subtree updatesnanbield

meta-arm: 9a4ae38e84..150169d01f:
  Jon Mason (1):
        arm/linux-yocto: backport patch to fix 6.5.13 networking issues

meta-raspberrypi: fde68b24f0..fd79e74cbc:
  Khem Raj (2):
        linux-raspberrypi_6.1.bb: Upgrade to 6.1.74
        linux-raspberrypi: Upgrade to 6.1.77

  Martin Jansa (1):
        u-boot: backport one commit from v2024.01 to fix booting from uSD

poky: 1a5c00f00c..7b8aa378d0:
  Alex Kiernan (1):
        wireless-regdb: Upgrade 2023.09.01 -> 2024.01.23

  Alexander Kanavin (3):
        linux-firmware: upgrade 20231211 -> 20240220
        sdk-manual: correctly describe separate build-sysroots tasks in direct sdk workflows
        dev-manual: improve descriptions of 'bitbake -S printdiff'

  BELOUARGA Mohamed (1):
        ref-manual: add documentation of the variable SPDX_NAMESPACE_PREFIX

  Bruce Ashfield (2):
        linux-yocto/6.1: update to v6.1.78
        linux-yocto/6.1: update CVE exclusions

  Claus Stovgaard (1):
        wpa-supplicant: Fix CVE-2023-52160

  Dhairya Nagodra (2):
        glibc: Remove duplicate entry for CVE-2023-4527
        xwayland: upgrade 23.2.3 -> 23.2.4

  Geoff Parker (1):
        ref-manual: variables: adding multiple groups in GROUPADD_PARAM

  Johan Bezem (1):
        ref-manual: variables: correct sdk installation default path

  Khem Raj (1):
        core-image-ptest: Increase disk size to 1.5G for strace ptest image

  Lee Chee Yang (3):
        libxml2: upgrade to 2.11.7
        openssl: upgrade to 3.1.5
        migration-guides: add release notes for 4.0.17

  Luca Ceresoli (2):
        ref-manual: tasks: do_cleanall: recommend using '-f' instead
        ref-manual: tasks: do_cleansstate: recommend using '-f' instead for a shared sstate

  Martin Jansa (1):
        contributor-guide: be more specific about meta-* trees

  Michael Halstead (1):
        yocto-uninative: Update to 4.4 for glibc 2.39

  Michael Opdenacker (13):
        ref-manual: system-requirements: update packages to build docs
        ref-manual: release-process: grammar fix
        manuals: suppress excess use of "following" word
        dev-manual: packages: clarify shared PR service constraint
        dev-manual: packages: need enough free space
        dev-manual: packages: fix capitalization
        manuals: document VIRTUAL-RUNTIME variables
        manuals: add initial stylechecks with Vale
        profile-manual: usage.rst: formatting fixes
        manuals: use "manual page(s)"
        profile-manual: usage.rst: fix reference to bug report
        documentation: Makefile: remove releases.rst in "make clean"
        profile-manual: usage.rst: further style improvements

  Munehisa Kamata (1):
        kernel.bbclass: Set pkg-config variables for building modules

  Pavel Zhukov (1):
        mdadm: Disable ptests

  Priyal Doshi (1):
        tzdata : Upgrade to 2024a

  Ross Burton (4):
        curl: improve run-ptest
        curl: increase test timeouts
        openssl: fix crash on aarch64 if BTI is enabled but no Crypto instructions
        gstreamer1.0: skip a test that is known to be flaky

  Simone Weiß (4):
        dev-manual: Rephrase spdx creation
        gnutls: Upgrade 3.8.2 -> 3.8.3
        contributor-guide: add notes for tests
        cve-check: Log if CVE_STATUS set but not reported for component

  Soumya Sambu (1):
        bind: Upgrade 9.18.21 -> 9.18.24

  Steve Sakoman (3):
        poky.conf: bump version for 4.3.4 release
        build-appliance-image: Update to nanbield head revision
        build-appliance-image: Update to nanbield head revision

  Tim Orling (1):
        vim: upgrade v9.0.2130 -> v9.0.2190

  Wang Mingyu (3):
        python3-jinja2: upgrade 3.1.2 -> 3.1.3
        bind: upgrade 9.18.20 -> 9.18.21
        gnutls: upgrade 3.8.1 -> 3.8.2

