On 2025-04-05 01:43, Paul Eggert wrote:
Perhaps we should add something about SBOMs to theory.html, if only to say something along the lines of the above.
After looking into this a bit more, it appears that a good home for this might be the Makefile, as it already talks about POSIX compatibility. So I installed the attached proposed patch.
From 74590f124786631d9a715de166e4668f78408e26 Mon Sep 17 00:00:00 2001 From: Paul Eggert <egg...@cs.ucla.edu> Date: Mon, 21 Apr 2025 01:32:21 -0700 Subject: [PROPOSED] Mention build assumptions * Makefile: Add comments useful for SBOM construction. --- Makefile | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/Makefile b/Makefile index b8029429..7c38bee9 100644 --- a/Makefile +++ b/Makefile @@ -3,9 +3,21 @@ # 2009-05-17 by Arthur David Olson. # Request POSIX conformance; this must be the first non-comment line. .POSIX: +# By default, builds of code and data assume POSIX.1-2001 or later; +# this assumption can be relaxed by tailoring the build as described below. # On older platforms you may need to scrounge for POSIX conformance. # For example, on Solaris 10 (2005) with Sun Studio 12 aka Sun C 5.9 (2007), # use 'PATH=/usr/xpg4/bin:$PATH make CC=c99'. +# Reproducible builds of distribution tarballs also need a copy of the +# Git repository, and assume the behavior of the following programs +# (or later versions): +# Git 2.7.0 (2016) +# GNU Coreutils 6.3 (2006) +# GNU Tar 1.14 (2004) +# GnuPG 1.4 (2004) +# Although tzdb does not come with a software bill of materials, +# you should be able to construct one based on the above information, +# your platform, and the way you use this Makefile. # To affect how this Makefile works, you can run a shell script like this: # -- 2.48.1
