diff options
| author | Joshua Watt <JPEWhacker@gmail.com> | 2021-09-01 08:44:55 -0500 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-09-03 09:53:29 +0100 |
| commit | cf707e8323f3955fc182a9b6cf48eaa721e68157 (patch) | |
| tree | d6947747219e0fdcd7e121e2b5cb3df270c14e5a /meta/classes/create-spdx.bbclass | |
| parent | b8b45c35fa6fe70a102e1faf296d58340584cae1 (diff) | |
| download | poky-cf707e8323f3955fc182a9b6cf48eaa721e68157.tar.gz | |
classes/create-spdx: Skip package processing for native recipes
Native recipes do not produce packages and should not process them,
otherwise it can trigger an error in read_subpackage_metadata
(From OE-Core rev: ea077b1ff6a4ccd5241a085bf9a3f67011e0f7bf)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes/create-spdx.bbclass')
| -rw-r--r-- | meta/classes/create-spdx.bbclass | 263 |
1 files changed, 134 insertions, 129 deletions
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass index db1d1756c9..6af4181087 100644 --- a/meta/classes/create-spdx.bbclass +++ b/meta/classes/create-spdx.bbclass | |||
| @@ -344,7 +344,6 @@ python do_create_spdx() { | |||
| 344 | else: | 344 | else: |
| 345 | yield None | 345 | yield None |
| 346 | 346 | ||
| 347 | bb.build.exec_func("read_subpackage_metadata", d) | ||
| 348 | 347 | ||
| 349 | deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX")) | 348 | deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX")) |
| 350 | spdx_workdir = Path(d.getVar("SPDXWORK")) | 349 | spdx_workdir = Path(d.getVar("SPDXWORK")) |
| @@ -352,6 +351,7 @@ python do_create_spdx() { | |||
| 352 | include_sources = d.getVar("SPDX_INCLUDE_SOURCES") == "1" | 351 | include_sources = d.getVar("SPDX_INCLUDE_SOURCES") == "1" |
| 353 | archive_sources = d.getVar("SPDX_ARCHIVE_SOURCES") == "1" | 352 | archive_sources = d.getVar("SPDX_ARCHIVE_SOURCES") == "1" |
| 354 | archive_packaged = d.getVar("SPDX_ARCHIVE_PACKAGED") == "1" | 353 | archive_packaged = d.getVar("SPDX_ARCHIVE_PACKAGED") == "1" |
| 354 | is_native = bb.data.inherits_class("native", d) | ||
| 355 | 355 | ||
| 356 | creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ") | 356 | creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ") |
| 357 | 357 | ||
| @@ -442,62 +442,65 @@ python do_create_spdx() { | |||
| 442 | 442 | ||
| 443 | sources = collect_dep_sources(d, dep_recipes) | 443 | sources = collect_dep_sources(d, dep_recipes) |
| 444 | 444 | ||
| 445 | pkgdest = Path(d.getVar("PKGDEST")) | 445 | if not is_native: |
| 446 | for package in d.getVar("PACKAGES").split(): | 446 | bb.build.exec_func("read_subpackage_metadata", d) |
| 447 | if not oe.packagedata.packaged(package, d): | ||
| 448 | continue | ||
| 449 | |||
| 450 | package_doc = oe.spdx.SPDXDocument() | ||
| 451 | pkg_name = d.getVar("PKG:%s" % package) or package | ||
| 452 | package_doc.name = pkg_name | ||
| 453 | package_doc.documentNamespace = get_doc_namespace(d, package_doc) | ||
| 454 | package_doc.creationInfo.created = creation_time | ||
| 455 | package_doc.creationInfo.comment = "This document was created by analyzing packages created during the build." | ||
| 456 | package_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"] | ||
| 457 | package_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass") | ||
| 458 | package_doc.creationInfo.creators.append("Organization: OpenEmbedded ()") | ||
| 459 | package_doc.creationInfo.creators.append("Person: N/A ()") | ||
| 460 | |||
| 461 | recipe_ref = oe.spdx.SPDXExternalDocumentRef() | ||
