diff options
| author | Kamel Bouhara (Schneider Electric) <kamel.bouhara@bootlin.com> | 2025-11-07 14:14:35 +0100 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-11-14 06:45:29 -0800 |
| commit | 11cd8498da86c61366e8701a8a49d60120c85248 (patch) | |
| tree | cdec6b8c60c78687612dea2f0b61e81d22dbfdc7 /meta/classes/spdx-common.bbclass | |
| parent | d101e1410d05ba8faede730214db99c31476f733 (diff) | |
| download | poky-11cd8498da86c61366e8701a8a49d60120c85248.tar.gz | |
backport: SPDX 3.0 fixes and tasks from upstream version Walnascar
Backports the SPDX 3.0 support and fixes from upstream walnascar
commit 49f47169953b807d430461ca33f3a2b076119712 into upstream
scarthgap.
(From OE-Core rev: 9c9b9545049a2f6e5c99edcb079275d29a4d1ac6)
Signed-off-by: Kamel Bouhara (Schneider Electric) <kamel.bouhara@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/classes/spdx-common.bbclass')
| -rw-r--r-- | meta/classes/spdx-common.bbclass | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/meta/classes/spdx-common.bbclass b/meta/classes/spdx-common.bbclass new file mode 100644 index 0000000000..36feb56807 --- /dev/null +++ b/meta/classes/spdx-common.bbclass | |||
| @@ -0,0 +1,99 @@ | |||
| 1 | # | ||
| 2 | # Copyright OpenEmbedded Contributors | ||
| 3 | # | ||
| 4 | # SPDX-License-Identifier: GPL-2.0-only | ||
| 5 | # | ||
| 6 | |||
| 7 | SPDX_VERSION ??= "" | ||
| 8 | DEPLOY_DIR_SPDX ??= "${DEPLOY_DIR}/spdx/${SPDX_VERSION}" | ||
| 9 | |||
| 10 | # The product name that the CVE database uses. Defaults to BPN, but may need to | ||
| 11 | # be overriden per recipe (for example tiff.bb sets CVE_PRODUCT=libtiff). | ||
| 12 | CVE_PRODUCT ??= "${BPN}" | ||
| 13 | CVE_VERSION ??= "${PV}" | ||
| 14 | |||
| 15 | SPDXDIR ??= "${WORKDIR}/spdx/${SPDX_VERSION}" | ||
| 16 | SPDXDEPLOY = "${SPDXDIR}/deploy" | ||
| 17 | SPDXWORK = "${SPDXDIR}/work" | ||
| 18 | SPDXIMAGEWORK = "${SPDXDIR}/image-work" | ||
| 19 | SPDXSDKWORK = "${SPDXDIR}/sdk-work" | ||
| 20 | SPDXSDKEXTWORK = "${SPDXDIR}/sdk-ext-work" | ||
| 21 | SPDXDEPS = "${SPDXDIR}/deps.json" | ||
| 22 | |||
| 23 | SPDX_TOOL_NAME ??= "oe-spdx-creator" | ||
| 24 | SPDX_TOOL_VERSION ??= "1.0" | ||
| 25 | |||
| 26 | SPDXRUNTIMEDEPLOY = "${SPDXDIR}/runtime-deploy" | ||
| 27 | |||
| 28 | SPDX_INCLUDE_SOURCES ??= "0" | ||
| 29 | |||
| 30 | SPDX_UUID_NAMESPACE ??= "sbom.openembedded.org" | ||
| 31 | SPDX_NAMESPACE_PREFIX ??= "http://spdx.org/spdxdocs" | ||
| 32 | SPDX_PRETTY ??= "0" | ||
| 33 | |||
| 34 | SPDX_LICENSES ??= "${COREBASE}/meta/files/spdx-licenses.json" | ||
| 35 | |||
| 36 | SPDX_CUSTOM_ANNOTATION_VARS ??= "" | ||
| 37 | |||
| 38 | SPDX_MULTILIB_SSTATE_ARCHS ??= "${SSTATE_ARCHS}" | ||
| 39 | |||
| 40 | def create_spdx_source_deps(d): | ||
| 41 | import oe.spdx_common | ||
| 42 | |||
| 43 | deps = [] | ||
