains_relationship_atfe = Relationship( + package_uuid_atfe, RelationshipType.CONTAINS, package_uuid_atfe +) +contains_relationship_llvm = Relationship( + package_uuid_llvm, RelationshipType.CONTAINS, package_uuid_llvm +) +contains_relationship_clang = Relationship( + package_uuid_clang, RelationshipType.CONTAINS, package_uuid_clang +) +contains_relationship_lld = Relationship( + package_uuid_lld, RelationshipType.CONTAINS, package_uuid_lld +) +contains_relationship_compiler_rt = Relationship( + package_uuid_compiler_rt, RelationshipType.CONTAINS, package_uuid_compiler_rt +) +contains_relationship_libcxx = Relationship( + package_uuid_libcxx, RelationshipType.CONTAINS, package_uuid_libcxx +) +contains_relationship_libcxxabi = Relationship( + package_uuid_libcxxabi, RelationshipType.CONTAINS, package_uuid_libcxxabi +) +contains_relationship_libunwind = Relationship( + package_uuid_libunwind, RelationshipType.CONTAINS, package_uuid_libunwind +) +contains_relationship_picolibc = Relationship( + package_uuid_picolibc, RelationshipType.CONTAINS, package_uuid_picolibc +) + +# Because in-place alterations like .append() circumvent these checks, we don't use them here. +document.relationships += [ + contains_relationship_atfe, + contains_relationship_llvm, + contains_relationship_clang, + contains_relationship_lld, + contains_relationship_compiler_rt, + contains_relationship_libcxx, + contains_relationship_libcxxabi, + contains_relationship_libunwind, + contains_relationship_picolibc, +] + +# This library provides comprehensive validation against the SPDX specification. +# Note that details of the validation depend on the SPDX version of the document. +validation_messages: List[ValidationMessage] = validate_full_spdx_document(document) + +# You can have a look at each entry's message and context (like spdx_id, parent_id, full_element) +# which will help you pinpoint the location of the invalidity. +for message in validation_messages: + logging.warning(message.validation_message) + logging.warning(message.context) + +# If the document is valid, validation_messages will be empty. +assert validation_messages == [] + +# Finally, we can serialize the document to any of the five supported formats. +# Using the write_file() method from the write_anything module, +# the format will be determined by the file ending: .spdx (tag-value), .json, .xml, .yaml. or .rdf (or .rdf.xml) +write_file(document, "sbom_atfe.spdx.json") diff --git a/arm-software/embedded/scripts/SBOM_Scripts/spdx2_document_from_scratch_llvmlibc.py b/arm-software/embedded/scripts/SBOM_Scripts/spdx2_document_from_scratch_llvmlibc.py new file mode 100644 index 000000000000..26ae38b81d33 --- /dev/null +++ b/arm-software/embedded/scripts/SBOM_Scripts/spdx2_document_from_scratch_llvmlibc.py @@ -0,0 +1,178 @@ +# SPDX-FileCopyrightText: 2023 spdx contributors +# +# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +# +# Purpose: This script helps to generate SBOM for ATfE llvm-libc overlay package. +# +# Installation: Kindly refer https://github.com/spdx/tools-python for pre-requisite installation. +# +# Usage: python spdx2_document_from_scratch_llvmlibc.py +# +# Output file generated: sbom_atfe_llvmlibc.spdx.json +# +import logging +import uuid +from datetime import datetime +from typing import List + +from spdx_tools.common.spdx_licensing import spdx_licensing +from spdx_tools.spdx.model import ( + Actor, + ActorType, + CreationInfo, + Document, + Package, + Relationship, + RelationshipType, +) +from spdx_tools.spdx.validation.document_validator import validate_full_spdx_document +from spdx_tools.spdx.validation.validation_message import ValidationMessage +from spdx_tools.spdx.writer.write_anything import write_file + +# This example shows how to use the spdx-tools to create an SPDX document from scratch, +# validate it and write it to a file. + +def create_Package( + name, + uuid, + download_location, + actorType, + personName, + personEmail, + license, + licenseComment, +): + package = Package( + name=name, + spdx_id=uuid, + download_location=download_location, + supplier=Actor(actorType, personName, personEmail), + originator=Actor(actorType, personName, personEmail), + files_analyzed=False, + license_concluded=spdx_licensing.parse(license), + license_declared=spdx_licensing.parse(license), + license_comment=licenseComment, + ) + + return package + +# First up, we need general