| 462 | recipe_ref.externalDocumentId = "DocumentRef-recipe-" + recipe.name | ||
| 463 | recipe_ref.spdxDocument = doc.documentNamespace | ||
| 464 | recipe_ref.checksum.algorithm = "SHA1" | ||
| 465 | recipe_ref.checksum.checksumValue = doc_sha1 | ||
| 466 | |||
| 467 | package_doc.externalDocumentRefs.append(recipe_ref) | ||
| 468 | |||
| 469 | package_license = d.getVar("LICENSE:%s" % package) or d.getVar("LICENSE") | ||
| 470 | 447 | ||
| 471 | spdx_package = oe.spdx.SPDXPackage() | 448 | pkgdest = Path(d.getVar("PKGDEST")) |
| 472 | 449 | for package in d.getVar("PACKAGES").split(): | |
| 473 | spdx_package.SPDXID = oe.sbom.get_package_spdxid(pkg_name) | 450 | if not oe.packagedata.packaged(package, d): |
| 474 | spdx_package.name = pkg_name | 451 | continue |
| 475 | spdx_package.versionInfo = d.getVar("PV") | ||
| 476 | spdx_package.licenseDeclared = convert_license_to_spdx(package_license, package_doc, d) | ||
| 477 | |||
| 478 | package_doc.packages.append(spdx_package) | ||
| 479 | 452 | ||
| 480 | package_doc.add_relationship(spdx_package, "GENERATED_FROM", "%s:%s" % (recipe_ref.externalDocumentId, recipe.SPDXID)) | 453 | package_doc = oe.spdx.SPDXDocument() |
| 481 | package_doc.add_relationship(package_doc, "DESCRIBES", spdx_package) | 454 | pkg_name = d.getVar("PKG:%s" % package) or package |
| 455 | package_doc.name = pkg_name | ||
| 456 | package_doc.documentNamespace = get_doc_namespace(d, package_doc) | ||
| 457 | package_doc.creationInfo.created = creation_time | ||
| 458 | package_doc.creationInfo.comment = "This document was created by analyzing packages created during the build." | ||
| 459 | package_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"] | ||
| 460 | package_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass") | ||
| 461 | package_doc.creationInfo.creators.append("Organization: OpenEmbedded ()") | ||
| 462 | package_doc.creationInfo.creators.append("Person: N/A ()") | ||
| 463 | |||
| 464 | recipe_ref = oe.spdx.SPDXExternalDocumentRef() | ||
| 465 | recipe_ref.externalDocumentId = "DocumentRef-recipe-" + recipe.name | ||
| 466 | recipe_ref.spdxDocument = doc.documentNamespace | ||
| 467 | recipe_ref.checksum.algorithm = "SHA1" | ||
| 468 | recipe_ref.checksum.checksumValue = doc_sha1 | ||
| 469 | |||
| 470 | package_doc.externalDocumentRefs.append(recipe_ref) | ||
| 471 | |||
| 472 | package_license = d.getVar("LICENSE:%s" % package) or d.getVar("LICENSE") | ||
| 473 | |||
| 474 | spdx_package = oe.spdx.SPDXPackage() | ||
| 475 | |||
| 476 | spdx_package.SPDXID = oe.sbom.get_package_spdxid(pkg_name) | ||
| 477 | spdx_package.name = pkg_name | ||
| 478 | spdx_package.versionInfo = d.getVar("PV") | ||
| 479 | spdx_package.licenseDeclared = convert_license_to_spdx(package_license, package_doc, d) | ||
| 480 | |||
| 481 | package_doc.packages.append(spdx_package) | ||
| 482 | |||
| 483 | package_doc.add_relationship(spdx_package, "GENERATED_FROM", "%s:%s" % (recipe_ref.externalDocumentId, recipe.SPDXID)) | ||
| 484 | package_doc.add_relationship(package_doc, "DESCRIBES", spdx_package) | ||
| 485 | |||
| 486 | package_archive = deploy_dir_spdx / "packages" / (package_doc.name + ".tar.zst") | ||
| 487 | with optional_tarfile(package_archive, archive_packaged) as archive: | ||
| 488 | package_files = add_package_files( | ||
| 489 | d, | ||
| 490 | package_doc, | ||
| 491 | spdx_package, | ||
| 492 | pkgdest / package, | ||
| 493 | lambda file_counter: oe.sbom.get_packaged_file_spdxid(pkg_name, file_counter), | ||
| 494 | lambda filepath: ["BINARY"], | ||
| 495 | archive=archive, | ||
