<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git, branch scarthgap-5.0.14</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=scarthgap-5.0.14</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=scarthgap-5.0.14'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2025-11-18T01:02:11+00:00</updated>
<entry>
<title>build-appliance-image: Update to scarthgap head revision</title>
<updated>2025-11-18T01:02:11+00:00</updated>
<author>
<name>Steve Sakoman</name>
<email>steve@sakoman.com</email>
</author>
<published>2025-11-18T01:00:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=7e8674996b0164b07e56bc066d0fba790e627061'/>
<id>urn:sha1:7e8674996b0164b07e56bc066d0fba790e627061</id>
<content type='text'>
(From OE-Core rev: 471adaa5f77fa3b974eab60a2ded48e360042828)

Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>oe-build-perf-report: relax metadata matching rules</title>
<updated>2025-11-18T00:59:28+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2025-11-16T23:44:30+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=dd2d3cfc4e26fdb9a3105ddf0af040f5a29b6306'/>
<id>urn:sha1:dd2d3cfc4e26fdb9a3105ddf0af040f5a29b6306</id>
<content type='text'>
As the poky repository is no longer used, measurements are indexed using
the oe-core commit. But as bitbake, oe-core and meta-yocto are now
retrieved from separate gits, while measuring performances for a given branch
at some time interval, we can get the same commit for oe-core but
different ones for bitbake or meta-yocto. As a consequence, metadata
associated with the same index (oe-core commit) might differ.

To work around this, relax the equality checks for commit, commit_time
and commit_count since they might no longer match.

Ideally we'd group them into separate results but for now, treat them
as being the same.

[Based on work from Mathieu Dubois-Briand but fixed differently]
(From OE-Core rev: d9c30edf908c129a7540b23e920dd669d2a30657)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit e7dc42e30c76bf0fbb4d3cc019bbec675bac55fa)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>build-appliance-image: Update to scarthgap head revision</title>
<updated>2025-11-14T14:49:29+00:00</updated>
<author>
<name>Steve Sakoman</name>
<email>steve@sakoman.com</email>
</author>
<published>2025-11-14T14:46:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=c1bb6b3d12ed8f69daa76435ff8f8118f42d5116'/>
<id>urn:sha1:c1bb6b3d12ed8f69daa76435ff8f8118f42d5116</id>
<content type='text'>
(From OE-Core rev: 5fa3fd112e69cca60577065145f5f8aaa41b5bd6)

Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>poky.conf: bump version for 5.0.14</title>
<updated>2025-11-14T14:45:30+00:00</updated>
<author>
<name>Steve Sakoman</name>
<email>steve@sakoman.com</email>
</author>
<published>2025-11-11T20:33:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=60d407517c930f71f871d495ddc180e39c5be9ad'/>
<id>urn:sha1:60d407517c930f71f871d495ddc180e39c5be9ad</id>
<content type='text'>
(From meta-yocto rev: bf6aea52c4009e08f26565c33ce432eec7cfb090)

Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>classes/create-spdx-2.2: Handle empty packages</title>
<updated>2025-11-14T14:45:30+00:00</updated>
<author>
<name>Joshua Watt</name>
<email>JPEWhacker@gmail.com</email>
</author>
<published>2025-11-07T13:14:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d7d531e2698442ca3bee970727575267444ea640'/>
<id>urn:sha1:d7d531e2698442ca3bee970727575267444ea640</id>
<content type='text'>
When combining an SPDX document, the package list might be empty (e.g.
a baremetal image). Handle this case instead of erroring out

(From OE-Core rev: 1f7326799c33d2a734c58d360773b87d7b86b0ec)

Signed-off-by: Joshua Watt &lt;JPEWhacker@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>oeqa: spdx: Add tar test for SPDX 2.2</title>
<updated>2025-11-14T14:45:30+00:00</updated>
<author>
<name>Joshua Watt</name>
<email>JPEWhacker@gmail.com</email>
</author>
<published>2025-11-07T13:14:50+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=6328f526953b996ebdca14302e6159fbc93edfcd'/>
<id>urn:sha1:6328f526953b996ebdca14302e6159fbc93edfcd</id>
<content type='text'>
The base-files test for SPDX 2.2 did not give good coverage, since
base-files doesn't have any dependencies. Add building tar as another
test which more fully exercises the code

(From OE-Core rev: 2c299c17ef1a97505fd7de8d3ebc9de25fb838fc)

Signed-off-by: Joshua Watt &lt;JPEWhacker@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>spdx30_tasks: adapt CVE handling to new cve-check API</title>
<updated>2025-11-14T14:45:30+00:00</updated>
<author>
<name>Kamel Bouhara (Schneider Electric)</name>
<email>kamel.bouhara@bootlin.com</email>
</author>
<published>2025-11-07T13:14:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=5b74a8f1a54d62d2cf2330bef6ffad3508540a91'/>
<id>urn:sha1:5b74a8f1a54d62d2cf2330bef6ffad3508540a91</id>
<content type='text'>
Changes to cve-check (see poky commit fb3f440b7d8,
"cve-check: annotate CVEs during analysis") modified the
get_patched_cves() API to return a set of CVE IDs instead of a
dictionary of CVE metadata.

The SPDX 3 backport still expected a dictionary and attempted to call
.items(), leading to:

    AttributeError: 'set' object has no attribute 'items'

This patch updates the SPDX3 code to iterate directly over the CVE IDs
and use `oe.cve_check.decode_cve_status()` to retrieve the mapping,
detail, and description for each CVE. This restores compatibility with
the updated CVE API and matches the behavior of SPDX3 handling on
Walnascar.

A warning is logged if a CVE has missing or unknown status.

