spdx 3.0: Map gitsm URI to git

"gitsm" is not a recognized URI protocol (outside of bitbake), so map it to "git" when writing. This should be OK since we report all of the submodule source code (if enabled), and it's still possible for 3rd party analyzers to determine that submodules are in use by looking at .gitmodules. The code to do the mapping is moved to a common location so it covers SPDX 2.2 also [YOCTO #15582] (From OE-Core rev: 6ecf89c75b1a74515266085acc5d3621a0fb2fa1) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Joshua Watt <jpewhacker@gmail.com> 2024-09-27 09:51:55 -0600
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2024-09-30 17:07:18 +0100
commit: 07836a96845bad998a803aedf6b3a6d80445f211 (patch)
tree: 3e0a08411f5aaa4a35bfb219a3830565f9d32878 /meta/lib
parent: 98e71107d7cfca992040ebbd85c24d8bbf50fc0c (diff)
download: poky-07836a96845bad998a803aedf6b3a6d80445f211.tar.gz
2 files changed, 22 insertions, 11 deletions
diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py
index 70d1bc7e8a..1ae13b4af8 100644
--- a/meta/lib/oe/spdx30_tasks.py
+++ b/meta/lib/oe/spdx30_tasks.py
@@ -379,22 +379,15 @@ def add_download_files(d, objset):
                    inputs.add(file)
            else:
-                uri = fd.type
-                proto = getattr(fd, "proto", None)
-                if proto is not None:
-                    uri = uri + "+" + proto
-                uri = uri + "://" + fd.host + fd.path
-                if fd.method.supports_srcrev():
-                    uri = uri + "@" + fd.revisions[name]
                dl = objset.add(
                    oe.spdx30.software_Package(
                        _id=objset.new_spdxid("source", str(download_idx + 1)),
                        creationInfo=objset.doc.creationInfo,
                        name=file_name,
                        software_primaryPurpose=primary_purpose,
-                        software_downloadLocation=uri,
+                        software_downloadLocation=oe.spdx_common.fetch_data_to_uri(
+                            fd, name
+                        ),
                    )
                )
diff --git a/meta/lib/oe/spdx_common.py b/meta/lib/oe/spdx_common.py
index dfe90f96cf..1ea55419ae 100644
--- a/meta/lib/oe/spdx_common.py
+++ b/meta/lib/oe/spdx_common.py
@@ -42,7 +42,6 @@ def is_work_shared_spdx(d):
 def load_spdx_license_data(d):
    with open(d.getVar("SPDX_LICENSES"), "r") as f:
        data = json.load(f)
        # Transform the license array to a dictionary
@@ -225,3 +224,22 @@ def get_patched_src(d):
            bb.utils.mkdirhier(spdx_workdir)
    finally:
        d.setVar("WORKDIR", workdir)
+def fetch_data_to_uri(fd, name):
+    """
+    Translates a bitbake FetchData to a string URI
+    """
+    uri = fd.type
+    # Map gitsm to git, since gitsm:// is not a valid URI protocol
+    if uri == "gitsm":
+        uri = "git"
+    proto = getattr(fd, "proto", None)
+    if proto is not None:
+        uri = uri + "+" + proto
+    uri = uri + "://" + fd.host + fd.path
+    if fd.method.supports_srcrev():
+        uri = uri + "@" + fd.revisions[name]
+    return uri
author	Joshua Watt <jpewhacker@gmail.com>	2024-09-27 09:51:55 -0600
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2024-09-30 17:07:18 +0100
commit	07836a96845bad998a803aedf6b3a6d80445f211 (patch)
tree	3e0a08411f5aaa4a35bfb219a3830565f9d32878 /meta/lib
parent	98e71107d7cfca992040ebbd85c24d8bbf50fc0c (diff)
download	poky-07836a96845bad998a803aedf6b3a6d80445f211.tar.gz