spdx: Update for bitbake changes

Bitbake is dropping the need for fetcher name iteration and multiple revisions per url. Update the code to match (removal of the for loop). (From OE-Core rev: 4859cdf97fd9a260036e148e25f0b78eb393df1e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Richard Purdie <richard.purdie@linuxfoundation.org> 2025-03-18 22:40:54 +0000
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2025-03-20 13:50:40 +0000
commit: 110b2c124bcc464325fc5cf987cdf95a19b22bd3 (patch)
tree: a49b1ded4238368829362a161e3ca60dc34e28c8 /meta/classes
parent: bdd2b0fee18c43597efc3493b9ac9ace9ccf7959 (diff)
download: poky-110b2c124bcc464325fc5cf987cdf95a19b22bd3.tar.gz
1 files changed, 25 insertions, 26 deletions
diff --git a/meta/classes/create-spdx-2.2.bbclass b/meta/classes/create-spdx-2.2.bbclass
index 494bde117f..8f988de868 100644
--- a/meta/classes/create-spdx-2.2.bbclass
+++ b/meta/classes/create-spdx-2.2.bbclass
@@ -352,34 +352,33 @@ def add_download_packages(d, doc, recipe):
    for download_idx, src_uri in enumerate(d.getVar('SRC_URI').split()):
        f = bb.fetch2.FetchData(src_uri, d)
-        for name in f.names:
+        package = oe.spdx.SPDXPackage()
-            package = oe.spdx.SPDXPackage()
+        package.name = "%s-source-%d" % (d.getVar("PN"), download_idx + 1)
-            package.name = "%s-source-%d" % (d.getVar("PN"), download_idx + 1)
+        package.SPDXID = oe.sbom.get_download_spdxid(d, download_idx + 1)
-            package.SPDXID = oe.sbom.get_download_spdxid(d, download_idx + 1)
-            if f.type == "file":
+        if f.type == "file":
-                continue
+            continue
+        if f.method.supports_checksum(f):
+            for checksum_id in CHECKSUM_LIST:
+                if checksum_id.upper() not in oe.spdx.SPDXPackage.ALLOWED_CHECKSUMS:
+                    continue
+                expected_checksum = getattr(f, "%s_expected" % checksum_id)
+                if expected_checksum is None:
+                    continue
-            if f.method.supports_checksum(f):
+                c = oe.spdx.SPDXChecksum()
-                for checksum_id in CHECKSUM_LIST:
+                c.algorithm = checksum_id.upper()
-                    if checksum_id.upper() not in oe.spdx.SPDXPackage.ALLOWED_CHECKSUMS:
+                c.checksumValue = expected_checksum
-                        continue
+                package.checksums.append(c)
-                    expected_checksum = getattr(f, "%s_expected" % checksum_id)
+        package.downloadLocation = oe.spdx_common.fetch_data_to_uri(f, f.name)
-                    if expected_checksum is None:
+        doc.packages.append(package)
-                        continue
+        doc.add_relationship(doc, "DESCRIBES", package)
+        # In the future, we might be able to do more fancy dependencies,
-                    c = oe.spdx.SPDXChecksum()
+        # but this should be sufficient for now
-                    c.algorithm = checksum_id.upper()
+        doc.add_relationship(package, "BUILD_DEPENDENCY_OF", recipe)
-                    c.checksumValue = expected_checksum
-                    package.checksums.append(c)
-            package.downloadLocation = oe.spdx_common.fetch_data_to_uri(f, name)
-            doc.packages.append(package)
-            doc.add_relationship(doc, "DESCRIBES", package)
-            # In the future, we might be able to do more fancy dependencies,
