Build Metadata - Environment Variables

[augelu-tng]

The environment property of the Build element should be filled with environment variables from the Kernel build.
Which environment variables should we include?

When integrating KernelSbom under tools/sbom we have access to the following make variables:

AFLAGS_KERNEL = 
AFLAGS_MODULE = 
AR = ar
ARCH = x86
ARCH_CORE = 
ARCH_DRIVERS =  
ARCH_LIB = lib/ arch/x86/lib/
AWK = awk
BASH = bash
BINDGEN = bindgen
BITS = 32
CC = gcc
CC_FLAGS_FPU = -msse -msse2 -mhard-float -D_LINUX_FPU_COMPILATION_UNIT
CC_FLAGS_NO_FPU = 
CFLAGS_GCOV = -fprofile-arcs -ftest-coverage -fno-tree-loop-im
CFLAGS_KERNEL = 
CFLAGS_MODULE = 
CHECK = sparse
CHECKFLAGS = -D__linux__ -Dlinux -D__STDC__ -Dunix -D__unix__ -Wbitwise -Wno-return-void -Wno-unknown-attribute  -D__i386__ --arch=x86 -mlittle-endian -m32
CLIPPY_CONF_DIR = ..
CONFIG_SHELL = sh
CPP = gcc -E
CROSS_COMPILE = 
CURDIR = /home/luis/code/WSKernelSbom/linux/tools/sbom
GNUMAKEFLAGS = 
HOSTCC = gcc
HOSTCXX = g++
HOSTPKG_CONFIG = pkg-config
HOSTRUSTC = rustc
INSTALLKERNEL = installkernel
INSTALL_DTBS_PATH = /boot/dtbs/6.17.0+
INSTALL_HDR_PATH = ./usr
INSTALL_PATH = /boot
KBUILD_AFLAGS = -D__ASSEMBLY__ -fno-PIE -m32
KBUILD_AFLAGS_KERNEL = 
KBUILD_AFLAGS_MODULE = -DMODULE
KBUILD_BUILTIN = y
KBUILD_CFLAGS = -std=gnu11 -fshort-wchar -funsigned-char -fno-common -fno-PIE -fno-strict-aliasing -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -mno-avx -fcf-protection=none -m32 -msoft-float -mregparm=3 -freg-struct-return -fno-pic -mpreferred-stack-boundary=2 -march=i686 -Wa,-mtune=generic32 -ffreestanding -Wno-sign-compare -fno-asynchronous-unwind-tables -fno-delete-null-pointer-checks -Os -fno-allow-store-data-races -fno-stack-protector -fomit-frame-pointer  -fno-stack-clash-protection -falign-functions=4 -fno-strict-overflow -fno-stack-check -fconserve-stack -fno-builtin-wcslen -Wall -Wextra -Wundef -Werror=implicit-function-declaration -Werror=implicit-int -Werror=return-type -Werror=strict-prototypes -Wno-format-security -Wno-trigraphs  -Wno-frame-address  -Wno-address-of-packed-member -Wmissing-declarations -Wmissing-prototypes -Wframe-larger-than=1024 -Wno-main -Wvla-larger-than=1 -Wno-pointer-sign  -Wcast-function-type -Wno-array-bounds  -Wno-stringop-overflow -Wno-alloc-size-larger-than -Wimplicit-fallthrough=5 -Werror=date-time -Werror=incompatible-pointer-types -Werror=designated-init -Wenum-conversion -Wunused  -Wno-unused-but-set-variable  -Wno-unused-const-variable  -Wno-packed-not-aligned  -Wno-format-overflow  -Wno-format-truncation  -Wno-stringop-truncation -Wno-override-init  -Wno-missing-field-initializers -Wno-type-limits -Wno-shift-negative-value -Wno-maybe-uninitialized -Wno-sign-compare -Wno-unused-parameter
KBUILD_CFLAGS_KERNEL = 
