git: b5444da848e3 - main - security/py-lib4sbom: New port
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 16 Jul 2025 15:27:29 UTC
The branch main has been updated by bofh:
URL: https://cgit.FreeBSD.org/ports/commit/?id=b5444da848e3977e12c8da43895bd03325d2839f
commit b5444da848e3977e12c8da43895bd03325d2839f
Author: Tuukka Pasanen <tuukka.pasanen@ilmi.fi>
AuthorDate: 2025-05-05 19:22:14 +0000
Commit: Muhammad Moinur Rahman <bofh@FreeBSD.org>
CommitDate: 2025-07-16 14:53:24 +0000
security/py-lib4sbom: New port
Lib4SBOM is a library to parse and generate Software Bill of Materials
(SBOMs). It supports SBOMs created in both SPDX and CycloneDX formats.
WWW: https://github.com/anthonyharrison/lib4sbom
PR: 286644
Sponsored by: The FreeBSD Foundation
---
security/Makefile | 1 +
security/py-lib4sbom/Makefile | 86 ++++++++++++++++++++++++++++++++++++++++++
security/py-lib4sbom/distinfo | 3 ++
security/py-lib4sbom/pkg-descr | 17 +++++++++
4 files changed, 107 insertions(+)
diff --git a/security/Makefile b/security/Makefile
index 39de649f8d2d..5e7219440613 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -980,6 +980,7 @@
SUBDIR += py-keyring
SUBDIR += py-keyrings.alt
SUBDIR += py-krb5
+ SUBDIR += py-lib4sbom
SUBDIR += py-libnacl
SUBDIR += py-liboqs-python
SUBDIR += py-m2crypto
diff --git a/security/py-lib4sbom/Makefile b/security/py-lib4sbom/Makefile
new file mode 100644
index 000000000000..b4a0f5a61a6d
--- /dev/null
+++ b/security/py-lib4sbom/Makefile
@@ -0,0 +1,86 @@
+PORTNAME= lib4sbom
+DISTVERSIONPREFIX= v
+DISTVERSION= 0.8.7
+CATEGORIES= security python
+PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX}
+
+MAINTAINER= tuukka.pasanen@ilmi.fi
+COMMENT= Software bill of material (SBOM) generator and consumer library
+WWW= https://github.com/anthonyharrison/lib4sbom
+
+LICENSE= APACHE20
+LICENSE_FILE= ${WRKSRC}/LICENSE
+
+BUILD_DEPENDS= ${PY_SETUPTOOLS} \
+ ${PYTHON_PKGNAMEPREFIX}wheel>=0:devel/py-wheel@${PY_FLAVOR}
+RUN_DEPENDS= ${PYTHON_PKGNAMEPREFIX}defusedxml>0:devel/py-defusedxml@${PY_FLAVOR} \
+ ${PYTHON_PKGNAMEPREFIX}pyyaml>0:devel/py-pyyaml@${PY_FLAVOR} \
+ ${PYTHON_PKGNAMEPREFIX}requests>=2.32:www/py-requests@${PY_FLAVOR} \
+ ${PYTHON_PKGNAMEPREFIX}semantic-version>=2.8<3:devel/py-semantic-version@${PY_FLAVOR} \
+ ${PYTHON_PKGNAMEPREFIX}xmlschema>0:textproc/py-xmlschema@${PY_FLAVOR}
+
+USES= python
+USE_GITHUB= yes
+GH_ACCOUNT= anthonyharrison
+USE_PYTHON= autoplist concurrent pep517 pytest
+PYTEST_BROKEN_TESTS= test_set_checksum test_set_type test_set_supplier \
+ test_set_originator test_set_downloadlocation \
+ test_set_homepage test_set_checksum \
+ test_set_checksum_multiple test_set_externalreference \
+ test_set_checksum test_set_type test_set_supplier \
+ test_set_originator test_set_downloadlocation \
+ test_set_homepage test_set_checksum \
+ test_set_checksum_multiple test_set_externalreference
+# There is blank tests are are not implemented yet
+PYTEST_IGNORED_TESTS= test_store test_getBOM test_generateTime \
+ test_generateDocumentHeader \
+ test_generateJSONDocumentHeader \
+ test_generateXMLDocumentHeader \
+ test_generateRelationship test_generateComponent \
