Currently sbom manifest is checked only in .gitmodules and
this check is done in pre-commit and also in CI. Meaning it's running
three times(pre-commit before push if user has it enabled, in CI
as there is the pre-commit run again and again with test in CI). Since
esp-idf-sbom contains a full manifest validation support and pre-commit
plugin for it, let's use it. This removes all the current sbom testing
and replaces it with a signle pre-commit plugin which validates all
manifests files(sbom.yml, idf_component.yml, .gitmodules and also
referenced manifests) in repository. Note that this checks all
manifests, not only ones which were modified. The check is reasonably
fast though, so it should not cause any problem. The reason for
validating all manifest files is that we want to make sure that the sbom
information in .gitmodules is updated too and that the hash
recorded in .gitmodules is up-to-date. Meaning submodule update
would not trigger this plugin, because no manifest was changed.
Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
This adds SBOM information for submodules, which are not managed
by Espressif. Meaning there is no fork for them in the espressif
namespace. Other submodules should add sbom.yml manifest file to
the root of their git repository.
The SBOM information for submodules is stored in the .gitmodules file.
Each SBOM related variable has the "sbom-" prefix and the following
variables may be used:
sbom-version:
submodule version
sbom-cpe:
CPE record if available in NVD. This will be used by the SBOM
tool to check for possible submodule vulnerabilities. The
version in the CPE can be replaced with the "{}" placeholder,
which will be replaced by the "sbom-version" value from above.
sbom-supplier:
Person or organization who is providing the submodule.
It has to start with "Person:" or "Organization:" prefix
as required by the SPDX-2.2 standard.
sbom-url:
URL to the project if exists, e.g. github.
sbom-description:
Project description.
sbom-hash:
Submodule SHA as recorded in the git-tree. This field is used by
CI to check that the submodule checkout hash and info in .gitmodules
are in sync. IOW if submodule is updated and it has SBOM info in
.gitmodules, the .gitmodules has to be updated too. The test is
part of this commit. The checkout has of the submodule can be found
by using "git submodule status".
Example for micro-ecc submodule
---8<---
[submodule "components/bootloader/subproject/components/micro-ecc/micro-ecc"]
path = components/bootloader/subproject/components/micro-ecc/micro-ecc
url = ../../kmackay/micro-ecc.git
sbom-version = 1.0
sbom-cpe = cpe:2.3🅰️micro-ecc_project:micro-ecc:{}:*:*:*:*:*:*:*
sbom-supplier = Person: Ken MacKay
sbom-url = https://github.com/kmackay/micro-ecc
sbom-description = A small and fast ECDH and ECDSA implementation for 8-bit, 32-bit, and 64-bit processors
sbom-hash = d037ec89546fad14b5c4d5456c2e23a71e554966
---8<---
Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
All the partition handling API functions and data-types were moved from the 'spi_flash' component to the new one named 'esp_partition'. See Storage 5.x migration guide for more details
COMPONENT_DIRS and EXTRA_COMPONENT_DIRS should be defined as CMake
lists, using 'set' or 'list' commands. Some applications written
for earlier versions of ESP-IDF used to define these variables as
space separated strings.
For example, the following is correct:
set(EXTRA_COMPONENT_DIRS path/to/components path/to/more/components)
The following is not correct:
set(EXTRA_COMPONENT_DIRS "${EXTRA_COMPONENT_DIRS} component1")
set(EXTRA_COMPONENT_DIRS "${EXTRA_COMPONENT_DIRS} component2")
The string "component1 component2" may indicate a single directory
name with a space, or two directory names separated by space.
However due to the fact that such way of defining EXTRA_COMPONENT_DIRS
was supported in IDF 4.3 and earlier, we need to provide backward
compatibility for it.
This commit introduces a new script, split_paths_by_spaces.py, which
is invoked if EXTRA_COMPONENT_DIRS or COMPONENT_DIRS variable contains
spaces. The script tries to determine if each space should be
interpreted as a separator or as part of the directory name.
When this cannot be done unambiguously, the script reports an error.
In all cases when space separators are detected, the script reports
a warning, and prints instructions for fixing the CMakeLists.txt.
Breaking change in this commit: specifying non-existent directories
in COMPONENT_DIRS or EXTRA_COMPONENT_DIRS is no longer allowed.
* Wrapper class for simple GPIO interaction
like read/write without ISRs.
* Added rule to provoke builds after changes in
the experimental C++ component.
The following files have been ported:
* esp_rom_crc.h
* esp_rom_sys.h
* esp_rom_efuse.h (mostly no-ops)
* esp_rom_md5.h
Integrated Linux-based rom implementation into log
and NVS component.
Added brief host tests for ROM to ensure basic
consistency on Linux.
Added ROM printf host unit tests.
Temporarily added reset reason for Linux in ROM.
