diff options
| author | Joshua Watt <JPEWhacker@gmail.com> | 2023-02-15 15:13:46 -0600 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-02-19 07:47:53 +0000 |
| commit | ceb95cf9c2c6948645bf798e4e9554d955a8c8fb (patch) | |
| tree | e8c8e3896c80589d6e094b31e18b71520b888d68 /meta/lib | |
| parent | c980c93c5df6747b6194cdb8df1f90aa9d31beb7 (diff) | |
| download | poky-ceb95cf9c2c6948645bf798e4e9554d955a8c8fb.tar.gz | |
classes/create-spdx-2.2: Report downloads as separate packages
Moves the downloaded items from SRC_URI into separate packages in the
recipe document. This is much better than the previous implementation
because:
1) It can report multiple download locations in SRC_URI, instead of
just the first one reported.
2) It prevents the assumption that the source files listed in the
recipe are the exact file from the source URL; in particular, files
that come from file:// SRC_URI entries, and source files that have
been patched were problematic, since these aren't from the upstream
source.
3) It allows the checksums to be specified
(From OE-Core rev: 1dd4369b3638637a2cbba2a3c37c6b6f4df335cd)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/lib')
| -rw-r--r-- | meta/lib/oe/sbom.py | 4 | ||||
| -rw-r--r-- | meta/lib/oe/spdx.py | 13 |
2 files changed, 17 insertions, 0 deletions
diff --git a/meta/lib/oe/sbom.py b/meta/lib/oe/sbom.py index bbf466bbad..22ed5070ea 100644 --- a/meta/lib/oe/sbom.py +++ b/meta/lib/oe/sbom.py | |||
| @@ -14,6 +14,10 @@ def get_recipe_spdxid(d): | |||
| 14 | return "SPDXRef-%s-%s" % ("Recipe", d.getVar("PN")) | 14 | return "SPDXRef-%s-%s" % ("Recipe", d.getVar("PN")) |
| 15 | 15 | ||
| 16 | 16 | ||
| 17 | def get_download_spdxid(d, idx): | ||
| 18 | return "SPDXRef-Download-%s-%d" % (d.getVar("PN"), idx) | ||
| 19 | |||
| 20 | |||
| 17 | def get_package_spdxid(pkg): | 21 | def get_package_spdxid(pkg): |
| 18 | return "SPDXRef-Package-%s" % pkg | 22 | return "SPDXRef-Package-%s" % pkg |
| 19 | 23 | ||
diff --git a/meta/lib/oe/spdx.py b/meta/lib/oe/spdx.py index c74ea68878..7aaf2af5ed 100644 --- a/meta/lib/oe/spdx.py +++ b/meta/lib/oe/spdx.py | |||
| @@ -216,6 +216,18 @@ class SPDXPackageVerificationCode(SPDXObject): | |||
| 216 | 216 | ||
| 217 | 217 | ||
| 218 | class SPDXPackage(SPDXObject): | 218 | class SPDXPackage(SPDXObject): |
| 219 | ALLOWED_CHECKSUMS = [ | ||
| 220 | "SHA1", | ||
| 221 | "SHA224", | ||
| 222 | "SHA256", | ||
| 223 | "SHA384", | ||
| 224 | "SHA512", | ||
| 225 | "MD2", | ||
| 226 | "MD4", | ||
| 227 | "MD5", | ||
| 228 | "MD6", | ||
| 229 | ] | ||
| 230 | |||
| 219 | name = _String() | 231 | name = _String() |
| 220 | SPDXID = _String() | 232 | SPDXID = _String() |
| 221 | versionInfo = _String() | 233 | versionInfo = _String() |
| @@ -234,6 +246,7 @@ class SPDXPackage(SPDXObject): | |||
| 234 | hasFiles = _StringList() | 246 | hasFiles = _StringList() |
| 235 | packageFileName = _String() | 247 | packageFileName = _String() |
| 236 | annotations = _ObjectList(SPDXAnnotation) | 248 | annotations = _ObjectList(SPDXAnnotation) |
| 249 | checksums = _ObjectList(SPDXChecksum) | ||
| 237 | 250 | ||
| 238 | 251 | ||
| 239 | class SPDXFile(SPDXObject): | 252 | class SPDXFile(SPDXObject): |