I'm using yocto to build linux for am embedded device. I need to produce a software bill of materials (SBOM), which will mostly consist of a list of the packages included in the build, their version numbers, and dependencies. I've managed to find all this metadata in the tmp/pkgdata directory. However, I've hit a problem in that pkgdata isn't just for the most recent build. If I remove a package, for example, and then rebuild, that package will still exist in pkgdata. So really what I need is a list of packages that were included in my most recent build (included packages that were cached and didn't need to be recompiled).
Does anyone know how I might go about acquiring such a list? Once I know the package names, I should be able to pull everything else I need from the pkgdata directory.
You can also use their built-in SBOM generation ability: https://docs.yoctoproject.org/dev/dev-manual/sbom.html