vasilito
f31522130f
Build system (5 gaps hardened): - COOKBOOK_OFFLINE defaults to true (fork-mode) - normalize_patch handles diff -ruN format - New 'repo validate-patches' command (25/25 relibc patches) - 14 patched Qt/Wayland/display recipes added to protected list - relibc archive regenerated with current patch chain Boot fixes (fixable): - Full ISO EFI partition: 16 MiB → 1 MiB (matches mini, BIOS hardcoded 2 MiB offset) - D-Bus system bus: absolute /usr/bin/dbus-daemon path (was skipped) - redbear-sessiond: absolute /usr/bin/redbear-sessiond path (was skipped) - daemon framework: silenced spurious INIT_NOTIFY warnings for oneshot_async services (P0-daemon-silence-init-notify.patch) - udev-shim: demoted INIT_NOTIFY warning to INFO (expected for oneshot_async) - relibc: comprehensive named semaphores (sem_open/close/unlink) replacing upstream todo!() stubs - greeterd: Wayland socket timeout 15s → 30s (compositor DRM wait) - greeter-ui: built and linked (header guard unification, sem_compat stubs removed) - mc: un-ignored in both configs, fixed glib/libiconv/pcre2 transitive deps - greeter config: removed stale keymapd dependency from display/greeter services - prefix toolchain: relibc headers synced, _RELIBC_STDLIB_H guard unified Unfixable (diagnosed, upstream): - i2c-hidd: abort on no-I2C-hardware (QEMU) — process::exit → relibc abort - kded6/greeter-ui: page fault 0x8 — Qt library null deref - Thread panics fd != -1 — Rust std library on Redox - DHCP timeout / eth0 MAC — QEMU user-mode networking - hwrngd/thermald — no hardware RNG/thermal in VM - live preload allocation — BIOS memory fragmentation, continues on demand
Qt CycloneDX SBOM helper tool
This repository contains a Python script to create a CycloneDX Software Bill of Materials (SBOM) document for Qt-based projects.
Requirements
- Python 3.9,
pipto manage Python packages.- cyclonedx-python-lib package can be installed via pip
- optional tomli package if using Python 3.9 and the vendored tomli package is causing issues
pip install 'cyclonedx-python-lib[json-validation]' tomli
or
pip install . # in the current directory to parse the `pyproject.toml` dependencies
Description
The tool is not meant to be run standalone. Instead, the Qt CMake build system generates an intermediate TOML file during the build process, which is then processed by the provided Python script to create the final CycloneDX SBOM in JSON format.
Development
The script is using uv to manage a virtual environment for development. Install it before running the commands below.
Run
# Create a virtual environment with with the project dependencies using `uv` in the current dir
make env
# Optionally install the package in editable mode, for IDE support if needed.
uv pip install -e .
# Run the script
python ./qt_cyclonedx_generator/qt_cyclonedx_generator.py
To format the source code run:
make format # uses uvx ruff format
To run the lints:
make lint # uses uvx ruff check and pyright