-            # but this should be sufficient for now
-            doc.add_relationship(package, "BUILD_DEPENDENCY_OF", recipe)
 def get_license_list_version(license_data, d):
    # Newer versions of the SPDX license list are SemVer ("MAJOR.MINOR.MICRO"),
author	Richard Purdie <richard.purdie@linuxfoundation.org>	2025-03-18 22:40:54 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2025-03-20 13:50:40 +0000
commit	110b2c124bcc464325fc5cf987cdf95a19b22bd3 (patch)
tree	a49b1ded4238368829362a161e3ca60dc34e28c8 /meta/classes
parent	bdd2b0fee18c43597efc3493b9ac9ace9ccf7959 (diff)
download	poky-110b2c124bcc464325fc5cf987cdf95a19b22bd3.tar.gz

diff --git a/meta/classes/create-spdx-2.2.bbclass b/meta/classes/create-spdx-2.2.bbclass index 494bde117f..8f988de868 100644 --- a/meta/classes/create-spdx-2.2.bbclass +++ b/meta/classes/create-spdx-2.2.bbclass
@@ -352,34 +352,33 @@ def add_download_packages(d, doc, recipe):
352	for download_idx, src_uri in enumerate(d.getVar('SRC_URI').split()):	352	for download_idx, src_uri in enumerate(d.getVar('SRC_URI').split()):
353	f = bb.fetch2.FetchData(src_uri, d)	353	f = bb.fetch2.FetchData(src_uri, d)
354		354
355	for name in f.names:	355	package = oe.spdx.SPDXPackage()
356	package = oe.spdx.SPDXPackage()	356	package.name = "%s-source-%d" % (d.getVar("PN"), download_idx + 1)
357	package.name = "%s-source-%d" % (d.getVar("PN"), download_idx + 1)	357	package.SPDXID = oe.sbom.get_download_spdxid(d, download_idx + 1)
358	package.SPDXID = oe.sbom.get_download_spdxid(d, download_idx + 1)
359		358
360	if f.type == "file":	359	if f.type == "file":
361	continue	360	continue
		361
		362	if f.method.supports_checksum(f):
		363	for checksum_id in CHECKSUM_LIST:
		364	if checksum_id.upper() not in oe.spdx.SPDXPackage.ALLOWED_CHECKSUMS:
		365	continue
		366
		367	expected_checksum = getattr(f, "%s_expected" % checksum_id)
		368	if expected_checksum is None:
		369	continue
362		370
363	if f.method.supports_checksum(f):	371	c = oe.spdx.SPDXChecksum()
364	for checksum_id in CHECKSUM_LIST:	372	c.algorithm = checksum_id.upper()
365	if checksum_id.upper() not in oe.spdx.SPDXPackage.ALLOWED_CHECKSUMS:	373	c.checksumValue = expected_checksum
366	continue	374	package.checksums.append(c)
367		375
368	expected_checksum = getattr(f, "%s_expected" % checksum_id)	376	package.downloadLocation = oe.spdx_common.fetch_data_to_uri(f, f.name)
369	if expected_checksum is None:	377	doc.packages.append(package)
370	continue	378	doc.add_relationship(doc, "DESCRIBES", package)
371		379	# In the future, we might be able to do more fancy dependencies,
372	c = oe.spdx.SPDXChecksum()	380	# but this should be sufficient for now
373	c.algorithm = checksum_id.upper()	381	doc.add_relationship(package, "BUILD_DEPENDENCY_OF", recipe)
374	c.checksumValue = expected_checksum
375	package.checksums.append(c)
376
377	package.downloadLocation = oe.spdx_common.fetch_data_to_uri(f, name)
378	doc.packages.append(package)
379	doc.add_relationship(doc, "DESCRIBES", package)
380	# In the future, we might be able to do more fancy dependencies,
381	# but this should be sufficient for now
382	doc.add_relationship(package, "BUILD_DEPENDENCY_OF", recipe)
383		382
384	def get_license_list_version(license_data, d):	383	def get_license_list_version(license_data, d):
385	# Newer versions of the SPDX license list are SemVer ("MAJOR.MINOR.MICRO"),	384	# Newer versions of the SPDX license list are SemVer ("MAJOR.MINOR.MICRO"),