diff options
| author | Hongxu Jia <hongxu.jia@windriver.com> | 2025-04-28 13:57:17 +0800 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2025-05-08 10:28:18 +0100 |
| commit | 2207150bc74811cce9df72464ce867e6f6b8b3ec (patch) | |
| tree | 42f104bf8d2e08be629bbf23d04793ef61cf8700 /meta/classes | |
| parent | 26b1de046e9566ee1156e212ce9b5ba8cd5a12d6 (diff) | |
| download | poky-2207150bc74811cce9df72464ce867e6f6b8b3ec.tar.gz | |
spdx30: Provide software_packageUrl field in SPDX 3.0 SBOM
Define var-SPDX_PACKAGE_URL to provide software_packageUrl field [1][2]
in SPDX 3.0 SBOM, support to override with package name
SPDX_PACKAGE_URL:<pkgname>
Currently, the format of purl is not defined in Yocto, set empty for now
until we have a comprehensive plan for what Yocto purls look like.
But users could customize their own purl by setting var-SPDX_PACKAGE_URL
[1] https://spdx.github.io/spdx-spec/v3.0.1/model/Software/Properties/packageUrl/
[2] https://spdx.github.io/spdx-spec/v3.0.1/annexes/pkg-url-specification/
(From OE-Core rev: c8e6953a0b6f59ffca994c440069db39e60b12d2)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/classes')
| -rw-r--r-- | meta/classes/create-spdx-3.0.bbclass | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/meta/classes/create-spdx-3.0.bbclass b/meta/classes/create-spdx-3.0.bbclass index 044517d9f7..c0a5436ad6 100644 --- a/meta/classes/create-spdx-3.0.bbclass +++ b/meta/classes/create-spdx-3.0.bbclass | |||
| @@ -117,6 +117,11 @@ SPDX_PACKAGE_VERSION ??= "${PV}" | |||
| 117 | SPDX_PACKAGE_VERSION[doc] = "The version of a package, software_packageVersion \ | 117 | SPDX_PACKAGE_VERSION[doc] = "The version of a package, software_packageVersion \ |
| 118 | in software_Package" | 118 | in software_Package" |
| 119 | 119 | ||
| 120 | SPDX_PACKAGE_URL ??= "" | ||
| 121 | SPDX_PACKAGE_URL[doc] = "Provides a place for the SPDX data creator to record \ | ||
| 122 | the package URL string (in accordance with the Package URL specification) for \ | ||
| 123 | a software Package." | ||
| 124 | |||
| 120 | IMAGE_CLASSES:append = " create-spdx-image-3.0" | 125 | IMAGE_CLASSES:append = " create-spdx-image-3.0" |
| 121 | SDK_CLASSES += "create-spdx-sdk-3.0" | 126 | SDK_CLASSES += "create-spdx-sdk-3.0" |
| 122 | 127 | ||