information about the creation of the document, summarised by the CreationInfo class. +creation_info = CreationInfo( + spdx_version="SPDX-2.3", + spdx_id="SPDXRef-DOCUMENT", + name="Arm Toolchain for Embedded LLVM libc overlay", + data_license="CC0-1.0", + document_namespace="https://github.com/arm/arm-toolchain/tree/arm-software/arm-software/embedded", + creators=[ + Actor(ActorType.ORGANIZATION, "Arm Limited", "open-source-office@arm.com") + ], + created=datetime(2025, 3, 5), +) + +# creation_info is the only required property of the Document class (have a look there!), the rest are optional lists. +# So, we are set up to create a new document instance. +document = Document(creation_info) + +# The document currently does not describe anything. Let's create a package that we can add to it. +# The Package class has quite a few properties (have a look there!), +# but only name, spdx_id and download_location are mandatory in SPDX v2.3. +package_url = ( + "https://github.com/arm/arm-toolchain/tree/arm-software/arm-software/embedded" +) +package_uuid_atfe = "SPDXRef-Package-" + str( + uuid.uuid5(uuid.NAMESPACE_URL, package_url) +) +package_atfe = create_Package( + "Arm Toolchain for Embedded", + package_uuid_atfe, + package_url, + ActorType.ORGANIZATION, + "Arm Limited", + "open-source-office@arm.com", + "Apache-2.0 WITH LLVM-exception", + "", +) + +package_url = "https://github.com/llvm/llvm-project/tree/main/compiler-rt" +package_uuid_compiler_rt = "SPDXRef-Package-" + str( + uuid.uuid5(uuid.NAMESPACE_URL, package_url) +) +package_compiler_rt = create_Package( + "compiler-rt", + package_uuid_compiler_rt, + package_url, + ActorType.ORGANIZATION, + "https://foundation.llvm.org/", + "info@llvm.org", + "Apache-2.0 WITH LLVM-exception", + "", +) + +package_url = "https://github.com/llvm/llvm-project/tree/main/libc" +package_uuid_libc = "SPDXRef-Package-" + str( + uuid.uuid5(uuid.NAMESPACE_URL, package_url) +) +package_libc = create_Package( + "libc", + package_uuid_libc, + package_url, + ActorType.ORGANIZATION, + "https://foundation.llvm.org/", + "info@llvm.org", + "Apache-2.0 WITH LLVM-exception", + "", +) + +# Now that we have a package defined, we can add it to the document's package property. +document.packages = [package_atfe, package_compiler_rt, package_libc] + +# A DESCRIBES relationship asserts that the document indeed describes the package. +describes_relationship = Relationship( + "SPDXRef-DOCUMENT", RelationshipType.DESCRIBES, package_uuid_atfe +) +document.relationships = [describes_relationship] + +# Assuming the package contains those two files, we create two CONTAINS relationships. + +# This library uses run-time type checks when assigning properties. +# Because in-place alterations like .append() circumvent these checks, we don't use them here. + +# We now have created a document with basic creation information, describing a package that contains two files. +# You can also add Annotations, Snippets and ExtractedLicensingInfo to the document in an analogous manner to the above. +# Have a look at their respective classes if you are unsure about their properties. + +# Assuming the package contains those two files, we create two CONTAINS relationships. +contains_relationship_atfe = Relationship( + package_uuid_atfe, RelationshipType.CONTAINS, package_uuid_atfe +) +contains_relationship_compiler_rt = Relationship( + package_uuid_compiler_rt, RelationshipType.CONTAINS, package_uuid_compiler_rt +) +contains_relationship_libc = Relationship( + package_uuid_libc, RelationshipType.CONTAINS, package_uuid_libc +) + +# Because in-place alterations like .append() circumvent these checks, we don't use them here. +document.relationships += [ + contains_relationship_atfe, + contains_relationship_compiler_rt, + contains_relationship_libc, +] + +# This library provides comprehensive validation against the SPDX specification. +# Note that details of the validation depend on the SPDX version of the document. +validation_messages: List[ValidationMessage] = validate_full_spdx_document(document) + +# You can have a look at each entry's message and context (like spdx_id, parent_id, full_element) +# which will help you pinpoint the location of the invalidity. +for message in validation_messages: + logging.warning(message.validation_message) + logging.warning(message.context) + +# If the document is valid, validation_messages will be empty. +assert