Re: [PATCH v2 00/14] Add SPDX SBOM generation tool

Next message: Wolfram Sang: "Re: [GIT PULL] i2c-host-fixes for v6.19-rc8"
Previous message: Thomas Gleixner: "Re: [PATCH 2/2] hpet: Add HPET-based NMI watchdog support"
In reply to: Luis Augenstein: "Re: [PATCH v2 00/14] Add SPDX SBOM generation tool"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Nathan Chancellor

Date: Tue Feb 03 2026 - 15:51:15 EST

On Tue, Feb 03, 2026 at 03:41:42PM +0100, Luis Augenstein wrote:
> Hi Nathan,
>
> > 2. This depends on having a clean initial build tree (either empty
> > directory or 'clean' as a make target) due to needing to parse the
> > .cmd files, which could be stale if someone builds a kernel, changes
> > their config, and rebuilds, right? This should be documented since I
> > do not think it is possible to do something like what Masahiro did in
> > commit 3d32285fa995 ("kbuild: wire up the build rule of
> > compile_commands.json to Makefile") because of the drawback that it
> > misses too many things.
>
> There might be edge cases, but in general stale .cmd files should not be
> an issue.
>
> The script does not scan the build tree for .cmd files. It starts from a
> set of root build artifacts (kernel image and .ko modules listed in
> modules.order). From these roots, it parses the corresponding .cmd files
> to discover the immediate dependencies, and then recursively processes
> the .cmd files of those dependencies, effectively walking the entire
> dependency graph up to the individual source files.
>
> Stale .cmd files should not be referenced as dependencies by the root
> artifacts and therefore not be part of the resulting dependency graph.

Ah okay, thanks for the explanation! I have not had a chance to review
the actual Python implementation yet. It sounds very similar to the
approach taken by Masahiro for compile_commands.json but by looking at
the .cmd files recursively from the root artifacts.

Cheers,
Nathan