docs: add SBOM for more extensions

Partial for #10940

Signed-off-by: Mateusz Urbanek <mateusz.urbanek@siderolabs.com>

dvb/cx23885/pkg.yaml

@@ -46,6 +46,9 @@ steps:
         cp -r /rootfs/ /extensions-validator-rootfs/rootfs
         cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
         /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/cx23885.spdx.json
+      version: {{ .LINUX_DVB_FIRMWARE }}
     # {{ end }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
 finalize:
   - from: /rootfs

dvb/dvb-m88ds3103/pkg.yaml

@@ -33,6 +33,9 @@ steps:
         cp -r /rootfs/ /extensions-validator-rootfs/rootfs
         cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
         /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/dvb-m88ds3103.spdx.json
+      version: {{ .VERSION }}
 finalize:
   - from: /rootfs
     to: /rootfs

firmware/intel-ucode/pkg.yaml

@@ -24,6 +24,9 @@ steps:
         cp -r /rootfs/ /extensions-validator-rootfs/rootfs
         cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
         /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/intel-ucode.spdx.json
+      version: {{ .INTEL_UCODE_VERSION }}
 finalize:
   - from: /rootfs
     to: /rootfs

guest-agents/qemu-guest-agent/pcre2/pkg.yaml

@@ -23,6 +23,13 @@ steps:
     install:
       - |
         make DESTDIR=/rootfs install
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/pcre2.spdx.json
+      version: {{ .PCRE2_VERSION }}
+      cpes:
+        - cpe:2.3:a:pcre:pcre2:{{ .CONTAINER_TOOLKIT_VERSION }}:*:*:*:*:*:*:*
+      licenses:
+        - BSD-2-Clause
 finalize:
   - from: /rootfs
     to: /

guest-agents/vmtoolsd-guest-agent/pkg.yaml

@@ -3,13 +3,18 @@ variant: scratch
 shell: /bin/bash
 dependencies:
   - stage: base
-  - image: {{ .BUILD_ARG_PKGS_PREFIX }}/talos-vmtoolsd:{{ .TALOS_VMTOOLSD_VERSION }}
+  - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/talos-vmtoolsd:{{ .TALOS_VMTOOLSD_VERSION }}"
     from: /
     to: /rootfs
 steps:
   - test:
       - |
         /extensions-validator validate --rootfs=/rootfs --pkg-name="${PKG_NAME}"
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/vmtoolsd-guest-agent.spdx.json
+      version: {{ .TALOS_VMTOOLSD_VERSION }}
+      licenses:
+        - Apache-2.0
 finalize:
   - from: /rootfs
     to: /

nvidia-gpu/nvidia-container-toolkit/nvidia-container-cli/libseccomp/pkg.yaml

@@ -36,6 +36,13 @@ steps:
         make install DESTDIR=/rootfs
          # we only need the libs and headers, remove everything else
         find /rootfs/usr/local/ -type d \( -name bin -o -name sbin -o -name share \) -prune -exec rm -rf {} \;
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/libseccomp.spdx.json
+      version: {{ .LIBSECCOMP_VERSION }}
+      cpes:
+        - cpe:2.3:a:libseccomp_project:libseccomp:{{ .LIBSECCOMP_VERSION }}:*:*:*:*:*:*:*
+      licenses:
+        - LGPL-2.1
 finalize:
   - from: /rootfs
     to: /rootfs

nvidia-gpu/nvidia-container-toolkit/nvidia-container-cli/lts/pkg.yaml

@@ -68,6 +68,13 @@ steps:
 
         # run ldconfig to update the cache
         /rootfs/usr/local/glibc/sbin/ldconfig -r /rootfs
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/nvidia-container-cli.spdx.json
+      version: {{ .LIBNVIDIA_CONTAINER_VERSION }}
+      licenses:
+        - Apache-2.0
+        - GPL-3.0
+        - LGPL-3.0
 finalize:
   - from: /rootfs
     to: /rootfs

nvidia-gpu/nvidia-container-toolkit/nvidia-container-cli/production/pkg.yaml

@@ -68,6 +68,13 @@ steps:
 
         # run ldconfig to update the cache
         /rootfs/usr/local/glibc/sbin/ldconfig -r /rootfs
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/nvidia-container-cli.spdx.json
+      version: {{ .LIBNVIDIA_CONTAINER_VERSION }}
+      licenses:
+        - Apache-2.0
+        - GPL-3.0
+        - LGPL-3.0
 finalize:
   - from: /rootfs
     to: /rootfs

nvidia-gpu/nvidia-container-toolkit/nvidia-container-runtime/pkg.yaml

@@ -58,6 +58,13 @@ steps:
 
         mkdir -p /rootfs/usr/local/etc/nvidia-container-runtime
         cp /pkg/nvidia-container-runtime.toml /rootfs/usr/local/etc/nvidia-container-runtime/config.toml
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/nvidia-container-runtime.spdx.json
+      version: {{ .CONTAINER_TOOLKIT_VERSION }}
+      cpes:
+        - cpe:2.3:a:nvidia:nvidia_container_toolkit:{{ .CONTAINER_TOOLKIT_VERSION }}:*:*:*:*:*:*:*
+      licenses:
+        - Apache-2.0
 finalize:
   - from: /rootfs
     to: /rootfs