validation_messages == [] + +# Finally, we can serialize the document to any of the five supported formats. +# Using the write_file() method from the write_anything module, +# the format will be determined by the file ending: .spdx (tag-value), .json, .xml, .yaml. or .rdf (or .rdf.xml) +write_file(document, "sbom_atfe_llvmlibc.spdx.json") diff --git a/arm-software/embedded/scripts/SBOM_Scripts/spdx2_document_from_scratch_newlib.py b/arm-software/embedded/scripts/SBOM_Scripts/spdx2_document_from_scratch_newlib.py new file mode 100644 index 000000000000..04c231c03001 --- /dev/null +++ b/arm-software/embedded/scripts/SBOM_Scripts/spdx2_document_from_scratch_newlib.py @@ -0,0 +1,242 @@ +# SPDX-FileCopyrightText: 2023 spdx contributors +# +# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception +# +# Purpose: This script helps to generate SBOM for ATfE newlib overlay package. +# +# Installation: Kindly refer https://github.com/spdx/tools-python for pre-requisite installation. +# +# Usage: python spdx2_document_from_scratch_newlib.py +# +# Output file generated: sbom_atfe_newlib.spdx.json +# +import logging +import uuid +from datetime import datetime +from typing import List + +from spdx_tools.common.spdx_licensing import spdx_licensing +from spdx_tools.spdx.model import ( + Actor, + ActorType, + CreationInfo, + Document, + Package, + Relationship, + RelationshipType, +) +from spdx_tools.spdx.validation.document_validator import validate_full_spdx_document +from spdx_tools.spdx.validation.validation_message import ValidationMessage +from spdx_tools.spdx.writer.write_anything import write_file + +# This example shows how to use the spdx-tools to create an SPDX document from scratch, +# validate it and write it to a file. + +def create_Package( + name, + uuid, + download_location, + actorType, + personName, + personEmail, + license, + licenseComment, +): + package = Package( + name=name, + spdx_id=uuid, + download_location=download_location, + supplier=Actor(actorType, personName, personEmail), + originator=Actor(actorType, personName, personEmail), + files_analyzed=False, + license_concluded=spdx_licensing.parse(license), + license_declared=spdx_licensing.parse(license), + license_comment=licenseComment, + ) + + return package + +# First up, we need general information about the creation of the document, summarised by the CreationInfo class. +creation_info = CreationInfo( + spdx_version="SPDX-2.3", + spdx_id="SPDXRef-DOCUMENT", + name="Arm Toolchain for Embedded newlib overlay", + data_license="CC0-1.0", + document_namespace="https://github.com/arm/arm-toolchain/tree/arm-software/arm-software/embedded", + creators=[ + Actor(ActorType.ORGANIZATION, "Arm Limited", "open-source-office@arm.com") + ], + created=datetime(2025, 3, 5), +) + +# creation_info is the only required property of the Document class (have a look there!), the rest are optional lists. +# So, we are set up to create a new document instance. +document = Document(creation_info) + +# The document currently does not describe anything. Let's create a package that we can add to it. +# The Package class has quite a few properties (have a look there!), +# but only name, spdx_id and download_location are mandatory in SPDX v2.3. +package_url = ( + "https://github.com/arm/arm-toolchain/tree/arm-software/arm-software/embedded" +) +package_uuid_atfe = "SPDXRef-Package-" + str( + uuid.uuid5(uuid.NAMESPACE_URL, package_url) +) +package_atfe = create_Package( + "Arm Toolchain for Embedded", + package_uuid_atfe, + package_url, + ActorType.ORGANIZATION, + "Arm Limited", + "open-source-office@arm.com", + "Apache-2.0 WITH LLVM-exception", + "", +) + +package_url = "https://github.com/llvm/llvm-project/tree/main/compiler-rt" +package_uuid_compiler_rt = "SPDXRef-Package-" + str( + uuid.uuid5(uuid.NAMESPACE_URL, package_url) +) +package_compiler_rt = create_Package( + "compiler-rt", + package_uuid_compiler_rt, + package_url, + ActorType.ORGANIZATION, + "https://foundation.llvm.org/", + "info@llvm.org", + "Apache-2.0 WITH LLVM-exception", + "", +) + +package_url = "https://github.com/llvm/llvm-project/tree/main/libcxx" +package_uuid_libcxx = "SPDXRef-Package-" + str( + uuid.uuid5(uuid.NAMESPACE_URL, package_url) +) +package_libcxx = create_Package( + "libcxx", + package_uuid_libcxx, + package_url, + ActorType.ORGANIZATION, + "https://foundation.llvm.org/", + "info@llvm.org", + "Apache-2.0 WITH