spdx3: support to override the version of a package in SBOM 3

By default, still use ${PV} as the the version of a package in SBOM 3 $ bitbake acl $ jq . tmp/deploy/spdx/3.0.1/core2-64/packages/package-acl.spdx.json ... { "type": "software_Package", ... "name": "acl", "software_packageVersion": "2.3.2" }, ... Support to override it by setting SPDX_PACKAGE_VERSION, such as set SPDX_PACKAGE_VERSION = "${EXTENDPKGV}" in local.conf to append PR to software_packageVersion in SBOM 3 $ echo 'SPDX_PACKAGE_VERSION = "${EXTENDPKGV}"' >> conf/local.conf $ bitbake acl $ jq . tmp/deploy/spdx/3.0.1/core2-64/packages/package-acl.spdx.json ... { "type": "software_Package", ... "name": "acl", "software_packageVersion": "2.3.2-r0" }, ... (From OE-Core rev: e6ff5f4d870624795bd36572f5c2bfeec90d83ce) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Hongxu Jia <hongxu.jia@windriver.com> 2025-03-24 14:54:07 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2025-03-24 17:29:16 +0000
commit: 0834a9cdf684fc906f5afb20493579324cedea7b (patch)
tree: befe1a43180134628d9601ec749196847881e2c3 /meta/classes
parent: b9620d79c054026ab885997a6b110034ec87aabe (diff)
download: poky-0834a9cdf684fc906f5afb20493579324cedea7b.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/classes/create-spdx-3.0.bbclass b/meta/classes/create-spdx-3.0.bbclass
index b4a5156e70..044517d9f7 100644
--- a/meta/classes/create-spdx-3.0.bbclass
+++ b/meta/classes/create-spdx-3.0.bbclass
@@ -113,6 +113,9 @@ SPDX_ON_BEHALF_OF[doc] = "The base variable name to describe the Agent on who's
 SPDX_PACKAGE_SUPPLIER[doc] = "The base variable name to describe the Agent who \
    is supplying artifacts produced by the build"
+SPDX_PACKAGE_VERSION ??= "${PV}"
+SPDX_PACKAGE_VERSION[doc] = "The version of a package, software_packageVersion \
+    in software_Package"
 IMAGE_CLASSES:append = " create-spdx-image-3.0"
 SDK_CLASSES += "create-spdx-sdk-3.0"
author	Hongxu Jia <hongxu.jia@windriver.com>	2025-03-24 14:54:07 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2025-03-24 17:29:16 +0000
commit	0834a9cdf684fc906f5afb20493579324cedea7b (patch)
tree	befe1a43180134628d9601ec749196847881e2c3 /meta/classes
parent	b9620d79c054026ab885997a6b110034ec87aabe (diff)
download	poky-0834a9cdf684fc906f5afb20493579324cedea7b.tar.gz

diff --git a/meta/classes/create-spdx-3.0.bbclass b/meta/classes/create-spdx-3.0.bbclass index b4a5156e70..044517d9f7 100644 --- a/meta/classes/create-spdx-3.0.bbclass +++ b/meta/classes/create-spdx-3.0.bbclass
@@ -113,6 +113,9 @@ SPDX_ON_BEHALF_OF[doc] = "The base variable name to describe the Agent on who's
113	SPDX_PACKAGE_SUPPLIER[doc] = "The base variable name to describe the Agent who \	113	SPDX_PACKAGE_SUPPLIER[doc] = "The base variable name to describe the Agent who \
114	is supplying artifacts produced by the build"	114	is supplying artifacts produced by the build"
115		115
		116	SPDX_PACKAGE_VERSION ??= "${PV}"
		117	SPDX_PACKAGE_VERSION[doc] = "The version of a package, software_packageVersion \
		118	in software_Package"
116		119
117	IMAGE_CLASSES:append = " create-spdx-image-3.0"	120	IMAGE_CLASSES:append = " create-spdx-image-3.0"
118	SDK_CLASSES += "create-spdx-sdk-3.0"	121	SDK_CLASSES += "create-spdx-sdk-3.0"