power/nut-client/pkg.yaml

@@ -81,6 +81,12 @@ steps:
         cp -r /rootfs/ /extensions-validator-rootfs/rootfs
         cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
         /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/nut-client.spdx.json
+      version: {{ .NUT_VERSION }}
+      licenses:
+        - GPL-2.0
+        - GPL-3.0
 finalize:
   - from: /rootfs
     to: /rootfs

storage/iscsi-tools/open-iscsi/pkg.yaml

@@ -46,6 +46,13 @@ steps:
         rm -rf /rootfs/etc
         rm -rf /rootfs/usr/local/{etc,share,include,pkgconfig}
         rm -rf /rootfs/var
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/open-iscsi.spdx.json
+      version: {{ .OPEN_ISCSI_VERSION }}
+      cpes:
+        - cpe:2.3:a:open-iscsi_project:open-iscsi:{{ .OPEN_ISCSI_VERSION }}:*:*:*:*:*:*:*
+      licenses:
+        - GPL-2.0
 finalize:
   - from: /rootfs
     to: /rootfs

storage/nfsrahead/libevent/pkg.yaml

@@ -27,6 +27,13 @@ steps:
         make DESTDIR=/rootfs install
         # we only need the libs and headers, remove everything else
         find /rootfs/usr/local/ -type d \( -name bin -o -name sbin -o -name share \) -prune -exec rm -rf {} \;
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/libevent.spdx.json
+      version: {{ .LIBEVENT_VERSION }}
+      cpes:
+        - cpe:2.3:a:libevent_project:libevent:{{ .LIBEVENT_VERSION }}:*:*:*:*:*:*:*
+      licenses:
+        - BSD-3-Clause
 finalize:
   - from: /rootfs
     to: /rootfs

storage/nfsrahead/sqlite/pkg.yaml

@@ -27,6 +27,12 @@ steps:
         make DESTDIR=/rootfs install
         # we only need the libs and headers, remove everything else
         find /rootfs/usr/local/ -type d \( -name bin -o -name sbin -o -name share \) -prune -exec rm -rf {} \;
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/sqlite.spdx.json
+      version: {{ .SQLITE_VERSION }}
+      cpes:
+        - cpe:2.3:a:sqlite:sqlite:{{ .SQLITE_VERSION }}:*:*:*:*:*:*:*
+      licenses: [] # explicit empty, sqlite is Public Domain
 finalize:
   - from: /rootfs
     to: /rootfs

storage/zfs/zfs-tools/pkg.yaml

@@ -14,7 +14,7 @@ steps:
         sha256: {{ .ZFS_TOOLS_SHA256 }}
         sha512: {{ .ZFS_TOOLS_SHA512 }}
     env:
-      ARCH: {{ if eq .ARCH "aarch64"}}arm64{{ else if eq .ARCH "x86_64" }}x86_64{{ else }}unsupported{{ end }}
+      ARCH: '{{ if eq .ARCH "aarch64"}}arm64{{ else if eq .ARCH "x86_64" }}x86_64{{ else }}unsupported{{ end }}'
     prepare:
       - |
         tar -xf zfs.tar.gz --strip-components=1
@@ -40,6 +40,13 @@ steps:
         # since talos doesn't have a shell, this would fail
         # the default shipped file is a no-op, so safe to remove.
         rm -f /rootfs/usr/local/libexec/zfs/zfs_prepare_disk
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/zfs-tools.spdx.json
+      version: {{ .ZFS_DRIVER_VERSION }}
+      cpes:
+        - cpe:2.3:a:openzfs:openzfs:{{ .ZFS_DRIVER_VERSION }}:*:*:*:*:*:*:*
+      licenses:
+        - CDDL-1.0
 finalize:
   - from: /rootfs
     to: /rootfs

tools/nvme-cli/libnvme/pkg.yaml

@@ -30,6 +30,11 @@ steps:
     install:
       - |
         DESTDIR=/rootfs meson install -C .build
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/libnvme.spdx.json
+      version: {{ .LIBNVME_VERSION }}
+      licenses:
+        - LGPL-2.1
 finalize:
   - from: /rootfs
     to: /rootfs

tools/nvme-cli/pkg.yaml

@@ -43,6 +43,11 @@ steps:
         cp -r /rootfs/ /extensions-validator-rootfs/rootfs
         cp /pkg/manifest.yaml /extensions-validator-rootfs/manifest.yaml
         /extensions-validator validate --rootfs=/extensions-validator-rootfs --pkg-name="${PKG_NAME}"
+    sbom:
+      outputPath: /rootfs/usr/local/share/spdx/nvme-cli.spdx.json
+      version: {{ .NVME_CLI_VERSION }}
+      licenses:
+        - GPL-2.0
 finalize:
   - from: /rootfs
     to: /rootfs