spdx_common: Fix invalid SPDX downloadLocation for Rust crates

Fixes [YOCTO #15909]

SPDX validation was failing due to the use of `crate://crates.io/...` as the
`downloadLocation`, which is not a valid SPDX URL as per the 2.2 specification.

This patch updates `fetch_data_to_uri()` in `spdx_common.py` to detect when the
fetcher type is "crate" and instead use the `url` attribute, which contains a
valid HTTP(S) URL in the expected format, e.g.:

  https://crates.io/api/v1/crates/<name>/<version>/download

This aligns the SPDX metadata for Rust crates with the specification and avoids
validation errors in tools consuming SPDX documents.

Tested with the `python3-bcrypt` recipe and verified that the
generated `spdx.json` contains a valid `software_downloadLocation`.

Reference: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15909

(From OE-Core rev: 7cadbd1a22e18847d03b5baa902f5581d3e0aafa)

Signed-off-by: Jayasurya Maganuru <Maganuru.Jayasurya@Windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

1 files changed, 5 insertions, 0 deletions

diff --git a/meta/lib/oe/spdx_common.py b/meta/lib/oe/spdx_common.py
index c2dec65563..72c24180d5 100644
--- a/meta/lib/oe/spdx_common.py
+++ b/meta/lib/oe/spdx_common.py
@@ -230,6 +230,11 @@ def fetch_data_to_uri(fd, name):
     Translates a bitbake FetchData to a string URI
     """
     uri = fd.type
+
+    # crate: is not a valid URL.  Use url field instead if exist
+    if uri == "crate" and hasattr(fd,"url"):
+       return fd.url
+
     # Map gitsm to git, since gitsm:// is not a valid URI protocol
     if uri == "gitsm":
         uri = "git"