kernel.bbclass: Add task to export kernel configuration to SPDX

Introduce a new bitbake task do_create_kernel_config_spdx that extracts the kernel configuration from ${B}/.config and exports it into the recipe's SPDX document as a separate build_Build object. The kernel config parameters are stored as SPDX DictionaryEntry objects and linked to the main kernel build using an ancestorOf relationship. This enables the kernel build's configuration to be explicitly captured in the SPDX document for compliance, auditing, and reproducibility. The task is gated by SPDX_INCLUDE_KERNEL_CONFIG (default = "0"). Reviewed-by: Joshua Watt <JPEWhacker@gmail.com> (From OE-Core rev: 1fff29a0428778929ffa530482ebf7db95f1e0ae) Signed-off-by: Kamel Bouhara (Schneider Electric) <kamel.bouhara@bootlin.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 228a968e7c47d811c06143279bdb0f9c5f374bef) Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Kamel Bouhara (Schneider Electric) <kamel.bouhara@bootlin.com> 2025-12-15 16:54:22 +0100
committer: Steve Sakoman <steve@sakoman.com> 2025-12-31 07:49:31 -0800
commit: 6d222750d5c3254c200259a1ff6ac7c691a7cd7d (patch)
tree: 5c739108ecd54718d3ce549d9488cdd3904bd90e
parent: f327b4da741f9c4e47f621ec125dabdccfcb1d6f (diff)
download: poky-6d222750d5c3254c200259a1ff6ac7c691a7cd7d.tar.gz
2 files changed, 70 insertions, 0 deletions
diff --git a/meta/classes-recipe/kernel.bbclass b/meta/classes-recipe/kernel.bbclass
index 4c1cb89a46..d557e98d65 100644
--- a/meta/classes-recipe/kernel.bbclass
+++ b/meta/classes-recipe/kernel.bbclass
@@ -873,5 +873,69 @@ addtask deploy after do_populate_sysroot do_packagedata
 EXPORT_FUNCTIONS do_deploy
+python __anonymous() {
+    inherits = (d.getVar("INHERIT") or "")
+    if "create-spdx" in inherits:
+        bb.build.addtask('do_create_kernel_config_spdx', 'do_populate_lic do_deploy', 'do_create_spdx', d)
+}
+python do_create_kernel_config_spdx() {
+    if d.getVar("SPDX_INCLUDE_KERNEL_CONFIG", True) == "1":
+        import oe.spdx30
+        import oe.spdx30_tasks
+        from pathlib import Path
+        from datetime import datetime, timezone
+        pkg_arch = d.getVar("SSTATE_PKGARCH")
+        deploydir = Path(d.getVar("SPDXDEPLOY"))
+        pn = d.getVar("PN")
+        config_path = d.expand("${B}/.config")
+        kernel_params = []
+        if not os.path.exists(config_path):
+            bb.warn(f"SPDX: Kernel config file not found at: {config_path}")
+            return
+        try:
+            with open(config_path, 'r') as f:
+                for line in f:
+                    line = line.strip()
+                    if not line or line.startswith("#"):
+                        continue
+                    if "=" in line:
+                        key, value = line.split("=", 1)
+                        kernel_params.append(oe.spdx30.DictionaryEntry(
+                            key=key,
+                            value=value.strip('"')
+                        ))
+            bb.note(f"Parsed {len(kernel_params)} kernel config entries from {config_path}")
+        except Exception as e:
+            bb.error(f"Failed to parse kernel config file: {e}")
+        build, build_objset = oe.sbom30.find_root_obj_in_jsonld(
+            d, "recipes", f"recipe-{pn}", oe.spdx30.build_Build
+        )
+        kernel_build = build_objset.add_root(
+            oe.spdx30.build_Build(
+                _id=build_objset.new_spdxid("kernel-config"),
+                creationInfo=build_objset.doc.creationInfo,
+                build_buildType="https://openembedded.org/kernel-configuration",
+                build_parameter=kernel_params
+            )
+        )
+        oe.spdx30_tasks.set_timestamp_now(d, kernel_build, "build_buildStartTime")
+        build_objset.new_relationship(
+            [build],
+            oe.spdx30.RelationshipType.ancestorOf,
+            [kernel_build]
+        )
+        oe.sbom30.write_jsonld_doc(d, build_objset, deploydir / pkg_arch / "recipes" / f"recipe-{pn}.spdx.json")
+}
+do_create_kernel_config_spdx[depends] = "virtual/kernel:do_configure"
 # Add using Device Tree support
 inherit kernel-devicetree
diff --git a/meta/classes/create-spdx-3.0.bbclass b/meta/classes/create-spdx-3.0.bbclass
index c0a5436ad6..15c31ba9a3 100644
--- a/meta/classes/create-spdx-3.0.bbclass
+++ b/meta/classes/create-spdx-3.0.bbclass
@@ -50,6 +50,12 @@ SPDX_INCLUDE_TIMESTAMPS[doc] = "Include time stamps in SPDX output. This is \
    useful if you want to know when artifacts were produced and when builds \
    occurred, but will result in non-reproducible SPDX output"
+SPDX_INCLUDE_KERNEL_CONFIG ??= "0"
+SPDX_INCLUDE_KERNEL_CONFIG[doc] = "If set to '1', the .config file for the kernel will be parsed \
+and each CONFIG_* value will be included in the Build.build_parameter list as DictionaryEntry \
+items. Set to '0' to disable exporting kernel configuration to improve performance or reduce \
+SPDX document size."
 SPDX_IMPORTS ??= ""
 SPDX_IMPORTS[doc] = "SPDX_IMPORTS is the base variable that describes how to \
    reference external SPDX ids. Each import is defined as a key in this \
author	Kamel Bouhara (Schneider Electric) <kamel.bouhara@bootlin.com>	2025-12-15 16:54:22 +0100
committer	Steve Sakoman <steve@sakoman.com>	2025-12-31 07:49:31 -0800
commit	6d222750d5c3254c200259a1ff6ac7c691a7cd7d (patch)
tree	5c739108ecd54718d3ce549d9488cdd3904bd90e
parent	f327b4da741f9c4e47f621ec125dabdccfcb1d6f (diff)
download	poky-6d222750d5c3254c200259a1ff6ac7c691a7cd7d.tar.gz