KBUILD_CFLAGS_MODULE = -DMODULE
KBUILD_CHECKSRC = 0
KBUILD_CLIPPY = 
KBUILD_CPPFLAGS = -D__KERNEL__ -fmacro-prefix-map=../=
KBUILD_EXTMOD = 
KBUILD_EXTRA_WARN = 
KBUILD_HOSTCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -std=gnu11   -I ../scripts/include
KBUILD_HOSTCXXFLAGS = -Wall -O2   -I ../scripts/include
KBUILD_HOSTLDFLAGS =  
KBUILD_HOSTLDLIBS =  
KBUILD_HOSTRUSTFLAGS = --edition=2021 -Zbinary_dep_depinfo=y -Astable_features -Dnon_ascii_idents -Dunsafe_op_in_unsafe_fn -Wmissing_docs -Wrust_2018_idioms -Wunreachable_pub -Wclippy::all -Wclippy::as_ptr_cast_mut -Wclippy::as_underscore -Wclippy::cast_lossless -Wclippy::ignored_unit_patterns -Wclippy::mut_mut -Wclippy::needless_bitwise_bool -Aclippy::needless_lifetimes -Wclippy::no_mangle_with_rust_abi -Wclippy::ptr_as_ptr -Wclippy::ptr_cast_constness -Wclippy::ref_as_ptr -Wclippy::undocumented_unsafe_blocks -Wclippy::unnecessary_safety_comment -Wclippy::unnecessary_safety_doc -Wrustdoc::missing_crate_level_docs -Wrustdoc::unescaped_backticks -O -Cstrip=debuginfo -Zallow-features= 
KBUILD_IMAGE = arch/x86/boot/bzImage
KBUILD_LDFLAGS = -m elf_i386 -z noexecstack
KBUILD_LDFLAGS_MODULE = --build-id=sha1
KBUILD_LDS = arch/x86/kernel/vmlinux.lds
KBUILD_MODULES = 
KBUILD_PROCMACROLDFLAGS =  
KBUILD_RUSTFLAGS = --edition=2021 -Zbinary_dep_depinfo=y -Astable_features -Dnon_ascii_idents -Dunsafe_op_in_unsafe_fn -Wmissing_docs -Wrust_2018_idioms -Wunreachable_pub -Wclippy::all -Wclippy::as_ptr_cast_mut -Wclippy::as_underscore -Wclippy::cast_lossless -Wclippy::ignored_unit_patterns -Wclippy::mut_mut -Wclippy::needless_bitwise_bool -Aclippy::needless_lifetimes -Wclippy::no_mangle_with_rust_abi -Wclippy::ptr_as_ptr -Wclippy::ptr_cast_constness -Wclippy::ref_as_ptr -Wclippy::undocumented_unsafe_blocks -Wclippy::unnecessary_safety_comment -Wclippy::unnecessary_safety_doc -Wrustdoc::missing_crate_level_docs -Wrustdoc::unescaped_backticks -Cpanic=abort -Cembed-bitcode=n -Clto=n -Cforce-unwind-tables=n -Ccodegen-units=1 -Csymbol-mangling-version=v0 -Crelocation-model=static -Zfunction-sections=n -Wclippy::float_arithmetic --target=./scripts/target.json -Ctarget-feature=-sse,-sse2,-sse3,-ssse3,-sse4.1,-sse4.2,-avx,-avx2 -Copt-level=s -Cdebug-assertions=n -Coverflow-checks=n
KBUILD_RUSTFLAGS_KERNEL = 
KBUILD_RUSTFLAGS_MODULE = --cfg MODULE
KBUILD_USERCFLAGS = -Wall -Wmissing-prototypes -Wstrict-prototypes -O2 -fomit-frame-pointer -std=gnu11  -m32
KBUILD_USERLDFLAGS = -m32
KBUILD_VERBOSE = 
KBUILD_VMLINUX_LIBS = 
KBZIP2 = bzip2
KCONFIG_CONFIG = .config
KERNELDOC = ../scripts/kernel-doc.py
KERNELRELEASE = 6.17.0+
KERNELVERSION = 6.17.0
KGZIP = gzip
KLZOP = lzop
LC_COLLATE = C
LC_NUMERIC = C
LD = ld
LDFLAGS_MODULE = 
LEX = flex
