diff options
author | Ross Burton <ross@burtonini.com> | 2021-09-03 17:00:33 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-09-04 08:44:11 +0100 |
commit | 4d3692b5a7e37f066dc995bf6aabec55db72f5ec (patch) | |
tree | a995cea487e426373271e127584a3463e2ce5b66 /meta | |
parent | 41a29f0b9642668538f9e5e84db9623304b5c820 (diff) | |
download | poky-4d3692b5a7e37f066dc995bf6aabec55db72f5ec.tar.gz |
create-spdx: don't duplicate license texts in each package
Instead of putting the full license text for non-SPDX licenses into the
recipe and every package, use links to the recipe from the packages if
possible.
(From OE-Core rev: 9220d35dc9071ebbe991117af8261ad99f321bb3)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/classes/create-spdx.bbclass | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/meta/classes/create-spdx.bbclass b/meta/classes/create-spdx.bbclass index cbb9239991..1e0b360558 100644 --- a/meta/classes/create-spdx.bbclass +++ b/meta/classes/create-spdx.bbclass | |||
@@ -50,7 +50,7 @@ python() { | |||
50 | d.setVar("SPDX_LICENSE_DATA", data) | 50 | d.setVar("SPDX_LICENSE_DATA", data) |
51 | } | 51 | } |
52 | 52 | ||
53 | def convert_license_to_spdx(lic, document, d): | 53 | def convert_license_to_spdx(lic, document, d, existing={}): |
54 | from pathlib import Path | 54 | from pathlib import Path |
55 | import oe.spdx | 55 | import oe.spdx |
56 | 56 | ||
@@ -109,8 +109,11 @@ def convert_license_to_spdx(lic, document, d): | |||
109 | if spdx_license in license_data["licenses"]: | 109 | if spdx_license in license_data["licenses"]: |
110 | return spdx_license | 110 | return spdx_license |
111 | 111 | ||
112 | spdx_license = "LicenseRef-" + l | 112 | try: |
113 | add_extracted_license(spdx_license, l) | 113 | spdx_license = existing[l] |
114 | except KeyError: | ||
115 | spdx_license = "LicenseRef-" + l | ||
116 | add_extracted_license(spdx_license, l) | ||
114 | 117 | ||
115 | return spdx_license | 118 | return spdx_license |
116 | 119 | ||
@@ -462,7 +465,14 @@ python do_create_spdx() { | |||
462 | doc_sha1 = oe.sbom.write_doc(d, doc, "recipes") | 465 | doc_sha1 = oe.sbom.write_doc(d, doc, "recipes") |
463 | dep_recipes.append(oe.sbom.DepRecipe(doc, doc_sha1, recipe)) | 466 | dep_recipes.append(oe.sbom.DepRecipe(doc, doc_sha1, recipe)) |
464 | 467 | ||
468 | recipe_ref = oe.spdx.SPDXExternalDocumentRef() | ||
469 | recipe_ref.externalDocumentId = "DocumentRef-recipe-" + recipe.name | ||
470 | recipe_ref.spdxDocument = doc.documentNamespace | ||
471 | recipe_ref.checksum.algorithm = "SHA1" | ||
472 | recipe_ref.checksum.checksumValue = doc_sha1 | ||
473 | |||
465 | sources = collect_dep_sources(d, dep_recipes) | 474 | sources = collect_dep_sources(d, dep_recipes) |
475 | found_licenses = {license.name:recipe_ref.externalDocumentId + ":" + license.licenseId for license in doc.hasExtractedLicensingInfos} | ||
466 | 476 | ||
467 | if not is_native: | 477 | if not is_native: |
468 | bb.build.exec_func("read_subpackage_metadata", d) | 478 | bb.build.exec_func("read_subpackage_metadata", d) |
@@ -482,13 +492,6 @@ python do_create_spdx() { | |||
482 | package_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass") | 492 | package_doc.creationInfo.creators.append("Tool: OpenEmbedded Core create-spdx.bbclass") |
483 | package_doc.creationInfo.creators.append("Organization: OpenEmbedded ()") | 493 | package_doc.creationInfo.creators.append("Organization: OpenEmbedded ()") |
484 | package_doc.creationInfo.creators.append("Person: N/A ()") | 494 | package_doc.creationInfo.creators.append("Person: N/A ()") |
485 | |||
486 | recipe_ref = oe.spdx.SPDXExternalDocumentRef() | ||
487 | recipe_ref.externalDocumentId = "DocumentRef-recipe-" + recipe.name | ||
488 | recipe_ref.spdxDocument = doc.documentNamespace | ||
489 | recipe_ref.checksum.algorithm = "SHA1" | ||
490 | recipe_ref.checksum.checksumValue = doc_sha1 | ||
491 | |||
492 | package_doc.externalDocumentRefs.append(recipe_ref) | 495 | package_doc.externalDocumentRefs.append(recipe_ref) |
493 | 496 | ||
494 | package_license = d.getVar("LICENSE:%s" % package) or d.getVar("LICENSE") | 497 | package_license = d.getVar("LICENSE:%s" % package) or d.getVar("LICENSE") |
@@ -498,7 +501,7 @@ python do_create_spdx() { | |||
498 | spdx_package.SPDXID = oe.sbom.get_package_spdxid(pkg_name) | 501 | spdx_package.SPDXID = oe.sbom.get_package_spdxid(pkg_name) |
499 | spdx_package.name = pkg_name | 502 | spdx_package.name = pkg_name |
500 | spdx_package.versionInfo = d.getVar("PV") | 503 | spdx_package.versionInfo = d.getVar("PV") |
501 | spdx_package.licenseDeclared = convert_license_to_spdx(package_license, package_doc, d) | 504 | spdx_package.licenseDeclared = convert_license_to_spdx(package_license, package_doc, d, found_licenses) |
502 | 505 | ||
503 | package_doc.packages.append(spdx_package) | 506 | package_doc.packages.append(spdx_package) |
504 | 507 | ||