diff --git a/meta/classes-recipe/kernel.bbclass b/meta/classes-recipe/kernel.bbclass index 4c1cb89a46..d557e98d65 100644 --- a/meta/classes-recipe/kernel.bbclass +++ b/meta/classes-recipe/kernel.bbclass
@@ -873,5 +873,69 @@ addtask deploy after do_populate_sysroot do_packagedata
873		873
874	EXPORT_FUNCTIONS do_deploy	874	EXPORT_FUNCTIONS do_deploy
875		875
		876	python __anonymous() {
		877	inherits = (d.getVar("INHERIT") or "")
		878	if "create-spdx" in inherits:
		879	bb.build.addtask('do_create_kernel_config_spdx', 'do_populate_lic do_deploy', 'do_create_spdx', d)
		880	}
		881
		882	python do_create_kernel_config_spdx() {
		883	if d.getVar("SPDX_INCLUDE_KERNEL_CONFIG", True) == "1":
		884	import oe.spdx30
		885	import oe.spdx30_tasks
		886	from pathlib import Path
		887	from datetime import datetime, timezone
		888
		889	pkg_arch = d.getVar("SSTATE_PKGARCH")
		890	deploydir = Path(d.getVar("SPDXDEPLOY"))
		891	pn = d.getVar("PN")
		892
		893	config_path = d.expand("${B}/.config")
		894	kernel_params = []
		895	if not os.path.exists(config_path):
		896	bb.warn(f"SPDX: Kernel config file not found at: {config_path}")
		897	return
		898
		899	try:
		900	with open(config_path, 'r') as f:
		901	for line in f:
		902	line = line.strip()
		903	if not line or line.startswith("#"):
		904	continue
		905	if "=" in line:
		906	key, value = line.split("=", 1)
		907	kernel_params.append(oe.spdx30.DictionaryEntry(
		908	key=key,
		909	value=value.strip('"')
		910	))
		911	bb.note(f"Parsed {len(kernel_params)} kernel config entries from {config_path}")
		912	except Exception as e:
		913	bb.error(f"Failed to parse kernel config file: {e}")
		914
		915	build, build_objset = oe.sbom30.find_root_obj_in_jsonld(
		916	d, "recipes", f"recipe-{pn}", oe.spdx30.build_Build
		917	)
		918
		919	kernel_build = build_objset.add_root(
		920	oe.spdx30.build_Build(
		921	_id=build_objset.new_spdxid("kernel-config"),
		922	creationInfo=build_objset.doc.creationInfo,
		923	build_buildType="https://openembedded.org/kernel-configuration",
		924	build_parameter=kernel_params
		925	)
		926	)
		927
		928	oe.spdx30_tasks.set_timestamp_now(d, kernel_build, "build_buildStartTime")
		929
		930	build_objset.new_relationship(
		931	[build],
		932	oe.spdx30.RelationshipType.ancestorOf,
		933	[kernel_build]
		934	)
		935
		936	oe.sbom30.write_jsonld_doc(d, build_objset, deploydir / pkg_arch / "recipes" / f"recipe-{pn}.spdx.json")
		937	}
		938	do_create_kernel_config_spdx[depends] = "virtual/kernel:do_configure"
		939
876	# Add using Device Tree support	940	# Add using Device Tree support
877	inherit kernel-devicetree	941	inherit kernel-devicetree


diff --git a/meta/classes/create-spdx-3.0.bbclass b/meta/classes/create-spdx-3.0.bbclass index c0a5436ad6..15c31ba9a3 100644 --- a/meta/classes/create-spdx-3.0.bbclass +++ b/meta/classes/create-spdx-3.0.bbclass
@@ -50,6 +50,12 @@ SPDX_INCLUDE_TIMESTAMPS[doc] = "Include time stamps in SPDX output. This is \
50	useful if you want to know when artifacts were produced and when builds \	50	useful if you want to know when artifacts were produced and when builds \
51	occurred, but will result in non-reproducible SPDX output"	51	occurred, but will result in non-reproducible SPDX output"
52		52
		53	SPDX_INCLUDE_KERNEL_CONFIG ??= "0"
		54	SPDX_INCLUDE_KERNEL_CONFIG[doc] = "If set to '1', the .config file for the kernel will be parsed \
		55	and each CONFIG_* value will be included in the Build.build_parameter list as DictionaryEntry \
		56	items. Set to '0' to disable exporting kernel configuration to improve performance or reduce \
		57	SPDX document size."
		58
53	SPDX_IMPORTS ??= ""	59	SPDX_IMPORTS ??= ""
54	SPDX_IMPORTS[doc] = "SPDX_IMPORTS is the base variable that describes how to \	60	SPDX_IMPORTS[doc] = "SPDX_IMPORTS is the base variable that describes how to \
55	reference external SPDX ids. Each import is defined as a key in this \	61	reference external SPDX ids. Each import is defined as a key in this \