cleanup Readme and generate SBOM

2025-09-06 11:55:19 +02:00
parent 16913b5c7f
commit 44aaf7b786
5 changed files with 112 additions and 22 deletions
--- a/.gitignore
+++ b/.gitignore
@ -256,4 +256,6 @@ cython_debug/
 # PyPI configuration file
 .pypirc

-pyupdi-env/
+pyupdi-env/
+
+sbom.spdx.json
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -1,37 +1,79 @@
 cmake_minimum_required(VERSION 3.13)
-
-# Project
 project(lezyne-rear-light-firmware C)

 # MCU and clock
 set(MCU attiny202)
-set(F_CPU 5000000UL) # 5 MHz
+set(F_CPU 5000000UL)

-# Toolchain executables
+# Toolchain
 set(CMAKE_SYSTEM_NAME Generic)
 set(CMAKE_C_COMPILER avr-gcc)
 set(OBJCOPY avr-objcopy)

-# Compiler flags: optimize, warnings, treat warnings as errors
-set(CMAKE_C_FLAGS "-mmcu=${MCU} -DF_CPU=${F_CPU} -Os -Wall -Werror")
-
 # Sources
 add_executable(main.elf main.c)

-# HEX file
-add_custom_command(
-    OUTPUT main.hex
+# Compiler and linker flags
+target_compile_options(main.elf PRIVATE -mmcu=${MCU} -DF_CPU=${F_CPU} -Os -Wall -Werror)
+set_target_properties(main.elf PROPERTIES LINK_FLAGS "-mmcu=${MCU}")
+
+# Create HEX and BIN after build
+add_custom_command(TARGET main.elf POST_BUILD
    COMMAND ${OBJCOPY} -O ihex -R .eeprom main.elf main.hex
-    DEPENDS main.elf
-)
-
-# BIN file
-add_custom_command(
-    OUTPUT main.bin
    COMMAND ${OBJCOPY} -O binary -R .eeprom main.elf main.bin
-    DEPENDS main.elf
 )

-# Targets
-add_custom_target(hex ALL DEPENDS main.hex)
-add_custom_target(bin ALL DEPENDS main.bin)
+# Optional: show size
+find_program(SIZE_TOOL avr-size)
+if(SIZE_TOOL)
+    add_custom_command(TARGET main.elf POST_BUILD
+        COMMAND ${SIZE_TOOL} --mcu=${MCU} --format=avr main.elf
+    )
+endif()
+
+# Flash target using pymcuprog
+find_program(PYMCUPROG pymcuprog)
+set(UPDI_PORT "/dev/ttyUSB0" CACHE STRING "Serial port for UPDI programming")
+
+if(PYMCUPROG)
+    add_custom_target(flash
+        COMMAND ${PYMCUPROG} -t uart -u ${UPDI_PORT} -d ${MCU} write -f main.hex
+        DEPENDS main.hex
+        COMMENT "Flashing ${MCU} with pymcuprog..."
+    )
+else()
+    message(WARNING "pymcuprog not found in PATH. 'make flash' will not be available.")
+endif()
+
+# --- SBOM Generation (SPDX JSON) ---
+find_package(Git REQUIRED)
+
+# Generate current timestamp in ISO 8601 format (UTC)
+string(TIMESTAMP CMAKE_TIMESTAMP "%Y-%m-%dT%H:%M:%SZ" UTC)
+
+# Get current git hash
+execute_process(
+    COMMAND ${GIT_EXECUTABLE} rev-parse HEAD
+    WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
+    OUTPUT_VARIABLE GIT_HASH
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+)
+
+# Get avr-gcc version
+execute_process(
+    COMMAND ${CMAKE_C_COMPILER} --version
+    OUTPUT_VARIABLE AVR_GCC_VERSION
+    OUTPUT_STRIP_TRAILING_WHITESPACE
+)
+
+# Where to write SBOM
+set(SBOM_FILE ${CMAKE_SOURCE_DIR}/sbom.spdx.json)
+
+# Generate from template
+configure_file(${CMAKE_SOURCE_DIR}/sbom.template.json ${SBOM_FILE} @ONLY)
+
+# Always regenerate on build
+add_custom_target(sbom ALL
+    DEPENDS ${SBOM_FILE}
+    COMMENT "Generating SPDX SBOM..."
+)
--- a/2
+++ b/2
@ -1,6 +1,6 @@
 MIT License

-Copyright (c) 2025 localhorst
+Copyright (c) 2025 Hendrik Schutter

 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and 
 associated documentation files (the "Software"), to deal in the Software without restriction, including 
--- a/README.md
+++ b/README.md
@ -2,6 +2,8 @@

 **🚧 Work in progress. No complete firmware yet 🚧**

+🚀 For pre-build binaries go to [Releases](https://git.mosad.xyz/localhorst/lezyne-rear-light-firmware/releases).
+
 Open firmware for Lezyne bike rear lights based on ATTINY202

 This repository contains a minimal firmware as a **C project** for the ATtiny202 microcontroller using **GCC**, **CMake**, and **VS Code**. It also includes instructions for programming the chip using an **FT232 USB-UART adapter** via the UPDI interface with `pymcuprog`.  
--- a/sbom.template.json
+++ b/sbom.template.json
@ -0,0 +1,44 @@
+{
+    "spdxVersion": "SPDX-2.3",
+    "dataLicense": "CC0-1.0",
+    "SPDXID": "SPDXRef-DOCUMENT",
+    "name": "lezyne-rear-light-firmware",
+    "documentNamespace": "https://git.mosad.xyz/localhorst/lezyne-rear-light-firmware/@GIT_HASH@",
+    "creationInfo": {
+        "created": "@CMAKE_TIMESTAMP@",
+        "creators": [
+            "Tool: CMake+SPDX"
+        ]
+    },
+    "packages": [
+        {
+            "name": "main.c",
+            "SPDXID": "SPDXRef-mainc",
+            "downloadLocation": "https://git.mosad.xyz/localhorst/lezyne-rear-light-firmware/src/branch/main/main.c",
+            "filesAnalyzed": true,
+            "versionInfo": "@GIT_HASH@",
+            "licenseDeclared": "MIT License",
+            "homepage": "https://git.mosad.xyz/localhorst/lezyne-rear-light-firmware"
+        },
+        {
+            "name": "avr-gcc",
+            "SPDXID": "SPDXRef-avrgcc",
+            "downloadLocation": "NOASSERTION",
+            "filesAnalyzed": false,
+            "versionInfo": "@AVR_GCC_VERSION@",
+            "licenseDeclared": "GPL-3.0-or-later",
+            "supplier": "Organization: The GNU Project",
+            "homepage": "https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git"
+        },
+        {
+            "name": "avr-libc",
+            "SPDXID": "SPDXRef-avrlibc",
+            "downloadLocation": "NOASSERTION",
+            "filesAnalyzed": false,
+            "versionInfo": "2.2.1-1.2",
+            "licenseDeclared": "Modified BSD License",
+            "supplier": "Organization: AVRDUDES Authors",
+            "homepage": "https://github.com/avrdudes/avr-libc/"
+        }
+    ]
+}