LLVM-exception", + "", +) + +package_url = "https://github.com/llvm/llvm-project/tree/main/libcxxabi" +package_uuid_libcxxabi = "SPDXRef-Package-" + str( + uuid.uuid5(uuid.NAMESPACE_URL, package_url) +) +package_libcxxabi = create_Package( + "libcxxabi", + package_uuid_libcxxabi, + package_url, + ActorType.ORGANIZATION, + "https://foundation.llvm.org/", + "info@llvm.org", + "Apache-2.0 WITH LLVM-exception", + "", +) + +package_url = "https://github.com/llvm/llvm-project/tree/main/libunwind" +package_uuid_libunwind = "SPDXRef-Package-" + str( + uuid.uuid5(uuid.NAMESPACE_URL, package_url) +) +package_libunwind = create_Package( + "libunwind", + package_uuid_libunwind, + package_url, + ActorType.ORGANIZATION, + "https://foundation.llvm.org/", + "info@llvm.org", + "Apache-2.0 WITH LLVM-exception", + "", +) + +package_url = "https://sourceware.org/newlib/" +package_uuid_newlib = "SPDXRef-Package-" + str( + uuid.uuid5(uuid.NAMESPACE_URL, package_url) +) +package_newlib = create_Package( + "newlib", + package_uuid_newlib, + package_url, + ActorType.ORGANIZATION, + "https://sourceware.org/newlib/", + "newlib@sourceware.org", + "", + "Detailed list of licenses is at: https://github.com/picolibc/picolibc/blob/main/COPYING.NEWLIB", +) + +# Now that we have a package defined, we can add it to the document's package property. +document.packages = [ + package_atfe, + package_compiler_rt, + package_libcxx, + package_libcxxabi, + package_libunwind, + package_newlib, +] + +# A DESCRIBES relationship asserts that the document indeed describes the package. +describes_relationship = Relationship( + "SPDXRef-DOCUMENT", RelationshipType.DESCRIBES, package_uuid_atfe +) +document.relationships = [describes_relationship] + +# Assuming the package contains those two files, we create two CONTAINS relationships. + +# This library uses run-time type checks when assigning properties. +# Because in-place alterations like .append() circumvent these checks, we don't use them here. + +# We now have created a document with basic creation information, describing a package that contains two files. +# You can also add Annotations, Snippets and ExtractedLicensingInfo to the document in an analogous manner to the above. +# Have a look at their respective classes if you are unsure about their properties. + +# Assuming the package contains those two files, we create two CONTAINS relationships. +contains_relationship_atfe = Relationship( + package_uuid_atfe, RelationshipType.CONTAINS, package_uuid_atfe +) +contains_relationship_compiler_rt = Relationship( + package_uuid_compiler_rt, RelationshipType.CONTAINS, package_uuid_compiler_rt +) +contains_relationship_libcxx = Relationship( + package_uuid_libcxx, RelationshipType.CONTAINS, package_uuid_libcxx +) +contains_relationship_libcxxabi = Relationship( + package_uuid_libcxxabi, RelationshipType.CONTAINS, package_uuid_libcxxabi +) +contains_relationship_libunwind = Relationship( + package_uuid_libunwind, RelationshipType.CONTAINS, package_uuid_libunwind +) +contains_relationship_newlib = Relationship( + package_uuid_newlib, RelationshipType.CONTAINS, package_uuid_newlib +) + +# Because in-place alterations like .append() circumvent these checks, we don't use them here. +document.relationships += [ + contains_relationship_atfe, + contains_relationship_compiler_rt, + contains_relationship_libcxx, + contains_relationship_libcxxabi, + contains_relationship_libunwind, + contains_relationship_newlib, +] + +# This library provides comprehensive validation against the SPDX specification. +# Note that details of the validation depend on the SPDX version of the document. +validation_messages: List[ValidationMessage] = validate_full_spdx_document(document) + +# You can have a look at each entry's message and context (like spdx_id, parent_id, full_element) +# which will help you pinpoint the location of the invalidity. +for message in validation_messages: + logging.warning(message.validation_message) + logging.warning(message.context) + +# If the document is valid, validation_messages will be empty. +assert validation_messages == [] + +# Finally, we can serialize the document to any of the five supported formats. +# Using the write_file() method from the write_anything module, +# the format will be determined by the file ending: .spdx (tag-value), .json, .xml, .yaml. or .rdf (or .rdf.xml) +write_file(document, "sbom_atfe_newlib.spdx.json")