LINUXINCLUDE = -I../arch/x86/include -I./arch/x86/include/generated -I../include -I./include -I../arch/x86/include/uapi -I./arch/x86/include/generated/uapi -I../include/uapi -I./include/generated/uapi -include ../include/linux/compiler-version.h -include ../include/linux/kconfig.h
LZ4 = lz4
LZMA = lzma
MAKE = make
MAKEFILES = 
MAKEFILE_LIST = Makefile
MAKEFLAGS = rR --no-print-directory -- O=/home/luis/code/WSKernelSbom/linux/kernel_build subdir=tools/sbom
MAKELEVEL = 4
MAKEOVERRIDES = O=/home/luis/code/WSKernelSbom/linux/kernel_build subdir=tools/sbom
MAKE_COMMAND = make
MAKE_HOST = x86_64-pc-linux-gnu
MAKE_TERMERR = /dev/pts/11
MAKE_TERMOUT = /dev/pts/11
MAKE_VERSION = 4.3
MFLAGS = -rR --no-print-directory
MODLIB = /lib/modules/6.17.0+
NM = nm
NOSTDINC_FLAGS = -nostdinc
O = /home/luis/code/WSKernelSbom/linux/kernel_build
OBJCOPY = objcopy
OBJCOPYFLAGS = 
OBJDUMP = objdump
PAHOLE = pahole
PATCHLEVEL = 17
PERL = perl
PYTHON3 = python3
Q = @
RCS_FIND_IGNORE = \( -name SCCS -o -name BitKeeper -o -name .svn -o -name CVS -o -name .pc -o -name .hg -o -name .git \) -prune -o
READELF = readelf
REALMODE_CFLAGS = -std=gnu11 -m16 -g -Os -DDISABLE_BRANCH_PROFILING -D__DISABLE_EXPORTS -Wall -Wstrict-prototypes -march=i386 -mregparm=3 -fno-strict-aliasing -fomit-frame-pointer -fno-pic -mno-mmx -mno-sse -fcf-protection=none -ffreestanding -fno-stack-protector -Wno-address-of-packed-member -mpreferred-stack-boundary=2
RESOLVE_BTFIDS = ./tools/bpf/resolve_btfids/resolve_btfids
RETHUNK_CFLAGS = 
RETHUNK_RUSTFLAGS = 
RETPOLINE_CFLAGS = -mindirect-branch=thunk-extern -mindirect-branch-register -mindirect-branch-cs-prefix
RETPOLINE_RUSTFLAGS = 
RETPOLINE_VDSO_CFLAGS = -mindirect-branch=thunk-inline -mindirect-branch-register
RUSTC = rustc
RUSTC_BOOTSTRAP = 1
RUSTC_OR_CLIPPY = rustc
RUSTC_OR_CLIPPY_QUIET = RUSTC
RUSTDOC = rustdoc
RUSTFLAGS_KERNEL = 
RUSTFLAGS_MODULE = 
RUSTFMT = rustfmt
SRCARCH = x86
STRIP = strip
SUBLEVEL = 0
SUFFIXES = 
TAR = tar
UTS_MACHINE = i386
VERSION = 6
VPATH = ..
XZ = xz
YACC = bison
ZSTD = zstd
building_out_of_srctree = 1
cross_compiling = 
objtree = /home/luis/code/WSKernelSbom/linux/kernel_build
quiet = quiet_
rust_common_flags = --edition=2021 -Zbinary_dep_depinfo=y -Astable_features -Dnon_ascii_idents -Dunsafe_op_in_unsafe_fn -Wmissing_docs -Wrust_2018_idioms -Wunreachable_pub -Wclippy::all -Wclippy::as_ptr_cast_mut -Wclippy::as_underscore -Wclippy::cast_lossless -Wclippy::ignored_unit_patterns -Wclippy::mut_mut -Wclippy::needless_bitwise_bool -Aclippy::needless_lifetimes -Wclippy::no_mangle_with_rust_abi -Wclippy::ptr_as_ptr -Wclippy::ptr_cast_constness -Wclippy::ref_as_ptr -Wclippy::undocumented_unsafe_blocks -Wclippy::unnecessary_safety_comment -Wclippy::unnecessary_safety_doc -Wrustdoc::missing_crate_level_docs -Wrustdoc::unescaped_backticks
srcroot = ..
srctree = 
sub_make_done = 1
subdir = tools/sbom