  Yoann Congal (6):
        cve-update-nvd2-native: Fix typo in comment
        cve-update-nvd2-native: Add an age threshold for incremental update
        cve-update-nvd2-native: Remove duplicated CVE_CHECK_DB_FILE definition
        cve-update-nvd2-native: nvd_request_next: Improve comment
        cve-update-nvd2-native: Fix CVE configuration update
        cve-update-nvd2-native: Remove rejected CVE from database

Change-Id: I041c2504ee3a1b3275770a6949606db7f6e22ee0
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>

1 files changed, 24 insertions, 16 deletions

diff --git a/poky/documentation/dev-manual/sbom.rst b/poky/documentation/dev-manual/sbom.rst
index f51d08f84d..b72bad1554 100644
--- a/poky/documentation/dev-manual/sbom.rst
+++ b/poky/documentation/dev-manual/sbom.rst
@@ -30,22 +30,29 @@ To make this happen, you must inherit the
 
    INHERIT += "create-spdx"
 
-You then get :term:`SPDX` output in JSON format as an
-``IMAGE-MACHINE.spdx.json`` file in ``tmp/deploy/images/MACHINE/`` inside the
-:term:`Build Directory`.
+Upon building an image, you will then get:
 
-This is a toplevel file accompanied by an ``IMAGE-MACHINE.spdx.index.json``
-containing an index of JSON :term:`SPDX` files for individual recipes, together
-with an ``IMAGE-MACHINE.spdx.tar.zst`` compressed archive containing all such
-files.
+-  :term:`SPDX` output in JSON format as an ``IMAGE-MACHINE.spdx.json`` file in
+   ``tmp/deploy/images/MACHINE/`` inside the :term:`Build Directory`.
+
+-  This toplevel file is accompanied by an ``IMAGE-MACHINE.spdx.index.json``
+   containing an index of JSON :term:`SPDX` files for individual recipes.
+
+-  The compressed archive ``IMAGE-MACHINE.spdx.tar.zst`` contains the index
+   and the files for the single recipes.
 
 The :ref:`ref-classes-create-spdx` class offers options to include
-more information in the output :term:`SPDX` data, such as making the generated
-files more human readable (:term:`SPDX_PRETTY`), adding compressed archives of
-the files in the generated target packages (:term:`SPDX_ARCHIVE_PACKAGED`),
-adding a description of the source files used to generate host tools and target
-packages (:term:`SPDX_INCLUDE_SOURCES`) and adding archives of these source
-files themselves (:term:`SPDX_ARCHIVE_SOURCES`).
+more information in the output :term:`SPDX` data:
+
+-  Make the json files more human readable by setting (:term:`SPDX_PRETTY`).
+
+-  Add compressed archives of the files in the generated target packages by
+   setting (:term:`SPDX_ARCHIVE_PACKAGED`).
+
+-  Add a description of the source files used to generate host tools and target
+   packages (:term:`SPDX_INCLUDE_SOURCES`)
+
+-  Add archives of these source files themselves (:term:`SPDX_ARCHIVE_SOURCES`).
 
 Though the toplevel :term:`SPDX` output is available in
 ``tmp/deploy/images/MACHINE/`` inside the :term:`Build Directory`, ancillary
@@ -65,11 +72,12 @@ generated files are available in ``tmp/deploy/spdx/MACHINE`` too, such as:
 
 See also the :term:`SPDX_CUSTOM_ANNOTATION_VARS` variable which allows
 to associate custom notes to a recipe.
-
 See the `tools page <https://spdx.dev/resources/tools/>`__ on the :term:`SPDX`
 project website for a list of tools to consume and transform the :term:`SPDX`
 data generated by the OpenEmbedded build system.
 
-See also Joshua Watt's
+See also Joshua Watt's presentations
 `Automated SBoM generation with OpenEmbedded and the Yocto Project <https://youtu.be/Q5UQUM6zxVU>`__
-presentation at FOSDEM 2023.
+at FOSDEM 2023 and
+`SPDX in the Yocto Project <https://fosdem.org/2024/schedule/event/fosdem-2024-3318-spdx-in-the-yocto-project/>`__
+at FOSDEM 2024.