+ test_generateJSONComponent test_generateXMLComponent \
+ test_parse test_parse_cyclonedx_json test_get_format \
+ test_get_type test_generate test_get_sbom \
+ test_generate_spdx test_get_spdx test_get_relationships \
+ test_get_cyclonedx test_generate_cyclonedx test_close \
+ test_file_out test_console_out test_show \
+ test_format_json_data test_format_yaml_data \
+ test_format_tag_data test_send_output \
+ test_generate_output test_parse_file test_get_type \
+ test_get_files test_get_packages test_get_relationships \
+ test_show test_getBOM test_getRelationships \
+ test_generateTag test_generateComment test_generateTime \
+ test_generateTagDocumentHeader \
+ test_generateJSONDocumentHeader \
+ test_generateDocumentHeader test_package_ident \
+ test_file_ident test_license_ident \
+ test_generateTagPackageDetails \
+ test_generateJSONPackageDetails \
+ test_generateTagFileDetails \
+ test_generateJSONFileDetails \
+ test_generatePackageDetails test_generateFileDetails \
+ test_generateRelationship test_showRelationship \
+ test_parse test_parse_spdx_tag test_parse_spdx_json \
+ test_parse_spdx_rdf test_parse_spdx_yaml \
+ test_parse_spdx_xml
+
+NO_ARCH= YES
+
+PORTEXAMPLES= *
+
+OPTIONS_DEFINE= EXAMPLES
+
+post-patch:
+ ${MV} ${WRKSRC}/test ${WRKSRC}/${PORTNAME}
+ ${MV} ${WRKSRC}/tools ${WRKSRC}/${PORTNAME}
+
+post-patch-EXAMPLES-off:
+ @${RM} -r ${WRKSRC}/examples
+
+post-stage-EXAMPLES-on:
+ ${RM} -r ${STAGEDIR}${PYTHONPREFIX_SITELIBDIR}/examples
+ @${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
+ ${INSTALL_DATA} ${WRKSRC}/examples/* ${STAGEDIR}${EXAMPLESDIR}
+ @${REINPLACE_CMD} -e '/\/examples\//d' \
+ ${WRKDIR}/.PLIST.pymodtmp
+
+.include <bsd.port.mk>
diff --git a/security/py-lib4sbom/distinfo b/security/py-lib4sbom/distinfo
new file mode 100644
index 000000000000..5fe6d1866858
--- /dev/null
+++ b/security/py-lib4sbom/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1752670734
+SHA256 (anthonyharrison-lib4sbom-v0.8.7_GH0.tar.gz) = 20b4dec06a8d1bd917cf9ebcf9858d53981073e161a0a0d77f9c1704ecde784e
+SIZE (anthonyharrison-lib4sbom-v0.8.7_GH0.tar.gz) = 1848916
diff --git a/security/py-lib4sbom/pkg-descr b/security/py-lib4sbom/pkg-descr
new file mode 100644
index 000000000000..1fcb07927c3b
--- /dev/null
+++ b/security/py-lib4sbom/pkg-descr
@@ -0,0 +1,17 @@
+Lib4SBOM is a library to parse and generate Software Bill of Materials (SBOMs).
+It supports SBOMs created in both SPDX and CycloneDX formats.
+
+It has been developed on the assumption that having a generic abstraction of
+SBOM regardless of the underlying format will be useful to developers.
+
+The following facilities are provided:
+ * Generate SPDX SBOM in TagValue, JSON and YAML formats
+ * Generate CycloneDX SBOM in JSON format
+ * Parse SPDX SBOM in TagValue, JSON, YAML, XML and RDF formats
+ * Parse CycloneDX SBOM in JSON and XMLformat
+ * Create and manipulate a SBOM file object
+ * Create and manipulate a SBOM package object
+ * Create and manipulate a SBOM dependency relationship object
+ * Create and manipulate a Vulnerability object
+ * Create and manipulate a Software Service object
+ * Generated SBOM can be output to a file or to the console