summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndres Beltran <abeltran@linux.microsoft.com>2021-11-04 16:48:56 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-11-15 11:56:16 +0000
commitce68ec010fa856c2f3c8ed2b7c100fb9604a4ddd (patch)
tree50bd22d8a973cbfd8758ce7f05610f1ed5cff6c8
parentbe28d98b3adfa58ca65102040c41a8390aa145a6 (diff)
downloadpoky-ce68ec010fa856c2f3c8ed2b7c100fb9604a4ddd.tar.gz
create-spdx: Set the Organization field via a variable
Currently, the "Organization" field for SBOMs is hard-coded in create-spdx. Create a new variable SPDX_ORG to make this field more generic. (From OE-Core rev: e370039febe601127347da977ff9b7e5c7470315) Signed-off-by: Andres Beltran <abeltran@linux.microsoft.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f239814f3f5d9bd54de54b0f2a5081067336e32b) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat
-rw-r--r--meta/classes/create-spdx.bbclass10
1 files changed, 6 insertions, 4 deletions
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index c35dbe1184..eb1d446f3f 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -28,6 +28,8 @@ SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdoc"
28 28
29SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json" 29SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json"
30 30
31SPDX_ORG ??= "OpenEmbedded ()"
32
31do_image_complete[depends] = "virtual/kernel:do_create_spdx" 33do_image_complete[depends] = "virtual/kernel:do_create_spdx"
32 34
33def get_doc_namespace(d, doc): 35def get_doc_namespace(d, doc):
@@ -415,7 +417,7 @@ python do_create_spdx() {
415 doc.creationInfo.comment = "This document was created by analyzing recipe files during the build." 417 doc.creationInfo.comment = "This document was created by analyzing recipe files during the build."
416 doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"] 418 doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
417 doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass") 419 doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
418 doc.creationInfo.creators.append("Organization: OpenEmbedded ()") 420 doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
419 doc.creationInfo.creators.append("Person: N/A ()") 421 doc.creationInfo.creators.append("Person: N/A ()")
420 422
421 recipe = oe.spdx.SPDXPackage() 423 recipe = oe.spdx.SPDXPackage()
@@ -519,7 +521,7 @@ python do_create_spdx() {
519 package_doc.creationInfo.comment = "This document was created by analyzing packages created during the build." 521 package_doc.creationInfo.comment = "This document was created by analyzing packages created during the build."
520 package_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"] 522 package_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
521 package_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass") 523 package_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
522 package_doc.creationInfo.creators.append("Organization: OpenEmbedded ()") 524 package_doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
523 package_doc.creationInfo.creators.append("Person: N/A ()") 525 package_doc.creationInfo.creators.append("Person: N/A ()")
524 package_doc.externalDocumentRefs.append(recipe_ref) 526 package_doc.externalDocumentRefs.append(recipe_ref)
525 527
@@ -653,7 +655,7 @@ python do_create_runtime_spdx() {
653 runtime_doc.creationInfo.comment = "This document was created by analyzing package runtime dependencies." 655 runtime_doc.creationInfo.comment = "This document was created by analyzing package runtime dependencies."
654 runtime_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"] 656 runtime_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
655 runtime_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass") 657 runtime_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
656 runtime_doc.creationInfo.creators.append("Organization: OpenEmbedded ()") 658 runtime_doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
657 runtime_doc.creationInfo.creators.append("Person: N/A ()") 659 runtime_doc.creationInfo.creators.append("Person: N/A ()")
658 660
659 package_ref = oe.spdx.SPDXExternalDocumentRef() 661 package_ref = oe.spdx.SPDXExternalDocumentRef()
@@ -813,7 +815,7 @@ python image_combine_spdx() {
813 doc.creationInfo.comment = "This document was created by analyzing the source of the Yocto recipe during the build." 815 doc.creationInfo.comment = "This document was created by analyzing the source of the Yocto recipe during the build."
814 doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"] 816 doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"]
815 doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass") 817 doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
816 doc.creationInfo.creators.append("Organization: OpenEmbedded ()") 818 doc.creationInfo.creators.append("Organization: %s" % d.getVar("SPDX_ORG"))
817 doc.creationInfo.creators.append("Person: N/A ()") 819 doc.creationInfo.creators.append("Person: N/A ()")
818 820
819 image = oe.spdx.SPDXPackage() 821 image = oe.spdx.SPDXPackage()
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-05 09:44:29 +0000