(From OE-Core rev: 55fdeea44ffbecb705f7900bfa85ab88e1191878)

Signed-off-by: Kamel Bouhara (Schneider Electric) &lt;kamel.bouhara@bootlin.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>spdx 3.0: Rework how SPDX aliases are linked</title>
<updated>2025-11-14T14:45:30+00:00</updated>
<author>
<name>Joshua Watt</name>
<email>JPEWhacker@gmail.com</email>
</author>
<published>2025-11-07T13:14:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=71aca87ca73e4a6e47b121702e99e59e426e713b'/>
<id>urn:sha1:71aca87ca73e4a6e47b121702e99e59e426e713b</id>
<content type='text'>
The SPDX code needs to be able to look up an Element by its SPDX ID,
locating the file that (should) contain the SPDX ID and opening it for
parsing. Previously, the code would do this be hashing each Element
SPDX ID and Alias, and the creating a symbolic link to the file that
contains the element with a name of the hash.

This worked well as it was possible to look up any arbitrary SPDX ID or
alias by simply hashing it and following the symbolic link to get the
file. However, the down side of this approach is that it creates a lot
of symbolic links, since it will make one or two per Element in the
document. This can be a problem when using SPDX_INCLUDE_SOURCES, for
example.

This change reworks this strategy so that the only Element that gets a
symbolic link based on the hash is the singular SpdxDocument that is
create for each file. All other Elements are assigned an alias with a
special prefix that encodes the hash of SpdxDocument alias. Thus, when
attempting to look up an arbitrary alias, the code sees the special
prefix, extract the hash, opens the file based on the symlink with that
hash name, then finds the matching Element in the file. This drastically
reduces the number of symbolic links by making only one per file.

This also means that the custom link extension can be removed since it
is now superfluous.

(From OE-Core rev: 551433c7a1eddf5090c87a243ea104bf091992b0)

Signed-off-by: Joshua Watt &lt;JPEWhacker@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 838d64c09657ac53175737fc4e7fd6f01f3dcf47)
Signed-off-by: Kamel Bouhara (Schneider Electric) &lt;kamel.bouhara@bootlin.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>lib: oeqa: spdx: Add tests for extra options</title>
<updated>2025-11-14T14:45:30+00:00</updated>
<author>
<name>Joshua Watt</name>
<email>jpewhacker@gmail.com</email>
</author>
<published>2025-11-07T13:14:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=1919d76f68524390decf84f1f8b900b31397d43a'/>
<id>urn:sha1:1919d76f68524390decf84f1f8b900b31397d43a</id>
<content type='text'>
Adds a test for several of the extra options provided by the SPDX
classes. In particular, these are the options that can produce
non-reproducible results, so are not enabled by default in OE core. This
test takes care to configure the build so that the tests do run in a
reproducible manner so that pre-built test objects can be pulled from
sstate

(From OE-Core rev: 72ee311d4f74499674a29223fb02d4e774097a54)

Signed-off-by: Joshua Watt &lt;JPEWhacker@gmail.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit 14f534f15f7fe6362723d7f064d39783c5bd758f)
Signed-off-by: Kamel Bouhara (Schneider Electric) &lt;kamel.bouhara@bootlin.com&gt;
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
<entry>
<title>oeqa/selftest: Add SPDX 3.0 include source case for work-share</title>
<updated>2025-11-14T14:45:30+00:00</updated>
<author>
<name>Hongxu Jia</name>
<email>hongxu.jia@windriver.com</email>
</author>
<published>2025-11-07T13:14:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=568c1afab48e92eadf8a3469315681c77a3e887b'/>
<id>urn:sha1:568c1afab48e92eadf8a3469315681c77a3e887b</id>
<content type='text'>
Build gcc and check gcc-14.2.0/README in objset is available

$ oe-selftest -r spdx.SPDX30Check.test_gcc_include_source
...
2024-10-26 01:24:57,063 - oe-selftest - INFO - test_gcc_include_source (spdx.SPDX30Check.test_gcc_include_source)
2024-10-26 01:28:24,204 - oe-selftest - INFO - The spdxId of gcc-14.2.0/README in gcc.spdx.json is http://spdx.org/spdxdocs/gcc-f2eaeb0d-b54b-53ba-899a-8c36c21139bf/88d5068ffd41e5ea6b4e0dd390b23bf499bb2b6674a41e09eaf2a887eced16c8/sourcefile/42
2024-10-26 01:28:26,369 - oe-selftest - INFO -  ... ok
2024-10-26 01:28:33,315 - oe-selftest - INFO - ----------------------------------------------------------------------
2024-10-26 01:28:33,316 - oe-selftest - INFO - Ran 1 test in 216.457s
2024-10-26 01:28:33,316 - oe-selftest - INFO - OK
2024-10-26 01:28:45,254 - oe-selftest - INFO - RESULTS:
2024-10-26 01:28:45,254 - oe-selftest - INFO - RESULTS - spdx.SPDX30Check.test_gcc_include_source: PASSED (209.31s)
2024-10-26 01:28:45,260 - oe-selftest - INFO - SUMMARY:
2024-10-26 01:28:45,260 - oe-selftest - INFO - oe-selftest () - Ran 1 test in 216.457s
2024-10-26 01:28:45,260 - oe-selftest - INFO - oe-selftest - OK - All required tests passed (successes=1, skipped=0, failures=0, errors=0)

(From OE-Core rev: 45f3039a4f0fcea208e317ed7134458f7aa7a4cc)

Signed-off-by: Hongxu Jia &lt;hongxu.jia@windriver.com&gt;
Reviewed-by: Joshua Watt &lt;JPEWhacker@gmail.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit ccd6dde301dc8c45c8f901ebd4676b488d638b08)
Signed-off-by: Steve Sakoman &lt;steve@sakoman.com&gt;
</content>
</entry>
</feed>