| 44 | if d.getVar("SPDX_INCLUDE_SOURCES") == "1": | ||
| 45 | pn = d.getVar('PN') | ||
| 46 | # do_unpack is a hack for now; we only need it to get the | ||
| 47 | # dependencies do_unpack already has so we can extract the source | ||
| 48 | # ourselves | ||
| 49 | if oe.spdx_common.has_task(d, "do_unpack"): | ||
| 50 | deps.append("%s:do_unpack" % pn) | ||
| 51 | |||
| 52 | if oe.spdx_common.is_work_shared_spdx(d) and \ | ||
| 53 | oe.spdx_common.process_sources(d): | ||
| 54 | # For kernel source code | ||
| 55 | if oe.spdx_common.has_task(d, "do_shared_workdir"): | ||
| 56 | deps.append("%s:do_shared_workdir" % pn) | ||
| 57 | elif d.getVar('S') == d.getVar('STAGING_KERNEL_DIR'): | ||
| 58 | deps.append("virtual/kernel:do_shared_workdir") | ||
| 59 | |||
| 60 | # For gcc-source-${PV} source code | ||
| 61 | if oe.spdx_common.has_task(d, "do_preconfigure"): | ||
| 62 | deps.append("%s:do_preconfigure" % pn) | ||
| 63 | elif oe.spdx_common.has_task(d, "do_patch"): | ||
| 64 | deps.append("%s:do_patch" % pn) | ||
| 65 | # For gcc-cross-x86_64 source code | ||
| 66 | elif oe.spdx_common.has_task(d, "do_configure"): | ||
| 67 | deps.append("%s:do_configure" % pn) | ||
| 68 | |||
| 69 | return " ".join(deps) | ||
| 70 | |||
| 71 | |||
| 72 | python do_collect_spdx_deps() { | ||
| 73 | # This task calculates the build time dependencies of the recipe, and is | ||
| 74 | # required because while a task can deptask on itself, those dependencies | ||
| 75 | # do not show up in BB_TASKDEPDATA. To work around that, this task does the | ||
| 76 | # deptask on do_create_spdx and writes out the dependencies it finds, then | ||
| 77 | # do_create_spdx reads in the found dependencies when writing the actual | ||
| 78 | # SPDX document | ||
| 79 | import json | ||
| 80 | import oe.spdx_common | ||
| 81 | from pathlib import Path | ||
| 82 | |||
| 83 | spdx_deps_file = Path(d.getVar("SPDXDEPS")) | ||
| 84 | |||
| 85 | deps = oe.spdx_common.collect_direct_deps(d, "do_create_spdx") | ||
| 86 | |||
| 87 | with spdx_deps_file.open("w") as f: | ||
| 88 | json.dump(deps, f) | ||
| 89 | } | ||
| 90 | # NOTE: depending on do_unpack is a hack that is necessary to get it's dependencies for archive the source | ||
| 91 | addtask do_collect_spdx_deps after do_unpack | ||
| 92 | do_collect_spdx_deps[depends] += "${PATCHDEPENDENCY}" | ||
| 93 | do_collect_spdx_deps[deptask] = "do_create_spdx" | ||
| 94 | do_collect_spdx_deps[dirs] = "${SPDXDIR}" | ||
| 95 | |||
| 96 | oe.spdx_common.collect_direct_deps[vardepsexclude] += "BB_TASKDEPDATA" | ||
| 97 | oe.spdx_common.collect_direct_deps[vardeps] += "DEPENDS" | ||
| 98 | oe.spdx_common.collect_package_providers[vardepsexclude] += "BB_TASKDEPDATA" | ||
| 99 | oe.spdx_common.get_patched_src[vardepsexclude] += "STAGING_KERNEL_DIR" | ||