Do we want to include all these environment variables or should we only include a specific subset?

Most of the variables are already exported and therefore available as environment variables in the sbom.py script.
Only CURDIR, GNUMAKEFLAGS, MAKEFILES, MAKEFILES_LIST, MAKE_COMMAND, MAKE_HOST, MAKE_VERSION, OLDPWD, SUFFIXES are not exported yet, so we would have to export them explicitly from the sbom tool's Makefile.

Note: Internal make variables like the following are probably not relevant, hence I already filtered them out:

%D = 
%F = 
*D = 
*F = 
+D = 
+F = 
-*-command-variables-*- = O=/home/luis/code/WSKernelSbom/linux/kernel_build subdir=tools/sbom
.DEFAULT_GOAL = all
.FEATURES = target-specific order-only second-expansion else-if shortest-stem undefine oneshell nocomment grouped-target extra-prereqs archives jobserver output-sync check-symlink load
.INCLUDE_DIRS = /usr/local/include /usr/include /usr/include
.LOADED = 
.RECIPEPREFIX = 
.SHELLFLAGS = -c
.VARIABLES = ZSTD PYDEVD_DISABLE_FILE_VALIDATION KBUILD_AFLAGS_KERNEL AR HOSTPKG_CONFIG ARCH_CORE RESOLVE_BTFIDS LDFLAGS_MODULE AMENT_PREFIX_PATH PULSE_SERVER OSH HOSTCC BINDGEN RUSTC_BOOTSTRAP WSLENV VPATH RETHUNK_RUSTFLAGS NOSTDINC_FLAGS KBUILD_EXTRA_WARN LC_NUMERIC KBUILD_IMAGE RETPOLINE_VDSO_CFLAGS KBUILD_CFLAGS PERL AFLAGS_MODULE O NVM_DIR MAKE_COMMAND ROS_PYTHON_VERSION KERNELDOC KBUILD_AFLAGS VSCODE_GIT_ASKPASS_EXTRA_ARGS @D PYTHONSTARTUP PYENV_SHELL PYTHON_BASIC_REPL KBUILD_PROCMACROLDFLAGS Q HOSTCXX RETHUNK_CFLAGS .VARIABLES PWD %D sub_make_done ROS_VERSION LSCOLORS PYTHON3 XDG_DATA_DIRS KBUILD_LDFLAGS_MODULE OLDPWD ^D %F NVM_INC RETPOLINE_CFLAGS LANG KGZIP .LOADED .INCLUDE_DIRS CFLAGS_MODULE MAKEFLAGS TAR RCS_FIND_IGNORE KBUILD_CHECKSRC rust_common_flags CURDIR KBUILD_VMLINUX_LIBS LESSOPEN *D VERSION KBUILD_HOSTCXXFLAGS ENVMAN_LOAD MFLAGS SSH_AUTH_SOCK .SHELLFLAGS NVM_BIN WSL2_GUI_APPS_ENABLED WAYLAND_DISPLAY HISTSIZE KBUILD_HOSTRUSTFLAGS BITS +D SRCARCH GIT_ASKPASS CLIPPY_CONF_DIR CC_FLAGS_FPU MAKEFILE_LIST @F KBUILD_CFLAGS_KERNEL quiet LC_COLLATE KBUILD_CFLAGS_MODULE ?D LZMA srctree VSCODE_DEBUGPY_ADAPTER_ENDPOINTS *F AWK INSTALL_DTBS_PATH CFLAGS_KERNEL DBUS_SESSION_BUS_ADDRESS CHECK <D HISTFILESIZE MAKE_HOST ROS_DISTRO SHELL LD_LIBRARY_PATH SHLVL BASH MAKELEVEL OBJDUMP MAKE KBUILD_HOSTLDLIBS PATH KBUILD_VERBOSE MAKEFILES VSCODE_GIT_IPC_HANDLE LZ4 VSCODE_GIT_ASKPASS_NODE KBUILD_MODULES MOTD_SHOWN ^F RUSTC_OR_CLIPPY_QUIET objtree VSCODE_GIT_ASKPASS_MAIN RUSTFLAGS_KERNEL KBUILD_RUSTFLAGS_MODULE building_out_of_srctree OBJCOPYFLAGS KLZOP CPP INSTALLKERNEL KCONFIG_CONFIG KBUILD_RUSTFLAGS_KERNEL TERM_PROGRAM subdir LESSCLOSE ?F CROSS_COMPILE NAME KBUILD_AFLAGS_MODULE SUBLEVEL READELF RETPOLINE_RUSTFLAGS HOSTTYPE LS_COLORS +F LESS KBUILD_CPPFLAGS WSL_INTEROP PYENV_ROOT GNUMAKEFLAGS KBUILD_LDFLAGS LOGNAME YACC KBUILD_EXTMOD KBUILD_HOSTLDFLAGS KBUILD_LDS KBUILD_HOSTCFLAGS UTS_MACHINE CFLAGS_GCOV .DEFAULT_GOAL CONFIG_SHELL ARCH OPENAI_API_KEY DISPLAY USER MAKE_VERSION MODLIB MAKEOVERRIDES PAHOLE OPENAI_MODEL ARCH_DRIVERS HOSTRUSTC KBUILD_CLIPPY PYTHONPATH SSH_AGENT_PID PAGER PATCHLEVEL -*-command-variables-*- _ MAKE_TERMOUT XDG_RUNTIME_DIR RUSTC_OR_CLIPPY ROS_LOCALHOST_ONLY KBUILD_RUSTFLAGS COLORTERM RUSTC LC_CTYPE REALMODE_CFLAGS VSCODE_IPC_HOOK_CLI GOOGLE_APPLICATION_CREDENTIALS KBUILD_USERLDFLAGS VSCODE_PYTHON_AUTOACTIVATE_GUARD NVM_CD_FLAGS MAKE_TERMERR cross_compiling INSTALL_PATH BUNDLED_DEBUGPY_PATH HOME CC_FLAGS_NO_FPU OPENAI_BASE_URL RUSTFMT LEX TERM NM .RECIPEPREFIX <F ARCH_LIB KBUILD_USERCFLAGS INSTALL_HDR_PATH SUFFIXES XZ RUSTDOC LD WSL_DISTRO_NAME LINUXINCLUDE STRIP .FEATURES srcroot CC OBJCOPY AFLAGS_KERNEL RUSTFLAGS_MODULE KBUILD_BUILTIN TERM_PROGRAM_VERSION KERNELRELEASE KERNELVERSION CHECKFLAGS KBZIP2
<D = 
<F = 
?D = 
?F = 
@D = .
@F = all
^D = 
^F =