| 496 | ) | ||
| 482 | 497 | ||
| 483 | package_archive = deploy_dir_spdx / "packages" / (package_doc.name + ".tar.zst") | 498 | if archive is not None: |
| 484 | with optional_tarfile(package_archive, archive_packaged) as archive: | 499 | spdx_package.packageFileName = str(package_archive.name) |
| 485 | package_files = add_package_files( | ||
| 486 | d, | ||
| 487 | package_doc, | ||
| 488 | spdx_package, | ||
| 489 | pkgdest / package, | ||
| 490 | lambda file_counter: oe.sbom.get_packaged_file_spdxid(pkg_name, file_counter), | ||
| 491 | lambda filepath: ["BINARY"], | ||
| 492 | archive=archive, | ||
| 493 | ) | ||
| 494 | |||
| 495 | if archive is not None: | ||
| 496 | spdx_package.packageFileName = str(package_archive.name) | ||
| 497 | 500 | ||
| 498 | add_package_sources_from_debug(d, package_doc, spdx_package, package, package_files, sources) | 501 | add_package_sources_from_debug(d, package_doc, spdx_package, package, package_files, sources) |
| 499 | 502 | ||
| 500 | oe.sbom.write_doc(d, package_doc, "packages") | 503 | oe.sbom.write_doc(d, package_doc, "packages") |
| 501 | } | 504 | } |
| 502 | # NOTE: depending on do_unpack is a hack that is necessary to get it's dependencies for archive the source | 505 | # NOTE: depending on do_unpack is a hack that is necessary to get it's dependencies for archive the source |
| 503 | addtask do_create_spdx after do_package do_packagedata do_unpack before do_build do_rm_work | 506 | addtask do_create_spdx after do_package do_packagedata do_unpack before do_build do_rm_work |
| @@ -557,106 +560,108 @@ python do_create_runtime_spdx() { | |||
| 557 | 560 | ||
| 558 | deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX")) | 561 | deploy_dir_spdx = Path(d.getVar("DEPLOY_DIR_SPDX")) |
| 559 | spdx_deploy = Path(d.getVar("SPDXRUNTIMEDEPLOY")) | 562 | spdx_deploy = Path(d.getVar("SPDXRUNTIMEDEPLOY")) |
| 563 | is_native = bb.data.inherits_class("native", d) | ||
| 560 | 564 | ||
| 561 | creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ") | 565 | creation_time = datetime.now(tz=timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ") |
| 562 | 566 | ||
| 563 | providers = collect_package_providers(d) | 567 | providers = collect_package_providers(d) |
| 564 | 568 | ||
| 565 | bb.build.exec_func("read_subpackage_metadata", d) | 569 | if not is_native: |
| 570 | bb.build.exec_func("read_subpackage_metadata", d) | ||
| 566 | 571 | ||
| 567 | dep_package_cache = {} | 572 | dep_package_cache = {} |
| 568 | 573 | ||
| 569 | pkgdest = Path(d.getVar("PKGDEST")) | 574 | pkgdest = Path(d.getVar("PKGDEST")) |
| 570 | for package in d.getVar("PACKAGES").split(): | 575 | for package in d.getVar("PACKAGES").split(): |
| 571 | localdata = bb.data.createCopy(d) | 576 | localdata = bb.data.createCopy(d) |
| 572 | pkg_name = d.getVar("PKG:%s" % package) or package | 577 | pkg_name = d.getVar("PKG:%s" % package) or package |
| 573 | localdata.setVar("PKG", pkg_name) | 578 | localdata.setVar("PKG", pkg_name) |
| 574 | localdata.setVar('OVERRIDES', d.getVar("OVERRIDES", False) + ":" + package) | 579 | localdata.setVar('OVERRIDES', d.getVar("OVERRIDES", False) + ":" + package) |
| 575 | 580 | ||
| 576 | if not oe.packagedata.packaged(package, localdata): | 581 | if not oe.packagedata.packaged(package, localdata): |
| 577 | continue | 582 | continue |
| 578 | 583 | ||
| 579 | pkg_spdx_path = deploy_dir_spdx / "packages" / (pkg_name + ".spdx.json") | 584 | pkg_spdx_path = deploy_dir_spdx / "packages" / (pkg_name + ".spdx.json") |
