Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create additional metadata info for gitbom #10

Open
bharsesh opened this issue Feb 23, 2022 · 2 comments
Open

Create additional metadata info for gitbom #10

bharsesh opened this issue Feb 23, 2022 · 2 comments

Comments

@bharsesh
Copy link
Collaborator

The bom file created under .bom/.objects only contain the hash of the dependencies. It may be helpful to create an additional file that will also contain the mapping of the hash to its source file and any other useful information. Such information could also potentially help when debugging issues.

The rough idea is to create another parallel file to the bom file, eg., .llvm.gitbom/c8/f2a0419e74bdb99ba7eb048d00f74308936e82, which will contain

dec04e9bf1ddb276ac6e3447977af30e8fb3bdfc // a.h
8c8cd8189911edf515d1c041f601b6422c62c5be // b.c

At this time, this file could be created by default or with an option.
@kestewart
Copy link

This information could be captured in an SPDX document in a fairly straight forward fashion. Then the SPDX doc could refer to the .bom/.objects file; and we'd have a way of doing the cross check. If you're open to this approach, happy to help.

@edwarnicke
Copy link
Contributor

@kestewart Could you give us an example of what this might look like for this simple example?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@edwarnicke @kestewart @bharsesh