diff options
| author | Ross Burton <ross@burtonini.com> | 2021-09-03 17:00:33 +0100 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-09-04 08:44:11 +0100 |
| commit | 4d3692b5a7e37f066dc995bf6aabec55db72f5ec (patch) | |
| tree | a995cea487e426373271e127584a3463e2ce5b66 | |
| parent | 41a29f0b9642668538f9e5e84db9623304b5c820 (diff) | |
| download | poky-4d3692b5a7e37f066dc995bf6aabec55db72f5ec.tar.gz | |
create-spdx: don't duplicate license texts in each package
Instead of putting the full license text for non-SPDX licenses into the
recipe and every package, use links to the recipe from the packages if
possible.
(From OE-Core rev: 9220d35dc9071ebbe991117af8261ad99f321bb3)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| -rw-r--r-- | meta/classes/create-spdx.bbclass | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass index cbb9239991..1e0b360558 100644 --- a/meta/classes/create-spdx.bbclass +++ b/meta/classes/create-spdx.bbclass | |||
| @@ -50,7 +50,7 @@ python() { | |||
| 50 | d.setVar("SPDX_LICENSE_DATA", data) | 50 | d.setVar("SPDX_LICENSE_DATA", data) |
| 51 | } | 51 | } |
| 52 | 52 | ||
| 53 | def convert_license_to_spdx(lic, document, d): | 53 | def convert_license_to_spdx(lic, document, d, existing={}): |
| 54 | from pathlib import Path | 54 | from pathlib import Path |
| 55 | import oe.spdx | 55 | import oe.spdx |
| 56 | 56 | ||
| @@ -109,8 +109,11 @@ def convert_license_to_spdx(lic, document, d): | |||
| 109 | if spdx_license in license_data["licenses"]: | 109 | if spdx_license in license_data["licenses"]: |
| 110 | return spdx_license | 110 | return spdx_license |
| 111 | 111 | ||
| 112 | spdx_license = "LicenseRef-" + l | 112 | try: |
| 113 | add_extracted_license(spdx_license, l) | 113 | spdx_license = existing[l] |
| 114 | except KeyError: | ||
| 115 | spdx_license = "LicenseRef-" + l | ||
| 116 | add_extracted_license(spdx_license, l) | ||
| 114 | 117 | ||
| 115 | return spdx_license | 118 | return spdx_license |
| 116 | 119 | ||
| @@ -462,7 +465,14 @@ python do_create_spdx() { | |||
| 462 | doc_sha1 = oe.sbom.write_doc(d, doc, "recipes") | 465 | doc_sha1 = oe.sbom.write_doc(d, doc, "recipes") |
| 463 | dep_recipes.append(oe.sbom.DepRecipe(doc, doc_sha1, recipe)) | 466 | dep_recipes.append(oe.sbom.DepRecipe(doc, doc_sha1, recipe)) |
| 464 | 467 | ||
| 468 | recipe_ref = oe.spdx.SPDXExternalDocumentRef() | ||
| 469 | recipe_ref.externalDocumentId = "DocumentRef-recipe-" + recipe.name | ||
| 470 | recipe_ref.spdxDocument = doc.documentNamespace | ||
| 471 | recipe_ref.checksum.algorithm = "SHA1" | ||
| 472 | recipe_ref.checksum.checksumValue = doc_sha1 | ||
| 473 | |||
| 465 | sources = collect_dep_sources(d, dep_recipes) | 474 | sources = collect_dep_sources(d, dep_recipes) |
| 475 | found_licenses = {license.name:recipe_ref.externalDocumentId + ":" + license.licenseId for license in doc.hasExtractedLicensingInfos} | ||
| 466 | 476 | ||
| 467 | if not is_native: | 477 | if not is_native: |
| 468 | bb.build.exec_func("read_subpackage_metadata", d) | 478 | bb.build.exec_func("read_subpackage_metadata", d) |
| @@ -482,13 +492,6 @@ python do_create_spdx() { | |||
| 482 | package_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass") | 492 | package_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass") |
| 483 | package_doc.creationInfo.creators.append("Organization: OpenEmbedded ()") | 493 | package_doc.creationInfo.creators.append("Organization: OpenEmbedded ()") |
| 484 | package_doc.creationInfo.creators.append("Person: N/A ()") | 494 | package_doc.creationInfo.creators.append("Person: N/A ()") |
| 485 | |||
| 486 | recipe_ref = oe.spdx.SPDXExternalDocumentRef() | ||
| 487 | recipe_ref.externalDocumentId = "DocumentRef-recipe-" + recipe.name | ||
| 488 | recipe_ref.spdxDocument = doc.documentNamespace | ||
| 489 | recipe_ref.checksum.algorithm = "SHA1" | ||
| 490 | recipe_ref.checksum.checksumValue = doc_sha1 | ||
| 491 | |||
| 492 | package_doc.externalDocumentRefs.append(recipe_ref) | 495 | package_doc.externalDocumentRefs.append(recipe_ref) |
| 493 | 496 | ||
| 494 | package_license = d.getVar("LICENSE:%s" % package) or d.getVar("LICENSE") | 497 | package_license = d.getVar("LICENSE:%s" % package) or d.getVar("LICENSE") |
| @@ -498,7 +501,7 @@ python do_create_spdx() { | |||
| 498 | spdx_package.SPDXID = oe.sbom.get_package_spdxid(pkg_name) | 501 | spdx_package.SPDXID = oe.sbom.get_package_spdxid(pkg_name) |
| 499 | spdx_package.name = pkg_name | 502 | spdx_package.name = pkg_name |
| 500 | spdx_package.versionInfo = d.getVar("PV") | 503 | spdx_package.versionInfo = d.getVar("PV") |
| 501 | spdx_package.licenseDeclared = convert_license_to_spdx(package_license, package_doc, d) | 504 | spdx_package.licenseDeclared = convert_license_to_spdx(package_license, package_doc, d, found_licenses) |
| 502 | 505 | ||
| 503 | package_doc.packages.append(spdx_package) | 506 | package_doc.packages.append(spdx_package) |
| 504 | 507 | ||