| 580 | 585 | ||
| 581 | package_doc, package_doc_sha1 = oe.sbom.read_doc(pkg_spdx_path) | 586 | package_doc, package_doc_sha1 = oe.sbom.read_doc(pkg_spdx_path) |
| 582 | 587 | ||
| 583 | for p in package_doc.packages: | 588 | for p in package_doc.packages: |
| 584 | if p.name == pkg_name: | 589 | if p.name == pkg_name: |
| 585 | spdx_package = p | 590 | spdx_package = p |
| 586 | break | 591 | break |
| 587 | else: | 592 | else: |
| 588 | bb.fatal("Package '%s' not found in %s" % (pkg_name, pkg_spdx_path)) | 593 | bb.fatal("Package '%s' not found in %s" % (pkg_name, pkg_spdx_path)) |
| 589 | 594 | ||
| 590 | runtime_doc = oe.spdx.SPDXDocument() | 595 | runtime_doc = oe.spdx.SPDXDocument() |
| 591 | runtime_doc.name = "runtime-" + pkg_name | 596 | runtime_doc.name = "runtime-" + pkg_name |
| 592 | runtime_doc.documentNamespace = get_doc_namespace(localdata, runtime_doc) | 597 | runtime_doc.documentNamespace = get_doc_namespace(localdata, runtime_doc) |
| 593 | runtime_doc.creationInfo.created = creation_time | 598 | runtime_doc.creationInfo.created = creation_time |
| 594 | runtime_doc.creationInfo.comment = "This document was created by analyzing package runtime dependencies." | 599 | runtime_doc.creationInfo.comment = "This document was created by analyzing package runtime dependencies." |
| 595 | runtime_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"] | 600 | runtime_doc.creationInfo.licenseListVersion = d.getVar("SPDX_LICENSE_DATA")["licenseListVersion"] |
| 596 | runtime_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass") | 601 | runtime_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass") |
| 597 | runtime_doc.creationInfo.creators.append("Organization: OpenEmbedded ()") | 602 | runtime_doc.creationInfo.creators.append("Organization: OpenEmbedded ()") |
| 598 | runtime_doc.creationInfo.creators.append("Person: N/A ()") | 603 | runtime_doc.creationInfo.creators.append("Person: N/A ()") |
| 599 | 604 | ||
| 600 | package_ref = oe.spdx.SPDXExternalDocumentRef() | 605 | package_ref = oe.spdx.SPDXExternalDocumentRef() |
| 601 | package_ref.externalDocumentId = "DocumentRef-package-" + package | 606 | package_ref.externalDocumentId = "DocumentRef-package-" + package |
| 602 | package_ref.spdxDocument = package_doc.documentNamespace | 607 | package_ref.spdxDocument = package_doc.documentNamespace |
| 603 | package_ref.checksum.algorithm = "SHA1" | 608 | package_ref.checksum.algorithm = "SHA1" |
| 604 | package_ref.checksum.checksumValue = package_doc_sha1 | 609 | package_ref.checksum.checksumValue = package_doc_sha1 |
| 605 | 610 | ||
| 606 | runtime_doc.externalDocumentRefs.append(package_ref) | 611 | runtime_doc.externalDocumentRefs.append(package_ref) |
| 607 | |||
| 608 | runtime_doc.add_relationship( | ||
| 609 | runtime_doc.SPDXID, | ||
| 610 | "AMENDS", | ||
| 611 | "%s:%s" % (package_ref.externalDocumentId, package_doc.SPDXID) | ||
| 612 | ) | ||
| 613 | |||
| 614 | deps = bb.utils.explode_dep_versions2(localdata.getVar("RDEPENDS") or "") | ||
| 615 | seen_deps = set() | ||
| 616 | for dep, _ in deps.items(): | ||
| 617 | if dep in seen_deps: | ||
| 618 | continue | ||
| 619 | 612 | ||
| 620 | dep = providers[dep] | 613 | runtime_doc.add_relationship( |
| 614 | runtime_doc.SPDXID, | ||
| 615 | "AMENDS", | ||
| 616 | "%s:%s" % (package_ref.externalDocumentId, package_doc.SPDXID) | ||
| 617 | ) | ||
| 621 | 618 | ||
| 622 | if not oe.packagedata.packaged(dep, localdata): | 619 | deps = bb.utils.explode_dep_versions2(localdata.getVar("RDEPENDS") or "") |
