diff options
| author | joshua Watt <JPEWhacker@gmail.com> | 2024-05-02 08:57:50 -0600 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-05-09 09:55:27 +0100 |
| commit | 3bf65ca15fbd94e118fefd74be587bd6b0ceaf54 (patch) | |
| tree | 72e21ab92c85a77ac1e333557029d4972f65dc07 /meta/classes/create-spdx-2.2.bbclass | |
| parent | c17d11189cfe0f82396ba24dce807728ae4c8f78 (diff) | |
| download | poky-3bf65ca15fbd94e118fefd74be587bd6b0ceaf54.tar.gz | |
classes/create-spdx-2.2: Fix SPDX dependencies for ABI Safe recipes
SPDX Documents can currently get into a state where they reference SPDX
IDs that do not exist (locally). The reason for this is that some
tasks/recipes are marked as ABI safe, and thus are excluded from
taskhash. This means that when SPDX creates a document, it will refer to
the SPDX ID in the dependency at the time when the document is created,
but if the dependency changes and gets a new SPDX ID, the document will
not rebuild to reference the new SPDX ID, causing it to be dangling.
Fix this by using the new field in BB_TASKDEPDATA to skip dependencies
that are not part of the taskhash calculation.
(From OE-Core rev: 8393557b5229c7a0cea18a586848384bff1d7424)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/create-spdx-2.2.bbclass')
| -rw-r--r-- | meta/classes/create-spdx-2.2.bbclass | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/meta/classes/create-spdx-2.2.bbclass b/meta/classes/create-spdx-2.2.bbclass index 4ea91f6499..7c8a0b8b0f 100644 --- a/meta/classes/create-spdx-2.2.bbclass +++ b/meta/classes/create-spdx-2.2.bbclass | |||
| @@ -357,7 +357,13 @@ def collect_dep_recipes(d, doc, spdx_recipe): | |||
| 357 | with spdx_deps_file.open("r") as f: | 357 | with spdx_deps_file.open("r") as f: |
| 358 | deps = json.load(f) | 358 | deps = json.load(f) |
| 359 | 359 | ||
| 360 | for dep_pn, dep_hashfn in deps: | 360 | for dep_pn, dep_hashfn, in_taskhash in deps: |
| 361 | # If this dependency is not calculated in the taskhash skip it. | ||
| 362 | # Otherwise, it can result in broken links since this task won't | ||
| 363 | # rebuild and see the new SPDX ID if the dependency changes | ||
| 364 | if not in_taskhash: | ||
| 365 | continue | ||
| 366 | |||
| 361 | dep_recipe_path = oe.sbom.doc_find_by_hashfn(deploy_dir_spdx, package_archs, "recipe-" + dep_pn, dep_hashfn) | 367 | dep_recipe_path = oe.sbom.doc_find_by_hashfn(deploy_dir_spdx, package_archs, "recipe-" + dep_pn, dep_hashfn) |
| 362 | if not dep_recipe_path: | 368 | if not dep_recipe_path: |
| 363 | bb.fatal("Cannot find any SPDX file for recipe %s, %s" % (dep_pn, dep_hashfn)) | 369 | bb.fatal("Cannot find any SPDX file for recipe %s, %s" % (dep_pn, dep_hashfn)) |
| @@ -478,7 +484,7 @@ def collect_direct_deps(d, dep_task): | |||
| 478 | for dep_name in this_dep[3]: | 484 | for dep_name in this_dep[3]: |
| 479 | dep_data = taskdepdata[dep_name] | 485 | dep_data = taskdepdata[dep_name] |
| 480 | if dep_data[1] == dep_task and dep_data[0] != pn: | 486 | if dep_data[1] == dep_task and dep_data[0] != pn: |
| 481 | deps.add((dep_data[0], dep_data[7])) | 487 | deps.add((dep_data[0], dep_data[7], dep_name in this_dep[8])) |
| 482 | 488 | ||
| 483 | return sorted(deps) | 489 | return sorted(deps) |
| 484 | 490 | ||
| @@ -721,9 +727,9 @@ def collect_package_providers(d): | |||
| 721 | providers = {} | 727 | providers = {} |
| 722 | 728 | ||
| 723 | deps = collect_direct_deps(d, "do_create_spdx") | 729 | deps = collect_direct_deps(d, "do_create_spdx") |
| 724 | deps.append((d.getVar("PN"), d.getVar("BB_HASHFILENAME"))) | 730 | deps.append((d.getVar("PN"), d.getVar("BB_HASHFILENAME"), True)) |
| 725 | 731 | ||
| 726 | for dep_pn, dep_hashfn in deps: | 732 | for dep_pn, dep_hashfn, _ in deps: |
| 727 | localdata = d | 733 | localdata = d |
| 728 | recipe_data = oe.packagedata.read_pkgdata(dep_pn, localdata) | 734 | recipe_data = oe.packagedata.read_pkgdata(dep_pn, localdata) |
| 729 | if not recipe_data: | 735 | if not recipe_data: |