summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorRoss Burton <ross@burtonini.com>2021-09-03 17:00:33 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-09-04 08:44:11 +0100
commit4d3692b5a7e37f066dc995bf6aabec55db72f5ec (patch)
treea995cea487e426373271e127584a3463e2ce5b66 /meta
parent41a29f0b9642668538f9e5e84db9623304b5c820 (diff)
downloadpoky-4d3692b5a7e37f066dc995bf6aabec55db72f5ec.tar.gz
create-spdx: don't duplicate license texts in each package
Instead of putting the full license text for non-SPDX licenses into the recipe and every package, use links to the recipe from the packages if possible. (From OE-Core rev: 9220d35dc9071ebbe991117af8261ad99f321bb3) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/classes/create-spdx.bbclass25
1 files changed, 14 insertions, 11 deletions
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass
index cbb9239991..1e0b360558 100644
--- a/meta/classes/create-spdx.bbclass
+++ b/meta/classes/create-spdx.bbclass
@@ -50,7 +50,7 @@ python() {
50 d.setVar("SPDX_LICENSE_DATA", data) 50 d.setVar("SPDX_LICENSE_DATA", data)
51} 51}
52 52
53def convert_license_to_spdx(lic, document, d): 53def convert_license_to_spdx(lic, document, d, existing={}):
54 from pathlib import Path 54 from pathlib import Path
55 import oe.spdx 55 import oe.spdx
56 56
@@ -109,8 +109,11 @@ def convert_license_to_spdx(lic, document, d):
109 if spdx_license in license_data["licenses"]: 109 if spdx_license in license_data["licenses"]:
110 return spdx_license 110 return spdx_license
111 111
112 spdx_license = "LicenseRef-" + l 112 try:
113 add_extracted_license(spdx_license, l) 113 spdx_license = existing[l]
114 except KeyError:
115 spdx_license = "LicenseRef-" + l
116 add_extracted_license(spdx_license, l)
114 117
115 return spdx_license 118 return spdx_license
116 119
@@ -462,7 +465,14 @@ python do_create_spdx() {
462 doc_sha1 = oe.sbom.write_doc(d, doc, "recipes") 465 doc_sha1 = oe.sbom.write_doc(d, doc, "recipes")
463 dep_recipes.append(oe.sbom.DepRecipe(doc, doc_sha1, recipe)) 466 dep_recipes.append(oe.sbom.DepRecipe(doc, doc_sha1, recipe))
464 467
468 recipe_ref = oe.spdx.SPDXExternalDocumentRef()
469 recipe_ref.externalDocumentId = "DocumentRef-recipe-" + recipe.name
470 recipe_ref.spdxDocument = doc.documentNamespace
471 recipe_ref.checksum.algorithm = "SHA1"
472 recipe_ref.checksum.checksumValue = doc_sha1
473
465 sources = collect_dep_sources(d, dep_recipes) 474 sources = collect_dep_sources(d, dep_recipes)
475 found_licenses = {license.name:recipe_ref.externalDocumentId + ":" + license.licenseId for license in doc.hasExtractedLicensingInfos}
466 476
467 if not is_native: 477 if not is_native:
468 bb.build.exec_func("read_subpackage_metadata", d) 478 bb.build.exec_func("read_subpackage_metadata", d)
@@ -482,13 +492,6 @@ python do_create_spdx() {
482 package_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass") 492 package_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass")
483 package_doc.creationInfo.creators.append("Organization: OpenEmbedded ()") 493 package_doc.creationInfo.creators.append("Organization: OpenEmbedded ()")
484 package_doc.creationInfo.creators.append("Person: N/A ()") 494 package_doc.creationInfo.creators.append("Person: N/A ()")
485
486 recipe_ref = oe.spdx.SPDXExternalDocumentRef()
487 recipe_ref.externalDocumentId = "DocumentRef-recipe-" + recipe.name
488 recipe_ref.spdxDocument = doc.documentNamespace
489 recipe_ref.checksum.algorithm = "SHA1"
490 recipe_ref.checksum.checksumValue = doc_sha1
491
492 package_doc.externalDocumentRefs.append(recipe_ref) 495 package_doc.externalDocumentRefs.append(recipe_ref)
493 496
494 package_license = d.getVar("LICENSE:%s" % package) or d.getVar("LICENSE") 497 package_license = d.getVar("LICENSE:%s" % package) or d.getVar("LICENSE")
@@ -498,7 +501,7 @@ python do_create_spdx() {
498 spdx_package.SPDXID = oe.sbom.get_package_spdxid(pkg_name) 501 spdx_package.SPDXID = oe.sbom.get_package_spdxid(pkg_name)
499 spdx_package.name = pkg_name 502 spdx_package.name = pkg_name
500 spdx_package.versionInfo = d.getVar("PV") 503 spdx_package.versionInfo = d.getVar("PV")
501 spdx_package.licenseDeclared = convert_license_to_spdx(package_license, package_doc, d) 504 spdx_package.licenseDeclared = convert_license_to_spdx(package_license, package_doc, d, found_licenses)
502 505
503 package_doc.packages.append(spdx_package) 506 package_doc.packages.append(spdx_package)
504 507