| 623 | continue | 620 | seen_deps = set() |
| 621 | for dep, _ in deps.items(): | ||
| 622 | if dep in seen_deps: | ||
| 623 | continue | ||
| 624 | 624 | ||
| 625 | dep_pkg_data = oe.packagedata.read_subpkgdata_dict(dep, d) | 625 | dep = providers[dep] |
| 626 | dep_pkg = dep_pkg_data["PKG"] | ||
| 627 | 626 | ||
| 628 | if dep in dep_package_cache: | 627 | if not oe.packagedata.packaged(dep, localdata): |
| 629 | (dep_spdx_package, dep_package_ref) = dep_package_cache[dep] | 628 | continue |
| 630 | else: | ||
| 631 | dep_path = deploy_dir_spdx / "packages" / ("%s.spdx.json" % dep_pkg) | ||
| 632 | 629 | ||
| 633 | spdx_dep_doc, spdx_dep_sha1 = oe.sbom.read_doc(dep_path) | 630 | dep_pkg_data = oe.packagedata.read_subpkgdata_dict(dep, d) |
| 631 | dep_pkg = dep_pkg_data["PKG"] | ||
| 634 | 632 | ||
| 635 | for pkg in spdx_dep_doc.packages: | 633 | if dep in dep_package_cache: |
| 636 | if pkg.name == dep_pkg: | 634 | (dep_spdx_package, dep_package_ref) = dep_package_cache[dep] |
| 637 | dep_spdx_package = pkg | ||
| 638 | break | ||
| 639 | else: | 635 | else: |
| 640 | bb.fatal("Package '%s' not found in %s" % (dep_pkg, dep_path)) | 636 | dep_path = deploy_dir_spdx / "packages" / ("%s.spdx.json" % dep_pkg) |
| 641 | 637 | ||
| 642 | dep_package_ref = oe.spdx.SPDXExternalDocumentRef() | 638 | spdx_dep_doc, spdx_dep_sha1 = oe.sbom.read_doc(dep_path) |
| 643 | dep_package_ref.externalDocumentId = "DocumentRef-runtime-dependency-" + spdx_dep_doc.name | ||
| 644 | dep_package_ref.spdxDocument = spdx_dep_doc.documentNamespace | ||
| 645 | dep_package_ref.checksum.algorithm = "SHA1" | ||
| 646 | dep_package_ref.checksum.checksumValue = spdx_dep_sha1 | ||
| 647 | 639 | ||
| 648 | dep_package_cache[dep] = (dep_spdx_package, dep_package_ref) | 640 | for pkg in spdx_dep_doc.packages: |
| 641 | if pkg.name == dep_pkg: | ||
| 642 | dep_spdx_package = pkg | ||
| 643 | break | ||
| 644 | else: | ||
| 645 | bb.fatal("Package '%s' not found in %s" % (dep_pkg, dep_path)) | ||
| 649 | 646 | ||
| 650 | runtime_doc.externalDocumentRefs.append(dep_package_ref) | 647 | dep_package_ref = oe.spdx.SPDXExternalDocumentRef() |
| 648 | dep_package_ref.externalDocumentId = "DocumentRef-runtime-dependency-" + spdx_dep_doc.name | ||
| 649 | dep_package_ref.spdxDocument = spdx_dep_doc.documentNamespace | ||
| 650 | dep_package_ref.checksum.algorithm = "SHA1" | ||
| 651 | dep_package_ref.checksum.checksumValue = spdx_dep_sha1 | ||
| 651 | 652 | ||
| 652 | runtime_doc.add_relationship( | 653 | dep_package_cache[dep] = (dep_spdx_package, dep_package_ref) |
| 653 | "%s:%s" % (dep_package_ref.externalDocumentId, dep_spdx_package.SPDXID), | 654 | |
| 654 | "RUNTIME_DEPENDENCY_OF", | 655 | runtime_doc.externalDocumentRefs.append(dep_package_ref) |
| 655 | "%s:%s" % (package_ref.externalDocumentId, spdx_package.SPDXID) | 656 | |
| 656 | ) | 657 | runtime_doc.add_relationship( |
| 657 | seen_deps.add(dep) | 658 | "%s:%s" % (dep_package_ref.externalDocumentId, dep_spdx_package.SPDXID), |
| 659 | "RUNTIME_DEPENDENCY_OF", | ||
| 660 | "%s:%s" % (package_ref.externalDocumentId, spdx_package.SPDXID) | ||
| 661 | ) | ||
| 662 | seen_deps.add(dep) | ||
| 658 | 663 | ||
| 659 | oe.sbom.write_doc(d, runtime_doc, "runtime", spdx_deploy) | 664 | oe.sbom.write_doc(d, runtime_doc, "runtime", spdx_deploy) |
| 660 | } | 665 | } |
| 661 | 666 | ||
| 662 | addtask do_create_runtime_spdx after do_create_spdx before do_build do_rm_work | 667 | addtask do_create_runtime_spdx after do_create_spdx before do_build do_rm_work |